CWE-248
Uncaught Exception
Description
An exception is thrown from a function, but it is not caught.
Hierarchy (View 1000)
CVEs mapped to this weakness (125)
page 4 of 7| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-8870 | Med | 0.32 | 4.9 | 0.00 | Nov 14, 2025 | On affected platforms running Arista EOS, certain serial console input might result in an unexpected reload of the device.153 | ||
| CVE-2016-7046 | — | Med | 0.32 | 5.9 | 0.02 | Oct 3, 2016 | Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service (CPU and disk consumption) via a long URL. | |
| CVE-2026-42545 | Med | 0.31 | 5.9 | 0.00 | May 12, 2026 | Granian is a Rust HTTP server for Python applications. From 0.2.0 to 2.7.4, Granian aborts a worker process if a WSGI application returns an invalid HTTP response header name or value. The WSGI response conversion path uses .unwrap() on both the header name and header value… | ||
| CVE-2026-34944 | Med | 0.30 | 5.7 | 0.00 | Apr 9, 2026 | Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, On x86-64 platforms with SSE3 disabled Wasmtime's compilation of the f64x2.splat WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are… | ||
| CVE-2024-13417 | — | Med | 0.30 | 4.6 | 0.00 | Feb 6, 2025 | Specifically crafted payloads sent to the RFID reader could cause DoS of RFID reader. After the device is restarted, it gets back to fully working state. 2N has released an updated version 2.46 of 2N OS, where this vulnerability is mitigated. It is recommended that all… | |
| CVE-2026-45676 | Med | 0.29 | 5.5 | 0.00 | Jun 2, 2026 | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI's replacement ELF parser trusts section offsets, counts, and string offsets from the executable file. A crafted local ELF can make OBI dereference… | ||
| CVE-2025-15649 | Med | 0.29 | 5.5 | 0.00 | May 27, 2026 | IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date. _dosToUnixTime() decodes the local-file-header last-modification date field and calls Time::Local::timelocal() without an eval guard. A header… | ||
| CVE-2025-54777 | Med | 0.28 | 4.3 | 0.00 | Aug 29, 2025 | Uncaught exception issue exists in Multiple products in bizhub series. If a malformed file is imported as an S/MIME Email certificate, it may cause a denial-of-service issue that disable the Web Connection feature. | ||
| CVE-2025-20097 | Med | 0.28 | 4.3 | 0.00 | Feb 12, 2025 | Uncaught exception in OpenBMC Firmware for the Intel(R) Server M50FCP Family and Intel(R) Server D50DNP Family before version R01.02.0002 may allow an authenticated user to potentially enable denial of service via network access. | ||
| CVE-2026-45554 | Med | 0.27 | 5.3 | 0.00 | Jun 2, 2026 | NiceGUI is a Python-based UI framework. Prior to version 3.12.0, two FastAPI routes that serve per-component static assets in NiceGUI accept a sub-path parameter that may resolve to a directory rather than a file. Requests that resolve to a directory raise an unhandled… | ||
| CVE-2026-7183 | Med | 0.27 | 5.3 | 0.00 | Apr 27, 2026 | A vulnerability has been found in aligungr UERANSIM up to 3.2.7. The affected element is the function rls::DecodeRlsMessage in the library src/lib/rls/rls_pdu.cpp of the component Radio Link Simulation Layer. The manipulation of the argument pduLength leads to uncaught… | ||
| CVE-2024-51750 | Med | 0.26 | 5.0 | 0.00 | Nov 12, 2024 | Element is a Matrix web client built using the Matrix React SDK. A malicious homeserver can send invalid messages over federation which can prevent Element Web and Desktop from rendering single messages or the entire room containing them. This was patched in Element Web and… | ||
| CVE-2026-54775 | 0.00 | — | — | Jun 19, 2026 | ### Impact A CoreWCF service is running and listening on a Kafka topic receiving a null-value record will stop processing new records from that topic. #### Preconditions The attacker has produce/write permission on a topic that CoreWCF is consuming from. If the broker permits… | |||
| CVE-2026-12644 | 0.00 | — | 0.00 | Jun 19, 2026 | Versions of the package ts-deepmerge before 8.0.0 are vulnerable to Uncaught Exception due to the improper handling of built-in Object.prototype methods (such as toString, valueOf). When user-controlled input contains these keys with non-function values, the resulting merged… | |||
| CVE-2026-55517 | 0.00 | — | 0.00 | Jun 17, 2026 | ## Summary A Deno program that opens a client `WebSocket` connection could be crashed by the remote server. While handling the WebSocket handshake response, Deno parsed the `Sec-WebSocket-Protocol` and `Sec-WebSocket-Extensions` response headers in a way that assumed their… | |||
| CVE-2026-48038 | 0.00 | — | 0.00 | Jun 11, 2026 | ### Impact Denial of service via untrapped exception in services validating user-supplied JSON / object input with recursive link schemas. The blast radius depends on how the application invokes joi: - Highest impact: `validate()` called without `try/catch` in a request… | |||
| CVE-2026-33203 | 0.00 | — | 0.01 | Mar 20, 2026 | SiYuan is a personal knowledge management system. Prior to version 3.6.2, the SiYuan kernel WebSocket server accepts unauthenticated connections when a specific "auth keepalive" query parameter is present. After connection, incoming messages are parsed using unchecked type… | |||
| CVE-2026-33191 | 0.00 | — | 0.00 | Mar 20, 2026 | Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions prior to 1.4.2 are vulnerable to null byte injection in URL path parameters. A remote attacker can inject null bytes (URL-encoded as %00) into the supi path parameter of the… | |||
| CVE-2026-32770 | 0.00 | — | 0.01 | Mar 18, 2026 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.19 and 8.6.43, a remote attacker can crash the Parse Server by subscribing to a LiveQuery with an invalid regular expression pattern. The server process… | |||
| CVE-2026-32314 | 0.00 | — | 0.00 | Mar 13, 2026 | Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. Prior to 0.13.10, the Rust implementation of Yamux can panic when processing a crafted inbound Data frame that sets SYN and uses a body length greater than DEFAULT_CREDIT (e.g. 262145). On the first… |
- risk 0.32cvss 4.9epss 0.00
On affected platforms running Arista EOS, certain serial console input might result in an unexpected reload of the device.153
- risk 0.32cvss 5.9epss 0.02
Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service (CPU and disk consumption) via a long URL.
