CWE-115 - Misinterpretation of Input

Home/CWEs/CWE info/

CWE-115

Abstraction:
Base

Structure:
Simple

Status:
Incomplete

Weakness Name: Misinterpretation of Input

Description: The product misinterprets an input, whether from an attacker or another product, in a security-relevant fashion.

Common Consequences: Scope: Integrity
Impact: Unexpected State

Related Weaknesses: CWE-436Interpretation Conflict

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29

Top Security News

Massive PSAUX ransomware attack targets 22,000 CyberPanel instances

Truist Bank confirms breach after stolen data shows up on hacking forum

Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443)

Microsoft SharePoint RCE bug exploited to breach corporate network

CISA proposes new security requirements to protect govt, personal data

LiteSpeed Cache WordPress plugin bug lets hackers get admin access

DDoS site Dstat.cc seized and two suspects arrested in Germany

Google patches actively exploited Android vulnerability (CVE-2024-43093)

Top Alert List

InformationalInformation Disclosure - Suspicious Comments

MediumAbsence of Anti-CSRF Tokens

LowCookie without SameSite Attribute

Cross-Domain Misconfiguration

MediumMissing Anti-clickjacking Header

MediumDirectory Browsing

LowCross-Domain JavaScript Source File Inclusion

LowInformation Disclosure - Debug Error Messages

Content Security Policy (CSP) Header Not Set

MediumCSP: Wildcard Directive

Latest CVE List

CVE-2024-8957 PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability

CVE-2024-8956 PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability

CVE-2024-20481 Cisco ASA and FTD Denial-of-Service Vulnerability

CVE-2024-37383 RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability

CVE-2024-47575 Fortinet FortiManager Missing Authentication Vulnerability

CVE-2024-38094 Microsoft SharePoint Deserialization Vulnerability

CVE-2024-9537 ScienceLogic SL1 Unspecified Vulnerability

CVE-2024-40711 Veeam Backup and Replication Deserialization Vulnerability

CVE-2024-30088 Microsoft Windows Kernel TOCTOU Race Condition Vulnerability

CVE-2024-9680 Mozilla Firefox Use-After-Free Vulnerability

Common CWEs

CWE-1386 Insecure Operation on Windows Junction / Mount Point

CWE-346 Origin Validation Error

CWE-222 Truncation of Security-relevant Information

MediumCWE-250 Execution with Unnecessary Privileges

CWE-1124 Excessively Deep Nesting

CWE-1073 Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses

CWE-1392 Use of Default Credentials

CWE-1338 Improper Protections Against Hardware Overheating

CWE-185 Incorrect Regular Expression

CWE-386 Symbolic Name not Mapping to Correct Object

Free security scan for your website

Don't show website scan report rating on the leaderboard

CWE-115 - Misinterpretation of Input

The product misinterprets an input, whether from an attacker or another product, in a security-relevant fashion.