VYPR

CWE-248

Uncaught Exception

BaseDraft

Description

An exception is thrown from a function, but it is not caught.

When an exception is not caught, it may cause the program to crash or expose sensitive information.

Hierarchy (View 1000)

Children

CVEs mapped to this weakness (125)

page 3 of 7
  • CVE-2026-34943HigApr 9, 2026
    risk 0.42cvss 7.5epss 0.00

    Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime contains a possible panic which can happen when a flags-typed component model value is lifted with the Val type. If bits are set outside of the set of flags the component model specifies…

  • CVE-2026-34986HigApr 6, 2026
    risk 0.42cvss 7.5epss 0.00

    Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption…

  • CVE-2026-25577HigFeb 10, 2026
    risk 0.42cvss 7.5epss 0.00

    Emmett is a framework designed to simplify your development process. Prior to 1.3.11, the cookies property in mmett_core.http.wrappers.Request does not handle CookieError exceptions when parsing malformed Cookie headers. This allows unauthenticated attackers to trigger HTTP 500…

  • CVE-2025-62370HigOct 15, 2025
    risk 0.42cvss 7.5epss 0.00

    Alloy Core libraries at the root of the Rust Ethereum ecosystem. Prior to 0.8.26 and 1.4.1, an uncaught panic triggered by malformed input to alloy_dyn_abi::TypedData could lead to a denial-of-service (DoS) via eip712_signing_hash(). Software with high availability requirements…

  • CVE-2025-7338HigJul 17, 2025
    risk 0.42cvss 7.5epss 0.01

    Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request…

  • CVE-2025-36539MedJun 12, 2025
    risk 0.42cvss 6.5epss 0.00

    AVEVA PI Data Archive products are vulnerable to an uncaught exception that, if exploited, could allow an authenticated user to shut down certain necessary PI Data Archive subsystems, resulting in a denial of service.

  • CVE-2025-29785HigJun 2, 2025
    risk 0.42cvss 7.5epss 0.00

    quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC…

  • CVE-2025-47944HigMay 19, 2025
    risk 0.42cvss 7.5epss 0.01

    Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.0 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request…

  • CVE-2025-20054MedMay 13, 2025
    risk 0.42cvss 6.5epss 0.00

    Uncaught exception in the core management mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access.

  • CVE-2024-53856HigDec 5, 2024
    risk 0.42cvss 7.5epss 0.00

    rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows an attacker to trigger rpgp crashes by providing crafted data. This vulnerability is fixed in 0.14.1.

  • CVE-2024-43367HigAug 15, 2024
    risk 0.42cvss 7.5epss 0.01

    Boa is an embeddable and experimental Javascript engine written in Rust. Starting in version 0.16 and prior to version 0.19.0, a wrong assumption made when handling ECMAScript's `AsyncGenerator` operations can cause an uncaught exception on certain scripts. Boa's implementation…

  • CVE-2024-38525HigJun 28, 2024
    risk 0.42cvss 7.5epss 0.00

    dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the `nlohmann` JSON library. However, due to the way the JSON library is invoked, it…

  • CVE-2024-24792HigJun 27, 2024
    risk 0.42cvss 7.5epss 0.01

    Parsing a corrupt or malicious image with invalid color indices can cause a panic.

  • CVE-2026-5937MedApr 27, 2026
    risk 0.36cvss 5.5epss 0.00

    Insufficient parameter verification leads to the occurrence of format errors in files, which will trigger an unhandled "std::invalid_argument" exception, ultimately causing the program to terminate.

  • CVE-2026-35348MedApr 22, 2026
    risk 0.36cvss 5.5epss 0.00

    The sort utility in uutils coreutils is vulnerable to a process panic when using the --files0-from option with inputs containing non-UTF-8 filenames. The implementation enforces UTF-8 encoding and utilizes expect(), causing an immediate crash when encountering valid but…

  • CVE-2025-48430MedOct 23, 2025
    risk 0.36cvss 5.5epss 0.00

    Uncaught Exception (CWE-248) in the Command Centre Server allows an Authorized and Privileged Operator to crash the Command Centre Server at will. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 (MR2), 9.20 prior to vEL9.20.2819 (MR4), 9.10 prior to…

  • CVE-2024-29076MedNov 13, 2024
    risk 0.36cvss 5.5epss 0.00

    Uncaught exception for some Intel(R) CST software before version 8.7.10803 may allow an authenticated user to potentially enable denial of service via local access.

  • CVE-2026-46411MedJun 10, 2026
    risk 0.35cvss 6.5epss 0.00

    FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.2, authorized clients have the ability to exceed the permitted over-commit of their write buffer and triggering an internal safe-guard exception. This exception was in a path that was not…

  • CVE-2026-41585MedMay 8, 2026
    risk 0.35cvss 6.5epss 0.00

    ZEBRA is a Zcash node written entirely in Rust. From zebrad versions 2.2.0 to before 4.3.1 and from zebra-rpc versions 1.0.0-beta.45 to before 6.0.2, a vulnerability in Zebra's JSON-RPC HTTP middleware allows an authenticated RPC client to cause a Zebra node to crash by…

  • CVE-2024-28835MedMar 21, 2024
    risk 0.33cvss 5.0epss 0.00

    A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.