Threats Tagged 'cwe-1287'
View all threats tagged with 'cwe-1287'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cwe-1287'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-44935: CWE-1287 Improper validation of specified type of input in SUSE RancherCVE-2026-44935 0 Missing validation of "valuesFrom" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants. Join the discussion | CVE Database V5 | 07/02/2026, 16:00:06 UTC Added: 07/02/2026, 18:06:47 UTC |
CVE-2026-54235: CWE-1287: Improper Validation of Specified Type of Input in vllm-project vllmCVE-2026-54235 0 vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, ll temperature validation gates use comparison operators (<, >), which silently evaluate to False for NaN and for positive Infinity in Python's IEEE 754 float semantics. Both values pass every guard and propagate to GPU sampling kernels, where they produce undefined behavior or CUDA errors that can crash the inference worker. This vulnerability is fixed in 0.23.1rc0. Join the discussion | CVE Database V5 | 06/22/2026, 21:59:02 UTC Added: 06/22/2026, 22:39:45 UTC |
CVE-2026-10825: CWE-1287: Improper Validation of Specified Type of Input in Moxa NPort 6000-G2 SeriesCVE-2026-10825 0 A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged authenticated attacker can send a specially crafted request that causes service disruption and may result in an unexpected device reboot. Join the discussion | CVE Database V5 | 06/16/2026, 08:51:57 UTC Added: 06/16/2026, 13:15:51 UTC |
CVE-2026-9753: CWE-1287 Improper validation of specified type of input in MongoDB MongoDB ServerCVE-2026-9753 0 The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to return memory out-of-bounds or crash the server. $_internalApplyOplogUpdate can be executed by any authenticated user with access to the aggregate command. Join the discussion | CVE Database V5 | 06/09/2026, 22:30:57 UTC Added: 06/09/2026, 22:55:45 UTC |
CVE-2026-9742: CWE-1287 Improper validation of specified type of input in MongoDB MongoDB ServerCVE-2026-9742 0 When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of the "authenticate" command that lead to server crash. The authenticate command is accessible to unauthenticated clients, leading to pre-auth denial-of-service in affected product configurations. Join the discussion | CVE Database V5 | 06/09/2026, 21:57:46 UTC Added: 06/09/2026, 22:25:56 UTC |
CVE-2024-6858: CWE-1287 Improper validation of specified type of input in Arista Networks EOSCVE-2024-6858 0 CVE-2024-6858 is a medium severity vulnerability in Arista Networks EOS affecting versions 4.28.10, 4.29.0, 4.30.0, and 4.31.0. When operating in 802.1X mode, multi-authentication unauthenticated hosts might gain access to a switch port if an EAPOL capable device exists in the fallback VLAN. This improper validation of input type could lead to unauthorized network access. No official patch or remediation guidance has been provided yet. Join the discussion | CVE Database V5 | 06/04/2026, 21:51:08 UTC Added: 06/04/2026, 22:04:20 UTC |
CVE-2026-49941: CWE-1287 Improper Validation of Specified Type of Input in RRWO Net::CIDR::SetCVE-2026-49941 0 Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses. The add method called the _encode method to parse addresses. If the addresses did not look like netmasks or network ranges, then they were assumed to single IP addresses and passed back to itself as a 32-bit or 128-bit netmask. If the argument was not a well-formed IP address, then this would lead to indefinite recursion. An attacker could use this to cause a denial of service. Join the discussion | CVE Database V5 | 06/04/2026, 16:07:20 UTC Added: 06/04/2026, 16:48:45 UTC |
Showing 1 to 7 of 7 results