Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-115 (输入的错误解释) — Vulnerability Class 22

22 vulnerabilities classified as CWE-115 (输入的错误解释). AI Chinese analysis included.

CWE-115 represents a critical input validation weakness where software incorrectly interprets data, often due to encoding mismatches or improper parsing logic. Attackers typically exploit this by crafting malicious inputs that bypass security controls, such as using double-encoding to evade filters or manipulating character sets to inject code. This misinterpretation can lead to severe vulnerabilities like cross-site scripting or SQL injection, as the application processes the data differently than intended. To prevent these issues, developers must implement strict input validation and normalization strategies. Ensuring consistent encoding standards throughout the data pipeline is essential. Additionally, using parameterized queries and context-aware output encoding helps mitigate risks by treating all input as untrusted until explicitly validated, thereby closing the gap between perceived and actual data structure.

MITRE CWE Description
The product misinterprets an input, whether from an attacker or another product, in a security-relevant fashion.
Common Consequences (1)
IntegrityUnexpected State
CVE IDTitleCVSSSeverityPublished
CVE-2025-68113 ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay — altcha-lib 6.5 Medium2025-12-16
CVE-2025-54584 GitProxy is vulnerable to a packfile parsing exploit — git-proxy 6.5AIMediumAI2025-07-30
CVE-2025-5826 Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Misinterpretation of Input Vulnerability — Autel MaxiCharger AC Wallbox Commercial 8.8AIHighAI2025-06-25
CVE-2025-5747 WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpretation of Input Remote Code Execution Vulnerability — Level 2 EV Charger 8.0AIHighAI2025-06-06
CVE-2025-32908 Libsoup: denial of service on libsoup through http/2 server 7.5 High2025-04-14
CVE-2024-11169 Unhandled Exception Leading to Server Crash in danny-avila/librechat — danny-avila/librechat 7.5 -2025-03-20
CVE-2025-25069 Apache Kvrocks: Cross-Protocol Scripting Vulnerability — Apache Kvrocks 7.1 -2025-02-07
CVE-2023-32228 Bosch Ams和Bosch Bis 安全漏洞 — AMS 4.6 Medium2024-04-11
CVE-2023-32260 A potential Misinterpretation of Input vulnerability has been identified in SMAX, AMX, and HCMX products. — Service Management Automation X (SMAX) 6.5 Medium2024-03-19
CVE-2023-0880 Misinterpretation of Input in thorsten/phpmyfaq — thorsten/phpmyfaq 8.3 High2023-02-17
CVE-2022-20915 Cisco IOS XE Software IPv6 VPN over MPLS Denial of Service Vulnerability — Cisco IOS XE Software 7.4 High2022-10-10
CVE-2022-3224 Misinterpretation of Input in ionicabizau/parse-url — ionicabizau/parse-url 6.1 -2022-09-15
CVE-2022-1233 URL Confusion When Scheme Not Supplied in medialize/uri.js — medialize/uri.js 5.4 -2022-04-04
CVE-2022-21672 /etc/pki/tls and /etc/ssl/certs include distrusted certificates in make-ca — make-ca 6.5 Medium2022-01-10
CVE-2021-1587 Cisco NX-OS Software VXLAN OAM (NGOAM) Denial of Service Vulnerability — Cisco NX-OS Software 8.6 High2021-08-25
CVE-2020-27846 Crewjam Saml 安全漏洞 — crewjam/saml 9.8 -2020-12-21
CVE-2020-29509 Google Go encoding 安全漏洞 — Go 9.8 Critical2020-12-14
CVE-2020-29511 Google Go encoding 安全漏洞 — Go 9.8 Critical2020-12-14
CVE-2020-29510 Google Golang 安全漏洞 — Go 9.8 Critical2020-12-14
CVE-2018-12116 Node.js 安全漏洞 — Node.js 5.3 -2018-11-28
CVE-2018-12123 Joyent Node.js 输入验证错误漏洞 — Node.js 4.3 -2018-11-28
CVE-2018-7159 Joyent Node.js HTTP解析器输入验证错误漏洞 — Node.js 8.2 -2018-05-17

Vulnerabilities classified as CWE-115 (输入的错误解释) represent 22 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.