6 vulnerabilities classified as CWE-172 (编码错误). AI Chinese analysis included.
CWE-172 represents an encoding error weakness where software fails to correctly encode or decode data, leading to unexpected values that disrupt intended processing. This flaw is typically exploited when attackers manipulate input data to bypass security controls or trigger unintended application behaviors, such as injection attacks or logic errors, by exploiting the mismatch between expected and actual data formats. Developers can avoid this vulnerability by implementing robust input validation and ensuring consistent encoding standards throughout the data lifecycle. Utilizing established libraries for encoding and decoding operations, rather than custom implementations, helps prevent manual errors. Additionally, thorough testing with diverse input scenarios and adhering to strict data type definitions ensures that all data is processed correctly, maintaining integrity and preventing exploitation through malformed or incorrectly encoded information.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-27110 | Libmodsecurity3 has possible bypass of encoded HTML entities — ModSecurity | 5.3 | - | 2025-02-25 |
| CVE-2024-48909 | SpiceDB calls to LookupResources using LookupResources2 with caveats may return context is missing when it is not — spicedb | 2.0 | Low | 2024-10-14 |
| CVE-2021-33604 | Reflected cross-site scripting in development mode handler in Vaadin 14, 15-19 — Vaadin | 2.5 | Low | 2021-06-24 |
| CVE-2019-12677 | Cisco Adaptive Security Appliance Software SSL VPN Denial of Service Vulnerability — Cisco Adaptive Security Appliance (ASA) Software | 6.5 | - | 2019-10-02 |
| CVE-2019-10153 | fence-agents 安全漏洞 — fence-agents | 5.0 | - | 2019-07-30 |
| CVE-2019-10160 | Python 信任管理问题漏洞 — python | 9.8 | - | 2019-06-07 |
Vulnerabilities classified as CWE-172 (编码错误) represent 6 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.