Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.

Threats Tagged 'cwe-1287'

View all threats tagged with 'cwe-1287'. Filter and sort to focus on specific types of threats.

Pro Console Lifetime

Stop chasing alerts. Route them.

Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.

Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)

View Plans & Pricing

API access activates after upgrading in Console -> Billing.

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

Filter Threats

Narrow down the results by type, severity, or affected countries

Search threats by title, CVE ID, or description. Maximum 100 characters.
Active filters (1):Tag: cwe-1287

Threats Tagged 'cwe-1287'

Click on any threat for detailed analysis and mitigation recommendations

CVE-2026-44935: CWE-1287 Improper validation of specified type of input in SUSE RancherCVE-2026-44935
0

Missing validation of "valuesFrom" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants.

Join the discussion
CVE-2026-54235: CWE-1287: Improper Validation of Specified Type of Input in vllm-project vllmCVE-2026-54235
0

vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, ll temperature validation gates use comparison operators (<, >), which silently evaluate to False for NaN and for positive Infinity in Python's IEEE 754 float semantics. Both values pass every guard and propagate to GPU sampling kernels, where they produce undefined behavior or CUDA errors that can crash the inference worker. This vulnerability is fixed in 0.23.1rc0.

Join the discussion
CVE-2026-10825: CWE-1287: Improper Validation of Specified Type of Input in Moxa NPort 6000-G2 SeriesCVE-2026-10825
0

A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged authenticated attacker can send a specially crafted request that causes service disruption and may result in an unexpected device reboot.

Join the discussion
CVE-2026-9753: CWE-1287 Improper validation of specified type of input in MongoDB MongoDB ServerCVE-2026-9753
0

The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to return memory out-of-bounds or crash the server. $_internalApplyOplogUpdate can be executed by any authenticated user with access to the aggregate command.

Join the discussion
CVE-2026-9742: CWE-1287 Improper validation of specified type of input in MongoDB MongoDB ServerCVE-2026-9742
0

When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of the "authenticate" command that lead to server crash. The authenticate command is accessible to unauthenticated clients, leading to pre-auth denial-of-service in affected product configurations.

Join the discussion
CVE-2024-6858: CWE-1287 Improper validation of specified type of input in Arista Networks EOSCVE-2024-6858
0

CVE-2024-6858 is a medium severity vulnerability in Arista Networks EOS affecting versions 4.28.10, 4.29.0, 4.30.0, and 4.31.0. When operating in 802.1X mode, multi-authentication unauthenticated hosts might gain access to a switch port if an EAPOL capable device exists in the fallback VLAN. This improper validation of input type could lead to unauthorized network access. No official patch or remediation guidance has been provided yet.

Join the discussion
CVE-2026-49941: CWE-1287 Improper Validation of Specified Type of Input in RRWO Net::CIDR::SetCVE-2026-49941
0

Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses. The add method called the _encode method to parse addresses. If the addresses did not look like netmasks or network ranges, then they were assumed to single IP addresses and passed back to itself as a 32-bit or 128-bit netmask. If the argument was not a well-formed IP address, then this would lead to indefinite recursion. An attacker could use this to cause a denial of service.

Join the discussion

Showing 1 to 7 of 7 results

Filters:Tag: cwe-1287
Page 1 of 1
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses