VYPR

CWE-475

Undefined Behavior for Input to API

BaseIncomplete

Description

The behavior of this function is undefined unless its control parameter is set to a specific value.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (6)

  • CVE-2026-42009HigMay 18, 2026
    risk 0.42cvss 7.5epss 0.01

    A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate…

  • CVE-2024-10569Mar 20, 2025
    risk 0.00cvss epss 0.01

    A vulnerability in the dataframe component of gradio-app/gradio (version git 98cbcae) allows for a zip bomb attack. The component uses pd.read_csv to process input values, which can accept compressed files. An attacker can exploit this by uploading a maliciously crafted zip…

  • CVE-2024-7046Mar 20, 2025
    risk 0.00cvss epss 0.00

    An improper access control vulnerability in open-webui/open-webui v0.3.8 allows an attacker to view admin details. The application does not verify whether the attacker is an administrator, allowing the attacker to directly call the /api/v1/auths/admin/details interface to…

  • CVE-2024-3099Jun 6, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service (DoS) as an authenticated user might not be able to use the intended model, as it will open a…

  • CVE-2023-2253Jun 6, 2023
    risk 0.00cvss epss 0.01

    A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the…

  • CVE-2022-29207May 20, 2022
    risk 0.00cvss epss 0.00

    TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been impossible to perform…