VYPR

CWE-248

Uncaught Exception

BaseDraft

Description

An exception is thrown from a function, but it is not caught.

When an exception is not caught, it may cause the program to crash or expose sensitive information.

Hierarchy (View 1000)

Children

CVEs mapped to this weakness (125)

page 4 of 7
  • CVE-2025-8870MedNov 14, 2025
    risk 0.32cvss 4.9epss 0.00

    On affected platforms running Arista EOS, certain serial console input might result in an unexpected reload of the device.153

  • CVE-2016-7046MedOct 3, 2016
    risk 0.32cvss 5.9epss 0.02

    Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service (CPU and disk consumption) via a long URL.

  • CVE-2026-42545MedMay 12, 2026
    risk 0.31cvss 5.9epss 0.00

    Granian is a Rust HTTP server for Python applications. From 0.2.0 to 2.7.4, Granian aborts a worker process if a WSGI application returns an invalid HTTP response header name or value. The WSGI response conversion path uses .unwrap() on both the header name and header value…

  • CVE-2026-34944MedApr 9, 2026
    risk 0.30cvss 5.7epss 0.00

    Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, On x86-64 platforms with SSE3 disabled Wasmtime's compilation of the f64x2.splat WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are…

  • CVE-2024-13417MedFeb 6, 2025
    risk 0.30cvss 4.6epss 0.00

    Specifically crafted payloads sent to the RFID reader could cause DoS of RFID reader. After the device is restarted, it gets back to fully working state. 2N has released an updated version 2.46 of 2N OS, where this vulnerability is mitigated. It is recommended that all…

  • CVE-2026-45676MedJun 2, 2026
    risk 0.29cvss 5.5epss 0.00

    OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI's replacement ELF parser trusts section offsets, counts, and string offsets from the executable file. A crafted local ELF can make OBI dereference…

  • CVE-2025-15649MedMay 27, 2026
    risk 0.29cvss 5.5epss 0.00

    IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date. _dosToUnixTime() decodes the local-file-header last-modification date field and calls Time::Local::timelocal() without an eval guard. A header…

  • CVE-2025-54777MedAug 29, 2025
    risk 0.28cvss 4.3epss 0.00

    Uncaught exception issue exists in Multiple products in bizhub series. If a malformed file is imported as an S/MIME Email certificate, it may cause a denial-of-service issue that disable the Web Connection feature.

  • CVE-2025-20097MedFeb 12, 2025
    risk 0.28cvss 4.3epss 0.00

    Uncaught exception in OpenBMC Firmware for the Intel(R) Server M50FCP Family and Intel(R) Server D50DNP Family before version R01.02.0002 may allow an authenticated user to potentially enable denial of service via network access.

  • CVE-2026-45554MedJun 2, 2026
    risk 0.27cvss 5.3epss 0.00

    NiceGUI is a Python-based UI framework. Prior to version 3.12.0, two FastAPI routes that serve per-component static assets in NiceGUI accept a sub-path parameter that may resolve to a directory rather than a file. Requests that resolve to a directory raise an unhandled…

  • CVE-2026-7183MedApr 27, 2026
    risk 0.27cvss 5.3epss 0.00

    A vulnerability has been found in aligungr UERANSIM up to 3.2.7. The affected element is the function rls::DecodeRlsMessage in the library src/lib/rls/rls_pdu.cpp of the component Radio Link Simulation Layer. The manipulation of the argument pduLength leads to uncaught…

  • CVE-2024-51750MedNov 12, 2024
    risk 0.26cvss 5.0epss 0.00

    Element is a Matrix web client built using the Matrix React SDK. A malicious homeserver can send invalid messages over federation which can prevent Element Web and Desktop from rendering single messages or the entire room containing them. This was patched in Element Web and…

  • CVE-2026-54775Jun 19, 2026
    risk 0.00cvss epss

    ### Impact A CoreWCF service is running and listening on a Kafka topic receiving a null-value record will stop processing new records from that topic. #### Preconditions The attacker has produce/write permission on a topic that CoreWCF is consuming from. If the broker permits…

  • CVE-2026-12644Jun 19, 2026
    risk 0.00cvss epss 0.00

    Versions of the package ts-deepmerge before 8.0.0 are vulnerable to Uncaught Exception due to the improper handling of built-in Object.prototype methods (such as toString, valueOf). When user-controlled input contains these keys with non-function values, the resulting merged…

  • CVE-2026-55517Jun 17, 2026
    risk 0.00cvss epss 0.00

    ## Summary A Deno program that opens a client `WebSocket` connection could be crashed by the remote server. While handling the WebSocket handshake response, Deno parsed the `Sec-WebSocket-Protocol` and `Sec-WebSocket-Extensions` response headers in a way that assumed their…

  • CVE-2026-48038Jun 11, 2026
    risk 0.00cvss epss 0.00

    ### Impact Denial of service via untrapped exception in services validating user-supplied JSON / object input with recursive link schemas. The blast radius depends on how the application invokes joi: - Highest impact: `validate()` called without `try/catch` in a request…

  • CVE-2026-33203Mar 20, 2026
    risk 0.00cvss epss 0.01

    SiYuan is a personal knowledge management system. Prior to version 3.6.2, the SiYuan kernel WebSocket server accepts unauthenticated connections when a specific "auth keepalive" query parameter is present. After connection, incoming messages are parsed using unchecked type…

  • CVE-2026-33191Mar 20, 2026
    risk 0.00cvss epss 0.00

    Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions prior to 1.4.2 are vulnerable to null byte injection in URL path parameters. A remote attacker can inject null bytes (URL-encoded as %00) into the supi path parameter of the…

  • CVE-2026-32770Mar 18, 2026
    risk 0.00cvss epss 0.01

    Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.19 and 8.6.43, a remote attacker can crash the Parse Server by subscribing to a LiveQuery with an invalid regular expression pattern. The server process…

  • CVE-2026-32314Mar 13, 2026
    risk 0.00cvss epss 0.00

    Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. Prior to 0.13.10, the Rust implementation of Yamux can panic when processing a crafted inbound Data frame that sets SYN and uses a body length greater than DEFAULT_CREDIT (e.g. 262145). On the first…