The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.
123 vulnerabilities with CWE-1287
CVE-2026-29645
HIGH
NEMU <v2025.12.r2 - Instruction Validation Flaw
CVSS 7.5
CVE-2026-33806
HIGH
fastify vulnerable to Body Schema Validation Bypass via Leading Space in Content-Type Header
CVSS 7.5
CVE-2026-2092
HIGH
Keycloak-services: keycloak: unauthorized access via improper validation of encrypted saml assertions
CVSS 7.7
CVE-2026-2454
MEDIUM
DoS in Calls plugin via malformed msgpack in websocket request.
CVSS 5.8
CVE-2026-25783
MEDIUM
Denial of service via malformed User-Agent header in getBrowserVersion
CVSS 4.3
CVE-2026-20074
HIGH
Cisco IOS XR - DoS
CVSS 7.4
CVE-2026-26115
HIGH
SQL Server - Privilege Escalation
CVSS 8.8
CVE-2026-25179
HIGH
Windows AFD for WinSock - Privilege Escalation
CVSS 7.0
CVE-2026-29788
HIGH
TSPortal <30 - Auth Bypass
CVSS 7.5
CVE-2026-2004
HIGH
PostgreSQL <18.2, 17.8, 16.12, 15.16, 14.21 - RCE
CVSS 8.8
CVE-2026-2003
MEDIUM
PostgreSQL <18.2-14.21 - Info Disclosure
CVSS 4.3
CVE-2026-20119
HIGH
Cisco TelePresence CE/RoomOS - DoS
CVSS 7.5
CVE-2026-24307
CRITICAL
M365 Copilot - Info Disclosure
CVSS 9.3
CVE-2025-53627
MEDIUM
Meshtastic <2.5 - Info Disclosure
CVSS 5.3
CVE-2025-12689
MEDIUM
Mattermost <11.0.4, <10.12.2, <10.11.6 - DoS
CVSS 6.5
CVE-2025-13352
LOW
Mattermost <10.11.7 - RCE
CVSS 3.0
CVE-2025-32901
MEDIUM
KDE Connect <1.33.0 - DoS
CVSS 4.3
CVE-2025-20756
MEDIUM
Mediatek Nr15 - Denial of Service
CVSS 6.5
CVE-2025-60633
MEDIUM
Free5GC <4.0.1 - DoS
CVSS 6.5
CVE-2025-12977
CRITICAL
Fluent Bit - Path Traversal
CVSS 9.1
CVE-2025-41729
HIGH
Modbus <unknown> - DoS
CVSS 7.5
CVE-2025-9524
MEDIUM
VAPIX API - Buffer Overflow
CVSS 4.3
CVE-2025-8108
MEDIUM
Axis OS < 12.7.33 - Privilege Escalation
CVSS 6.7
CVE-2025-6298
MEDIUM
ACAP - Privilege Escalation
CVSS 6.7
CVE-2025-4645
MEDIUM
Axis ACAP - Code Injection
CVSS 6.7
Details
Vulnerabilities
123