VYPR

CWE-707

Improper Neutralization

PillarIncomplete

Description

The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-250 · CAPEC-276 · CAPEC-277 · CAPEC-278 · CAPEC-279 · CAPEC-3 · CAPEC-43 · CAPEC-468 · CAPEC-52 · CAPEC-53 · CAPEC-64 · CAPEC-7 · CAPEC-78 · CAPEC-79 · CAPEC-83 · CAPEC-84

CVEs mapped to this weakness (37)

page 1 of 2
  • CVE-2024-21864HigMay 16, 2024
    risk 0.51cvss 7.8epss 0.00

    Improper neutralization in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.101.5081 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent network access.

  • CVE-2018-3918HigAug 27, 2018
    risk 0.49cvss 7.5epss 0.01

    An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated messages to SmartThings' remote servers, which incorrectly handle camera IDs for…

  • CVE-2026-11457HigJun 7, 2026
    risk 0.47cvss 7.3epss 0.00

    A security flaw has been discovered in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This vulnerability affects unknown code of the file /base-boot/jmreport/testConnection of the component JimuReport test-connection Endpoint. Performing a manipulation of the…

  • CVE-2026-10221HigJun 1, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in NousResearch hermes-agent up to 0.12.0. Affected by this vulnerability is the function _compress_context of the file run_agent.py. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit is publicly…

  • CVE-2026-10220HigJun 1, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was determined in NousResearch hermes-agent up to 2026.4.30. Affected is the function _serve_plugin_skill/skill_view of the file tools/skills_tool.py. Executing a manipulation can lead to injection. The attack may be performed from remote. The exploit has been…

  • CVE-2026-9422HigMay 25, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in KLiK SocialMediaWebsite 1.0. This issue affects some unknown processing of the component HTTP POST Request Parameter Handler. Such manipulation leads to injection. The attack can be launched remotely. The exploit is publicly available and might…

  • CVE-2026-9366HigMay 24, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in NousResearch hermes-agent 2026.4.23. The impacted element is the function _scan_context_content of the file agent/prompt_builder.py. The manipulation results in injection. The attack may be performed from remote. The exploit has been made public and…

  • CVE-2026-9353HigMay 24, 2026
    risk 0.47cvss 7.3epss 0.00

    A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.23. Impacted is an unknown function of the file agent/skills_guard.py of the component Skills Guard Multi-Word Prompt Handler. The manipulation of the argument THREAT_PATTERNS leads to…

  • CVE-2026-5002HigMar 28, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability has been found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The impacted element is the function _route_using_overviews of the file backend/server.py of the component LLM Prompt Handler. Such manipulation leads to injection. The…

  • CVE-2025-24921MedAug 12, 2025
    risk 0.43cvss 6.6epss 0.00

    Improper neutralization for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an unauthenticated user to potentially enable information disclosure via adjacent access.

  • CVE-2026-10223MedJun 1, 2026
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. This affects the function _scan_memory_content of the file tools/memory_tool.py. This manipulation causes injection. The attack can be initiated remotely. The exploit has been made available to the…

  • CVE-2026-10210MedJun 1, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in AstrBotDevs AstrBot 4.23.6. Affected by this vulnerability is the function _sanitize_prompt_description of the file astrbot/core/skills/skill_manager.py. The manipulation results in injection. The attack may be performed from remote. The exploit has…

  • CVE-2026-9420MedMay 25, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in KLiK SocialMediaWebsite 1.0. This affects an unknown part of the component HTTP GET Request Parameter Handler. The manipulation results in injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.

  • CVE-2026-6599MedApr 20, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was detected in langflow-ai langflow up to 1.8.3. The impacted element is the function get_client_ip/install_mcp_config of the file src/backend/base/langflow/api/v1/mcp_projects.py of the component Model Context Protocol Configuration API. Performing a…

  • CVE-2026-5561MedApr 5, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was determined in Campcodes Complete POS Management and Inventory System up to 4.0.6. This affects an unknown function of the file app/Http/Controllers/SettingsController.php of the component Environment Variable Handler. Executing a manipulation can lead to…

  • CVE-2026-4516MedMar 21, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file metagpt/actions/di/write_analysis_code.py of the component DataInterpreter. The manipulation results in injection. It is possible to launch the attack…

  • CVE-2026-4511MedMar 21, 2026
    risk 0.41cvss 6.3epss 0.00

    A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. Affected is the function exec of the file /src/vanna/legacy. Such manipulation leads to injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor…

  • CVE-2026-3992MedMar 12, 2026
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in CodeGenieApp serverless-express up to 4.17.1. This affects an unknown part of the file utils/dynamodb.ts of the component Users Endpoint. This manipulation of the argument filter causes injection. The attack may be initiated remotely. The…

  • CVE-2026-3813MedMar 9, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in opencc JFlow up to 5badc00db382d7cb82dad231e6a866b18e0addfe. Affected by this vulnerability is the function Calculate of the file src/main/java/bp/wf/httphandler/WF_CCForm.java. Such manipulation leads to injection. The attack may be performed…

  • CVE-2026-2954MedFeb 22, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in Dromara UJCMS 10.0.2. Impacted is the function importChanel of the file /api/backend/ext/import-data/import-channel of the component ImportDataController. Performing a manipulation of the argument driverClassName/url results in injection. It is…