CWE-1288— Improper Validation of Consistency within Input
The product receives a complex input with multiple elements or fields that must be consistent with each other, but it does not validate or incorrectly validates that the input is actually consistent.— MITRE CWE catalog
27 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-1288page 1 of 1
- CVE-2021-41531HIGHCVSS 7.5EG 7.52021-09-21
NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if an RPKI CA uses too large values in the max-length parameter in a ROA. This will lead to RTR clients such as routers to reject the RPKI data set, effectively disabling R…
- CVE-2022-39353CRITICALCVSS 9.4EG 9.42022-11-02
xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the `childN…
- CVE-2022-50976HIGHCVSS 7.7EG 7.72026-02-02
A local attacker could cause a full device reset by resetting the device passwords using an invalid reset file via USB.
- CVE-2023-1619MEDIUMCVSS 4.9EG 4.92023-06-26
Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet.
- CVE-2023-1620MEDIUMCVSS 4.9EG 4.92023-06-26
Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime.
- CVE-2023-32701HIGHCVSS 7.1EG 7.12023-11-14
Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition.
- CVE-2023-6245HIGHCVSS 7.5EG 7.52023-12-08
The Candid library causes a Denial of Service while parsing a specially crafted payload with 'empty' data type. For example, if the payload is `record { * ; empty }` and the canister interface expects `record { * }` then the Rust candid …
- CVE-2024-12093MEDIUMCVSS 6.8EG 6.82025-05-22
An issue has been discovered in GitLab CE/EE affecting all versions from 11.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Improper XPath validation allows modified SAML response to bypass 2FA requirement under specialized…
- CVE-2024-25951HIGHCVSS 8.0EG 8.02024-03-09
A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system.
- CVE-2024-27371MEDIUMCVSS 6.7EG 6.72024-06-05
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_followup_get_nl_params(), there is no input validation check on hal_req->service_specific_info_…
- CVE-2024-27375MEDIUMCVSS 6.7EG 6.72024-06-05
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_followup_get_nl_params(), there is no input validation check on hal_req->sdea_service_specific_…
- CVE-2024-31136HIGHCVSS 7.4EG 7.42024-03-28
In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter
- CVE-2024-31140MEDIUMCVSS 4.1EG 4.12024-03-28
In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools
- CVE-2024-39515HIGHCVSS 7.5EG 7.52024-10-09
An Improper Validation of Consistency within Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specifically malformed BGP p…
- CVE-2024-5953MEDIUMCVSS 5.7EG 5.72024-06-18
A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password.
- CVE-2024-8305MEDIUMCVSS 6.5EG 6.52024-10-21
prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no primaries. This issue affects MongoDB Server …
- CVE-2025-10929MEDIUMCVSS 5.3EG 5.32025-10-30
Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables.This issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2.
- CVE-2025-2885MEDIUMCVSS 4.5EG 4.52025-03-27
Missing validation of the root metatdata version number could allow an actor to supply an arbitrary version number to the client instead of the intended version in the root metadata file, altering the version fetched by the client. Users s…
- CVE-2025-46722MEDIUMCVSS 4.2EG 4.22025-05-29
vLLM is an inference and serving engine for large language models (LLMs). In versions starting from 0.7.0 to before 0.9.0, in the file vllm/multimodal/hasher.py, the MultiModalHasher class has a security and data integrity issue in its ima…
- CVE-2025-9999HIGHCVSS 7.6EG 7.62025-09-05
Some payload elements of the messages sent between two stations in a networking architecture are not properly checked on the receiving station allowing an attacker to execute unauthorized commands in the application.
- CVE-2026-14781MEDIUMCVSS 4.8EG 4.82026-07-05
A flaw exists in the org.keycloak.broker.oidc package where the OIDC broker incorrectly synchronizes the email_verified claim. When an OIDC identity provider is configured with trustEmail=true and the userinfo endpoint is enabled, Keycloak…
- CVE-2026-31431HIGHCVSS 7.8EG 9.0⚠ KEV2026-04-22
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in oper…
- CVE-2026-31488HIGHCVSS 7.8EG 7.82026-04-22
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Do not skip unrelated mode changes in DSC validation Starting with commit 17ce8a6907f7 ("drm/amd/display: Add dsc pre-validation in atomic check"), amdg…
- CVE-2026-31709HIGHCVSS 8.8EG 8.82026-05-01
In the Linux kernel, the following vulnerability has been resolved: smb: client: validate the whole DACL before rewriting it in cifsacl build_sec_desc() and id_mode_to_cifs_acl() derive a DACL pointer from a server-supplied dacloffset an…
- CVE-2026-43001HIGHCVSS 8.0EG 7.92026-05-01
An issue was discovered in OpenStack Keystone before 29.0.2. POST /v3/credentials did not validate that the caller-supplied project_id for an EC2-type credential matched the project of the authenticating application credential. This allowe…
- CVE-2026-46117HIGHCVSS 7.8EG 7.82026-05-28
In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Remove user triggerable WARN_ON() in mana_ib_create_qp_rss() Sashiko points out that the user can specify WQs sharing the same CQ as a part of the uAPI and th…
- CVE-2026-9689MEDIUMCVSS 4.2EG 4.22026-05-27
A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers (URIs), a remote attacker can manipulate the authentication…
Map vulnerabilities like CWE-1288 to your infrastructure
EchelonGraph correlates every CVE — across CWE-1288 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →