CWE-394
Unexpected Status Code or Return Value
Description
The product does not properly check when a function or operation returns a value that is legitimate for the function, but is not expected by the product.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-23013 | Hig | 0.47 | — | 0.00 | Jan 15, 2025 | In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module (PAM) that can be deployed to support authentication using a YubiKey or other FIDO compliant authenticators on macOS or Linux. This software… | ||
| CVE-2025-22854 | Med | 0.45 | — | 0.00 | Jun 15, 2025 | Improper handling of non-200 http responses in the PingFederate Google Adapter leads to thread exhaustion under normal usage conditions. | ||
| CVE-2022-24880 | 0.00 | — | 0.01 | Apr 25, 2022 | flask-session-captcha is a package which allows users to extend Flask by adding an image based captcha stored in a server side session. In versions prior to 1.2.1, he `captcha.validate()` function would return `None` if passed no value (e.g. by submitting an having an empty… |
- risk 0.47cvss —epss 0.00
In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module (PAM) that can be deployed to support authentication using a YubiKey or other FIDO compliant authenticators on macOS or Linux. This software…
- risk 0.45cvss —epss 0.00
Improper handling of non-200 http responses in the PingFederate Google Adapter leads to thread exhaustion under normal usage conditions.
- CVE-2022-24880Apr 25, 2022risk 0.00cvss —epss 0.01
flask-session-captcha is a package which allows users to extend Flask by adding an image based captcha stored in a server side session. In versions prior to 1.2.1, he `captcha.validate()` function would return `None` if passed no value (e.g. by submitting an having an empty…