CWE-358(Improperly Implemented Security Check for Standard)は各種脆弱性データベースや評価で用いられる弱点タイプを説明します。定義・背景・対応する CVE は以下の各セクションを参照してください。
The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.
| 種別 | 名称 | クラス | 普遍性 | OS / CPE |
|---|---|---|---|---|
| language | — | Not Language-Specific | Undetermined | — |
これらの CVE は本データベースでこの弱点に対応付けられており、追跡と検索のために保持されています。
| CVE | 公開 | 概要 |
|---|---|---|
| CVE-2026-11127 | 2026-06-04 | Inappropriate implementation in WebAPKs in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted WebAPK. (Chromium security severity: Mediu… |
| CVE-2026-11122 | 2026-06-04 | Inappropriate implementation in Keyboard in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severi… |
| CVE-2026-44475 | 2026-05-27 | Ella Core is a 5G core designed for private networks. Prior to 1.10.0, Ella Core does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored val… |
| CVE-2026-44474 | 2026-05-27 | Ella Core is a 5G core designed for private networks. Prior to 1.10.0, Ella Core didn't enforce security rules on concurrent running of security procedures defined in TS 33.501 §6.9.5.1 — it could sen… |
| CVE-2026-44473 | 2026-05-27 | Ella Core is a 5G core designed for private networks. Prior to 1.10.0, a radio with a valid NG Setup can send a forged PDUSessionResourceSetupResponse carrying any UE's AMF-UE-NGAP-ID. Ella Core does … |
| CVE-2026-42082 | 2026-05-27 | free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not enforce the concurrent security procedure rules defined in 3GPP TS 33.501 §6.9.5.1. The AMF… |
| CVE-2026-42081 | 2026-05-27 | free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its… |
| CVE-2026-28914 | 2026-05-11 | A logic issue was addressed with improved file handling. This issue is fixed in macOS Tahoe 26.5. A maliciously crafted ZIP archive may bypass Gatekeeper checks. |
| CVE-2025-31983 | 2026-05-06 | HCL BigFix Service Management (SM) is affected by a security misconfiguration vulnerability due to CSP header. This could allow attackers to inject malicious scripts increasing the risk of cross-site… |
| CVE-2025-31970 | 2026-05-06 | HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability where the Content-Security-Policy does not define strict directives for object-src and base-uri, which could all… |
| CVE-2026-22618 | 2026-04-16 | A security misconfiguration was identified in Eaton Intelligent Power Protector (IPP), where an HTTP response header was set with an insecure attribute, potentially exposing users to web‑based attacks… |
| CVE-2026-5894 | 2026-04-08 | Inappropriate implementation in PDF in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) |
| CVE-2026-35679 | 2026-04-05 | Zcash zcashd before 6.12.0 allows invalid transactions to be accepted under certain conditions, which potentially could have resulted in the draining of user funds from the Sprout pool. It was sometim… |
| CVE-2026-29103 | 2026-03-19 | SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. A Critical Remote Code Execution (RCE) vulnerability exists in SuiteCRM 7.15.0 and 8.9.2, allo… |
| CVE-2026-2645 | 2026-03-19 | In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 server state machine implementation. The server could incorrectly accept the CertificateVerify message before the ClientKeyExchange me… |
| CVE-2025-13333 | 2026-02-17 | IBM WebSphere Application Server 9.0, and 8.5 could provide weaker than expected security during system administration of security settings. |
| CVE-2026-1486 | 2026-02-09 | A flaw was found in Keycloak. A vulnerability exists in the jwt-authorization-grant flow where the server fails to verify if an Identity Provider (IdP) is enabled before issuing tokens. The issuer loo… |
| CVE-2025-66607 | 2026-02-09 | A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The response header contains an insecure setting. Users could be redirected to malicious sites by an attacker… |
| CVE-2025-66603 | 2026-02-09 | A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The web server accepts the OPTIONS method. An attacker could potentially use this information to carry out ot… |
| CVE-2025-66601 | 2026-02-09 | A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not specify MIME types. When an attacker performs a content sniffing attack, malicious scri… |
| 日付 | 名称 | バージョン | 重要度 | コメント |
|---|---|---|---|---|
| 2008-07-01 | Eric Dalci | 1.0 | — | updated Time_of_Introduction |
| 2008-09-08 | CWE Content Team | 1.0 | — | updated Relationships, Other_Notes, Taxonomy_Mappings |
| 2009-05-27 | CWE Content Team | 1.4 | — | updated Description |
| 2009-10-29 | CWE Content Team | 1.6 | — | updated Modes_of_Introduction, Observed_Examples, Other_Notes, Relationship_Notes |
| 2011-06-01 | CWE Content Team | 1.13 | — | updated Common_Consequences, Relationships, Taxonomy_Mappings |
| 2012-05-11 | CWE Content Team | 2.2 | — | updated Relationships, Taxonomy_Mappings |
| 2014-07-30 | CWE Content Team | 2.8 | — | updated Relationships |
| 2015-12-07 | CWE Content Team | 2.9 | — | updated Relationships |
| 2017-11-08 | CWE Content Team | 3.0 | — | updated Applicable_Platforms |
| 2019-06-20 | CWE Content Team | 3.3 | — | updated Relationships |
| 2020-02-24 | CWE Content Team | 4.0 | — | updated Relationships |
| 2022-04-28 | CWE Content Team | 4.7 | — | updated Relationships |
| 2023-01-31 | CWE Content Team | 4.10 | — | updated Description |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated Relationships |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |
| 2025-12-11 | CWE Content Team | 4.19 | — | updated Weakness_Ordinalities |