VYPR

CWE-358

Improperly Implemented Security Check for Standard

BaseDraft

Description

The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (55)

page 2 of 3
  • CVE-2026-11127MedJun 4, 2026
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in WebAPKs in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted WebAPK. (Chromium security severity: Medium)

  • CVE-2026-40597HigMay 22, 2026
    risk 0.42cvss epss 0.01

    Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.28.1 and below, given any pre-existing XSS / HTML injection vulnerability, an attacker can bypass the Content Security Policy's script-src directive by uploading a crafted attachment to any issue that,…

  • CVE-2026-2645HigMar 19, 2026
    risk 0.42cvss 7.5epss 0.00

    In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 server state machine implementation. The server could incorrectly accept the CertificateVerify message before the ClientKeyExchange message had been received. This issue affects wolfSSL before 5.8.4 (wolfSSL 5.8.2…

  • CVE-2024-23592MedApr 5, 2024
    risk 0.41cvss 6.3epss 0.00

    An authentication bypass vulnerability was reported in Lenovo devices with Synaptics fingerprint readers that could allow an attacker with physical access to replay fingerprints and bypass Windows Hello authentication.

  • CVE-2026-11122MedJun 4, 2026
    risk 0.40cvss 6.1epss 0.00

    Inappropriate implementation in Keyboard in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-44473HigMay 27, 2026
    risk 0.39cvss 7.1epss 0.00

    Ella Core is a 5G core designed for private networks. Prior to 1.10.0, a radio with a valid NG Setup can send a forged PDUSessionResourceSetupResponse carrying any UE's AMF-UE-NGAP-ID. Ella Core does not verify the message arrived on the SCTP association bound to that UE's…

  • CVE-2026-22618MedApr 16, 2026
    risk 0.38cvss 5.9epss 0.00

    A security misconfiguration was identified in Eaton Intelligent Power Protector (IPP), where an HTTP response header was set with an insecure attribute, potentially exposing users to web‑based attacks. This security issue has been fixed in the latest version of Eaton IPP…

  • CVE-2026-28914MedMay 11, 2026
    risk 0.36cvss 5.5epss 0.00

    A logic issue was addressed with improved file handling. This issue is fixed in macOS Tahoe 26.5. A maliciously crafted ZIP archive may bypass Gatekeeper checks.

  • CVE-2016-8635MedAug 1, 2018
    risk 0.35cvss 5.3epss 0.02

    It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.

  • CVE-2017-15706MedJan 31, 2018
    risk 0.35cvss 5.3epss 0.06

    As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was…

  • CVE-2017-15105MedJan 23, 2018
    risk 0.35cvss 5.3epss 0.03

    A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof.

  • CVE-2017-12303MedNov 16, 2017
    risk 0.35cvss 5.3epss 0.02

    A vulnerability in the Advanced Malware Protection (AMP) file filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured AMP file filtering rule. The file types affected are zipped or…

  • CVE-2017-6032MedJun 30, 2017
    risk 0.35cvss 5.3epss 0.02

    A Violation of Secure Design Principles issue was discovered in Schneider Electric Modicon Modbus Protocol. The Modicon Modbus protocol has a session-related weakness making it susceptible to brute-force attacks.

  • CVE-2014-4843MedJun 8, 2017
    risk 0.35cvss 5.3epss 0.01

    Curam Universal Access in IBM Curam Social Program Management (SPM) 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.5 iFix5 allows remote attackers to obtain sensitive information about internal caseworker usernames via vectors related to a URL.

  • CVE-2025-31970MedMay 6, 2026
    risk 0.34cvss 5.3epss 0.00

    HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability where the Content-Security-Policy does not define strict directives for object-src and base-uri, which could allow an attacker to exploit injection vectors such as Cross-Site Scripting (XSS)

  • CVE-2024-55599MedJul 8, 2025
    risk 0.34cvss 5.3epss 0.00

    An Improperly Implemented Security Check for Standard vulnerability [CWE-358] in FortiOS version 7.6.0, version 7.4.7 and below, 7.0 all versions, 6.4 all versions and FortiProxy version 7.6.1 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions may allow a…

  • CVE-2016-8614MedJul 31, 2018
    risk 0.34cvss 6.3epss 0.02

    A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key.

  • CVE-2026-44475MedMay 27, 2026
    risk 0.33cvss 6.1epss 0.00

    Ella Core is a 5G core designed for private networks. Prior to 1.10.0, Ella Core does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored values. A malicious gNB can overwrite Ella Core's stored UE security capabilities…

  • CVE-2026-42081MedMay 27, 2026
    risk 0.33cvss 6.1epss 0.00

    free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored values, as mandated by 3GPP TS 33.501 §6.7.3.1. A malicious…

  • CVE-2017-8152MedNov 22, 2017
    risk 0.30cvss 4.6epss 0.00

    Huawei Honor 5S smart phones with software the versions before TAG-TL00C01B173 have a Factory Reset Protection (FRP) bypass security vulnerability due to the improper design. An attacker can access factory reset page without authorization by only dial with special code. The…