VYPR

CWE-241

Improper Handling of Unexpected Data Type

BaseDraft

Description

The product does not handle or incorrectly handles when a particular element is not the expected type, e.g. it expects a digit (0-9) but is provided with a letter (A-Z).

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-48

CVEs mapped to this weakness (13)

  • CVE-2025-63548HigMay 1, 2026
    risk 0.49cvss 7.5epss 0.00

    An issue in Eprosima Micro-XREC-DDS Agent v.3.0.1 allows a remote attacker to cause a denial of service via a packet specially crafted to bear a non-valid value in any Boolean field.

  • CVE-2024-21526HigJul 10, 2024
    risk 0.49cvss 7.5epss 0.01

    All versions of the package speaker are vulnerable to Denial of Service (DoS) when providing unexpected input types to the channels property of the Speaker object makes it possible to reach an assert macro. Exploiting this vulnerability can lead to a process crash.

  • CVE-2024-21523HigJul 10, 2024
    risk 0.49cvss 7.5epss 0.01

    All versions of the package images are vulnerable to Denial of Service (DoS) due to providing unexpected input types to several different functions. This makes it possible to reach an assert macro, leading to a process crash. **Note:** By providing some specific integer values…

  • CVE-2024-0151MedApr 24, 2024
    risk 0.42cvss 6.5epss 0.00

    Insufficient argument checking in Secure state Entry functions in software using Cortex-M Security Extensions (CMSE), that has been compiled using toolchains that implement 'Arm v8-M Security Extensions Requirements on Development Tools' prior to version 1.4, allows an attacker…

  • CVE-2024-21935MedSep 23, 2025
    risk 0.33cvss 5.0epss 0.00

    Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to manipulate Redfish® API commands to remove files from the local root directory, potentially resulting in data corruption.

  • CVE-2024-21927MedSep 23, 2025
    risk 0.33cvss 5.0epss 0.00

    Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to use certain special characters in manipulated Redfish® API commands, causing service processes like OpenBMC to crash and reset, potentially resulting in denial of service.

  • CVE-2024-32268LowApr 29, 2024
    risk 0.21cvss 3.3epss 0.00

    An issue in Tuya Smart camera U6N v.3.2.5 allows a remote attacker to cause a denial of service via a crafted packet to the network connection component.

  • CVE-2025-7339LowJul 17, 2025
    risk 0.15cvss 3.4epss 0.00

    on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions `<1.1.0` may result in response headers being inadvertently modified when an array is passed to `response.writeHead()`. Users should upgrade to version 1.1.0 to…

  • CVE-2022-29181May 20, 2022
    risk 0.00cvss epss 0.03

    Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated…

  • CVE-2022-21164Mar 16, 2022
    risk 0.00cvss epss 0.01

    The package node-lmdb before 0.9.7 are vulnerable to Denial of Service (DoS) when defining a non-invokable ToString value, which will cause a crash during type check.

  • CVE-2022-24668Feb 9, 2022
    risk 0.00cvss epss 0.01

    A program using swift-nio-http2 is vulnerable to a denial of service attack caused by a network peer sending ALTSVC or ORIGIN frames. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. This vulnerability is caused by a logical error after frame parsing but…

  • CVE-2021-39131Aug 17, 2021
    risk 0.00cvss epss 0.02

    ced detects character encoding using Google’s compact_enc_det library. In ced v0.1.0, passing data types other than `Buffer` causes the Node.js process to crash. The problem has been patched in ced v1.0.0. As a workaround, before passing an argument to ced, verify it’s a…

  • CVE-2021-32696Jun 18, 2021
    risk 0.00cvss epss 0.01

    The npm package "striptags" is an implementation of PHP's strip_tags in Typescript. In striptags before version 3.2.0, a type-confusion vulnerability can cause `striptags` to concatenate unsanitized strings when an array-like object is passed in as the `html` parameter. This can…