VYPR

CWE-665

Improper Initialization

ClassDraftLikelihood: Medium

Description

The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

This can have security implications when the associated resource is expected to have certain properties or values, such as a variable that determines whether a user has been authenticated or not.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-26 · CAPEC-29

CVEs mapped to this weakness (114)

page 5 of 6
  • CVE-2025-48509LowFeb 10, 2026
    risk 0.12cvss epss 0.00

    Missing Checks in certain functions related to RMP initialization can allow a local admin privileged attacker to cause misidentification of I/O memory, potentially resulting in a loss of guest memory integrity

  • CVE-2026-26958LowFeb 19, 2026
    risk 0.04cvss epss 0.00

    filippo.io/edwards25519 is a Go library implementing the edwards25519 elliptic curve with APIs for building cryptographic primitives. In versions 1.1.0 and earlier, MultiScalarMult produces invalid results or undefined behavior if the receiver is not the identity point. If…

  • CVE-2012-0012Feb 14, 2012
    risk 0.01cvss epss 0.17

    Microsoft Internet Explorer 9 does not properly handle the creation and initialization of string objects, which allows remote attackers to read data from arbitrary process-memory locations via a crafted web site, aka "Null Byte Information Disclosure Vulnerability."

  • CVE-1999-0993Dec 13, 1999
    risk 0.01cvss epss 0.07

    Modifications to ACLs (Access Control Lists) in Microsoft Exchange 5.5 do not take effect until the directory store cache is refreshed.

  • CVE-2026-54777Jun 19, 2026
    risk 0.00cvss epss

    ### Impact CoreWCF NetNamedPipe transport accepts attach to a pre-existing named pipe instance, allowing local interception of NetNamedPipe traffic. NetNamedPipe creates a shared memory object based on the listening url, then generated a unique GUID for the named pipe it will be…

  • CVE-2026-54279lowJun 15, 2026
    risk 0.00cvss epss 0.00

    ### Summary Host-only cookies that are saved with ``CookieJar.save()`` and then restored later with ``CookieJar.load()`` lose their host-only status. ### Impact Host-only cookies that have been loaded from disk may get sent to subdomains that previously should have been…

  • CVE-2025-46553May 5, 2025
    risk 0.00cvss epss 0.00

    @misskey-dev/summaly is a tool for getting a summary of a web page. Starting in version 3.0.1 and prior to version 5.2.1, a logic error in the main `summaly` function causes the `allowRedirects` option to never be passed to any plugins, and as a result, isn't enforced. Misskey…

  • CVE-2025-2149Mar 10, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function nnq_Sigmoid of the component Quantized Sigmoid Module. The manipulation of the argument scale/zero_point leads to improper initialization. The attack needs…

  • CVE-2024-12289Dec 12, 2024
    risk 0.00cvss epss 0.00

    Boundary Community Edition and Boundary Enterprise (“Boundary”) incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. Boundary is only vulnerable to this flaw during the…

  • CVE-2023-40349Aug 16, 2023
    risk 0.00cvss epss 0.01

    Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs.

  • CVE-2023-22466Jan 4, 2023
    risk 0.00cvss epss 0.01

    Tokio is a runtime for writing applications with Rust. Starting with version 1.7.0 and prior to versions 1.18.4, 1.20.3, and 1.23.1, when configuring a Windows named pipe server, setting `pipe_mode` will reset `reject_remote_clients` to `false`. If the application has previously…

  • CVE-2022-46164Dec 5, 2022
    risk 0.00cvss epss 0.49

    NodeBB is an open source Node.js based forum software. Due to a plain object with a prototype being used in socket.io message handling a specially crafted payload can be used to impersonate other users and takeover accounts. This vulnerability has been patched in version 2.6.1.…

  • CVE-2022-39384Nov 4, 2022
    risk 0.00cvss epss 0.00

    OpenZeppelin Contracts is a library for secure smart contract development. Before version 4.4.1 but after 3.2.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted…

  • CVE-2022-39284Oct 6, 2022
    risk 0.00cvss epss 0.01

    CodeIgniter is a PHP full-stack web framework. In versions prior to 4.2.7 setting `$secure` or `$httponly` value to `true` in `Config\Cookie` is not reflected in `set_cookie()` or `Response::setCookie()`. As a result cookie values are erroneously exposed to scripts. It should be…

  • CVE-2022-36061Sep 6, 2022
    risk 0.00cvss epss 0.01

    Elrond go is the go implementation for the Elrond Network protocol. In versions prior to 1.3.35, read only calls between contracts can generate smart contracts results. For example, if contract A calls in read only mode contract B and the called function will make changes upon…

  • CVE-2022-36364Jul 28, 2022
    risk 0.00cvss epss 0.02

    Apache Calcite Avatica JDBC driver creates HTTP client instances based on class names provided via `httpclient_impl` connection property; however, the driver does not verify if the class implements the expected interface before instantiating it, which can lead to code execution…

  • CVE-2021-46320Feb 4, 2022
    risk 0.00cvss epss 0.01

    In OpenZeppelin <=v4.4.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted non-view external call. Once an initializer has finished running it can never be…

  • CVE-2022-21724Feb 2, 2022
    risk 0.00cvss epss 0.03

    pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin…

  • CVE-2022-22815Jan 7, 2022
    risk 0.00cvss epss 0.03

    path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.

  • CVE-2021-41264Nov 12, 2021
    risk 0.00cvss epss 0.01

    OpenZeppelin Contracts is a library for smart contract development. In affected versions upgradeable contracts using `UUPSUpgradeable` may be vulnerable to an attack affecting uninitialized implementation contracts. A fix is included in version 4.3.2 of `@openzeppelin/contracts`…