Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-1287 — Vulnerability Class 107

107 vulnerabilities classified as CWE-1287. AI Chinese analysis included.

CWE-1287 represents a critical input validation weakness where software fails to verify that received data matches its expected type, such as accepting a string where an integer is required. Attackers typically exploit this by injecting malformed or mismatched data types to trigger unexpected runtime errors, cause logic failures, or bypass security controls. This mismatch can expose latent vulnerabilities, allowing attackers to execute unauthorized actions or crash the application. To prevent this, developers must implement rigorous type checking mechanisms early in the input processing pipeline. Utilizing strict typing in programming languages, validating data schemas, and employing robust parsing libraries ensures that inputs conform to anticipated formats. Additionally, implementing comprehensive error handling prevents attackers from leveraging type confusion to bypass authentication or execute malicious code, thereby maintaining application integrity and security.

MITRE CWE Description
The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type. When input does not comply with the expected type, attackers could trigger unexpected errors, cause incorrect actions to take place, or exploit latent vulnerabilities that would not be possible if the input conformed with the expected type. This weakness can appear in type-unsafe programming languages, or in programming languages that support casting or conversion of an input to another type.
Common Consequences (1)
OtherVaries by Context
Mitigations (1)
ImplementationAssume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range…
Effectiveness: High
CVE IDTitleCVSSSeverityPublished
CVE-2026-33806 fastify vulnerable to Body Schema Validation Bypass via Leading Space in Content-Type Header — fastify 7.5 High2026-04-15
CVE-2019-25596 SpotAuditor 5.2.6 Name Field Denial of Service — SpotAuditor 6.2 Medium2026-03-22
CVE-2026-2092 Keycloak-services: keycloak: unauthorized access via improper validation of encrypted saml assertions — Red Hat build of Keycloak 26.2 7.7 High2026-03-18
CVE-2026-2454 DoS in Calls plugin via malformed msgpack in websocket request. — Mattermost 5.8 Medium2026-03-16
CVE-2026-25783 Denial of service via malformed User-Agent header in getBrowserVersion — Mattermost 4.3 Medium2026-03-16
CVE-2026-20074 Cisco IOS XR Software Multi-Instance Intermediate System-to-Intermediate System Denial of Service Vulnerability — Cisco IOS XR Software 7.4 High2026-03-11
CVE-2026-26115 SQL Server Elevation of Privilege Vulnerability — Microsoft SQL Server 2016 Service Pack 3 (GDR) 8.8 High2026-03-10
CVE-2026-25179 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability — Windows 10 Version 1607 7.0 High2026-03-10
CVE-2026-2004 PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code — PostgreSQL 8.8 High2026-02-12
CVE-2026-2003 PostgreSQL oidvector discloses a few bytes of memory — PostgreSQL 4.3 Medium2026-02-12
CVE-2026-20119 Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability — Cisco RoomOS Software 7.5 High2026-02-04
CVE-2026-24307 M365 Copilot Information Disclosure Vulnerability — Microsoft 365 Copilot 9.3 Critical2026-01-22
CVE-2025-53627 Meshtastic firmware allows forged DMs with no PKC to show up as encrypted — firmware 5.3 Medium2025-12-29
CVE-2025-12689 DoS in Calls plugin via malformed UTF-8 in WebSocket request — Mattermost 6.5 Medium2025-12-17
CVE-2025-13352 Mattermost GitHub Plugin allows unauthorized GitHub reactions via reaction forwarding hijacking — Mattermost 3.0 Low2025-12-17
CVE-2024-2105 JBL: Improper validation of ICM field in connection requests — Flip 5 6.5 Medium2025-12-10
CVE-2025-32901 KDE Connect 安全漏洞 — KDEConnect 4.3 Medium2025-12-05
CVE-2025-20756 MediaTek Chipsets 安全漏洞 — MT2735, MT6833, MT6833P, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8673, MT8675, MT8676, MT8678, MT8755, MT8771, MT8791, MT8791T, MT8792, MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893 7.5AIHighAI2025-12-02
CVE-2025-41729 DoS via Modbus Read Command — UMG 96-PA 7.5 High2025-11-24
CVE-2025-9524 AXIS OS 安全漏洞 — AXIS OS 4.3 Medium2025-11-11
CVE-2025-8108 AXIS OS 安全漏洞 — AXIS OS 6.7 Medium2025-11-11
CVE-2025-6298 AXIS OS 安全漏洞 — AXIS OS 6.7 Medium2025-11-11
CVE-2025-4645 AXIS OS 安全漏洞 — AXIS OS 6.7 Medium2025-11-11
CVE-2025-59275 Windows Authentication Elevation of Privilege Vulnerability — Windows 10 Version 1507 7.8 High2025-10-14
CVE-2025-59278 Windows Authentication Elevation of Privilege Vulnerability — Windows 10 Version 1507 7.8 High2025-10-14
CVE-2025-58729 Windows Local Session Manager (LSM) Denial of Service Vulnerability — Windows 10 Version 1507 6.5 Medium2025-10-14
CVE-2025-59277 Windows Authentication Elevation of Privilege Vulnerability — Windows 10 Version 1507 7.8 High2025-10-14
CVE-2025-59259 Windows Local Session Manager (LSM) Denial of Service Vulnerability — Windows 10 Version 1507 6.5 Medium2025-10-14
CVE-2025-59257 Windows Local Session Manager (LSM) Denial of Service Vulnerability — Windows 11 Version 24H2 6.5 Medium2025-10-14
CVE-2025-55701 Windows Authentication Elevation of Privilege Vulnerability — Windows 10 Version 1507 7.8 High2025-10-14

Vulnerabilities classified as CWE-1287 represent 107 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.