CWE-697 153 個 CVE MITRE 定義 ↗

CWE-697:Incorrect Comparison

概覽

CWE-697(Incorrect Comparison)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

The product compares two entities in a security-relevant context, but the comparison is incorrect.

適用平台

類型 名稱 普遍性 OS / CPE
language Not Language-Specific Undetermined
technology Not Technology-Specific Undetermined

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2026-14617 2026-07-03 A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. Affected is the function GatewayStreamConsumer._filter_and_accumulate of the file gateway/stream_consumer.py of…
CVE-2026-10097 2026-06-25 wolfSSL's AVX2-optimized ML-KEM implementation (mlkem_cmp_avx2) compares only 1536 of the 1568 ciphertext bytes during the Fujisaki-Okamoto re-encryption check in ML-KEM-1024 decapsulation. Ciphertext…
CVE-2026-49340 2026-06-19 gonic is a music streaming server / free-software subsonic server API implementation. Prior to version 0.21.0, a logic error in `ServeCreateOrUpdatePlaylist` allows any authenticated Subsonic user (in…
CVE-2026-44249 2026-06-11 Netty is a network application framework for development of protocol servers and clients. In netty-handler prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can bypass IPv6 subnet rules du…
CVE-2026-45569 2026-06-10 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, ommit d4d10006 ("Expand validation to block .. in config_file_name and configver f…
CVE-2026-45567 2026-06-10 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, there is an authentication bypass vulnerability via 'api' substring in URL + unaut…
CVE-2026-47202 2026-05-26 Kavita is a cross platform reading server. Prior to 0.9.0.2, an Improper Token validation flaw permits a remote and unauthenticated threat actor to request a JWT for any user including admins given kn…
CVE-2026-9369 2026-05-24 A security flaw has been discovered in NousResearch hermes-agent 2026.4.23. Affected is the function _discover_dashboard_plugins of the file hermes_cli/web_server.py of the component CLI web-dashboard…
CVE-2026-44196 2026-05-12 Pingvin Share X is a secure and easy self-hosted file sharing platform. From 1.14.1 to 1.16.2, a critical authentication bypass vulnerability allows an attacker who has obtained a valid username and p…
CVE-2026-35040 2026-04-09 fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to 6.2.1, using certain modifiers on RegExp objects in the allowedAud, allowedIss, allowedSub, allowedJti, or allowedNonce options in …
CVE-2026-34574 2026-03-31 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.69 and 9.7.0-alpha.14, an authenticated user can bypass the immutability g…
CVE-2026-34210 2026-03-31 mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the stripe/charge payment method did not check Stripe's Idempotent-Replayed response header when creating Payment…
CVE-2026-32322 2026-03-13 soroban-sdk is a Rust SDK for Soroban contracts. Prior to 22.0.11, 23.5.3, and 25.3.0, The Fr (scalar field) types for BN254 and BLS12-381 in soroban-sdk compared values using their raw U256 represent…
CVE-2026-26275 2026-02-19 httpsig-hyper is a hyper extension for http message signatures. An issue was discovered in `httpsig-hyper` prior to version 0.0.23 where Digest header verification could incorrectly succeed due to mis…
CVE-2026-21691 2026-01-07 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 …
CVE-2025-20343 2025-11-05 A vulnerability in the RADIUS setting Reject RADIUS requests from clients with repeated failures on Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause Cisco …
CVE-2025-12192 2025-11-05 The Events Calendar plugin for WordPress is vulnerable to information disclosure in versions up to, and including, 6.15.9. The sysinfo REST endpoint compares the provided key to the stored opt-in key …
CVE-2025-47416 2025-09-09 A vulnerability exists in the ConsoleFindCommandMatchList function in libsymproc. so imported by ctpd that may lead to unauthorized execution of an attacker-defined file that gets prioritized by the C…
CVE-2025-9401 2025-08-24 A vulnerability has been found in HuangDou UTCMS 9. This vulnerability affects unknown code of the file app/modules/ut-frame/admin/login.php of the component Login. Such manipulation of the argument c…
CVE-2025-54336 2025-08-19 In Plesk Obsidian 18.0.70, _isAdminPasswordValid uses an == comparison. Thus, if the correct password is "0e" followed by any digit string, then an attacker can login with any other string that evalua…

曾用名

  • Insufficient Comparison (2018-03-27)

內容提交

名稱
CWE Content Team
組織
MITRE
日期
2008-09-09
版本
1.0

內容修訂

日期 名稱 版本 重要性 評論
2008-11-24 CWE Content Team 1.1 updated Relationships, Taxonomy_Mappings
2009-03-10 CWE Content Team 1.3 updated Related_Attack_Patterns
2009-05-27 CWE Content Team 1.4 updated Description
2011-03-29 CWE Content Team 1.12 updated Description
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2011-09-13 CWE Content Team 2.1 updated Relationships, Taxonomy_Mappings
2012-05-11 CWE Content Team 2.2 updated Related_Attack_Patterns, Relationships
2014-07-30 CWE Content Team 2.8 updated Relationships
2017-05-03 CWE Content Team 2.11 updated Related_Attack_Patterns
2017-11-08 CWE Content Team 3.0 updated Taxonomy_Mappings
2018-03-27 CWE Content Team 3.1 updated Common_Consequences, Demonstrative_Examples, Description, Maintenance_Notes, Name, Observed_Examples, Relationships
2019-01-03 CWE Content Team 3.2 updated Related_Attack_Patterns, Relationships
2019-06-20 CWE Content Team 3.3 updated Related_Attack_Patterns
2019-09-19 CWE Content Team 3.4 updated Relationships
2020-02-24 CWE Content Team 4.0 updated Applicable_Platforms, Relationships, Type
2020-06-25 CWE Content Team 4.1 updated Relationships
2020-08-20 CWE Content Team 4.2 updated Related_Attack_Patterns
2022-04-28 CWE Content Team 4.7 updated Related_Attack_Patterns
2022-06-28 CWE Content Team 4.8 updated Observed_Examples
2023-01-31 CWE Content Team 4.10 updated Description, Observed_Examples
2023-04-27 CWE Content Team 4.11 updated Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes, Research_Gaps
2025-12-11 CWE Content Team 4.19 updated Common_Consequences, Description, Detection_Factors, Diagram
cvelogic Threat Intelligence