Common Weakness Enumeration

CWE-230

Allowed

Improper Handling of Missing Values

Abstraction: Variant · Status: Draft

The product does not handle or incorrectly handles when a parameter, field, or argument name is specified, but the associated value is missing, i.e. it is empty, blank, or null.

24 vulnerabilities reference this CWE, most recent first.

CVE-2023-1697 (GCVE-0-2023-1697)

Vulnerability from cvelistv5 – Published: 2023-04-17 00:00 – Updated: 2025-02-06 15:59
VLAI
Title
Junos OS: QFX10000 Series, PTX1000 Series: The dcpfe process will crash when a malformed ethernet frame is received
Summary
An Improper Handling of Missing Values vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a dcpfe process core and thereby a Denial of Service (DoS). Continued receipt of these specific frames will cause a sustained Denial of Service condition. This issue occurs when a specific malformed ethernet frame is received. This issue affects Juniper Networks Junos OS on QFX10000 Series, PTX1000 Series Series: All versions prior to 19.4R3-S10; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S1; 22.1 versions prior to 22.1R2-S1, 22.1R3; 22.2 versions prior to 22.2R1-S2, 22.2R2.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-230 - Improper Handling of Missing Values
  • Denial of Service (DoS)
Assigner
References
Impacted products
Vendor Product Version
Juniper Networks Junos OS Affected: unspecified , < 19.4R3-S10 (custom)
Affected: 20.1R1 , < 20.1* (custom)
Affected: 20.2 , < 20.2R3-S6 (custom)
Affected: 20.3 , < 20.3R3-S6 (custom)
Affected: 20.4 , < 20.4R3-S5 (custom)
Affected: 21.1 , < 21.1R3-S4 (custom)
Affected: 21.2 , < 21.2R3-S3 (custom)
Affected: 21.3 , < 21.3R3-S3 (custom)
Affected: 21.4 , < 21.4R3-S1 (custom)
Affected: 22.1 , < 22.1R2-S1, 22.1R3 (custom)
Affected: 22.2 , < 22.2R1-S2, 22.2R2 (custom)
Create a notification for this product.
Date Public
2023-04-12 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:57:24.934Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://supportportal.juniper.net/JSA70612"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-1697",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-06T15:59:31.177256Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-06T15:59:41.316Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "QFX10000 Series, PTX1000 Series"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "19.4R3-S10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "20.1*",
              "status": "affected",
              "version": "20.1R1",
              "versionType": "custom"
            },
            {
              "lessThan": "20.2R3-S6",
              "status": "affected",
              "version": "20.2",
              "versionType": "custom"
            },
            {
              "lessThan": "20.3R3-S6",
              "status": "affected",
              "version": "20.3",
              "versionType": "custom"
            },
            {
              "lessThan": "20.4R3-S5",
              "status": "affected",
              "version": "20.4",
              "versionType": "custom"
            },
            {
              "lessThan": "21.1R3-S4",
              "status": "affected",
              "version": "21.1",
              "versionType": "custom"
            },
            {
              "lessThan": "21.2R3-S3",
              "status": "affected",
              "version": "21.2",
              "versionType": "custom"
            },
            {
              "lessThan": "21.3R3-S3",
              "status": "affected",
              "version": "21.3",
              "versionType": "custom"
            },
            {
              "lessThan": "21.4R3-S1",
              "status": "affected",
              "version": "21.4",
              "versionType": "custom"
            },
            {
              "lessThan": "22.1R2-S1, 22.1R3",
              "status": "affected",
              "version": "22.1",
              "versionType": "custom"
            },
            {
              "lessThan": "22.2R1-S2, 22.2R2",
              "status": "affected",
              "version": "22.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-04-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An Improper Handling of Missing Values vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a dcpfe process core and thereby a Denial of Service (DoS). Continued receipt of these specific frames will cause a sustained Denial of Service condition. This issue occurs when a specific malformed ethernet frame is received. This issue affects Juniper Networks Junos OS on QFX10000 Series, PTX1000 Series Series: All versions prior to 19.4R3-S10; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S1; 22.1 versions prior to 22.1R2-S1, 22.1R3; 22.2 versions prior to 22.2R1-S2, 22.2R2."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-230",
              "description": "CWE-230 Improper Handling of Missing Values",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "Denial of Service (DoS)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-17T00:00:00.000Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "url": "https://supportportal.juniper.net/JSA70612"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The following software releases have been updated to resolve this specific issue: 19.4R3-S10, 20.2R3-S6, 20.3R3-S6, 20.4R3-S5, 21.1R3-S4, 21.2R3-S3, 21.3R3-S3, 21.4R3-S1, 22.1R2-S1, 22.1R3, 22.2R1-S2, 22.2R2, 22.3R1, and all subsequent releases.\n"
        }
      ],
      "source": {
        "advisory": "JSA70612",
        "defect": [
          "1667678"
        ],
        "discovery": "USER"
      },
      "title": "Junos OS: QFX10000 Series, PTX1000 Series: The dcpfe process will crash when a malformed ethernet frame is received",
      "workarounds": [
        {
          "lang": "en",
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2023-1697",
    "datePublished": "2023-04-17T00:00:00.000Z",
    "dateReserved": "2023-03-29T00:00:00.000Z",
    "dateUpdated": "2025-02-06T15:59:41.316Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-2FPJ-QHMC-JPVC

