Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-436

CWE-436

Interpretation Conflict

Parent: CWE-435 - Improper Interaction Between Multiple Correctly-Behaving Entities

Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.

109 vulnerabilities with CWE-436

CVE-2026-27444 HIGH

SEPPmail Secure Email Gateway <15.0.1 - Auth Bypass

CVE-2026-27896 HIGH

modelcontextprotocol/go-sdk < 1.3.1 - JSON-RPC Field Case Sensitivity Bypass via Non-Standard Casing

CVE-2026-0958 HIGH

GitLab 18.4-18.6.5, 18.7-18.7.3, 18.8-18.8.3 - Unauthenticated Denial of Service via JSON Validation Middleware Bypass

CVE-2026-23686 LOW

SAP NetWeaver Application Server Java - CRLF Injection

CVE-2026-25223 HIGH

fastify < 5.7.2 - Request Body Validation Bypass via Content-Type Header Tab Injection

CVE-2025-66490 MEDIUM

Traefik < 2.11.32 and 3.0.0-3.6.2 - Path Normalization Bypass via URL-Encoded Characters

CVE-2025-12816 HIGH

node-forge < 1.3.2 - Unauthenticated ASN.1 Interpretation Conflict via Schema Desynchronization

CVE-2025-54368 MEDIUM

Pypi UV < 0.8.6 - Interpretation Conflict

CVE-2025-48384 HIGH KEV

Git < 2.43.7 - Unauthenticated Arbitrary Code Execution via Submodule Path Traversal

CVE-2025-1217 LOW

PHP <8.1.32, <8.2.28, <8.3.19, <8.4.5 - Info Disclosure

CVE-2025-25292 CRITICAL

ruby-saml <1.12.4,1.18.0 - Auth Bypass

CVE-2025-25291 CRITICAL

ruby-saml <1.12.4,1.18.0 - Auth Bypass

CVE-2025-24013 MEDIUM

CodeIgniter < 4.5.8 - Denial of Service via Malformed HTTP Header Injection

CVE-2024-55629 HIGH

Suricata < 7.0.8 - TCP Urgent Data Interpretation Conflict

CVE-2024-45097 MEDIUM

IBM Aspera Faspex <5.0.9 - Auth Bypass

CVE-2024-42487 MEDIUM

Cilium <1.15.8-1.16.1 - Info Disclosure

CVE-2024-38428 CRITICAL

GNU Wget < 1.24.5 - URI Parsing Interpretation Conflict in url.c

CVE-2024-20293 MEDIUM

Cisco Adaptive Security Appliance and Firepower Threat Defense - Unauthenticated Access Control List Bypass

CVE-2024-34478 HIGH

btcd < 0.24.0 - Consensus Failure via Incorrect Signed Transaction Version Handling

CVE-2024-3386 MEDIUM

Palo Alto Networks PAN-OS - Info Disclosure

CVE-2024-2004 LOW

curl 7.85.0-8.6.0 - Protocol Filter Bypass via Empty Protocol Set

CVE-2024-29034 MEDIUM

CarrierWave < 2.2.6 and 3.0.0-3.0.7 - Cross-Site Scripting via Content-Type Header Bypass

CVE-2024-28054 HIGH

Amavis <2.12.3, 2.13.x <2.13.1 - Info Disclosure

CVE-2024-24754 LOW

Bref < 2.1.13 - Interpretation Conflict in MultiPart Request Parsing

CVE-2024-24753 MEDIUM

Bref < 2.1.13 - Security Feature Bypass via API Gateway v2 Multiple Header Handling

Previous Page 2 of 5 Next

Details

Vulnerabilities 109

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy