VYPR

CWE-693

Protection Mechanism Failure

PillarDraft

Description

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

This weakness covers three distinct situations. A "missing" protection mechanism occurs when the application does not define any mechanism against a certain class of attack. An "insufficient" protection mechanism might provide some defenses - for example, against the most common attacks - but it does not protect against everything that is intended. Finally, an "ignored" mechanism occurs when a mechanism is available and in active use within the product, but the developer has not applied it in some code path.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-1 · CAPEC-107 · CAPEC-127 · CAPEC-17 · CAPEC-20 · CAPEC-22 · CAPEC-237 · CAPEC-36 · CAPEC-477 · CAPEC-480 · CAPEC-51 · CAPEC-57 · CAPEC-59 · CAPEC-65 · CAPEC-668 · CAPEC-74 · CAPEC-87

CVEs mapped to this weakness (353)

page 11 of 18
  • CVE-2024-33903MedApr 29, 2024
    risk 0.31cvss 5.9epss 0.01

    In CARLA through 0.9.15.2, the collision sensor mishandles some situations involving pedestrians or bicycles, in part because the collision sensor function is not exposed to the Blueprint library.

  • CVE-2022-32537MedDec 12, 2022
    risk 0.31cvss 4.8epss 0.00

    A vulnerability exists which could allow an unauthorized user to learn aspects of the communication protocol used to pair system components while the pump is being paired with other system components. Exploitation requires nearby wireless signal proximity with the patient and…

  • CVE-2018-15423MedOct 5, 2018
    risk 0.31cvss 4.7epss 0.01

    A vulnerability in the web UI of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an…

  • CVE-2026-49325MedMay 29, 2026
    risk 0.30cvss 4.6epss 0.00

    Improper handling of physical conditions in the bike-shutdown control of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows a physical attacker with access to the Wireless Control Module (WCM) wiring harness to bypass the anti-theft shutdown. The WCM signals…

  • CVE-2026-49316MedMay 29, 2026
    risk 0.30cvss 4.6epss 0.00

    Expected behavior violation in the in-vehicle network of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the motorcycle's anti-theft shutdown by forcing the Wireless Control Module (WCM) into the CAN bus-off state. Using a…

  • CVE-2026-7932MedMay 6, 2026
    risk 0.29cvss 4.4epss 0.00

    Insufficient policy enforcement in Downloads in Google Chrome prior to 148.0.7778.96 allowed a local attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-40604MedApr 21, 2026
    risk 0.29cvss 4.4epss 0.00

    ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.6, the opfilter Endpoint Security system extension (bundle ID uk.craigbass.clearancekit.opfilter) can be suspended with SIGSTOP or kill -STOP, or killed with…

  • CVE-2026-40311MedApr 13, 2026
    risk 0.29cvss 5.5epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below 7.1.2-19 and 6.9.13-44 contain a heap use-after-free vulnerability that can cause a crash when reading and printing values from an invalid XMP profile. This issue has…

  • CVE-2025-10905MedNov 11, 2025
    risk 0.29cvss 4.4epss 0.00

    Collision in MiniFilter driver in Avast Software Avast Free Antivirus  before 25.9  on Windows allows a local attacker with administrative privileges to disable real-time protection and self-defense mechanisms.

  • CVE-2025-21081MedMay 13, 2025
    risk 0.29cvss 4.5epss 0.00

    Protection mechanism failure for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2026-11695MedJun 9, 2026
    risk 0.28cvss 4.3epss 0.00

    Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-11292MedJun 5, 2026
    risk 0.28cvss 4.3epss 0.00

    Insufficient policy enforcement in Blink in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11266MedJun 5, 2026
    risk 0.28cvss 4.3epss 0.00

    Inappropriate implementation in SafeBrowsing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass Safe Browsing via a malicious file. (Chromium security severity: Low)

  • CVE-2026-11264MedJun 5, 2026
    risk 0.28cvss 4.3epss 0.00

    Policy bypass in Content Security Policy in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11260MedJun 5, 2026
    risk 0.28cvss 4.3epss 0.00

    Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11234MedJun 4, 2026
    risk 0.28cvss 4.3epss 0.00

    Inappropriate implementation in FoldableAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11219MedJun 4, 2026
    risk 0.28cvss 4.3epss 0.00

    Inappropriate implementation in Navigation in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-9116MedMay 20, 2026
    risk 0.28cvss 4.3epss 0.00

    Insufficient policy enforcement in ServiceWorker in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-9115MedMay 20, 2026
    risk 0.28cvss 4.3epss 0.00

    Insufficient policy enforcement in Service Worker in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-8563MedMay 14, 2026
    risk 0.28cvss 4.3epss 0.00

    Insufficient policy enforcement in IFrame Sandbox in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)