CWE-115 - Misinterpretation of Input
- Abstraction:Base
- Structure:Simple
- Status:Incomplete
- Release Date:2006-07-19
- Latest Modification Date:2023-06-29
Weakness Name
Misinterpretation of Input
Description
The product misinterprets an input, whether from an attacker or another product, in a security-relevant fashion.
Common Consequences
Scope: Integrity
Impact: Unexpected State
Related Weaknesses
Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks
New Security Flaws Found in VMware Tools and CrushFTP — High Risk, No Workaround
CrushFTP warns users to patch unauthenticated access flaw immediately
Cloudflare R2 service outage caused by password rotation error
Broadcom warns of authentication bypass in VMware Windows Tools
New Windows zero-day leaks NTLM hashes, gets unofficial patch
Ingress-nginx vulnerabilities can lead to Kubernetes cluster takeover
EncryptHub linked to MMC zero-day attacks on Windows systems
Browser-in-the-Browser attacks target CS2 players' Steam accounts
New Android malware uses Microsoft’s .NET MAUI to evade detection
CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability
CVE-2024-41710 Mitel SIP Phones Argument Injection Vulnerability
CVE-2024-20953 Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability
CVE-2025-0111 Palo Alto Networks PAN-OS File Read Vulnerability
CVE-2025-22224 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability
CVE-2022-43939 Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability
CVE-2018-19410 Paessler PRTG Network Monitor Local File Inclusion Vulnerability
CVE-2022-43769 Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability
CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
InformationalInformation Disclosure - Suspicious Comments
InformationalRe-examine Cache-control Directives