CWE-115 (Misinterpretation of Input) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.
The product misinterprets an input, whether from an attacker or another product, in a security-relevant fashion.
| Kind | Name | Class | Prevalence | OS / CPE |
|---|---|---|---|---|
| language | — | Not Language-Specific | Undetermined | — |
These CVEs are mapped to this weakness in this database and kept for traceability and search.
| CVE | Published | Summary |
|---|---|---|
| CVE-2025-68113 | 2025-12-16 | ALTCHA is privacy-first software for captcha and bot protection. A cryptographic semantic binding flaw in ALTCHA libraries allows challenge payload splicing, which may enable replay attacks. The HMAC … |
| CVE-2025-55303 | 2025-08-19 | Astro is a web framework for content-driven websites. In versions of astro before 5.13.2 and 4.16.18, the image optimization endpoint in projects deployed with on-demand rendering allows images from u… |
| CVE-2025-54584 | 2025-07-30 | GitProxy is an application that stands between developers and a Git remote endpoint (e.g., github.com). In versions 1.19.1 and below, an attacker can craft a malicious Git packfile to exploit the PACK… |
| CVE-2025-5826 | 2025-06-25 | Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Misinterpretation of Input Vulnerability. This vulnerability allows network-adjacent attackers to inject arbitrary AT commands on affected… |
| CVE-2025-5747 | 2025-06-06 | WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpretation of Input Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affecte… |
| CVE-2025-32908 | 2025-04-14 | A flaw was found in libsoup. The HTTP/2 server in libsoup may not fully validate the values of pseudo-headers :scheme, :authority, and :path, which may allow a user to cause a denial of service (DoS).… |
| CVE-2024-11169 | 2025-03-20 | An unhandled exception in danny-avila/librechat version 3c94ff2 can lead to a server crash. The issue occurs when the fs module throws an exception while handling file uploads. An unauthenticated user… |
| CVE-2025-22870 | 2025-03-12 | Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1… |
| CVE-2025-25069 | 2025-02-07 | A Cross-Protocol Scripting vulnerability is found in Apache Kvrocks. Since Kvrocks didn't detect if "Host:" or "POST" appears in RESP requests, a valid HTTP request can also be sent to Kvrocks as a v… |
| CVE-2023-32228 | 2024-04-11 | A firmware bug which may lead to misinterpretation of data in the AMC2-4WCF and AMC2-2WCF allowing an adversary to grant access to the last authorized user. |
| CVE-2023-32260 | 2024-03-19 | Misinterpretation of Input vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX), and OpenText™ Hybrid Cloud Management X (HCMX) products. The vulnerabi… |
| CVE-2023-0880 | 2023-02-17 | Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11. |
| CVE-2022-20915 | 2022-10-10 | A vulnerability in the implementation of IPv6 VPN over MPLS (6VPE) with Zone-Based Firewall (ZBFW) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of servi… |
| CVE-2022-3224 | 2022-09-15 | Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0. |
| CVE-2022-1233 | 2022-04-04 | URL Confusion When Scheme Not Supplied in GitHub repository medialize/uri.js prior to 1.19.11. |
| CVE-2022-21672 | 2022-01-10 | make-ca is a utility to deliver and manage a complete PKI configuration for workstations and servers. Starting with version 0.9 and prior to version 1.10, make-ca misinterprets Mozilla certdata.txt an… |
| CVE-2021-1587 | 2021-08-25 | A vulnerability in the VXLAN Operation, Administration, and Maintenance (OAM) feature of Cisco NX-OS Software, known as NGOAM, could allow an unauthenticated, remote attacker to cause a denial of serv… |
| CVE-2021-21366 | 2021-03-12 | xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespac… |
| CVE-2021-0207 | 2021-01-15 | An improper interpretation conflict of certain data between certain software components within the Juniper Networks Junos OS devices does not allow certain traffic to pass through the device upon rece… |
| CVE-2020-27846 | 2020-12-21 | A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, … |
| Date | Name | Version | Importance | Comment |
|---|---|---|---|---|
| 2008-07-01 | Eric Dalci | 1.0 | — | updated Time_of_Introduction |
| 2008-09-08 | CWE Content Team | 1.0 | — | updated Relationships, Taxonomy_Mappings |
| 2009-10-29 | CWE Content Team | 1.6 | — | updated Relationships |
| 2011-06-01 | CWE Content Team | 1.13 | — | updated Common_Consequences |
| 2011-06-27 | CWE Content Team | 2.0 | — | updated Common_Consequences |
| 2012-05-11 | CWE Content Team | 2.2 | — | updated Relationships |
| 2014-07-30 | CWE Content Team | 2.8 | — | updated Relationships |
| 2017-11-08 | CWE Content Team | 3.0 | — | updated Applicable_Platforms |
| 2020-02-24 | CWE Content Team | 4.0 | — | updated Relationships, Time_of_Introduction |
| 2023-01-31 | CWE Content Team | 4.10 | — | updated Description |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated Detection_Factors, Relationships |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |
| 2025-12-11 | CWE Content Team | 4.19 | — | updated Relationships, Weakness_Ordinalities |