VYPR

CWE-755

Improper Handling of Exceptional Conditions

ClassIncompleteLikelihood: Medium

Description

The product does not handle or incorrectly handles an exceptional condition.

Hierarchy (View 1000)

CVEs mapped to this weakness (140)

page 4 of 7
  • CVE-2018-0286MedMay 2, 2018
    risk 0.35cvss 5.3epss 0.03

    A vulnerability in the netconf interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on affected system. The vulnerability is due to improper handling of malformed requests processed by the netconf…

  • CVE-2025-41222MedJul 8, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability has been identified in RUGGEDCOM i800 (All versions), RUGGEDCOM i801 (All versions), RUGGEDCOM i802 (All versions), RUGGEDCOM i803 (All versions), RUGGEDCOM M2100 (All versions), RUGGEDCOM M2200 (All versions), RUGGEDCOM M969 (All versions), RUGGEDCOM RMC30 (All…

  • CVE-2023-46297MedMay 29, 2024
    risk 0.33cvss 5.1epss 0.00

    An issue was discovered on Mercusys MW325R EU V3 MW325R(EU)_V3_1.11.0 221019 devices. A WAN attacker can make the admin interface unreachable/invisible via an unauthenticated HTTP request. Verification of the data sent by the user does not occur. The web server does not crash,…

  • CVE-2026-42545MedMay 12, 2026
    risk 0.31cvss 5.9epss 0.00

    Granian is a Rust HTTP server for Python applications. From 0.2.0 to 2.7.4, Granian aborts a worker process if a WSGI application returns an invalid HTTP response header name or value. The WSGI response conversion path uses .unwrap() on both the header name and header value…

  • CVE-2026-44505MedJun 10, 2026
    risk 0.27cvss 5.3epss 0.00

    Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. network-libp2p handles kad get-record query progress in handle_dht_get (network-libp2p/src/swarm.rs). Prior to version 1.4.0, when a peer returns a FoundRecord, the…

  • CVE-2024-51502MedNov 4, 2024
    risk 0.26cvss epss 0.00

    loona is an experimental, HTTP/1.1 and HTTP/2 implementation in Rust on top of io-uring. `loona-hpack` suffers from the same vulnerability as the original `hpack` as documented in issue #11. All users who try to decode untrusted input using the Decoder are vulnerable to this…

  • CVE-2025-48886MedJun 19, 2025
    risk 0.24cvss 4.8epss 0.00

    Hydra is a layer-two scalability solution for Cardano. Prior to version 0.22.0, the process assumes L1 event finality and does not consider failed transactions. Currently, Cardano L1 is monitored for certain events which are necessary for state progression. At the moment, Hydra…

  • CVE-2024-53984MedDec 2, 2024
    risk 0.21cvss 4.3epss 0.00

    Nanopb is a small code-size Protocol Buffers implementation. When the compile time option PB_ENABLE_MALLOC is enabled, the message contains at least one field with FT_POINTER field type, custom stream callback is used with unknown stream length. and the pb_decode_ex() function…

  • CVE-2024-39691MedJul 5, 2024
    risk 0.21cvss 4.3epss 0.00

    matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The fix for GHSA-wm4w-7h2q-3pf7 / CVE-2024-32000 included in matrix-appservice-irc 2.0.0 relied on the Matrix homeserver-provided timestamp to determine whether a user has access to the event…

  • CVE-2024-32000MedApr 12, 2024
    risk 0.21cvss 4.3epss 0.00

    matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. matrix-appservice-irc before version 2.0.0 can be exploited to leak the truncated body of a message if a malicious user sends a Matrix reply to an event ID they don't have access to. As a…

  • CVE-2026-48524LowMay 28, 2026
    risk 0.17cvss 3.7epss 0.00

    PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.get_signing_key() forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no rate limiting. Since kid comes from the unverified token header, an attacker can…

  • CVE-2024-51744LowNov 4, 2024
    risk 0.13cvss 3.1epss 0.01

    golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors…

  • CVE-2021-28165Apr 1, 2021
    risk 0.01cvss epss 0.54

    In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.

  • CVE-2018-0934HigMar 14, 2018
    risk 0.01cvss 7.5epss 0.66

    ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from…

  • CVE-2026-54775Jun 19, 2026
    risk 0.00cvss epss

    ### Impact A CoreWCF service is running and listening on a Kafka topic receiving a null-value record will stop processing new records from that topic. #### Preconditions The attacker has produce/write permission on a topic that CoreWCF is consuming from. If the broker permits…

  • CVE-2026-27809Feb 25, 2026
    risk 0.00cvss epss 0.00

    psd-tools is a Python package for working with Adobe Photoshop PSD files. Prior to version 1.12.2, when a PSD file contains malformed RLE-compressed image data (e.g. a literal run that extends past the expected row size), decode_rle() raises ValueError which propagated all the…

  • CVE-2026-27195Feb 24, 2026
    risk 0.00cvss epss 0.00

    Wasmtime is a runtime for WebAssembly. Starting with Wasmtime 39.0.0, the `component-model-async` feature became the default, which brought with it a new implementation of `[Typed]Func::call_async` which made it capable of calling async-typed guest export functions. However,…

  • CVE-2026-27586Feb 24, 2026
    risk 0.00cvss epss 0.00

    Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, two swallowed errors in `ClientAuthentication.provision()` cause mTLS client certificate authentication to silently fail open when a CA certificate file is missing, unreadable, or…

  • CVE-2026-25957Feb 9, 2026
    risk 0.00cvss epss 0.00

    Cube is a semantic layer for building data applications. From 1.1.17 to before 1.5.13 and 1.4.2, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. This vulnerability is fixed in 1.5.13 and 1.4.2.

  • CVE-2025-69255Jan 7, 2026
    risk 0.00cvss epss 0.00

    RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.77, a malformed gRPC GetMetrics request causes get_metrics to unwrap() failed deserialization of metric_type/opts, panicking the handler thread and enabling remote denial of…