Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-358 (不恰当实现的标准安全检查) — Vulnerability Class 70

70 vulnerabilities classified as CWE-358 (不恰当实现的标准安全检查). AI Chinese analysis included.

CWE-358 represents a critical implementation flaw where developers fail to correctly execute security checks mandated by established standards, protocols, or algorithms. This weakness typically arises when engineers misunderstand complex specifications or attempt to optimize performance by skipping mandatory validation steps, resulting in a system that appears compliant but lacks actual security. Attackers exploit this gap by crafting inputs that bypass the incomplete checks, effectively neutralizing intended protections such as authentication mechanisms or data integrity verifications. To prevent CWE-358, developers must rigorously adhere to standardized guidelines, utilizing automated testing tools that verify compliance with specific protocol requirements. Comprehensive code reviews focusing on security-critical paths and staying updated with the latest standard revisions ensure that all mandated checks are implemented accurately, thereby closing the vulnerability window before deployment.

MITRE CWE Description
The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.
Common Consequences (1)
Access ControlBypass Protection Mechanism
CVE IDTitleCVSSSeverityPublished
CVE-2025-31983 HCL BigFix Service Management (SM) is affected by a security misconfiguration vulnerability due to CSP header — BigFix Service Management (SM) 3.7 Low2026-05-06
CVE-2025-31970 HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability — DFXAnalytics 5.3 Medium2026-05-06
CVE-2026-22618 Eaton Intelligent Power Protector 安全漏洞 — IPP software 5.9 Medium2026-04-16
CVE-2026-35679 Zcash 安全特征问题漏洞 — zcashd 3.5 Low2026-04-05
CVE-2026-2645 Acceptance of CertificateVerify Message before ClientKeyExchange in TLS 1.2 — wolfSSL 7.5 -2026-03-19
CVE-2025-13333 IBM WebSphere Application Server could provide weaker than expected security — WebSphere Application Server 4.4 Medium2026-02-17
CVE-2026-1486 Org.keycloak.protocol.oidc.grants: disabled identity providers are still accepted for jwt authorization grant — Red Hat build of Keycloak 26.4 8.8 High2026-02-09
CVE-2025-66600 Yokogawa FAST/TOOLS 安全漏洞 — FAST/TOOLS 6.8AIMediumAI2026-02-09
CVE-2025-66601 Yokogawa FAST/TOOLS 安全漏洞 — FAST/TOOLS 8.3AIHighAI2026-02-09
CVE-2025-66603 Yokogawa FAST/TOOLS 安全漏洞 — FAST/TOOLS 8.2AIHighAI2026-02-09
CVE-2025-66607 Yokogawa FAST/TOOLS 安全漏洞 — FAST/TOOLS 6.1AIMediumAI2026-02-09
CVE-2025-69234 Naver Whale Browser 安全漏洞 — NAVER Whale browser 6.1 -2025-12-30
CVE-2025-62002 BullWall Ransomware Containment file count detection bypass — Ransomware Containment 4.3 Medium2025-12-18
CVE-2025-66323 Huawei HarmonyOS 安全漏洞 — HarmonyOS 5.3 Medium2025-12-08
CVE-2025-58308 Huawei HarmonyOS 安全漏洞 — HarmonyOS 7.3 High2025-11-28
CVE-2025-62585 Naver Whale Browser 安全漏洞 — NAVER Whale browser 5.3AIMediumAI2025-10-16
CVE-2025-62583 Naver Whale Browser 安全漏洞 — NAVER Whale browser 9.3AICriticalAI2025-10-16
CVE-2025-25255 Fortinet FortiOS和Fortinet FortiProxy 安全特征问题漏洞 — FortiOS 4.8 Medium2025-10-14
CVE-2025-31969 HCL Unica Platform is impacted by misconfigured Content Security Policy (CSP) — Unica Platform 4.0 Medium2025-10-12
CVE-2025-59147 Suricata is Vulnerable to Detection Bypass via Crafted Multiple SYN Packets — suricata 7.5 High2025-10-01
CVE-2025-10457 Bluetooth: Out-Of-Context le_conn_rsp Handling — Zephyr 4.3 Medium2025-09-19
CVE-2025-8204 Comodo Dragon HSTS security check — Dragon 3.1 Low2025-07-26
CVE-2024-55599 Fortinet FortiOS和Fortinet FortiProxy 安全特征问题漏洞 — FortiOS 4.9 Medium2025-07-08
CVE-2025-49011 SpiceDB checks involving relations with caveats can result in no permission when permission is expected — spicedb 3.7 Low2025-06-06
CVE-2021-26105 Fortinet FortiSandbox 安全漏洞 — FortiSandbox 6.4 Medium2025-03-24
CVE-2020-9295 Fortinet FortiClient 和 FortiOS 安全漏洞 — FortiClientWindows 4.7 Medium2025-03-17
CVE-2025-21267 Microsoft Edge (Chromium-based) Spoofing Vulnerability — Microsoft Edge (Chromium-based) 4.4 Medium2025-02-06
CVE-2024-12056 Client Secret not checked with OAuth Password grant type — PcVue 8.8 -2024-12-04
CVE-2024-33510 Fortinet FortiOS和FortiProxy 安全特征问题漏洞 — FortiOS 3.6 Medium2024-11-12
CVE-2024-36511 Fortinet FortiADC 安全特征问题漏洞 — FortiADC 3.4 Low2024-09-10

Vulnerabilities classified as CWE-358 (不恰当实现的标准安全检查) represent 70 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.