CWE-237 - Improper Handling of Structural Elements
- Abstraction:Base
- Structure:Simple
- Status:Incomplete
- Release Date:2006-07-19
- Latest Modification Date:2023-06-29
Weakness Name
Improper Handling of Structural Elements
Description
The product does not handle or incorrectly handles inputs that are related to complex structures.
Common Consequences
Scope: Integrity
Impact: Unexpected State
Related Weaknesses
VMware Workstation auto-updates broken after Broadcom URL redirect
OpenAI says Deep Research is coming to ChatGPT free "very soon"
Microsoft uses AI to find flaws in GRUB2, U-Boot, Barebox bootloaders
Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks
North Korean hackers adopt ClickFix attacks to target crypto firms
Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images
Russia-Linked Gamaredon Uses Troop-Related Lures to Deploy Remcos RAT in Ukraine
Microsoft tests new Windows 11 tool to remotely fix boot crashes
CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability
CVE-2025-22224 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability
CVE-2022-43769 Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability
CVE-2022-43939 Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability
CVE-2018-8639 Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability
CVE-2024-20953 Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2018-19410 Paessler PRTG Network Monitor Local File Inclusion Vulnerability
CVE-2024-40890 Zyxel DSL CPE OS Command Injection Vulnerability
InformationalInformation Disclosure - Suspicious Comments
InformationalRe-examine Cache-control Directives