VYPR

CWE-693

Protection Mechanism Failure

PillarDraft

Description

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

This weakness covers three distinct situations. A "missing" protection mechanism occurs when the application does not define any mechanism against a certain class of attack. An "insufficient" protection mechanism might provide some defenses - for example, against the most common attacks - but it does not protect against everything that is intended. Finally, an "ignored" mechanism occurs when a mechanism is available and in active use within the product, but the developer has not applied it in some code path.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-1 · CAPEC-107 · CAPEC-127 · CAPEC-17 · CAPEC-20 · CAPEC-22 · CAPEC-237 · CAPEC-36 · CAPEC-477 · CAPEC-480 · CAPEC-51 · CAPEC-57 · CAPEC-59 · CAPEC-65 · CAPEC-668 · CAPEC-74 · CAPEC-87

CVEs mapped to this weakness (353)

page 4 of 18
  • CVE-2026-8969HigMay 19, 2026
    risk 0.53cvss 8.1epss 0.00

    Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

  • CVE-2026-8962HigMay 19, 2026
    risk 0.53cvss 8.1epss 0.00

    Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

  • CVE-2026-8018HigMay 6, 2026
    risk 0.53cvss 8.1epss 0.00

    Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via malicious network traffic. (Chromium security severity: Low)

  • CVE-2026-7978HigMay 6, 2026
    risk 0.53cvss 8.1epss 0.00

    Inappropriate implementation in Companion in Google Chrome on Mac prior to 148.0.7778.96 allowed a remote attacker to perform OS-level privilege escalation via malicious network traffic. (Chromium security severity: Medium)

  • CVE-2026-0877HigJan 13, 2026
    risk 0.53cvss 8.1epss 0.00

    Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

  • CVE-2025-43330HigSep 15, 2025
    risk 0.53cvss 8.2epss 0.00

    This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7, macOS Tahoe 26. An app may be able to break out of its sandbox.

  • CVE-2025-8032HigJul 22, 2025
    risk 0.53cvss 8.1epss 0.00

    XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.

  • CVE-2025-31189HigMay 29, 2025
    risk 0.53cvss 8.2epss 0.00

    A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to break out of its sandbox.

  • CVE-2024-56182HigMar 11, 2025
    risk 0.53cvss 8.2epss 0.00

    A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC Field PG M6 (All versions < V26.01.12), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions < V29.01.07), SIMATIC IPC…

  • CVE-2024-56181HigMar 11, 2025
    risk 0.53cvss 8.2epss 0.00

    A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions < V29.01.07), SIMATIC IPC BX-59A (All versions < V32.01.04), SIMATIC IPC…

  • CVE-2026-0097HigJun 1, 2026
    risk 0.52cvss 8.0epss 0.00

    In multiple locations, there is a possible way to bypass user interaction when pairing an LE device due to a logic error. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2026-47392criMay 29, 2026
    risk 0.52cvss epss 0.00

    ## Summary `execute_code()` in `praisonaiagents/tools/python_tools.py` (v1.6.37, subprocess sandbox mode) can be fully bypassed using `print.__self__` to retrieve the real Python `builtins` module, from which `__import__` can be extracted via `vars()` and runtime string…

  • CVE-2026-44007CriMay 13, 2026
    risk 0.52cvss 9.1epss 0.01

    vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.1, when a NodeVM is created with nesting: true, sandbox code can unconditionally require('vm2') regardless of the outer VM's require configuration — including require: false. With access to vm2, the sandbox constructs…

  • CVE-2025-41232CriMay 21, 2025
    risk 0.52cvss 9.1epss 0.01

    Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass. Your application may be affected by this if the following are true: * You are using @EnableMethodSecurity(mode=ASPECTJ) and…

  • CVE-2026-12214HigJun 15, 2026
    risk 0.51cvss 7.8epss 0.00

    A security flaw has been discovered in Qihoo 360 Total Security 6.0. This vulnerability affects the function RpcStringBindingComposeW of the component Nucleus Engine Monitoring Logic. Performing a manipulation of the argument NetworkAddr results in protection mechanism failure.…

  • CVE-2026-48575HigJun 9, 2026
    risk 0.51cvss 7.9epss 0.00

    Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

  • CVE-2026-48570HigJun 9, 2026
    risk 0.51cvss 7.9epss 0.00

    Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

  • CVE-2026-48568HigJun 9, 2026
    risk 0.51cvss 7.9epss 0.00

    Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.

  • CVE-2026-47656HigJun 9, 2026
    risk 0.51cvss 7.9epss 0.00

    Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.

  • CVE-2026-45656HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.