CWE-754
Improper Check for Unusual or Exceptional Conditions
Description
The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.
Hierarchy (View 1000)
CVEs mapped to this weakness (226)
page 1 of 12| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-4689 | Cri | 0.65 | 10.0 | 0.01 | Mar 24, 2026 | Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. | ||
| CVE-2026-8091 | Cri | 0.64 | 9.8 | 0.00 | May 7, 2026 | Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, Thunderbird 140.10.1, and Firefox ESR 115.35.2. | ||
| CVE-2026-30960 | Cri | 0.61 | — | 0.00 | Mar 10, 2026 | rssn is a scientific computing library for Rust, combining a high-performance symbolic computation engine with numerical methods support and physics simulations functionalities. The vulnerability exists in the JIT (Just-In-Time) compilation engine, which is fully exposed via the… | ||
| CVE-2025-0129 | Cri | 0.60 | — | 0.00 | Apr 11, 2025 | An improper exception check in Palo Alto Networks Prisma Access Browser allows a low privileged user to prevent Prisma Access Browser from applying it's Policy Rules. This enables the user to use Prisma Access Browser without any restrictions. | ||
| CVE-2024-4367 | Hig | 0.59 | 8.8 | 0.73 | May 14, 2024 | A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. | ||
| CVE-2026-47216 | Hig | 0.57 | — | 0.00 | Jun 12, 2026 | Typesense is a fast, typo-tolerant search engine. Prior to versions 29.1 and 30.2, there is an unauthenticated denial-of-service vulnerability in the /multi_search endpoint. A specially crafted request can trigger an unhandled exception during request processing, causing the… | ||
| CVE-2026-35225 | Hig | 0.57 | — | 0.00 | Apr 23, 2026 | An unauthenticated remote attacker is able to exhaust all available TCP connections in the CODESYS EtherNet/IP adapter stack, preventing legitimate clients from establishing new connections. | ||
| CVE-2025-0128 | Hig | 0.57 | — | 0.00 | Apr 11, 2025 | A denial-of-service (DoS) vulnerability in the Simple Certificate Enrollment Protocol (SCEP) authentication feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to initiate system reboots using a maliciously crafted packet. Repeated attempts to… | ||
| CVE-2024-3729 | Cri | 0.57 | 9.8 | 0.01 | May 2, 2024 | The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'fea_encrypt' function in all versions up to, and including, 3.19.4. This makes it possible for unauthenticated attackers to manipulate the user… | ||
| CVE-2026-4690 | Hig | 0.56 | 8.6 | 0.01 | Mar 24, 2026 | Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. | ||
| CVE-2026-4687 | Hig | 0.56 | 8.6 | 0.00 | Mar 24, 2026 | Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. | ||
| CVE-2025-48581 | Hig | 0.55 | 8.4 | 0.00 | Sep 4, 2025 | In VerifyNoOverlapInSessions of apexd.cpp, there is a possible way to block security updates due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2025-13392 | Hig | 0.53 | 8.1 | 0.01 | May 27, 2026 | Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager (DSM) before 7.2.2-72806-5 and 7.3.1-86003-1 (7.2.1-69057 is not affected) allows remote attackers to bypass authentication with prior knowledge of the distinguished name… | ||
| CVE-2026-42349 | Hig | 0.53 | 8.1 | 0.00 | May 11, 2026 | Clerk JavaScript is the official JavaScript repository for Clerk authentication. has(), auth.protect(), and related authorization predicates in @clerk/shared, @clerk/nextjs, @clerk/backend, and other framework SDKs can return true for certain combined authorization checks when… | ||
| CVE-2025-20093 | Hig | 0.53 | 8.2 | 0.00 | Aug 12, 2025 | Improper check for unusual or exceptional conditions in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2025-43715 | Hig | 0.53 | 8.1 | 0.00 | Apr 17, 2025 | Nullsoft Scriptable Install System (NSIS) before 3.11 on Windows allows local users to escalate privileges to SYSTEM during an installation, because the temporary plugins directory is created under %WINDIR%\temp and unprivileged users can place a crafted executable file by… | ||
| CVE-2017-17085 | Hig | 0.53 | 7.5 | 0.17 | Dec 1, 2017 | In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length. | ||
| CVE-2025-14322 | Hig | 0.52 | 8.0 | 0.00 | Dec 9, 2025 | Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6. | ||
| CVE-2023-28910 | Hig | 0.52 | 8.0 | 0.00 | Jun 28, 2025 | A specific flaw exists within the Bluetooth stack of the MIB3 infotainment system. The issue results from the disabled abortion flag eventually leading to bypassing assertion functions. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment… | ||
| CVE-2026-30900 | Hig | 0.51 | 7.8 | 0.00 | Mar 11, 2026 | Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access. |
- risk 0.65cvss 10.0epss 0.01
Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
- risk 0.64cvss 9.8epss 0.00
Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, Thunderbird 140.10.1, and Firefox ESR 115.35.2.
