Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-1287 — Vulnerability Class 107

107 vulnerabilities classified as CWE-1287. AI Chinese analysis included.

CWE-1287 represents a critical input validation weakness where software fails to verify that received data matches its expected type, such as accepting a string where an integer is required. Attackers typically exploit this by injecting malformed or mismatched data types to trigger unexpected runtime errors, cause logic failures, or bypass security controls. This mismatch can expose latent vulnerabilities, allowing attackers to execute unauthorized actions or crash the application. To prevent this, developers must implement rigorous type checking mechanisms early in the input processing pipeline. Utilizing strict typing in programming languages, validating data schemas, and employing robust parsing libraries ensures that inputs conform to anticipated formats. Additionally, implementing comprehensive error handling prevents attackers from leveraging type confusion to bypass authentication or execute malicious code, thereby maintaining application integrity and security.

MITRE CWE Description
The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type. When input does not comply with the expected type, attackers could trigger unexpected errors, cause incorrect actions to take place, or exploit latent vulnerabilities that would not be possible if the input conformed with the expected type. This weakness can appear in type-unsafe programming languages, or in programming languages that support casting or conversion of an input to another type.
Common Consequences (1)
OtherVaries by Context
Mitigations (1)
ImplementationAssume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range…
Effectiveness: High
CVE IDTitleCVSSSeverityPublished
CVE-2024-12756 Avaya Spaces HTML injection (HTMLi) Vulnerability — Avaya Spaces 7.3 High2025-02-11
CVE-2025-24876 Authentication bypass via authorization code injection in SAP Approuter — SAP Approuter Node.js package 8.1 High2025-02-11
CVE-2025-24804 Partial Denial of Service (DoS) in MobSF — Mobile-Security-Framework-MobSF 6.5 -2025-02-05
CVE-2024-8125 A remote code vulnerability has been discovered in OpenText™ Content Management. — Content Management (Extended ECM) 8.8 -2025-02-04
CVE-2025-20630 Mobile crash via object that can't be cast to String in Attachment Field — Mattermost 6.5 Medium2025-01-16
CVE-2025-20621 Webapp crash via object that can't be cast to String in Attachment Field — Mattermost 6.5 Medium2025-01-16
CVE-2025-0476 Mobile crash via file with specially crafted filename — Mattermost 4.3 Medium2025-01-15
CVE-2025-20088 Insufficient Input Validation on Post Props — Mattermost 6.5 Medium2025-01-15
CVE-2025-20086 Insufficient Input Validation on Post Props — Mattermost 6.5 Medium2025-01-15
CVE-2025-21083 Insufficient Input Validation on Post Props — Mattermost 6.5 Medium2025-01-15
CVE-2025-20036 Insufficient Input Validation on Post Props — Mattermost 6.5 Medium2025-01-15
CVE-2024-48858 Vulnerabilities in TIFF and PCX Image Codecs Impact QNX Software Development Platform — QNX Software Development Platform (SDP) 7.5 High2025-01-14
CVE-2025-20033 DoS via custom post type for sysconsole plugin readers — Mattermost 4.3 Medium2025-01-09
CVE-2024-5594 OpenVPN 安全漏洞 — OpenVPN 7.5AIHighAI2025-01-06
CVE-2024-8058 Lenovo Filez 安全漏洞 — FileZ Client 7.6 High2024-12-16
CVE-2024-54083 DoS via lack of type validation in Calls — Mattermost 6.5 Medium2024-12-16
CVE-2024-51551 Default Credentials — ASPECT-Enterprise 10.0 Critical2024-12-05
CVE-2024-51550 Data Validation / Sanitization — ASPECT-Enterprise 10.0 Critical2024-12-05
CVE-2024-51546 Credentails Disclosure — ASPECT-Enterprise 7.5 High2024-12-05
CVE-2024-9404 Denial-of-Service Vulnerability — VPort 07-3 Series 7.5 High2024-12-04
CVE-2024-8403 Denial-of-Service Vulnerability in Ethernet port on MELSEC iQ-F Ethernet Module and EtherNet/IP Module — MELSEC iQ-F Series FX5-ENET 7.5 High2024-11-19
CVE-2023-29126 Insecure loose comparison in Enel X JuiceBox — JuiceBox Pro 3.0 22kW Cellular 4.2 Medium2024-11-05
CVE-2024-20494 Cisco Firepower Threat Defense和Cisco Adaptive Security Appliance 安全漏洞 — Cisco Adaptive Security Appliance (ASA) Software 8.6 High2024-10-23
CVE-2024-20408 Cisco Firepower Threat Defense和Cisco Adaptive Security Appliance 安全漏洞 — Cisco Adaptive Security Appliance (ASA) Software 7.7 High2024-10-23
CVE-2024-47504 Junos OS: SRX5000 Series: Receipt of a specific malformed packet will cause a flowd crash — Junos OS 7.5 High2024-10-11
CVE-2024-1578 Multiple MiCard PLUS card reader dropped characters — MiCard PLUS Ci 8.2 -2024-09-16
CVE-2024-4879 Jelly Template Injection Vulnerability in ServiceNow UI Macros — Now Platform 9.8 Critical2024-07-10
CVE-2024-6298 remote code execution — ASPECT-Enterprise 10.0 Critical2024-07-05
CVE-2023-47726 IBM QRadar Suite improper input validation — QRadar Suite Software 7.1 High2024-06-18
CVE-2024-35213 Vulnerability in SGI Image Codec Impacts BlackBerry QNX Software Development Platform (SDP) — QNX Software Development Platform (SDP) 9.0 Critical2024-06-11

Vulnerabilities classified as CWE-1287 represent 107 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.