CVEbaza.plCWE DictionaryCWE-1116
Common Weakness Enumeration

CWE-1116

Inaccurate Source Code Comments

Category: BaseCVE: 4
Description

The source code contains comments that do not accurately describe or explain aspects of the portion of the code with which the comment is associated.

CVE vulnerabilities with CWE-1116 (4)
7.8
CVSS
HIGH
CVE-2022-48339

An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.

pub. 2023-02-20
7.5
CVSS
HIGH
CVE-2022-30351

PDFZorro PDFZorro Online r20220428 using TCPDF 6.2.5, despite having workflows claiming to correctly remove redacted information from a supplied PDF file, does not properly sanitize this information in all cases, causing redacted information, including images and text embedded in the PDF file, to be leaked unintentionally. In cases where PDF text objects are present it is possible to copy-paste redacted information into the system clipboard. Once a document is "locked" and marked for redaction once, all redactions performed after this feature is triggered are vulnerable.

pub. 2023-03-30
6.3
CVSS
MEDIUM
CVE-2025-47271

The OZI action is a GitHub Action that publishes releases to PyPI and mirror releases, signature bundles, and provenance in a tagged release. In versions 1.13.2 through 1.13.5, potentially untrusted data flows into PR creation logic. A malicious actor could construct a branch name that injects arbitrary code. This is patched in 1.13.6. As a workaround, one may downgrade to a version prior to 1.13.2.

pub. 2025-05-12
6.3
CVSS
MEDIUM
CVE-2025-1219

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may cause the resulting document to be parsed incorrectly or bypass validations.

pub. 2025-03-30
Information
ID: CWE-1116
Type: Base
Vulnerabilities: 4
MITRE CWE ↗
← CWE Dictionary