CWE-440
Expected Behavior Violation
Description
A feature, API, or function does not perform according to its specification.
Hierarchy (View 1000)
CVEs mapped to this weakness (20)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-5651 | Cri | 0.57 | 9.8 | 0.08 | Apr 17, 2017 | In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This… | ||
| CVE-2024-32971 | Cri | 0.52 | 9.0 | 0.01 | May 2, 2024 | Apollo Router is a configurable, graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. The affected versions of Apollo Router contain a bug that in limited circumstances, could lead to unexpected operations being executed which can result in… | ||
| CVE-2026-42752 | Med | 0.42 | 6.5 | 0.00 | Jun 15, 2026 | Unauthenticated Bypass Vulnerability in Stripe Payments <= 2.0.98 versions. | ||
| CVE-2023-6129 | Med | 0.42 | 6.5 | 0.02 | Jan 9, 2024 | Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether… | ||
| CVE-2024-6281 | Hig | 0.40 | 7.3 | 0.00 | Jul 20, 2024 | A path traversal vulnerability exists in the `apply_settings` function of parisneo/lollms versions prior to 9.5.1. The `sanitize_path` function does not adequately secure the `discussion_db_name` parameter, allowing attackers to manipulate the path and potentially write to… | ||
| CVE-2025-40555 | Med | 0.31 | 4.7 | 0.00 | May 13, 2025 | A vulnerability has been identified in APOGEE PXC+TALON TC Series (BACnet) (All versions). Affected devices start sending unsolicited BACnet broadcast messages after processing a specific BACnet createObject request. This could allow an attacker residing in the same BACnet… | ||
| CVE-2025-0508 | Med | 0.31 | 5.9 | 0.00 | Mar 20, 2025 | A vulnerability in the SageMaker Workflow component of aws/sagemaker-python-sdk allows for the possibility of MD5 hash collisions in all versions. This can lead to workflows being inadvertently replaced due to the reuse of results from different configurations that produce the… | ||
| CVE-2024-47762 | Med | 0.31 | 5.8 | 0.00 | Oct 3, 2024 | Backstage is an open framework for building developer portals. Configuration supplied through APP_CONFIG_* environment variables, for example APP_CONFIG_backend_listen_port=7007, where unexpectedly ignoring the visibility defined in configuration schema. This occurred even if… | ||
| CVE-2026-49316 | Med | 0.30 | 4.6 | 0.00 | May 29, 2026 | Expected behavior violation in the in-vehicle network of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the motorcycle's anti-theft shutdown by forcing the Wireless Control Module (WCM) into the CAN bus-off state. Using a… | ||
| CVE-2026-42534 | Med | 0.27 | 5.3 | 0.00 | May 20, 2026 | NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the jostle logic that could defeat its purpose and degrade resolution performance. Retransmits of the same query could renew the age of slow running queries and not allow the jostle logic to see them as… | ||
| CVE-2026-41136 | Med | 0.27 | 5.3 | 0.00 | Apr 22, 2026 | free5GC AMF provides Access & Mobility Management Function (AMF) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. Prior to version 1.4.3, the `HTTPUEContextTransfer` handler in `internal/sbi/api_communication.go` does not include a `default`… | ||
| CVE-2026-35040 | Med | 0.27 | 5.3 | 0.00 | Apr 9, 2026 | fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to 6.2.1, using certain modifiers on RegExp objects in the allowedAud, allowedIss, allowedSub, allowedJti, or allowedNonce options in verify functions can cause certain unintended behaviours. This is because some… | ||
| CVE-2024-38806 | Low | 0.25 | 3.9 | 0.00 | Jul 18, 2024 | Failure to properly synchronize user's permissions in UAA in Cloud Foundry Foundation v40.17.0 https://github.com/cloudfoundry/cf-deployment/releases/tag/v40.17.0 , potentially resulting in users retaining access rights they should not have. This can allow them to perform… | ||
| CVE-2026-41354 | Low | 0.17 | 3.7 | 0.00 | Apr 23, 2026 | OpenClaw before 2026.4.2 contains an insufficient scope vulnerability in Zalo webhook replay dedupe keys that allows legitimate events from different conversations or senders to collide. Attackers can exploit weak deduplication scoping to cause silent message suppression and… | ||
| CVE-2025-46712 | Low | 0.17 | 3.7 | 0.00 | May 8, 2025 | Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25), Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages… | ||
| CVE-2024-58265 | — | 0.00 | — | 0.00 | Jul 27, 2025 | The snow crate before 0.9.5 for Rust, when stateful TransportState is used, allows incrementing a nonce and thereby denying message delivery. | ||
| CVE-2025-6211 | 0.00 | — | 0.00 | Jul 10, 2025 | A vulnerability in the DocugamiReader class of the run-llama/llama_index repository, up to version 0.12.28, involves the use of MD5 hashing to generate IDs for document chunks. This approach leads to hash collisions when structurally distinct chunks contain identical text,… | |||
| CVE-2025-3044 | 0.00 | — | 0.00 | Jul 7, 2025 | A vulnerability in the ArxivReader class of the run-llama/llama_index repository, versions up to v0.12.22.post1, allows for MD5 hash collisions when generating filenames for downloaded papers. This can lead to data loss as papers with identical titles but different contents may… | |||
| CVE-2023-32731 | — | 0.00 | — | 0.01 | Jun 9, 2023 | When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy… | ||
| CVE-2023-32732 | — | 0.00 | — | 0.01 | Jun 9, 2023 | gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We… |
- risk 0.57cvss 9.8epss 0.08
In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This…
- risk 0.52cvss 9.0epss 0.01
Apollo Router is a configurable, graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. The affected versions of Apollo Router contain a bug that in limited circumstances, could lead to unexpected operations being executed which can result in…
- risk 0.42cvss 6.5epss 0.00
Unauthenticated Bypass Vulnerability in Stripe Payments <= 2.0.98 versions.
