VYPR

CWE-703

Improper Check or Handling of Exceptional Conditions

PillarIncomplete

Description

The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.

Hierarchy (View 1000)

CVEs mapped to this weakness (50)

page 1 of 3
  • CVE-2025-13026CriNov 11, 2025
    risk 0.64cvss 9.8epss 0.00

    Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.

  • CVE-2025-13023CriNov 11, 2025
    risk 0.64cvss 9.8epss 0.00

    Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.

  • CVE-2025-13022CriNov 11, 2025
    risk 0.64cvss 9.8epss 0.00

    Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.

  • CVE-2025-13021CriNov 11, 2025
    risk 0.64cvss 9.8epss 0.00

    Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.

  • CVE-2024-21525HigJul 10, 2024
    risk 0.54cvss 8.3epss 0.01

    All versions of the package node-twain are vulnerable to Improper Check or Handling of Exceptional Conditions due to the length of the source data not being checked. Creating a new twain.TwainSDK with a productName or productFamily, manufacturer, version.info property of length…

  • CVE-2024-27832HigJun 10, 2024
    risk 0.51cvss 7.8epss 0.01

    The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to elevate privileges.

  • CVE-2018-5463HigApr 9, 2018
    risk 0.51cvss 7.8epss 0.00

    A structured exception handler overflow vulnerability in Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA 4.1.0.3391 and earlier may allow code execution.

  • CVE-2026-44893HigJun 12, 2026
    risk 0.49cvss 7.5epss 0.01

    Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final and 4.2.15.Final, when decoding a PP2_TYPE_SSL TLV, HAProxyMessage.readNextTLV() first calls `header.retainedSlice(header.readerIndex()…

  • CVE-2025-46290HigFeb 11, 2026
    risk 0.49cvss 7.5epss 0.01

    A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, visionOS 26.2, watchOS 26.2. A remote attacker may be able to cause a denial-of-service.

  • CVE-2025-70758HigFeb 3, 2026
    risk 0.49cvss 7.5epss 0.01

    chetans9 core-php-admin-panel through commit a94a780d6 contains an authentication bypass vulnerability in includes/auth_validate.php. The application sends an HTTP redirect via header(Location:login.php) when a user is not authenticated but fails to call exit() afterward. This…

  • CVE-2025-13016HigNov 11, 2025
    risk 0.49cvss 7.5epss 0.00

    Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5.

  • CVE-2024-50954HigJan 15, 2025
    risk 0.49cvss 7.5epss 0.00

    The XINJE XL5E-16T and XD5E-24R-E programmable logic controllers V3.5.3b-V3.7.2a have a vulnerability in handling Modbus messages. When a TCP connection is established with the above series of controllers within a local area network (LAN), sending a specific Modbus message to…

  • CVE-2024-29205HigApr 25, 2024
    risk 0.49cvss 7.5epss 0.02

    An Improper Check for Unusual or Exceptional Conditions vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a remote unauthenticated attacker to send specially crafted requests in-order-to cause service disruptions.

  • CVE-2026-12324HigJun 16, 2026
    risk 0.47cvss 7.3epss 0.00

    Incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

  • CVE-2024-4611HigMay 29, 2024
    risk 0.46cvss 8.1epss 0.01

    The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'decrypt_value' and on the 'doCookieAuth' functions in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to log in as any…

  • CVE-2026-34388HigMar 27, 2026
    risk 0.42cvss 7.5epss 0.00

    Fleet is open source device management software. Prior to 4.81.0, a denial-of-service vulnerability in Fleet's gRPC Launcher endpoint allows an authenticated host to crash the entire Fleet server process by sending an unexpected log type value. The server terminates immediately,…

  • CVE-2026-25577HigFeb 10, 2026
    risk 0.42cvss 7.5epss 0.00

    Emmett is a framework designed to simplify your development process. Prior to 1.3.11, the cookies property in mmett_core.http.wrappers.Request does not handle CookieError exceptions when parsing malformed Cookie headers. This allows unauthenticated attackers to trigger HTTP 500…

  • CVE-2025-12890MedNov 7, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper handling of malformed Connection Request with the interval set to be 1 (which supposed to be illegal) and the chM 0x7CFFFFFFFF triggers a crash. The peripheral will not be connectable after it.

  • CVE-2025-43240MedJul 30, 2025
    risk 0.40cvss 6.2epss 0.01

    A logic issue was addressed with improved checks. This issue is fixed in Safari 18.6, macOS Sequoia 15.6. A download's origin may be incorrectly associated.

  • CVE-2026-29643HigApr 20, 2026
    risk 0.39cvss 7.1epss 0.00

    XiangShan (Open-source high-performance RISC-V processor) commit edb1dfaf7d290ae99724594507dc46c2c2125384 (2024-11-28) contains an improper exceptional-condition handling flaw in its CSR subsystem (NewCSR). On affected versions, certain sequences of CSR operations targeting…