VYPR

CWE-657

Violation of Secure Design Principles

ClassDraft

Description

The product violates well-established principles for secure design.

This can introduce resultant weaknesses or make it easier for developers to introduce related weaknesses during implementation. Because code is centered around design, it can be resource-intensive to fix design problems.

Hierarchy (View 1000)

CVEs mapped to this weakness (8)

  • CVE-2026-39888CriApr 8, 2026
    risk 0.64cvss 9.9epss 0.01

    PraisonAI is a multi-agent teams system. Prior to 1.5.115, execute_code() in praisonaiagents.tools.python_tools defaults to sandbox_mode="sandbox", which runs user code in a subprocess wrapped with a restricted __builtins__ dict and an AST-based blocklist. The AST blocklist…

  • CVE-2024-33849MedMay 28, 2024
    risk 0.42cvss 6.5epss 0.00

    ci solution CI-Out-of-Office Manager through 6.0.0.77 uses a Hard-coded Cryptographic Key.

  • CVE-2017-6032MedJun 30, 2017
    risk 0.35cvss 5.3epss 0.02

    A Violation of Secure Design Principles issue was discovered in Schneider Electric Modicon Modbus Protocol. The Modicon Modbus protocol has a session-related weakness making it susceptible to brute-force attacks.

  • CVE-2020-36467Aug 8, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr::get returns more than one mutable reference to the same object.

  • CVE-2020-36468Aug 8, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr::write performs non-atomic write operations on an underlying pointer.

  • CVE-2021-28583Jun 28, 2021
    risk 0.00cvss epss 0.02

    Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a Violation of Secure Design Principles vulnerability in RMA PDF filename formats. Successful exploitation could allow an attacker to get unauthorized access to restricted…

  • CVE-2021-26956Feb 9, 2021
    risk 0.00cvss epss 0.02

    An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because bytes from an X server can be interpreted as any data type returned by xcb::xproto::GetPropertyReply::value.

  • CVE-2021-26307Jan 29, 2021
    risk 0.00cvss epss 0.00

    An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It allows __cpuid_count() calls even if the processor does not support the CPUID instruction, which is unsound and causes a deterministic crash.