VYPR

CWE-351

Insufficient Type Distinction

BaseDraft

Description

The product does not properly distinguish between different types of elements in a way that leads to insecure behavior.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (8)

  • CVE-2025-31951HigMay 6, 2026
    risk 0.57cvss 8.8epss 0.00

    HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's input handling was identified that could permit unauthorized command execution.

  • CVE-2025-54413HigJul 26, 2025
    risk 0.50cvss epss 0.00

    skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain an inconsistency in MethodNode, which can be exploited to access unexpected object fields through dot notation. This can be used to achieve arbitrary…

  • CVE-2025-54412HigJul 26, 2025
    risk 0.50cvss epss 0.00

    skops is a Python library which helps users share and ship their scikit-learn based models. Versions 0.11.0 and below contain a inconsistency in the OperatorFuncNode which can be exploited to hide the execution of untrusted operator methods. This can then be used in a code reuse…

  • CVE-2026-41341MedApr 23, 2026
    risk 0.28cvss 5.4epss 0.00

    OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct messages as direct messages in extensions/discord/src/monitor/agent-components-helpers.ts. Attackers can exploit this misclassification to bypass group DM…

  • CVE-2025-22151LowJan 9, 2025
    risk 0.17cvss 3.7epss 0.00

    Strawberry GraphQL is a library for creating GraphQL APIs. Starting in 0.182.0 and prior to version 0.257.0, a type confusion vulnerability exists in Strawberry GraphQL's relay integration that affects multiple ORM integrations (Django, SQLAlchemy, Pydantic). The vulnerability…

  • CVE-2025-65960Nov 25, 2025
    risk 0.00cvss epss 0.00

    Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, back end users with precise control over the contents of template closures can execute arbitrary PHP functions that do not have required parameters. This issue has been patched…

  • CVE-2025-47939May 20, 2025
    risk 0.00cvss epss 0.00

    TYPO3 is an open source, PHP based web content management system. By design, the file management module in TYPO3’s backend user interface has historically allowed the upload of any file type, with the exception of those that are directly executable in a web server context.…

  • CVE-2020-35872Dec 31, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via the repr(Rust) type.