VYPR

CWE-791

Incomplete Filtering of Special Elements

BaseIncomplete

Description

The product receives data from an upstream component, but does not completely filter special elements before sending it to a downstream component.

Hierarchy (View 1000)

Parents

CVEs mapped to this weakness (23)

page 1 of 2
  • CVE-2026-44232HigMay 12, 2026
    risk 0.57cvss epss 0.00

    DSSRF is a Node.js library that provides a wide range of utilities and advanced SSRF defense checks. Prior to 1.3.0, every IPv6 category bypasses is_url_safe. This vulnerability is fixed in 1.3.0.

  • CVE-2024-47590HigNov 12, 2024
    risk 0.57cvss 8.8epss 0.01

    An unauthenticated attacker can create a malicious link which they can make publicly available. When an authenticated victim clicks on this malicious link, input data will be used by the web site page generation to create content which when executed in the victim's browser (XXS)…

  • CVE-2024-45481HigMar 25, 2025
    risk 0.55cvss epss 0.00

    An Incomplete Filtering of Special Elements vulnerability in scripts using the SSH server on B&R APROL <4.4-00P5 may allow an authenticated local attacker to authenticate as another legitimate user.

  • CVE-2026-7164HigApr 30, 2026
    risk 0.49cvss 7.5epss 0.00

    Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic. Remote attackers can craft packets which cause affected systems to panic. This affects any system where pf is configured to process…

  • CVE-2024-27489HigJul 19, 2024
    risk 0.49cvss 7.5epss 0.00

    An issue in the DelFile() function of WMCMS v4.4 allows attackers to delete arbitrary files via a crafted POST request.

  • CVE-2025-6761HigJun 27, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in Kingdee Cloud-Starry-Sky Enterprise Edition 6.x/7.x/8.x/9.0. It has been rated as critical. Affected by this issue is the function plugin.buildMobilePopHtml of the file \k3\o2o\bos\webapp\action\DynamicForm 4 Action.class of the component Freemarker…

  • CVE-2026-48208MedJun 1, 2026
    risk 0.42cvss 6.5epss 0.00

    An improper neutralization of active SVG content in OTRS or ((OTRS)) Community Edition ticket article rendering allows attackers to inject specially crafted SVG payloads via email content, leading to browser-side resource exhaustion and denial of service when affected tickets…

  • CVE-2025-59303MedOct 8, 2025
    risk 0.42cvss 6.4epss 0.00

    HAProxy Kubernetes Ingress Controller before 3.1.13, when the config-snippets feature flag is used, accepts config snippets from users with create/update permissions. This can result in obtaining an ingress token secret as a response. The fixed versions of HAProxy Enterprise…

  • CVE-2026-9498MedMay 25, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in Dromara lamp-cloud up to 5.6.2. Impacted is the function GroovyClassLoader.parseClass of the component Message Template Handler. Such manipulation of the argument DefMsgTemplate.content leads to improper neutralization of special elements used…

  • CVE-2026-8740MedMay 17, 2026
    risk 0.41cvss 6.3epss 0.00

    A flaw has been found in Sanluan PublicCMS 5.202506.d. The impacted element is the function execute of the file publiccms-core/src/main/java/com/publiccms/views/directive/tools/TemplateResultDirective.java of the component templateResult API. This manipulation of the argument…

  • CVE-2026-5559MedApr 5, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha. The affected element is the function _is_safe_ast of the file sandbox.py of the component AST Validation. Such manipulation leads to improper neutralization of special elements used in a template…

  • CVE-2026-3725MedMar 8, 2026
    risk 0.41cvss 6.3epss 0.00

    A flaw has been found in 1024-lab/lab1024 SmartAdmin up to 3.29. Affected by this issue is the function freemarkerResolverContent of the file sa-base/src/main/java/net/lab1024/sa/base/module/support/mail/MailService.java of the component FreeMarker Template Handler. Executing a…

  • CVE-2025-14731MedDec 16, 2025
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in CTCMS Content Management System up to 2.1.2. This affects an unknown function in the library /ctcms/apps/libraries/CT_Parser.php of the component Frontend/Template Management Module. This manipulation causes improper neutralization of special…

  • CVE-2025-6518MedJun 23, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in PySpur-Dev pyspur up to 0.1.18. It has been classified as critical. Affected is the function SingleLLMCallNode of the file backend/pyspur/nodes/llm/single_llm_call.py of the component Jinja2 Template Handler. The manipulation of the argument…

  • CVE-2026-6984MedApr 25, 2026
    risk 0.31cvss 4.7epss 0.00

    A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function create_template of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manipulation results in improper neutralization of special elements used in a…

  • CVE-2026-5987MedApr 9, 2026
    risk 0.31cvss 4.7epss 0.00

    A security vulnerability has been detected in Sanluan PublicCMS up to 6.202506.d. This affects the function AbstractFreemarkerView.doRender of the file publiccms-parent/publiccms-core/src/main/java/com/publiccms/common/base/AbstractFreemarkerView.java of the component FreeMarker…

  • CVE-2026-2969MedFeb 23, 2026
    risk 0.31cvss 4.7epss 0.01

    A flaw has been found in datapizza-labs datapizza-ai 0.0.2. Affected is the function ChatPromptTemplate of the file datapizza-ai-core/datapizza/modules/prompt/prompt.py of the component Jinja2 Template Handler. This manipulation of the argument Prompt causes improper…

  • CVE-2025-2336MedJun 4, 2025
    risk 0.31cvss 4.8epss 0.00

    Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS's 'ngSanitize' module allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing…

  • CVE-2025-0716MedApr 29, 2025
    risk 0.31cvss 4.8epss 0.00

    Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing…

  • CVE-2025-9094MedAug 17, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was detected in ThingsBoard 4.1. This vulnerability affects unknown code of the component Add Gateway Handler. The manipulation leads to improper neutralization of special elements used in a template engine. The attack can be initiated remotely. The exploit has…