Vulnerability from github – Published: 2024-07-09 18:30 – Updated: 2024-08-12 15:30
VLAI
Details

A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-6237"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-230"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-09T17:15:48Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service.",
  "id": "GHSA-2fpj-qhmc-jpvc",
  "modified": "2024-08-12T15:30:47Z",
  "published": "2024-07-09T18:30:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6237"
    },
    {
      "type": "WEB",
      "url": "https://github.com/389ds/389-ds-base/issues/5989"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:4997"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:5192"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2024-6237"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293579"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-57GW-FHJ2-2V8C

Vulnerability from github – Published: 2024-03-11 18:31 – Updated: 2024-08-28 21:31
VLAI
Details

In Session of AccountManagerService.java, there is a possible method to retain foreground service privileges due to incorrect handling of null responses. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-0048"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-230"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-11T17:15:45Z",
    "severity": "HIGH"
  },
  "details": "In Session of AccountManagerService.java, there is a possible method to retain foreground service privileges due to incorrect handling of null responses. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
  "id": "GHSA-57gw-fhj2-2v8c",
  "modified": "2024-08-28T21:31:26Z",
  "published": "2024-03-11T18:31:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0048"
    },
    {
      "type": "WEB",
      "url": "https://android.googlesource.com/platform/frameworks/base/+/2c236cde5505ee0e88cf1e3d073e2f1a53f0eede"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2024-03-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5P28-QFXX-WQM8

Vulnerability from github – Published: 2026-06-05 12:31 – Updated: 2026-06-08 15:32
VLAI
Details

Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Missing Values (CWE-230) vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers from the crashes when the attack stops.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-25658"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-230"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-05T12:16:37Z",
    "severity": "HIGH"
  },
  "details": "Ericsson\nPacket Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling\nof Missing Values (CWE-230) vulnerability where an attacker continuously\nsending a specially crafted message can cause service degradation.\u00a0The impact continues as long the attack persists but the system recovers from the crashes when the attack stops.",
  "id": "GHSA-5p28-qfxx-wqm8",
  "modified": "2026-06-08T15:32:49Z",
  "published": "2026-06-05T12:31:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25658"
    },
    {
      "type": "WEB",
      "url": "https://www.ericsson.com/en/about-us/security/psirt/cve-2026-25658"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-752V-9Q7H-JP65

Vulnerability from github – Published: 2024-10-10 09:30 – Updated: 2024-10-10 09:30
VLAI
Details

AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-9781"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-230"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-10T07:15:04Z",
    "severity": "HIGH"
  },
  "details": "AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file",
  "id": "GHSA-752v-9q7h-jp65",
  "modified": "2024-10-10T09:30:35Z",
  "published": "2024-10-10T09:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9781"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/wireshark/wireshark/-/issues/20114"
    },
    {
      "type": "WEB",
      "url": "https://www.wireshark.org/security/wnpa-sec-2024-13.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9Q54-8GXW-XRFH

Vulnerability from github – Published: 2023-04-18 00:31 – Updated: 2024-04-04 03:31
VLAI
Details

An Improper Handling of Missing Values vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a dcpfe process core and thereby a Denial of Service (DoS). Continued receipt of these specific frames will cause a sustained Denial of Service condition. This issue occurs when a specific malformed ethernet frame is received. This issue affects Juniper Networks Junos OS on QFX10000 Series, PTX1000 Series Series: All versions prior to 19.4R3-S10; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S1; 22.1 versions prior to 22.1R2-S1, 22.1R3; 22.2 versions prior to 22.2R1-S2, 22.2R2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-1697"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-230"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-17T22:15:07Z",
    "severity": "MODERATE"
  },
  "details": "An Improper Handling of Missing Values vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a dcpfe process core and thereby a Denial of Service (DoS). Continued receipt of these specific frames will cause a sustained Denial of Service condition. This issue occurs when a specific malformed ethernet frame is received. This issue affects Juniper Networks Junos OS on QFX10000 Series, PTX1000 Series Series: All versions prior to 19.4R3-S10; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S1; 22.1 versions prior to 22.1R2-S1, 22.1R3; 22.2 versions prior to 22.2R1-S2, 22.2R2.",
  "id": "GHSA-9q54-8gxw-xrfh",
  "modified": "2024-04-04T03:31:10Z",
  "published": "2023-04-18T00:31:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1697"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net/JSA70612"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FMM9-3GV8-58F4

Vulnerability from github – Published: 2021-09-07 23:08 – Updated: 2021-09-08 14:47
VLAI
Summary
Improper Handling of Missing Values in kaml
Details

Impact

Attackers that could provide arbitrary YAML input to an application that uses kaml could cause the application to endlessly loop while parsing the input. This could result in resource starvation and denial of service.

This only affects applications that use polymorphic serialization with the default tagged polymorphism style. Applications using the property polymorphism style are not affected.

YAML input for a polymorphic type that provided a tag but no value for the object would trigger the issue, for example:

!<x>

The following is a sample application that demonstrates this issue:

import com.charleskorn.kaml.Yaml
import kotlinx.serialization.SerialName
import kotlinx.serialization.Serializable

@Serializable
private sealed class K {
    @Serializable
    @SerialName("x")
    data class X(
        val property: String? = null,
    ) : K()
}

const val s = """
!<x>
"""

fun main() {
    println("Started.")
    val result = Yaml.default.decodeFromString(K.serializer(), s)
    println("Finished, result is $result")
}

On vulnerable versions of kaml, the decodeFromString() operation hangs and never returns.

Patches

Version 0.35.3 or later contain the fix for this issue.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c 0.35.2"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "com.charleskorn.kaml:kaml"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.35.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-39194"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-230",
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-09-07T18:02:13Z",
    "nvd_published_at": "2021-09-07T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nAttackers that could provide arbitrary YAML input to an application that uses kaml could cause the application to endlessly loop while parsing the input. This could result in resource starvation and denial of service. \n\nThis only affects applications that use polymorphic serialization with the default tagged polymorphism style. Applications using the property polymorphism style are not affected.\n\nYAML input for a polymorphic type that provided a tag but no value for the object would trigger the issue, for example:\n\n```yaml\n!\u003cx\u003e\n```\n\nThe following is a sample application that demonstrates this issue:\n\n```kotlin\nimport com.charleskorn.kaml.Yaml\nimport kotlinx.serialization.SerialName\nimport kotlinx.serialization.Serializable\n\n@Serializable\nprivate sealed class K {\n    @Serializable\n    @SerialName(\"x\")\n    data class X(\n        val property: String? = null,\n    ) : K()\n}\n\nconst val s = \"\"\"\n!\u003cx\u003e\n\"\"\"\n\nfun main() {\n    println(\"Started.\")\n    val result = Yaml.default.decodeFromString(K.serializer(), s)\n    println(\"Finished, result is $result\")\n}\n```\n\nOn vulnerable versions of kaml, the `decodeFromString()` operation hangs and never returns. \n\n\n### Patches\nVersion 0.35.3 or later contain the fix for this issue.",
  "id": "GHSA-fmm9-3gv8-58f4",
  "modified": "2021-09-08T14:47:32Z",
  "published": "2021-09-07T23:08:40Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/charleskorn/kaml/security/advisories/GHSA-fmm9-3gv8-58f4"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39194"
    },
    {
      "type": "WEB",
      "url": "https://github.com/charleskorn/kaml/issues/179"
    },
    {
      "type": "WEB",
      "url": "https://github.com/charleskorn/kaml/commit/e18785d043fc6324c81e968aae9764b4b060bc6a"
    },
    {
      "type": "WEB",
      "url": "https://github.com/charleskorn/kaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper Handling of Missing Values in kaml"
}

GHSA-H972-RPM4-HJ8Q

Vulnerability from github – Published: 2026-02-19 18:31 – Updated: 2026-02-19 18:31
VLAI
Details

The Simple Membership plugin for WordPress is vulnerable to Improper Handling of Missing Values in all versions up to, and including, 4.7.0 via the Stripe webhook handler. This is due to the plugin only validating webhook signatures when the stripe-webhook-signing-secret setting is configured, which is empty by default. This makes it possible for unauthenticated attackers to forge Stripe webhook events to manipulate membership subscriptions, including reactivating expired memberships without payment or canceling legitimate subscriptions, potentially leading to unauthorized access and service disruption.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-1461"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-230"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-19T10:16:11Z",
    "severity": "MODERATE"
  },
  "details": "The Simple Membership plugin for WordPress is vulnerable to Improper Handling of Missing Values in all versions up to, and including, 4.7.0 via the Stripe webhook handler. This is due to the plugin only validating webhook signatures when the stripe-webhook-signing-secret setting is configured, which is empty by default. This makes it possible for unauthenticated attackers to forge Stripe webhook events to manipulate membership subscriptions, including reactivating expired memberships without payment or canceling legitimate subscriptions, potentially leading to unauthorized access and service disruption.",
  "id": "GHSA-h972-rpm4-hj8q",
  "modified": "2026-02-19T18:31:54Z",
  "published": "2026-02-19T18:31:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1461"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/simple-membership/trunk/classes/class.swpm-wp-loaded-tasks.php#L90"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/simple-membership/trunk/ipn/swpm-stripe-webhook-handler.php#L26"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset/3453404"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4e4df9a6-8f7d-428b-a596-0751ca047169?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M53C-9WH4-Q9HQ

Vulnerability from github – Published: 2026-03-25 18:31 – Updated: 2026-03-25 18:31
VLAI
Details

A vulnerability in the processing of Control and Provisioning of Wireless Access Points (CAPWAP) packets of Cisco IOS XE Wireless Controller Software for the Catalyst CW9800 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

This vulnerability is due to improper handling of a malformed CAPWAP packet. An attacker could exploit this vulnerability by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload unexpectedly, resulting in a DoS condition.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-20086"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-230"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-25T16:16:13Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the processing of Control and Provisioning of Wireless Access Points (CAPWAP) packets of Cisco IOS XE Wireless Controller Software for the Catalyst CW9800 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\n\n This vulnerability is due to improper handling of a malformed CAPWAP packet. An attacker could exploit this vulnerability by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload unexpectedly, resulting in a DoS condition.",
  "id": "GHSA-m53c-9wh4-q9hq",
  "modified": "2026-03-25T18:31:47Z",
  "published": "2026-03-25T18:31:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20086"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-dos-hnX5KGOm"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MF8W-VG63-44J5

Vulnerability from github – Published: 2024-11-26 12:41 – Updated: 2024-11-26 12:41
VLAI
Details

The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.6. This is due to the plugin not properly validating a user's password reset code prior to updating their password. This makes it possible for unauthenticated attackers, with knowledge of a user's email address, to reset the user's password and gain access to their account.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-11024"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-230"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-26T11:21:58Z",
    "severity": "CRITICAL"
  },
  "details": "The AppPresser \u2013 Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.6. This is due to the plugin not properly validating a user\u0027s password reset code prior to updating their password. This makes it possible for unauthenticated attackers, with knowledge of a user\u0027s email address, to reset the user\u0027s password and gain access to their account.",
  "id": "GHSA-mf8w-vg63-44j5",
  "modified": "2024-11-26T12:41:36Z",
  "published": "2024-11-26T12:41:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11024"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset/3192531/apppresser"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/43cb0399-4add-43d5-863c-30e11803bd90?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.