- risk 0.61cvss —epss 0.00
rssn is a scientific computing library for Rust, combining a high-performance symbolic computation engine with numerical methods support and physics simulations functionalities. The vulnerability exists in the JIT (Just-In-Time) compilation engine, which is fully exposed via the…
- risk 0.60cvss —epss 0.00
An improper exception check in Palo Alto Networks Prisma Access Browser allows a low privileged user to prevent Prisma Access Browser from applying it's Policy Rules. This enables the user to use Prisma Access Browser without any restrictions.
- risk 0.59cvss 8.8epss 0.73
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
- risk 0.57cvss —epss 0.00
Typesense is a fast, typo-tolerant search engine. Prior to versions 29.1 and 30.2, there is an unauthenticated denial-of-service vulnerability in the /multi_search endpoint. A specially crafted request can trigger an unhandled exception during request processing, causing the…
- risk 0.57cvss —epss 0.00
An unauthenticated remote attacker is able to exhaust all available TCP connections in the CODESYS EtherNet/IP adapter stack, preventing legitimate clients from establishing new connections.
- risk 0.57cvss —epss 0.00
A denial-of-service (DoS) vulnerability in the Simple Certificate Enrollment Protocol (SCEP) authentication feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to initiate system reboots using a maliciously crafted packet. Repeated attempts to…
- risk 0.57cvss 9.8epss 0.01
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'fea_encrypt' function in all versions up to, and including, 3.19.4. This makes it possible for unauthenticated attackers to manipulate the user…
- risk 0.56cvss 8.6epss 0.01
Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
- risk 0.56cvss 8.6epss 0.00
Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
- risk 0.55cvss 8.4epss 0.00
In VerifyNoOverlapInSessions of apexd.cpp, there is a possible way to block security updates due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.53cvss 8.1epss 0.01
Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager (DSM) before 7.2.2-72806-5 and 7.3.1-86003-1 (7.2.1-69057 is not affected) allows remote attackers to bypass authentication with prior knowledge of the distinguished name…
- risk 0.53cvss 8.1epss 0.00
Clerk JavaScript is the official JavaScript repository for Clerk authentication. has(), auth.protect(), and related authorization predicates in @clerk/shared, @clerk/nextjs, @clerk/backend, and other framework SDKs can return true for certain combined authorization checks when…
- risk 0.53cvss 8.2epss 0.00
Improper check for unusual or exceptional conditions in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
- risk 0.53cvss 8.1epss 0.00
Nullsoft Scriptable Install System (NSIS) before 3.11 on Windows allows local users to escalate privileges to SYSTEM during an installation, because the temporary plugins directory is created under %WINDIR%\temp and unprivileged users can place a crafted executable file by…
- risk 0.53cvss 7.5epss 0.17
In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length.
- risk 0.52cvss 8.0epss 0.00
Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.
- risk 0.52cvss 8.0epss 0.00
A specific flaw exists within the Bluetooth stack of the MIB3 infotainment system. The issue results from the disabled abortion flag eventually leading to bypassing assertion functions. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment…
- risk 0.51cvss 7.8epss 0.00
Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.