VYPR

CWE-754

Improper Check for Unusual or Exceptional Conditions

ClassIncompleteLikelihood: Medium

Description

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

Hierarchy (View 1000)

CVEs mapped to this weakness (226)

page 8 of 12
  • CVE-2026-41662MedMay 7, 2026
    risk 0.27cvss 5.2epss 0.00

    Admidio is an open-source user management solution. Prior to version 5.0.9, Role::stopMembership() does not verify whether removing a user from the administrator role leaves zero administrators. The deprecated Membership::stopMembership() contains this safety check, but the…

  • CVE-2026-34066MedApr 22, 2026
    risk 0.27cvss 5.3epss 0.00

    nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. Prior to version 1.3.0, `HistoryStore::put_historic_txns` uses an `assert!` to enforce invariants about `HistoricTransaction.block_number` (must be within the macro block being pushed and within…

  • CVE-2026-40249MedApr 16, 2026
    risk 0.27cvss 5.3epss 0.00

    free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the PUT handler for updating Policy Data notification subscriptions at /nudr-dr/v2/policy-data/subs-to-notify/{subsId} does not return after request body retrieval or…

  • CVE-2025-43883MedApr 16, 2026
    risk 0.27cvss 4.1epss 0.00

    Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper check for unusual or exceptional conditions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service.

  • CVE-2024-51502MedNov 4, 2024
    risk 0.26cvss epss 0.00

    loona is an experimental, HTTP/1.1 and HTTP/2 implementation in Rust on top of io-uring. `loona-hpack` suffers from the same vulnerability as the original `hpack` as documented in issue #11. All users who try to decode untrusted input using the Decoder are vulnerable to this…

  • CVE-2026-8491LowMay 19, 2026
    risk 0.24cvss 3.7epss 0.00

    Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Node View Permissions allows Forceful Browsing. This issue affects Node View Permissions: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.1.

  • CVE-2026-4643LowMay 18, 2026
    risk 0.23cvss 3.5epss 0.00

    Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to prevent server-rendered content from closing an underlying application view in the Mattermost Desktop App which allows a malicious server or plugin to crash the desktop client via invoking {{window.close()}} in the…

  • CVE-2026-41377MedApr 28, 2026
    risk 0.23cvss 4.6epss 0.00

    OpenClaw before 2026.3.31 contains a fail-open vulnerability in the plugin installation flow where security scan failures do not block installation. Attackers can exploit scan failures to install untrusted plugins when operators proceed despite visible scan warnings.

  • CVE-2025-22848LowMay 13, 2025
    risk 0.23cvss 3.5epss 0.00

    Improper conditions check for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access.

  • CVE-2026-35366MedApr 22, 2026
    risk 0.22cvss 4.4epss 0.00

    The printenv utility in uutils coreutils fails to display environment variables containing invalid UTF-8 byte sequences. While POSIX permits arbitrary bytes in environment strings, the uutils implementation silently skips these entries rather than printing the raw bytes. This…

  • CVE-2026-40094MedMay 20, 2026
    risk 0.21cvss 4.3epss 0.00

    nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and prior, network-libp2p discovery accepts signed PeerContact updates from untrusted peers and stores them in a peer contact book, eventually leading to address book crash. A…

  • CVE-2026-4054MedMay 15, 2026
    risk 0.21cvss 4.3epss 0.00

    Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 Fail to validate the response body of proxied images, which allows a remote attacker to enact client-side DoS via an SVG file served from an attacker-controlled origin under a non-SVG Content-Type header…

  • CVE-2026-39395MedApr 7, 2026
    risk 0.21cvss 4.3epss 0.00

    Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3, cosign verify-blob-attestation may erroneously report a "Verified OK" result for attestations with malformed payloads or mismatched predicate types. For old-format bundles and…

  • CVE-2025-33030LowFeb 10, 2026
    risk 0.21cvss 3.3epss 0.00

    Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable data corruption. This…

  • CVE-2023-6742MedJan 11, 2024
    risk 0.21cvss 4.3epss 0.00

    The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'envira_gallery_insert_images' function in all versions up to, and including, 1.8.7.1. This makes it…

  • CVE-2026-24513LowFeb 3, 2026
    risk 0.20cvss 3.1epss 0.00

    A security issue was discovered in ingress-nginx where the protection afforded by the `auth-url` Ingress annotation may not be effective in the presence of a specific misconfiguration. If the ingress-nginx controller is configured with a default custom-errors configuration…

  • CVE-2025-52136LowAug 10, 2025
    risk 0.20cvss 3.0epss 0.00

    In EMQX before 5.8.6, administrators can install arbitrary novel plugins via the Dashboard web interface. NOTE: the Supplier's position is that this is the intended behavior; however, 5.8.6 adds a defense-in-depth feature in which a plugin's acceptability (for later Dashboard…

  • CVE-2025-32739LowFeb 10, 2026
    risk 0.18cvss 2.8epss 0.00

    Improper conditions check in some firmware for some Intel(R) Graphics Drivers and Intel LTS kernels within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable denial of…

  • CVE-2026-49318LowMay 29, 2026
    risk 0.16cvss 2.4epss 0.00

    Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module (WCM) traffic during…

  • CVE-2026-49317LowMay 29, 2026
    risk 0.16cvss 2.4epss 0.00

    Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module (WCM) traffic during…