Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-697

CWE-697

Incorrect Comparison

The product compares two entities in a security-relevant context, but the comparison is incorrect.

150 vulnerabilities with CWE-697

CVE-2026-44249 HIGH

Netty has an IPv6 Subnet Filter Bypass via Incorrect Comparator Masking

CVE-2026-45569 HIGH

Roxy-WI: Path-traversal patch in commit d4d10006 is a no-op (tuple-membership bug)

CVE-2026-45567 HIGH

Roxy-WI: Authentication bypass via 'api' substring in URL + unauthenticated /api/gpt

CVE-2026-47202 CRITICAL

Kavita: Pre-Auth Account Takeover

CVE-2026-9369 MEDIUM

NousResearch hermes-agent CLI web-dashboard web_server.py _discover_dashboard_plugins comparison

CVE-2026-44196 CRITICAL

Pingvin Share X: TOTP Authentication Bypass via Password-only Login

CVE-2026-35040 MEDIUM

fast-jwt: Stateful RegExp (/g or /y) causes non-deterministic allowed-claim validation (logical DoS)

CVE-2026-34574 MEDIUM

Parse Server: Session field immutability bypass via falsy-value guard

CVE-2026-34210 HIGH

mppx has Stripe charge credential replay via missing idempotency check

CVE-2026-32322 MEDIUM

soroban-sdk <22.0.11,23.5.3,25.3.0 - Comparison Vulnerability

CVE-2026-26275 HIGH

httpsig-hyper <0.0.23 - Auth Bypass

CVE-2026-21691 MEDIUM

iccdev < 2.3.1.2 - Type Confusion in CIccTag:IsTypeCompressed()

CVE-2025-20343 HIGH

Cisco Identity Services Engine - Denial of Service via RADIUS Request Processing

CVE-2025-12192 MEDIUM

The Events Calendar <6.15.9 - Info Disclosure

CVE-2025-47416 MEDIUM

Crestron Touchscreen libsymproc - Attacker-Defined Command Execution

CVE-2025-9401 LOW

UTCMS 9 - Incorrect Comparison in Login Component

CVE-2025-54336 CRITICAL

Plesk Obsidian 18.0.70 - Info Disclosure

CVE-2025-27909 MEDIUM

IBM Concert 1.0.0-1.1.0 - Permissive Cross-domain Security Policy with Untrusted Domains

CVE-2025-48952 CRITICAL

netalertx < 25.6.7 - Authentication Bypass via PHP Loose Comparison

CVE-2025-4515 MEDIUM

pribai/privategpt < 0.6.2 - Permissive Cross-domain Security Policy via allow_origins Argument

CVE-2025-3102 HIGH

SureTriggers - All-in-One Automation Platform < 1.0.78 - Authentication Bypass

CVE-2024-5528 LOW

GitLab CE/EE <16.11.6, <17.0.4, <17.1.2 - SSRF

CVE-2024-53861 LOW

PyJWT 2.10.0 - Incorrect String Comparison in 'iss' Claim Validation

CVE-2024-9681 MEDIUM

curl 7.74.0-8.10.0 - HSTS Cache Expiry Overwrite via Subdomain Strict-Transport-Security Header

CVE-2024-39534 MEDIUM

Juniper Networks Junos OS Evolved - Info Disclosure

Page 1 of 6 Next

Details

Vulnerabilities 150

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy