VYPR

CWE-707

Improper Neutralization

PillarIncomplete

Description

The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-250 · CAPEC-276 · CAPEC-277 · CAPEC-278 · CAPEC-279 · CAPEC-3 · CAPEC-43 · CAPEC-468 · CAPEC-52 · CAPEC-53 · CAPEC-64 · CAPEC-7 · CAPEC-78 · CAPEC-79 · CAPEC-83 · CAPEC-84

CVEs mapped to this weakness (37)

page 2 of 2
  • CVE-2025-14674MedDec 14, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in aizuda snail-job up to 1.6.0. Affected by this vulnerability is the function QLExpressEngine.doEval of the file snail-job-common/snail-job-common-core/src/main/java/com/aizuda/snailjob/common/core/expression/strategy/QLExpressEngine.java. The…

  • CVE-2025-13268MedNov 17, 2025
    risk 0.41cvss 6.3epss 0.00

    A flaw has been found in Dromara dataCompare up to 1.0.1. The affected element is the function DbConfig of the file src/main/java/com/vince/xq/project/system/dbconfig/service/DbconfigServiceImpl.java of the component JDBC URL Handler. Executing manipulation can lead to…

  • CVE-2025-11445MedOct 8, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was detected in Kilo Code up to 4.86.0. Affected is the function ClineProvider of the file src/core/webview/ClineProvider.ts of the component Prompt Handler. Performing manipulation results in injection. The attack can be initiated remotely. The exploit is now…

  • CVE-2025-27712MedNov 11, 2025
    risk 0.37cvss 5.7epss 0.00

    Improper neutralization for some Intel(R) Neural Compressor software before version v3.4 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation…

  • CVE-2026-10222MedJun 1, 2026
    risk 0.36cvss 5.6epss 0.00

    A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.30. Affected by this issue is the function _sanitize_env_lines of the file hermes_cli/config.py. The manipulation results in injection. It is possible to launch the attack remotely. The attack requires…

  • CVE-2026-7045MedApr 26, 2026
    risk 0.34cvss 6.3epss 0.00

    A vulnerability was determined in baomidou dynamic-datasource 2.5.0. Affected by this vulnerability is the function DsSpelExpressionProcessor#doDetermineDatasource of the file dynamic-datasource-spring/src/main/java/com/baomidou/dynamic/datasource/processor/DsSpelExpressionProces…

  • CVE-2026-6994MedApr 25, 2026
    risk 0.34cvss 6.3epss 0.00

    A weakness has been identified in Envoy up to 1.33.0. Affected is the function params.add of the file source/extensions/filters/http/header_mutation/header_mutation.cc of the component Query Parameter Handler. This manipulation causes injection. Remote exploitation of the attack…

  • CVE-2026-4500MedMar 20, 2026
    risk 0.34cvss 6.3epss 0.00

    A vulnerability was identified in bagofwords1 bagofwords up to 0.0.297. This impacts the function generate_df of the file backend/app/ai/code_execution/code_execution.py. Such manipulation leads to injection. The attack may be launched remotely. The exploit is publicly available…

  • CVE-2025-3805MedApr 19, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability classified as critical was found in sarrionandia tournatrack up to 4c13a23f43da5317eea4614870a7a8510fc540ec. Affected by this vulnerability is an unknown functionality of the file check_id.py of the component Jinja2 Template Handler. The manipulation of the…

  • CVE-2025-3804MedApr 19, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability classified as critical has been found in thautwarm vscode-diana 0.0.1. Affected is an unknown function of the file Gen.py of the component Jinja2 Template Handler. The manipulation leads to injection. Attacking locally is a requirement. The exploit has been…

  • CVE-2025-0697MedJan 24, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability, which was classified as problematic, was found in Telstra Smart Modem Gen 2 up to 20250115. This affects an unknown part of the component HTTP Header Handler. The manipulation of the argument Content-Disposition leads to injection. It is possible to initiate the…

  • CVE-2026-10661MedJun 2, 2026
    risk 0.21cvss 4.3epss 0.00

    A vulnerability has been found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. Impacted is the function Open of the file src/blender_mcp/server.py. The manipulation of the argument input_image_url leads to injection. Remote exploitation of the attack is…

  • CVE-2025-9797LowSep 1, 2025
    risk 0.16cvss 2.4epss 0.00

    A vulnerability was determined in mrvautin expressCart up to b31302f4e99c3293bd742c6d076a721e168118b0. This impacts an unknown function of the file /admin/product/edit/ of the component Edit Product Page. This manipulation causes injection. The attack can be initiated remotely.…

  • CVE-2022-4638Dec 21, 2022
    risk 0.00cvss epss 0.00

    A vulnerability classified as problematic was found in collective.contact.widget up to 1.12. This vulnerability affects the function title of the file src/collective/contact/widget/widgets.py. The manipulation leads to cross site scripting. The attack can be initiated remotely.…

  • CVE-2022-4396Dec 10, 2022
    risk 0.00cvss epss 0.01

    A vulnerability was found in RDFlib pyrdfa3 and classified as problematic. This issue affects the function _get_option of the file pyRdfa/__init__.py. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is…

  • CVE-2022-3801Nov 1, 2022
    risk 0.00cvss epss 0.30

    A vulnerability, which was classified as critical, was found in IBAX go-ibax. This affects an unknown part of the file /api/v2/open/rowsInfo. The manipulation of the argument order leads to sql injection. It is possible to initiate the attack remotely. The exploit has been…

  • CVE-2022-3704Oct 26, 2022
    risk 0.00cvss epss 0.01

    A vulnerability classified as problematic has been found in Ruby on Rails. This affects an unknown part of the file actionpack/lib/action_dispatch/middleware/templates/routes/_table.html.erb. The manipulation leads to cross site scripting. It is possible to initiate the attack…