VYPR

CWE-754

Improper Check for Unusual or Exceptional Conditions

ClassIncompleteLikelihood: Medium

Description

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

Hierarchy (View 1000)

CVEs mapped to this weakness (226)

page 7 of 12
  • CVE-2024-21806MedAug 14, 2024
    risk 0.36cvss 5.5epss 0.00

    Improper conditions check in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 28.3 may allow an authenticated user to potentially enable denial of service via local access.

  • CVE-2024-25739MedFeb 12, 2024
    risk 0.36cvss 5.5epss 0.00

    create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi->leb_size.

  • CVE-2017-17815MedDec 21, 2017
    risk 0.36cvss 5.5epss 0.01

    In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in is_mmacro() in asm/preproc.c that will cause a remote denial of service attack, because of a missing check for the relationship between minimum and maximum parameter counts.

  • CVE-2026-44324MedMay 27, 2026
    risk 0.35cvss 6.5epss 0.00

    free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's UDR nudr-dr DELETE /subscription-data/{ueId}/{servingPlmnId}/ee-subscriptions/{subsId}/amf-subscriptions handler panics on a single authenticated request against a fresh UDR instance when…

  • CVE-2026-44317MedMay 27, 2026
    risk 0.35cvss 6.5epss 0.00

    free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's PCF POST /npcf-policyauthorization/v1/app-sessions handler panics on a single authenticated request whose ascReqData.suppFeat == "1" (enabling traffic-routing feature negotiation) and…

  • CVE-2026-4915MedMay 25, 2026
    risk 0.35cvss 6.5epss 0.00

    Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to filter nil elements from outgoing webhook attachment payloads before processing, which allows an authenticated user to cause a denial of service (server process termination) via…

  • CVE-2025-23197MedJan 27, 2025
    risk 0.35cvss 6.5epss 0.00

    matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. When Hookshot 6 version 6.0.1 or below, or Hookshot 5 version 5.4.1 or below, is configured with GitHub support, it is vulnerable to a Denial of Service (DoS) whereby it can…

  • CVE-2026-22796MedJan 27, 2026
    risk 0.34cvss 5.3epss 0.01

    Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data. Impact…

  • CVE-2023-5678MedNov 6, 2023
    risk 0.34cvss 5.3epss 0.04

    Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise,…

  • CVE-2020-7549MedDec 11, 2020
    risk 0.34cvss 5.3epss 0.01

    A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause…

  • CVE-2026-0241MedMay 13, 2026
    risk 0.33cvss epss 0.00

    Incorrect Authorization vulnerabilities in Trust Protection Foundation allow attackers to bypass access controls and perform unauthorized actions on restricted resources.

  • CVE-2024-35312MedMay 17, 2024
    risk 0.33cvss 6.2epss 0.00

    In Tor Arti before 1.2.3, STUB circuits incorrectly have a length of 2 (with lite vanguards), aka TROVE-2024-003.

  • CVE-2026-40343MedApr 22, 2026
    risk 0.31cvss 5.8epss 0.10

    free5GC UDR is the user data repository (UDR) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.2, a fail-open request handling flaw in the UDR service causes the `/nudr-dr/v2/policy-data/subs-to-notify` POST…

  • CVE-2025-35992MedFeb 10, 2026
    risk 0.31cvss 4.7epss 0.00

    Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable denial of service. This result may…

  • CVE-2026-0269MedJun 10, 2026
    risk 0.30cvss epss 0.00

    A memory corruption vulnerability in the processing of tunnel traffic in Palo Alto Networks PAN-OS® software allows an authenticated user to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes the firewall to enter…

  • CVE-2026-49325MedMay 29, 2026
    risk 0.30cvss 4.6epss 0.00

    Improper handling of physical conditions in the bike-shutdown control of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows a physical attacker with access to the Wireless Control Module (WCM) wiring harness to bypass the anti-theft shutdown. The WCM signals…

  • CVE-2026-49316MedMay 29, 2026
    risk 0.30cvss 4.6epss 0.00

    Expected behavior violation in the in-vehicle network of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the motorcycle's anti-theft shutdown by forcing the Wireless Control Module (WCM) into the CAN bus-off state. Using a…

  • CVE-2026-47315MedMay 19, 2026
    risk 0.29cvss 5.5epss 0.00

    Improper Check for Unusual or Exceptional Conditions vulnerability in Samsung Open Source Escargot allows Input Data Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.

  • CVE-2025-41241MedJul 29, 2025
    risk 0.29cvss 4.4epss 0.00

    VMware vCenter contains a denial-of-service vulnerability. A malicious actor who is authenticated through vCenter and has permission to perform API calls for guest OS customisation may trigger this vulnerability to create a denial-of-service condition.

  • CVE-2026-42950MedMay 13, 2026
    risk 0.28cvss 4.3epss 0.00

    ELECOM wireless LAN access point devices do not check if language parameter has an appropriate value. If a user views a malicious page while logged in, the admin page on the user's web browser may become broken.