Skip to main content

CWE-351

Insufficient Type Distinction

5 CVEs Avg CVSS 5.2 MITRE
1
CRITICAL
0
HIGH
2
MEDIUM
2
LOW
0
POC
0
KEV

Monthly

CVE-2026-41341 npm LOW PATCH Monitor

OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct messages as direct messages in extensions/discord/src/monitor/agent-components-helpers.ts. Attackers can exploit this misclassification to bypass group DM policy enforcement or trigger incorrect session handling.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
2.3
EPSS
0.0%
CVE-2025-65960 PHP MEDIUM PATCH This Month

Contao is an Open Source CMS. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

PHP Information Disclosure Contao
NVD GitHub
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-47939 PHP MEDIUM PATCH This Month

TYPO3 is an open source, PHP based web content management system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Typo3
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-30510 CRITICAL Act Now

An attacker can upload an arbitrary file instead of a plant image. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cloud Portal
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-32035 LOW PATCH Monitor

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable.

Information Disclosure Microsoft Dotnetnuke
NVD GitHub
CVSS 3.1
2.6
EPSS
0.1%
CVE-2026-41341 npm
EPSS 0% CVSS 2.3
LOW PATCH Monitor

OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct messages as direct messages in extensions/discord/src/monitor/agent-components-helpers.ts. Attackers can exploit this misclassification to bypass group DM policy enforcement or trigger incorrect session handling.

Authentication Bypass
NVD GitHub VulDB
CVE-2025-65960 PHP
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

Contao is an Open Source CMS. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

PHP Information Disclosure Contao
NVD GitHub
CVE-2025-47939 PHP
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

TYPO3 is an open source, PHP based web content management system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Typo3
NVD GitHub
CVE-2025-30510
EPSS 0% CVSS 9.3
CRITICAL Act Now

An attacker can upload an arbitrary file instead of a plant image. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cloud Portal
NVD
CVE-2025-32035
EPSS 0% CVSS 2.6
LOW PATCH Monitor

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable.

Information Disclosure Microsoft Dotnetnuke
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy