CWE-1288 (Improper Validation of Consistency within Input) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.
The product receives a complex input with multiple elements or fields that must be consistent with each other, but it does not validate or incorrectly validates that the input is actually consistent.
| Kind | Name | Class | Prevalence | OS / CPE |
|---|---|---|---|---|
| language | — | Not Language-Specific | Often | — |
These CVEs are mapped to this weakness in this database and kept for traceability and search.
| CVE | Published | Summary |
|---|---|---|
| CVE-2026-9689 | 2026-05-27 | A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers (URIs), a remote att… |
| CVE-2022-50976 | 2026-02-02 | A local attacker could cause a full device reset by resetting the device passwords using an invalid reset file via USB. |
| CVE-2025-10929 | 2025-10-30 | Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables.This issue affects Reverse Proxy Header: from 0.0.0 before 1.… |
| CVE-2025-9999 | 2025-09-05 | Some payload elements of the messages sent between two stations in a networking architecture are not properly checked on the receiving station allowing an attacker to execute unauthorized commands in … |
| CVE-2025-46722 | 2025-05-29 | vLLM is an inference and serving engine for large language models (LLMs). In versions starting from 0.7.0 to before 0.9.0, in the file vllm/multimodal/hasher.py, the MultiModalHasher class has a secur… |
| CVE-2024-12093 | 2025-05-22 | An issue has been discovered in GitLab CE/EE affecting all versions from 11.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Improper XPath validation allows modified SAML response to b… |
| CVE-2025-2885 | 2025-03-27 | Missing validation of the root metatdata version number could allow an actor to supply an arbitrary version number to the client instead of the intended version in the root metadata file, altering the… |
| CVE-2024-8305 | 2024-10-21 | prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no primar… |
| CVE-2024-39515 | 2024-10-09 | An Improper Validation of Consistency within Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker… |
| CVE-2024-5953 | 2024-06-18 | A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a… |
| CVE-2024-27375 | 2024-06-05 | An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_followup_get_nl_params(), there is no input validation c… |
| CVE-2024-27371 | 2024-06-05 | An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_followup_get_nl_params(), there is no input validation c… |
| CVE-2024-31140 | 2024-03-28 | In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools |
| CVE-2024-31136 | 2024-03-28 | In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter |
| CVE-2024-25951 | 2024-03-09 | A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system. |
| CVE-2023-6245 | 2023-12-08 | The Candid library causes a Denial of Service while parsing a specially crafted payload with 'empty' data type. For example, if the payload is `record { * ; empty }` and the canister interface expec… |
| CVE-2023-32701 | 2023-11-14 | Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition. |
| CVE-2023-1620 | 2023-06-26 | Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime. |
| CVE-2023-1619 | 2023-06-26 | Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet. |
| CVE-2022-39353 | 2022-11-02 | xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. xmldom parses XML that is not well-formed because it contains multiple top level elements,… |
| Date | Name | Version | Importance | Comment |
|---|---|---|---|---|
| 2023-04-27 | CWE Content Team | 4.11 | — | updated Relationships |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |
| 2025-12-11 | CWE Content Team | 4.19 | — | updated Weakness_Ordinalities |