VYPR

CWE-688

Function Call With Incorrect Variable or Reference as Argument

VariantDraft

Description

The product calls a function, procedure, or routine, but the caller specifies the wrong variable or reference as one of the arguments, which may lead to undefined behavior and resultant weaknesses.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (2)

  • CVE-2026-33549MedMar 22, 2026
    risk 0.44cvss 6.7epss 0.00

    SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment (of administrator privileges) during the editing of an author data structure because of STATUT mishandling.

  • CVE-2026-12311MedJun 16, 2026
    risk 0.31cvss 4.7epss 0.00

    Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.