CWE-115(Misinterpretation of Input)は各種脆弱性データベースや評価で用いられる弱点タイプを説明します。定義・背景・対応する CVE は以下の各セクションを参照してください。
The product misinterprets an input, whether from an attacker or another product, in a security-relevant fashion.
| 種別 | 名称 | クラス | 普遍性 | OS / CPE |
|---|---|---|---|---|
| language | — | Not Language-Specific | Undetermined | — |
これらの CVE は本データベースでこの弱点に対応付けられており、追跡と検索のために保持されています。
| CVE | 公開 | 概要 |
|---|---|---|
| CVE-2025-68113 | 2025-12-16 | ALTCHA is privacy-first software for captcha and bot protection. A cryptographic semantic binding flaw in ALTCHA libraries allows challenge payload splicing, which may enable replay attacks. The HMAC … |
| CVE-2025-55303 | 2025-08-19 | Astro is a web framework for content-driven websites. In versions of astro before 5.13.2 and 4.16.18, the image optimization endpoint in projects deployed with on-demand rendering allows images from u… |
| CVE-2025-54584 | 2025-07-30 | GitProxy is an application that stands between developers and a Git remote endpoint (e.g., github.com). In versions 1.19.1 and below, an attacker can craft a malicious Git packfile to exploit the PACK… |
| CVE-2025-5826 | 2025-06-25 | Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Misinterpretation of Input Vulnerability. This vulnerability allows network-adjacent attackers to inject arbitrary AT commands on affected… |
| CVE-2025-5747 | 2025-06-06 | WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpretation of Input Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affecte… |
| CVE-2025-32908 | 2025-04-14 | A flaw was found in libsoup. The HTTP/2 server in libsoup may not fully validate the values of pseudo-headers :scheme, :authority, and :path, which may allow a user to cause a denial of service (DoS).… |
| CVE-2024-11169 | 2025-03-20 | An unhandled exception in danny-avila/librechat version 3c94ff2 can lead to a server crash. The issue occurs when the fs module throws an exception while handling file uploads. An unauthenticated user… |
| CVE-2025-22870 | 2025-03-12 | Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1… |
| CVE-2025-25069 | 2025-02-07 | A Cross-Protocol Scripting vulnerability is found in Apache Kvrocks. Since Kvrocks didn't detect if "Host:" or "POST" appears in RESP requests, a valid HTTP request can also be sent to Kvrocks as a v… |
| CVE-2023-32228 | 2024-04-11 | A firmware bug which may lead to misinterpretation of data in the AMC2-4WCF and AMC2-2WCF allowing an adversary to grant access to the last authorized user. |
| CVE-2023-32260 | 2024-03-19 | Misinterpretation of Input vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX), and OpenText™ Hybrid Cloud Management X (HCMX) products. The vulnerabi… |
| CVE-2023-0880 | 2023-02-17 | Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11. |
| CVE-2022-20915 | 2022-10-10 | A vulnerability in the implementation of IPv6 VPN over MPLS (6VPE) with Zone-Based Firewall (ZBFW) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of servi… |
| CVE-2022-3224 | 2022-09-15 | Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0. |
| CVE-2022-1233 | 2022-04-04 | URL Confusion When Scheme Not Supplied in GitHub repository medialize/uri.js prior to 1.19.11. |
| CVE-2022-21672 | 2022-01-10 | make-ca is a utility to deliver and manage a complete PKI configuration for workstations and servers. Starting with version 0.9 and prior to version 1.10, make-ca misinterprets Mozilla certdata.txt an… |
| CVE-2021-1587 | 2021-08-25 | A vulnerability in the VXLAN Operation, Administration, and Maintenance (OAM) feature of Cisco NX-OS Software, known as NGOAM, could allow an unauthenticated, remote attacker to cause a denial of serv… |
| CVE-2021-21366 | 2021-03-12 | xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespac… |
| CVE-2021-0207 | 2021-01-15 | An improper interpretation conflict of certain data between certain software components within the Juniper Networks Junos OS devices does not allow certain traffic to pass through the device upon rece… |
| CVE-2020-27846 | 2020-12-21 | A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, … |
| 日付 | 名称 | バージョン | 重要度 | コメント |
|---|---|---|---|---|
| 2008-07-01 | Eric Dalci | 1.0 | — | updated Time_of_Introduction |
| 2008-09-08 | CWE Content Team | 1.0 | — | updated Relationships, Taxonomy_Mappings |
| 2009-10-29 | CWE Content Team | 1.6 | — | updated Relationships |
| 2011-06-01 | CWE Content Team | 1.13 | — | updated Common_Consequences |
| 2011-06-27 | CWE Content Team | 2.0 | — | updated Common_Consequences |
| 2012-05-11 | CWE Content Team | 2.2 | — | updated Relationships |
| 2014-07-30 | CWE Content Team | 2.8 | — | updated Relationships |
| 2017-11-08 | CWE Content Team | 3.0 | — | updated Applicable_Platforms |
| 2020-02-24 | CWE Content Team | 4.0 | — | updated Relationships, Time_of_Introduction |
| 2023-01-31 | CWE Content Team | 4.10 | — | updated Description |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated Detection_Factors, Relationships |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |
| 2025-12-11 | CWE Content Team | 4.19 | — | updated Relationships, Weakness_Ordinalities |