Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-241 (非预期数据类型处理不恰当) — Vulnerability Class 27

27 vulnerabilities classified as CWE-241 (非预期数据类型处理不恰当). AI Chinese analysis included.

CWE-241 represents a critical input validation weakness where software fails to properly manage unexpected data types, such as receiving a character when a numeric value is anticipated. Attackers typically exploit this vulnerability by injecting malformed or type-mismatched data into application inputs, potentially triggering unhandled exceptions, logic errors, or unexpected system states that can lead to denial of service or further code execution. To mitigate this risk, developers must implement rigorous input validation mechanisms that strictly enforce expected data types before processing. This includes using robust parsing libraries, implementing explicit type checking, and applying defensive programming practices that gracefully handle or reject anomalous inputs. By ensuring the application only accepts data conforming to predefined schemas, organizations can prevent type confusion attacks and maintain system integrity against malformed data exploitation.

MITRE CWE Description
The product does not handle or incorrectly handles when a particular element is not the expected type, e.g. it expects a digit (0-9) but is provided with a letter (A-Z).
Common Consequences (1)
Integrity, OtherVaries by Context, Unexpected State
Mitigations (2)
ImplementationAssume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range…
ImplementationInputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
CVE IDTitleCVSSSeverityPublished
CVE-2025-66550 Nextcloud Calendar attachments of local files are offered to downloaded — security-advisories 5.7 Medium2025-12-05
CVE-2024-21935 AMD Instinct MI300X accelerators 安全漏洞 — AMD Instinct™ MI300X 5.0 Medium2025-09-23
CVE-2024-21927 AMD Instinct MI300X accelerators 安全漏洞 — AMD Instinct™ MI300X 5.0 Medium2025-09-23
CVE-2025-7339 on-headers vulnerable to http response header manipulation — on-headers 3.4 Low2025-07-17
CVE-2025-2268 HP LaserJet MFP M232-M237 Printer Series - Potential Denial of Service — HP LaserJet MFP M232-M237 Printer Series 7.5 -2025-03-14
CVE-2025-1004 Certain HP LaserJet Pro Printers – Potential Denial of Service — Certain HP LaserJet Pro Printers 7.5 -2025-02-06
CVE-2024-9423 Certain HP LaserJet Printers – Potential Denial of Service — Certain HP LaserJet Printers 5.3 Medium2024-10-02
CVE-2024-37316 Nextcloud Calendar's event create can create attachments that link to other websites — security-advisories 4.6 Medium2024-06-14
CVE-2024-25966 Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS 5.3 Medium2024-05-14
CVE-2024-0151 ARM Cortex-M Security Extensions 安全漏洞 — Arm v8-M Security Extensions Requirements on Development Tools 8.1AIHighAI2024-04-24
CVE-2023-30591 NodeBB Pre-Authentication Denial-of-Service — NodeBB 7.5 High2023-09-29
CVE-2023-5215 Libnbd: crash or misbehaviour when nbd server returns an unexpected block size — Red Hat Enterprise Linux 9 5.3 Medium2023-09-28
CVE-2023-28961 Junos OS: ACX Series: IPv6 firewall filter is not installed in PFE when "from next-header ah" is used — Junos OS 5.8 Medium2023-04-17
CVE-2022-22219 Junos OS and Junos OS Evolved: RPD core upon receipt of a specific EVPN route by a BGP route reflector in an EVPN environment — Junos OS 5.9 Medium2022-10-18
CVE-2022-39064 IKEA TRÅDFRI smart lighting 安全漏洞 — TRÅDFRI smart lighting system 8.1 -2022-10-14
CVE-2022-39065 IKEA TRÅDFRI smart lighting 安全漏洞 — TRÅDFRI gateway system 6.5 -2022-10-14
CVE-2022-3029 Fatal error on incorrect base64 data in RRDP — Routinator 7.5 -2022-09-13
CVE-2022-1642 Apple Swift 代码问题漏洞 — Swift Corelib-Foundation 7.5 -2022-06-16
CVE-2022-29181 Improper Handling of Unexpected Data Type in Nokogiri — nokogiri 8.2 High2022-05-20
CVE-2022-20730 Cisco Firepower Threat Defense Software Security Intelligence DNS Feed Bypass Vulnerability — Cisco Firepower Threat Defense Software 4.0 Medium2022-05-03
CVE-2022-22193 Junos OS and Junos OS Evolved: In a BGP rib-sharding scenario when a certain CLI command is executed the rpd process might crash — Junos OS 5.5 Medium2022-04-14
CVE-2022-24668 swift-nio-http2 安全漏洞 — SwiftNIO HTTP2 7.5 -2022-02-09
CVE-2021-40116 Multiple Cisco Products Snort Rule Denial of Service Vulnerability — Cisco Firepower Threat Defense Software 8.6 High2021-10-27
CVE-2021-39131 Improper Handling of Unexpected Data Type in ced — ced 7.5 High2021-08-17
CVE-2021-32696 Passing in a non-string 'html' argument can lead to unsanitized output — striptags 3.7 Low2021-06-18
CVE-2021-32655 Files Drop public link can be added as federated share — security-advisories 3.5 Low2021-06-01
CVE-2021-0243 Junos OS: EX4300: Stateless firewall policer fails to discard traffic — Junos OS 4.7 Medium2021-04-22

Vulnerabilities classified as CWE-241 (非预期数据类型处理不恰当) represent 27 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.