- risk 0.42cvss 6.5epss 0.02
Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether…
- risk 0.40cvss 7.3epss 0.00
A path traversal vulnerability exists in the `apply_settings` function of parisneo/lollms versions prior to 9.5.1. The `sanitize_path` function does not adequately secure the `discussion_db_name` parameter, allowing attackers to manipulate the path and potentially write to…
- risk 0.31cvss 4.7epss 0.00
A vulnerability has been identified in APOGEE PXC+TALON TC Series (BACnet) (All versions). Affected devices start sending unsolicited BACnet broadcast messages after processing a specific BACnet createObject request. This could allow an attacker residing in the same BACnet…
- risk 0.31cvss 5.9epss 0.00
A vulnerability in the SageMaker Workflow component of aws/sagemaker-python-sdk allows for the possibility of MD5 hash collisions in all versions. This can lead to workflows being inadvertently replaced due to the reuse of results from different configurations that produce the…
- risk 0.31cvss 5.8epss 0.00
Backstage is an open framework for building developer portals. Configuration supplied through APP_CONFIG_* environment variables, for example APP_CONFIG_backend_listen_port=7007, where unexpectedly ignoring the visibility defined in configuration schema. This occurred even if…
- risk 0.30cvss 4.6epss 0.00
Expected behavior violation in the in-vehicle network of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the motorcycle's anti-theft shutdown by forcing the Wireless Control Module (WCM) into the CAN bus-off state. Using a…
- risk 0.27cvss 5.3epss 0.00
NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the jostle logic that could defeat its purpose and degrade resolution performance. Retransmits of the same query could renew the age of slow running queries and not allow the jostle logic to see them as…
- risk 0.27cvss 5.3epss 0.00
free5GC AMF provides Access & Mobility Management Function (AMF) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. Prior to version 1.4.3, the `HTTPUEContextTransfer` handler in `internal/sbi/api_communication.go` does not include a `default`…
- risk 0.27cvss 5.3epss 0.00
fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to 6.2.1, using certain modifiers on RegExp objects in the allowedAud, allowedIss, allowedSub, allowedJti, or allowedNonce options in verify functions can cause certain unintended behaviours. This is because some…
- risk 0.25cvss 3.9epss 0.00
Failure to properly synchronize user's permissions in UAA in Cloud Foundry Foundation v40.17.0 https://github.com/cloudfoundry/cf-deployment/releases/tag/v40.17.0 , potentially resulting in users retaining access rights they should not have. This can allow them to perform…
- risk 0.17cvss 3.7epss 0.00
OpenClaw before 2026.4.2 contains an insufficient scope vulnerability in Zalo webhook replay dedupe keys that allows legitimate events from different conversations or senders to collide. Attackers can exploit weak deduplication scoping to cause silent message suppression and…
- risk 0.17cvss 3.7epss 0.00
Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25), Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages…
- CVE-2024-58265Jul 27, 2025risk 0.00cvss —epss 0.00
The snow crate before 0.9.5 for Rust, when stateful TransportState is used, allows incrementing a nonce and thereby denying message delivery.
- CVE-2025-6211Jul 10, 2025risk 0.00cvss —epss 0.00
A vulnerability in the DocugamiReader class of the run-llama/llama_index repository, up to version 0.12.28, involves the use of MD5 hashing to generate IDs for document chunks. This approach leads to hash collisions when structurally distinct chunks contain identical text,…
- CVE-2025-3044Jul 7, 2025risk 0.00cvss —epss 0.00
A vulnerability in the ArxivReader class of the run-llama/llama_index repository, versions up to v0.12.22.post1, allows for MD5 hash collisions when generating filenames for downloaded papers. This can lead to data loss as papers with identical titles but different contents may…
- CVE-2023-32731Jun 9, 2023risk 0.00cvss —epss 0.01
When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy…
- CVE-2023-32732Jun 9, 2023risk 0.00cvss —epss 0.01
gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We…