Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CWE-1287 — Vulnerability Class 112

112 vulnerabilities classified as CWE-1287. AI Chinese analysis included.

CWE-1287 represents a critical input validation weakness where software fails to verify that received data matches its expected type, such as accepting a string where an integer is required. Attackers typically exploit this by injecting malformed or mismatched data types to trigger unexpected runtime errors, cause logic failures, or bypass security controls. This mismatch can expose latent vulnerabilities, allowing attackers to execute unauthorized actions or crash the application. To prevent this, developers must implement rigorous type checking mechanisms early in the input processing pipeline. Utilizing strict typing in programming languages, validating data schemas, and employing robust parsing libraries ensures that inputs conform to anticipated formats. Additionally, implementing comprehensive error handling prevents attackers from leveraging type confusion to bypass authentication or execute malicious code, thereby maintaining application integrity and security.

MITRE CWE Description
The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type. When input does not comply with the expected type, attackers could trigger unexpected errors, cause incorrect actions to take place, or exploit latent vulnerabilities that would not be possible if the input conformed with the expected type. This weakness can appear in type-unsafe programming languages, or in programming languages that support casting or conversion of an input to another type.
Common Consequences (1)
OtherVaries by Context
Mitigations (1)
ImplementationAssume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range…
Effectiveness: High
CVE IDTitleCVSSSeverityPublished
CVE-2026-40851 Command injection via USB — mbNET/mbNET.rokey 8.4 High2026-05-27
CVE-2026-9521 fraillt bitsery std_smart_ptr.h loadFromSharedState improper validation of specified type of input — bitsery 7.3 High2026-05-26
CVE-2026-4646 Insufficient input validation in GitHub plugin API causes denial of service — Mattermost 4.3 Medium2026-05-22
CVE-2026-7887 For Concrete CMS 9.5.0 and below, OAuth 2.0 Authorization-Code Handler Bypasses Account Status — Concrete CMS--2026-05-21
CVE-2026-0802 AXIS OS 安全漏洞 — AXIS OS 6.0 Medium2026-05-12
CVE-2026-33806 fastify vulnerable to Body Schema Validation Bypass via Leading Space in Content-Type Header — fastify 7.5 High2026-04-15
CVE-2019-25596 SpotAuditor 5.2.6 Name Field Denial of Service — SpotAuditor 6.2 Medium2026-03-22
CVE-2026-2092 Keycloak-services: keycloak: unauthorized access via improper validation of encrypted saml assertions — Red Hat build of Keycloak 26.2 7.7 High2026-03-18
CVE-2026-2454 DoS in Calls plugin via malformed msgpack in websocket request. — Mattermost 5.8 Medium2026-03-16
CVE-2026-25783 Denial of service via malformed User-Agent header in getBrowserVersion — Mattermost 4.3 Medium2026-03-16
CVE-2026-20074 Cisco IOS XR Software Multi-Instance Intermediate System-to-Intermediate System Denial of Service Vulnerability — Cisco IOS XR Software 7.4 High2026-03-11
CVE-2026-26115 SQL Server Elevation of Privilege Vulnerability — Microsoft SQL Server 2016 Service Pack 3 (GDR) 8.8 High2026-03-10
CVE-2026-25179 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability — Windows 10 Version 1607 7.0 High2026-03-10
CVE-2026-2004 PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code — PostgreSQL 8.8 High2026-02-12
CVE-2026-2003 PostgreSQL oidvector discloses a few bytes of memory — PostgreSQL 4.3 Medium2026-02-12
CVE-2026-20119 Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability — Cisco RoomOS Software 7.5 High2026-02-04
CVE-2026-24307 M365 Copilot Information Disclosure Vulnerability — Microsoft 365 Copilot 9.3 Critical2026-01-22
CVE-2025-53627 Meshtastic firmware allows forged DMs with no PKC to show up as encrypted — firmware 5.3 Medium2025-12-29
CVE-2025-12689 DoS in Calls plugin via malformed UTF-8 in WebSocket request — Mattermost 6.5 Medium2025-12-17
CVE-2025-13352 Mattermost GitHub Plugin allows unauthorized GitHub reactions via reaction forwarding hijacking — Mattermost 3.0 Low2025-12-17
CVE-2024-2105 JBL: Improper validation of ICM field in connection requests — Flip 5 6.5 Medium2025-12-10
CVE-2025-32901 KDE Connect 安全漏洞 — KDEConnect 4.3 Medium2025-12-05
CVE-2025-20756 MediaTek Chipsets 安全漏洞 — MT2735, MT6833, MT6833P, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8673, MT8675, MT8676, MT8678, MT8755, MT8771, MT8791, MT8791T, MT8792, MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893 7.5AIHighAI2025-12-02
CVE-2025-41729 DoS via Modbus Read Command — UMG 96-PA 7.5 High2025-11-24
CVE-2025-9524 AXIS OS 安全漏洞 — AXIS OS 4.3 Medium2025-11-11
CVE-2025-8108 AXIS OS 安全漏洞 — AXIS OS 6.7 Medium2025-11-11
CVE-2025-6298 AXIS OS 安全漏洞 — AXIS OS 6.7 Medium2025-11-11
CVE-2025-4645 AXIS OS 安全漏洞 — AXIS OS 6.7 Medium2025-11-11
CVE-2025-59278 Windows Authentication Elevation of Privilege Vulnerability — Windows 10 Version 1507 7.8 High2025-10-14
CVE-2025-59275 Windows Authentication Elevation of Privilege Vulnerability — Windows 10 Version 1507 7.8 High2025-10-14

Vulnerabilities classified as CWE-1287 represent 112 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.