CWE-697— Incorrect Comparison
The product compares two entities in a security-relevant context, but the comparison is incorrect.— MITRE CWE catalog
158 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-697page 4 of 4
- CVE-2026-44196CRITICALCVSS 9.1EG 9.12026-05-12
Pingvin Share X is a secure and easy self-hosted file sharing platform. From 1.14.1 to 1.16.2, a critical authentication bypass vulnerability allows an attacker who has obtained a valid username and password to skip the second-factor authe…
- CVE-2026-44249HIGHCVSS 8.1EG 8.12026-06-08
Netty is a network application framework for development of protocol servers and clients. In netty-handler prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can bypass IPv6 subnet rules due to an incorrect masking operation in …
- CVE-2026-45567HIGHCVSS 8.3EG 8.32026-06-10
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, there is an authentication bypass vulnerability via 'api' substring in URL + unauthenticated /api/gpt. At time of publica…
- CVE-2026-45569HIGHCVSS 8.1EG 8.12026-06-10
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, ommit d4d10006 ("Expand validation to block .. in config_file_name and configver for improved security") added a line in …
- CVE-2026-47202CRITICALCVSS 9.3EG 9.32026-05-26
Kavita is a cross platform reading server. Prior to 0.9.0.2, an Improper Token validation flaw permits a remote and unauthenticated threat actor to request a JWT for any user including admins given knowledge of their username. This vulnera…
- CVE-2026-49340HIGHCVSS 8.1EG 8.12026-06-19
gonic is a music streaming server / free-software subsonic server API implementation. Prior to version 0.21.0, a logic error in `ServeCreateOrUpdatePlaylist` allows any authenticated Subsonic user (including non-admin) to write playlist M3…
- CVE-2026-59890MEDIUMCVSS 6.1EG 6.12026-07-08
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compi…
- CVE-2026-9369MEDIUMCVSS 5.3EG 5.32026-05-24
A security flaw has been discovered in NousResearch hermes-agent 2026.4.23. Affected is the function _discover_dashboard_plugins of the file hermes_cli/web_server.py of the component CLI web-dashboard Interface. Performing a manipulation o…
Map vulnerabilities like CWE-697 to your infrastructure
EchelonGraph correlates every CVE — across CWE-697 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →