CWE-1023— Incomplete Comparison with Missing Factors
The product performs a comparison between entities that must consider multiple factors or characteristics of each entity, but the comparison does not include one or more of these factors.— MITRE CWE catalog
11 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-1023page 1 of 1
- CVE-2021-23146HIGHCVSS 7.1EG 7.52021-11-18
An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an attacker to bypass PIV verification. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior…
- CVE-2024-5528LOWCVSS 3.5EG 3.52025-02-05
An issue was discovered in GitLab CE/EE affecting all versions prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows a subdomain takeover in GitLab Pages.
- CVE-2025-46722MEDIUMCVSS 4.2EG 4.22025-05-29
vLLM is an inference and serving engine for large language models (LLMs). In versions starting from 0.7.0 to before 0.9.0, in the file vllm/multimodal/hasher.py, the MultiModalHasher class has a security and data integrity issue in its ima…
- CVE-2025-55333MEDIUMCVSS 6.1EG 6.12025-10-14
Incomplete comparison with missing factors in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
- CVE-2025-62000HIGHCVSS 7.1EG 7.12025-12-18
BullWall Ransomware Containment may not always detect an encrypted file. This issue affects a specific file inspection method that evaluates file content based on header bytes. An authenticated attacker could encrypt files, preserving the …
- CVE-2026-4599CRITICALCVSS 9.1EG 9.12026-03-23
Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions in src/crypto-1.1.js; an attacker ca…
- CVE-2026-4748HIGHCVSS 7.5EG 7.52026-04-01
A regression in the way hashes were calculated caused rules containing the address range syntax (x.x.x.x - y.y.y.y) that only differ in the address range(s) involved to be silently dropped as duplicates. Only the first of such rules is ac…
- CVE-2026-48587MEDIUMCVSS 5.3EG 3.12026-06-03
An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.utils.cache.has_vary_header()` in Django does not strip leading or trailing whitespace from `Vary` response header values before comparison, which allows rem…
- CVE-2026-53839MEDIUMCVSS 6.5EG 6.52026-06-12
OpenClaw before 2026.5.7 contains a hostname validation vulnerability in retry endpoint checks that allows matching hostname prefixes instead of exact hostnames. Attackers can exploit this by crafting a hostname prefix resembling a trusted…
- CVE-2026-53859MEDIUMCVSS 6.5EG 6.52026-06-16
OpenClaw before 2026.5.26 contains a hostname validation vulnerability allowing attackers to bypass blocklist comparisons using trailing-dot notation in model or workspace-derived URLs. Attackers can exploit inconsistent hostname checks to…
- CVE-2026-7473MEDIUMCVSS 5.8EG 9.0⚠ KEV2026-06-05
On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface—is present, the switch will incorrectly…
Map vulnerabilities like CWE-1023 to your infrastructure
EchelonGraph correlates every CVE — across CWE-1023 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →