CWE-229
AllowedImproper Handling of Values
Abstraction: Base · Status: Incomplete
The product does not properly handle when the expected number of values for parameters, fields, or arguments is not provided in input, or if those values are undefined.
26 vulnerabilities reference this CWE, most recent first.
GHSA-9G25-JR9M-X4JH
Vulnerability from github – Published: 2026-06-09 18:30 – Updated: 2026-06-09 18:30No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network.
{
"affected": [],
"aliases": [
"CVE-2026-45602"
],
"database_specific": {
"cwe_ids": [
"CWE-229",
"CWE-349"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-09T17:17:28Z",
"severity": "CRITICAL"
},
"details": "No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network.",
"id": "GHSA-9g25-jr9m-x4jh",
"modified": "2026-06-09T18:30:52Z",
"published": "2026-06-09T18:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45602"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45602"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-CF43-7R7R-9F4F
Vulnerability from github – Published: 2026-02-10 18:30 – Updated: 2026-02-10 18:30Improper handling of values in the microcode flow for some Intel(R) Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (low), integrity (low) and availability (none) impacts.
{
"affected": [],
"aliases": [
"CVE-2025-31648"
],
"database_specific": {
"cwe_ids": [
"CWE-229"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-10T17:16:15Z",
"severity": "LOW"
},
"details": "Improper handling of values in the microcode flow for some Intel(R) Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (low), integrity (low) and availability (none) impacts.",
"id": "GHSA-cf43-7r7r-9f4f",
"modified": "2026-02-10T18:30:40Z",
"published": "2026-02-10T18:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31648"
},
{
"type": "WEB",
"url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01396.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-F97W-XX7W-XWGF
Vulnerability from github – Published: 2024-06-06 21:30 – Updated: 2024-06-06 21:30A JSON Injection vulnerability exists in the mintplex-labs/anything-llm application, specifically within the username parameter during the login process at the /api/request-token endpoint. The vulnerability arises from improper handling of values, allowing attackers to perform brute force attacks without prior knowledge of the username. Once the password is known, attackers can conduct blind attacks to ascertain the full username, significantly compromising system security.
{
"affected": [],
"aliases": [
"CVE-2024-3102"
],
"database_specific": {
"cwe_ids": [
"CWE-229",
"CWE-307"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-06T19:15:59Z",
"severity": "MODERATE"
},
"details": "A JSON Injection vulnerability exists in the `mintplex-labs/anything-llm` application, specifically within the username parameter during the login process at the `/api/request-token` endpoint. The vulnerability arises from improper handling of values, allowing attackers to perform brute force attacks without prior knowledge of the username. Once the password is known, attackers can conduct blind attacks to ascertain the full username, significantly compromising system security.",
"id": "GHSA-f97w-xx7w-xwgf",
"modified": "2024-06-06T21:30:37Z",
"published": "2024-06-06T21:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3102"
},
{
"type": "WEB",
"url": "https://github.com/mintplex-labs/anything-llm/commit/2374939ffb551ab2929d7f9d5827fe6597fa8caa"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/8af4650d-5955-44a4-86b4-d08e1c862b49"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-J843-M256-PF25
Vulnerability from github – Published: 2026-03-24 06:31 – Updated: 2026-03-24 06:31Improper Handling of Values vulnerability in No-Chicken Echo-Mate (SDK/rv1106-sdk/sysdrv/source/kernel/include/net/netfilter modules). This vulnerability is associated with program files nf_tables.H, nft_byteorder.C, nft_meta.C.
This issue affects Echo-Mate: before V250329.
{
"affected": [],
"aliases": [
"CVE-2026-4736"
],
"database_specific": {
"cwe_ids": [
"CWE-229"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-24T04:17:26Z",
"severity": "HIGH"
},
"details": "Improper Handling of Values vulnerability in No-Chicken Echo-Mate (SDK/rv1106-sdk/sysdrv/source/kernel/include/net/netfilter modules). This vulnerability is associated with program files nf_tables.H\u200e, nft_byteorder.C\u200e, nft_meta.C\u200e.\n\nThis issue affects Echo-Mate: before V250329.",
"id": "GHSA-j843-m256-pf25",
"modified": "2026-03-24T06:31:12Z",
"published": "2026-03-24T06:31:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4736"
},
{
"type": "WEB",
"url": "https://github.com/No-Chicken/Echo-Mate/pull/8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Amber",
"type": "CVSS_V4"
}
]
}
GHSA-MWV3-X6R9-R9C2
Vulnerability from github – Published: 2026-01-30 18:31 – Updated: 2026-01-30 18:31After receiving a
malformed 802.15.4 MAC Data Request
the Zigbee Coordinator sends a ‘network leave’ request to Zigbee router resulting in the Zigbee Router getting stuck in a non-rejoinable state. If a suitable parent is not available, the end devices will be unable to rejoin. A manual recommissioning is required to recover the Zigbee Router.
{
"affected": [],
"aliases": [
"CVE-2025-7964"
],
"database_specific": {
"cwe_ids": [
"CWE-229"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-30T16:16:11Z",
"severity": "CRITICAL"
},
"details": "After receiving a \n\nmalformed 802.15.4 MAC Data Request\n\n the Zigbee Coordinator sends a \u2018network leave\u2019 request to Zigbee router resulting in the Zigbee Router getting stuck in a non-rejoinable state. If a suitable parent is not available, the end devices will be unable to rejoin.\u00a0A manual recommissioning is required to recover the Zigbee Router.",
"id": "GHSA-mwv3-x6r9-r9c2",
"modified": "2026-01-30T18:31:15Z",
"published": "2026-01-30T18:31:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7964"
},
{
"type": "WEB",
"url": "https://community.silabs.com/068Vm00000dspiL"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-W2GJ-CMFM-C4J4
Vulnerability from github – Published: 2026-03-27 09:31 – Updated: 2026-06-30 03:36ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it's not needed. Alternatively upgrade to a fixed version. No publicly available exploits are known.
{
"affected": [],
"aliases": [
"CVE-2025-59032"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-229"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-27T09:16:18Z",
"severity": "HIGH"
},
"details": "ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it\u0027s not needed. Alternatively upgrade to a fixed version. No publicly available exploits are known.",
"id": "GHSA-w2gj-cmfm-c4j4",
"modified": "2026-06-30T03:36:02Z",
"published": "2026-03-27T09:31:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59032"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-59032.json"
},
{
"type": "WEB",
"url": "https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2026/oxdc-adv-2026-0001.json"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452172"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-59032"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26564"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19455"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19453"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19364"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19149"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:18053"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:17630"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:17628"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:17626"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:17625"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:17602"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:13857"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:13830"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:13498"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.