CWE-697 158 个 CVE MITRE 定义 ↗

CWE-697:Incorrect Comparison

概览

CWE-697(Incorrect Comparison)描述一种在漏洞数据库与安全评估中使用的弱点类型;定义、背景与映射 CVE 见下方各节。

安全影响
安全影响:因产品与场景而异;请结合 CVE 记录、严重度评分与 MITRE 说明进行优先级判断。

描述

The product compares two entities in a security-relevant context, but the comparison is incorrect.

适用平台

类型 名称 普遍性 OS / CPE
language Not Language-Specific Undetermined
technology Not Technology-Specific Undetermined

本库相关 CVE

下列 CVE 在本库中映射到该弱点,并保留以便追溯与检索。

CVE 公开时间 摘要
CVE-2026-55771 2026-07-13 CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. In versions prior to 4.9.0, the EntityIdentifier.equals() has inverted null…
CVE-2026-22660 2026-07-10 FlaskBB through 2.2.0, fixed in commit a5da9a5, contains a logic flaw vulnerability that allows authenticated administrators to delete all built-in authorization groups by exploiting a type mismatch i…
CVE-2026-59890 2026-07-08 setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude,…
CVE-2026-14687 2026-07-04 A vulnerability was determined in 666ghj BettaFish up to 1.2.1. Impacted is the function _deduplicate_results of the file InsightEngine/agent.py of the component InsightEngine search-result Deduplicat…
CVE-2026-14686 2026-07-04 A vulnerability was found in HdrHistogram up to 2.2.2. This issue affects the function org.HdrHistogram.DoubleHistogram.recordValue of the file src/main/java/org/HdrHistogram/DoubleHistogram.java of t…
CVE-2026-14617 2026-07-03 A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. Affected is the function GatewayStreamConsumer._filter_and_accumulate of the file gateway/stream_consumer.py of…
CVE-2026-10097 2026-06-25 wolfSSL's AVX2-optimized ML-KEM implementation (mlkem_cmp_avx2) compares only 1536 of the 1568 ciphertext bytes during the Fujisaki-Okamoto re-encryption check in ML-KEM-1024 decapsulation. Ciphertext…
CVE-2026-49340 2026-06-19 gonic is a music streaming server / free-software subsonic server API implementation. Prior to version 0.21.0, a logic error in `ServeCreateOrUpdatePlaylist` allows any authenticated Subsonic user (in…
CVE-2026-44249 2026-06-11 Netty is a network application framework for development of protocol servers and clients. In netty-handler prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can bypass IPv6 subnet rules du…
CVE-2026-45569 2026-06-10 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, ommit d4d10006 ("Expand validation to block .. in config_file_name and configver f…
CVE-2026-45567 2026-06-10 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, there is an authentication bypass vulnerability via 'api' substring in URL + unaut…
CVE-2026-47202 2026-05-26 Kavita is a cross platform reading server. Prior to 0.9.0.2, an Improper Token validation flaw permits a remote and unauthenticated threat actor to request a JWT for any user including admins given kn…
CVE-2026-9369 2026-05-24 A security flaw has been discovered in NousResearch hermes-agent 2026.4.23. Affected is the function _discover_dashboard_plugins of the file hermes_cli/web_server.py of the component CLI web-dashboard…
CVE-2026-44196 2026-05-12 Pingvin Share X is a secure and easy self-hosted file sharing platform. From 1.14.1 to 1.16.2, a critical authentication bypass vulnerability allows an attacker who has obtained a valid username and p…
CVE-2026-35040 2026-04-09 fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to 6.2.1, using certain modifiers on RegExp objects in the allowedAud, allowedIss, allowedSub, allowedJti, or allowedNonce options in …
CVE-2026-34574 2026-03-31 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.69 and 9.7.0-alpha.14, an authenticated user can bypass the immutability g…
CVE-2026-34210 2026-03-31 mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the stripe/charge payment method did not check Stripe's Idempotent-Replayed response header when creating Payment…
CVE-2026-32322 2026-03-13 soroban-sdk is a Rust SDK for Soroban contracts. Prior to 22.0.11, 23.5.3, and 25.3.0, The Fr (scalar field) types for BN254 and BLS12-381 in soroban-sdk compared values using their raw U256 represent…
CVE-2026-26275 2026-02-19 httpsig-hyper is a hyper extension for http message signatures. An issue was discovered in `httpsig-hyper` prior to version 0.0.23 where Digest header verification could incorrectly succeed due to mis…
CVE-2026-21691 2026-01-07 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 …

曾用名

  • Insufficient Comparison (2018-03-27)

内容提交

名称
CWE Content Team
组织
MITRE
日期
2008-09-09
版本
1.0

内容修订

日期 名称 版本 重要性 评论
2008-11-24 CWE Content Team 1.1 updated Relationships, Taxonomy_Mappings
2009-03-10 CWE Content Team 1.3 updated Related_Attack_Patterns
2009-05-27 CWE Content Team 1.4 updated Description
2011-03-29 CWE Content Team 1.12 updated Description
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2011-09-13 CWE Content Team 2.1 updated Relationships, Taxonomy_Mappings
2012-05-11 CWE Content Team 2.2 updated Related_Attack_Patterns, Relationships
2014-07-30 CWE Content Team 2.8 updated Relationships
2017-05-03 CWE Content Team 2.11 updated Related_Attack_Patterns
2017-11-08 CWE Content Team 3.0 updated Taxonomy_Mappings
2018-03-27 CWE Content Team 3.1 updated Common_Consequences, Demonstrative_Examples, Description, Maintenance_Notes, Name, Observed_Examples, Relationships
2019-01-03 CWE Content Team 3.2 updated Related_Attack_Patterns, Relationships
2019-06-20 CWE Content Team 3.3 updated Related_Attack_Patterns
2019-09-19 CWE Content Team 3.4 updated Relationships
2020-02-24 CWE Content Team 4.0 updated Applicable_Platforms, Relationships, Type
2020-06-25 CWE Content Team 4.1 updated Relationships
2020-08-20 CWE Content Team 4.2 updated Related_Attack_Patterns
2022-04-28 CWE Content Team 4.7 updated Related_Attack_Patterns
2022-06-28 CWE Content Team 4.8 updated Observed_Examples
2023-01-31 CWE Content Team 4.10 updated Description, Observed_Examples
2023-04-27 CWE Content Team 4.11 updated Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes, Research_Gaps
2025-12-11 CWE Content Team 4.19 updated Common_Consequences, Description, Detection_Factors, Diagram
cvelogic Threat Intelligence