CWE-248
Uncaught Exception
BaseDraft
Description
An exception is thrown from a function, but it is not caught.
When an exception is not caught, it may cause the program to crash or expose sensitive information.
Hierarchy (View 1000)
CVEs mapped to this weakness (50)
page 3 of 3| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-35348 | Med | 0.36 | 5.5 | 0.00 | Apr 22, 2026 | The sort utility in uutils coreutils is vulnerable to a process panic when using the --files0-from option with inputs containing non-UTF-8 filenames. The implementation enforces UTF-8 encoding and utilizes expect(), causing an immediate crash when encountering valid but non-UTF-8 paths. This diverges from GNU sort, which treats filenames as raw bytes. A local attacker can exploit this to crash the utility and disrupt automated pipelines. | |
| CVE-2025-48430 | Med | 0.36 | 5.5 | 0.00 | Oct 23, 2025 | Uncaught Exception (CWE-248) in the Command Centre Server allows an Authorized and Privileged Operator to crash the Command Centre Server at will. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 (MR2), 9.20 prior to vEL9.20.2819 (MR4), 9.10 prior to vEL9.10.3672 (MR7), 9.00 prior to vEL9.00.3831 (MR8), all versions of 8.90 and prior. | |
| CVE-2024-29076 | Med | 0.36 | 5.5 | 0.00 | Nov 13, 2024 | Uncaught exception for some Intel(R) CST software before version 8.7.10803 may allow an authenticated user to potentially enable denial of service via local access. | |
| CVE-2026-7183 | Med | 0.34 | 5.3 | 0.00 | Apr 27, 2026 | A vulnerability has been found in aligungr UERANSIM up to 3.2.7. The affected element is the function rls::DecodeRlsMessage in the library src/lib/rls/rls_pdu.cpp of the component Radio Link Simulation Layer. The manipulation of the argument pduLength leads to uncaught exception. The attack may be initiated remotely. Upgrading to version 3.2.8 is sufficient to fix this issue. The identifier of the patch is ca1a66fffe282767bb08618af9f848e3b68ea47b. It is suggested to upgrade the affected component. This behavior is related to CVE-2024-37877. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product. | |
| CVE-2024-28835 | Med | 0.33 | 5.0 | 0.00 | Mar 21, 2024 | A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command. | |
| CVE-2025-8870 | Med | 0.32 | 4.9 | 0.00 | Nov 14, 2025 | On affected platforms running Arista EOS, certain serial console input might result in an unexpected reload of the device.153 | |
| CVE-2024-13417 | Med | 0.30 | 4.6 | 0.00 | Feb 6, 2025 | Specifically crafted payloads sent to the RFID reader could cause DoS of RFID reader. After the device is restarted, it gets back to fully working state. 2N has released an updated version 2.46 of 2N OS, where this vulnerability is mitigated. It is recommended that all customers update their devices to the latest 2N OS. | |
| CVE-2025-54777 | Med | 0.28 | 4.3 | 0.00 | Aug 29, 2025 | Uncaught exception issue exists in Multiple products in bizhub series. If a malformed file is imported as an S/MIME Email certificate, it may cause a denial-of-service issue that disable the Web Connection feature. | |
| CVE-2025-20097 | Med | 0.28 | 4.3 | 0.00 | Feb 12, 2025 | Uncaught exception in OpenBMC Firmware for the Intel(R) Server M50FCP Family and Intel(R) Server D50DNP Family before version R01.02.0002 may allow an authenticated user to potentially enable denial of service via network access. | |
| CVE-2024-51750 | Med | 0.26 | 5.0 | 0.00 | Nov 12, 2024 | Element is a Matrix web client built using the Matrix React SDK. A malicious homeserver can send invalid messages over federation which can prevent Element Web and Desktop from rendering single messages or the entire room containing them. This was patched in Element Web and Desktop 1.11.85. |