- risk 0.31cvss 5.9epss 0.00
Granian is a Rust HTTP server for Python applications. From 0.2.0 to 2.7.4, Granian aborts a worker process if a WSGI application returns an invalid HTTP response header name or value. The WSGI response conversion path uses .unwrap() on both the header name and header value…
- risk 0.30cvss 5.7epss 0.00
Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, On x86-64 platforms with SSE3 disabled Wasmtime's compilation of the f64x2.splat WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are…
- risk 0.30cvss 4.6epss 0.00
Specifically crafted payloads sent to the RFID reader could cause DoS of RFID reader. After the device is restarted, it gets back to fully working state. 2N has released an updated version 2.46 of 2N OS, where this vulnerability is mitigated. It is recommended that all…
- risk 0.29cvss 5.5epss 0.00
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI's replacement ELF parser trusts section offsets, counts, and string offsets from the executable file. A crafted local ELF can make OBI dereference…
- risk 0.29cvss 5.5epss 0.00
IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date. _dosToUnixTime() decodes the local-file-header last-modification date field and calls Time::Local::timelocal() without an eval guard. A header…
- risk 0.28cvss 4.3epss 0.00
Uncaught exception issue exists in Multiple products in bizhub series. If a malformed file is imported as an S/MIME Email certificate, it may cause a denial-of-service issue that disable the Web Connection feature.
- risk 0.28cvss 4.3epss 0.00
Uncaught exception in OpenBMC Firmware for the Intel(R) Server M50FCP Family and Intel(R) Server D50DNP Family before version R01.02.0002 may allow an authenticated user to potentially enable denial of service via network access.
- risk 0.27cvss 5.3epss 0.00
NiceGUI is a Python-based UI framework. Prior to version 3.12.0, two FastAPI routes that serve per-component static assets in NiceGUI accept a sub-path parameter that may resolve to a directory rather than a file. Requests that resolve to a directory raise an unhandled…
- risk 0.27cvss 5.3epss 0.00
A vulnerability has been found in aligungr UERANSIM up to 3.2.7. The affected element is the function rls::DecodeRlsMessage in the library src/lib/rls/rls_pdu.cpp of the component Radio Link Simulation Layer. The manipulation of the argument pduLength leads to uncaught…
- risk 0.26cvss 5.0epss 0.00
Element is a Matrix web client built using the Matrix React SDK. A malicious homeserver can send invalid messages over federation which can prevent Element Web and Desktop from rendering single messages or the entire room containing them. This was patched in Element Web and…
- CVE-2026-54775Jun 19, 2026risk 0.00cvss —epss —
### Impact A CoreWCF service is running and listening on a Kafka topic receiving a null-value record will stop processing new records from that topic. #### Preconditions The attacker has produce/write permission on a topic that CoreWCF is consuming from. If the broker permits…
- CVE-2026-12644Jun 19, 2026risk 0.00cvss —epss 0.00
Versions of the package ts-deepmerge before 8.0.0 are vulnerable to Uncaught Exception due to the improper handling of built-in Object.prototype methods (such as toString, valueOf). When user-controlled input contains these keys with non-function values, the resulting merged…
- CVE-2026-55517Jun 17, 2026risk 0.00cvss —epss 0.00
## Summary A Deno program that opens a client `WebSocket` connection could be crashed by the remote server. While handling the WebSocket handshake response, Deno parsed the `Sec-WebSocket-Protocol` and `Sec-WebSocket-Extensions` response headers in a way that assumed their…
- CVE-2026-48038Jun 11, 2026risk 0.00cvss —epss 0.00
### Impact Denial of service via untrapped exception in services validating user-supplied JSON / object input with recursive link schemas. The blast radius depends on how the application invokes joi: - Highest impact: `validate()` called without `try/catch` in a request…
- CVE-2026-33203Mar 20, 2026risk 0.00cvss —epss 0.01
SiYuan is a personal knowledge management system. Prior to version 3.6.2, the SiYuan kernel WebSocket server accepts unauthenticated connections when a specific "auth keepalive" query parameter is present. After connection, incoming messages are parsed using unchecked type…
- CVE-2026-33191Mar 20, 2026risk 0.00cvss —epss 0.00
Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions prior to 1.4.2 are vulnerable to null byte injection in URL path parameters. A remote attacker can inject null bytes (URL-encoded as %00) into the supi path parameter of the…
- CVE-2026-32770Mar 18, 2026risk 0.00cvss —epss 0.01
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.19 and 8.6.43, a remote attacker can crash the Parse Server by subscribing to a LiveQuery with an invalid regular expression pattern. The server process…
- CVE-2026-32314Mar 13, 2026risk 0.00cvss —epss 0.00
Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. Prior to 0.13.10, the Rust implementation of Yamux can panic when processing a crafted inbound Data frame that sets SYN and uses a body length greater than DEFAULT_CREDIT (e.g. 262145). On the first…