VYPR

CWE-754

Improper Check for Unusual or Exceptional Conditions

ClassIncompleteLikelihood: Medium

Description

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

Hierarchy (View 1000)

CVEs mapped to this weakness (226)

page 1 of 12
  • CVE-2026-4689CriMar 24, 2026
    risk 0.65cvss 10.0epss 0.01

    Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

  • CVE-2026-8091CriMay 7, 2026
    risk 0.64cvss 9.8epss 0.00

    Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, Thunderbird 140.10.1, and Firefox ESR 115.35.2.

  • CVE-2026-30960CriMar 10, 2026
    risk 0.61cvss epss 0.00

    rssn is a scientific computing library for Rust, combining a high-performance symbolic computation engine with numerical methods support and physics simulations functionalities. The vulnerability exists in the JIT (Just-In-Time) compilation engine, which is fully exposed via the…

  • CVE-2025-0129CriApr 11, 2025
    risk 0.60cvss epss 0.00

    An improper exception check in Palo Alto Networks Prisma Access Browser allows a low privileged user to prevent Prisma Access Browser from applying it's Policy Rules. This enables the user to use Prisma Access Browser without any restrictions.

  • CVE-2024-4367HigMay 14, 2024
    risk 0.59cvss 8.8epss 0.73

    A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

  • CVE-2026-47216HigJun 12, 2026
    risk 0.57cvss epss 0.00

    Typesense is a fast, typo-tolerant search engine. Prior to versions 29.1 and 30.2, there is an unauthenticated denial-of-service vulnerability in the /multi_search endpoint. A specially crafted request can trigger an unhandled exception during request processing, causing the…

  • CVE-2026-35225HigApr 23, 2026
    risk 0.57cvss epss 0.00

    An unauthenticated remote attacker is able to exhaust all available TCP connections in the CODESYS EtherNet/IP adapter stack, preventing legitimate clients from establishing new connections.

  • CVE-2025-0128HigApr 11, 2025
    risk 0.57cvss epss 0.00

    A denial-of-service (DoS) vulnerability in the Simple Certificate Enrollment Protocol (SCEP) authentication feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to initiate system reboots using a maliciously crafted packet. Repeated attempts to…

  • CVE-2024-3729CriMay 2, 2024
    risk 0.57cvss 9.8epss 0.01

    The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'fea_encrypt' function in all versions up to, and including, 3.19.4. This makes it possible for unauthenticated attackers to manipulate the user…

  • CVE-2026-4690HigMar 24, 2026
    risk 0.56cvss 8.6epss 0.01

    Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

  • CVE-2026-4687HigMar 24, 2026
    risk 0.56cvss 8.6epss 0.00

    Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

  • CVE-2025-48581HigSep 4, 2025
    risk 0.55cvss 8.4epss 0.00

    In VerifyNoOverlapInSessions of apexd.cpp, there is a possible way to block security updates due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-13392HigMay 27, 2026
    risk 0.53cvss 8.1epss 0.01

    Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager (DSM) before 7.2.2-72806-5 and 7.3.1-86003-1 (7.2.1-69057 is not affected) allows remote attackers to bypass authentication with prior knowledge of the distinguished name…

  • CVE-2026-42349HigMay 11, 2026
    risk 0.53cvss 8.1epss 0.00

    Clerk JavaScript is the official JavaScript repository for Clerk authentication. has(), auth.protect(), and related authorization predicates in @clerk/shared, @clerk/nextjs, @clerk/backend, and other framework SDKs can return true for certain combined authorization checks when…

  • CVE-2025-20093HigAug 12, 2025
    risk 0.53cvss 8.2epss 0.00

    Improper check for unusual or exceptional conditions in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2025-43715HigApr 17, 2025
    risk 0.53cvss 8.1epss 0.00

    Nullsoft Scriptable Install System (NSIS) before 3.11 on Windows allows local users to escalate privileges to SYSTEM during an installation, because the temporary plugins directory is created under %WINDIR%\temp and unprivileged users can place a crafted executable file by…

  • CVE-2017-17085HigDec 1, 2017
    risk 0.53cvss 7.5epss 0.17

    In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length.

  • CVE-2025-14322HigDec 9, 2025
    risk 0.52cvss 8.0epss 0.00

    Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

  • CVE-2023-28910HigJun 28, 2025
    risk 0.52cvss 8.0epss 0.00

    A specific flaw exists within the Bluetooth stack of the MIB3 infotainment system. The issue results from the disabled abortion flag eventually leading to bypassing assertion functions. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment…

  • CVE-2026-30900HigMar 11, 2026
    risk 0.51cvss 7.8epss 0.00

    Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.