CWE-433
Unparsed Raw Web Content Delivery
Description
The product stores raw content or supporting code under the web document root with an extension that is not specifically handled by the server.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-16070 | — | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | nodecaffe was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |
| CVE-2017-16065 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | openssl.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16061 | — | Hig | 0.49 | 7.5 | 0.01 | May 29, 2018 | tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |
| CVE-2026-31841 | 0.00 | — | 0.00 | Mar 12, 2026 | Hyperterse is a tool-first MCP framework for building AI-ready backend surfaces from declarative config. Prior to v2.2.0, the search tool allows LLMs to search for tools using natural language. While returning results, Hyperterse also returned the raw SQL queries, exposing… |
- risk 0.49cvss 7.5epss 0.01
nodecaffe was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
openssl.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- CVE-2026-31841Mar 12, 2026risk 0.00cvss —epss 0.00
Hyperterse is a tool-first MCP framework for building AI-ready backend surfaces from declarative config. Prior to v2.2.0, the search tool allows LLMs to search for tools using natural language. While returning results, Hyperterse also returned the raw SQL queries, exposing…