VYPR

CWE-754

Improper Check for Unusual or Exceptional Conditions

ClassIncompleteLikelihood: Medium

Description

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

Hierarchy (View 1000)

CVEs mapped to this weakness (226)

page 6 of 12
  • CVE-2026-42246HigMay 9, 2026
    risk 0.41cvss 7.4epss 0.00

    Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAP#starttls to return "successfully", without starting TLS. This issue has been patched…

  • CVE-2024-38355HigJun 19, 2024
    risk 0.41cvss 7.3epss 0.01

    Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. This issue is fixed by commit `15af22fc22` which has…

  • CVE-2025-3359MedApr 7, 2025
    risk 0.40cvss 6.2epss 0.00

    A flaw was found in GNUPlot. A segmentation fault via IO_str_init_static_internal may jeopardize the environment.

  • CVE-2024-35313HigMay 17, 2024
    risk 0.40cvss 7.3epss 0.00

    In Tor Arti before 1.2.3, circuits sometimes incorrectly have a length of 3 (with full vanguards), aka TROVE-2024-004.

  • CVE-2025-9998MedSep 5, 2025
    risk 0.39cvss epss 0.00

    The sequence of packets received by a Networking server are not correctly checked. An attacker could exploit this vulnerability to send specially crafted messages to force the application to stop.

  • CVE-2018-7287MedFeb 22, 2018
    risk 0.39cvss 5.9epss 0.12

    An issue was discovered in res_http_websocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled (default is disabled), WebSocket payloads of size 0 are mishandled (with a busy loop).

  • CVE-2026-0235MedMay 13, 2026
    risk 0.38cvss epss 0.00

    A race condition vulnerability in Palo Alto Networks Prisma® Browser enables a locally authenticated non-admin user to bypass certain access and data control policies.

  • CVE-2025-58354MedSep 23, 2025
    risk 0.38cvss epss 0.00

    Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In Kata Containers versions from 3.20.0 and before, a malicious host can circumvent initdata verification. On TDX systems running…

  • CVE-2025-8716MedSep 11, 2025
    risk 0.38cvss epss 0.00

    In Content Management versions 20.4- 25.3 authenticated attackers may exploit a complex cache poisoning technique to download unprotected files from the server if the filenames are known.

  • CVE-2025-54427MedJul 28, 2025
    risk 0.38cvss epss 0.01

    Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. The extrinsic note_min_gas_price_target is an inherent extrinsic, meaning only the block producer can call it. To ensure correctness, the ProvideInherent trait should be implemented for each…

  • CVE-2025-53638MedJul 17, 2025
    risk 0.38cvss epss 0.00

    Solady is software that provides Solidity snippets with APIs. Starting in version 0.0.125 and prior to version 0.1.24, when an account is deployed via a proxy, using regular Solidity to call its initialization function may result in a silent failure, if the initialization…

  • CVE-2025-53359MedJul 2, 2025
    risk 0.38cvss epss 0.00

    ethereum is a common ethereum structs for Rust. Prior to ethereum crate v0.18.0, signature malleability (according to EIP-2) was only checked for "legacy" transactions, but not for EIP-2930, EIP-1559 and EIP-7702 transactions. This is a specification deviation. The signature…

  • CVE-2025-32051MedApr 3, 2025
    risk 0.38cvss 5.9epss 0.00

    A flaw was found in libsoup. The libsoup soup_uri_decode_data_uri() function may crash when processing malformed data URI. This flaw allows an attacker to cause a denial of service (DoS).

  • CVE-2026-33787MedApr 9, 2026
    risk 0.36cvss 5.5epss 0.00

    An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon (chassisd) of Juniper Networks Junos OS on SRX1500, SRX4100, SRX4200 and SRX4600 allows a local attacker with low privileges to cause a complete Denial of Service (DoS). When a…

  • CVE-2026-33786MedApr 9, 2026
    risk 0.36cvss 5.5epss 0.00

    An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon (chassisd) of Juniper Networks Junos OS on SRX1600, SRX2300 and SRX4300 allows a local attacker with low privileges to cause a complete Denial of Service (DoS). When a specific…

  • CVE-2025-32735MedFeb 10, 2026
    risk 0.36cvss 5.5epss 0.00

    Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may…

  • CVE-2026-22795MedJan 27, 2026
    risk 0.36cvss 5.5epss 0.00

    Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a…

  • CVE-2025-10937MedOct 23, 2025
    risk 0.36cvss 5.5epss 0.00

    Oxford Nanopore Technologies' MinKNOW software at or prior to version 24.11 creates a temporary file to store the local authentication token during startup, before copying it to its final location. This temporary file is created in a directory accessible to all users on the…

  • CVE-2024-28036MedMay 13, 2025
    risk 0.36cvss 5.6epss 0.00

    Improper conditions check for some Intel(R) Arc™ GPU may allow an authenticated user to potentially enable denial of service via local access.

  • CVE-2025-24161MedJan 27, 2025
    risk 0.36cvss 5.5epss 0.00

    The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Parsing a file may lead to an unexpected app termination.