CWE-755
Improper Handling of Exceptional Conditions
Description
The product does not handle or incorrectly handles an exceptional condition.
Hierarchy (View 1000)
CVEs mapped to this weakness (140)
page 5 of 7| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-66622 | 0.00 | — | 0.00 | Dec 9, 2025 | matrix-sdk-base is the base component to build a Matrix client library. Versions 0.14.1 and prior are unable to handle responses that include custom m.room.join_rules values due to a serialization bug. This can be exploited to cause a denial-of-service condition, if a user is… | |||
| CVE-2025-62711 | 0.00 | — | 0.00 | Oct 24, 2025 | Wasmtime is a runtime for WebAssembly. In versions from 38.0.0 to before 38.0.3, the implementation of component-model related host-to-wasm trampolines in Wasmtime contained a bug where it's possible to carefully craft a component, which when called in a specific way, would… | |||
| CVE-2025-10156 | 0.00 | — | 0.01 | Sep 17, 2025 | An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314 picklescan allows a remote attacker to bypass security scans. This is achieved by crafting a ZIP archive containing a file with a bad Cyclic Redundancy Check (CRC),… | |||
| CVE-2024-12704 | 0.00 | — | 0.01 | Mar 20, 2025 | A vulnerability in the LangChainLLM class of the run-llama/llama_index repository, version v0.12.5, allows for a Denial of Service (DoS) attack. The stream_complete method executes the llm using a thread and retrieves the result via the get_response_gen method of the… | |||
| CVE-2024-52529 | 0.00 | — | 0.01 | Nov 25, 2024 | Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For users with the following configuration: 1. An allow policy that selects a Layer 3 destination and a port range `AND` 2. A Layer 7 allow policy that selects a specific port within the… | |||
| CVE-2024-34750 | — | 0.00 | — | 0.05 | Jul 3, 2024 | Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn… | ||
| CVE-2024-32652 | 0.00 | — | 0.01 | Apr 19, 2024 | The adapter @hono/node-server allows you to run your Hono application on Node.js. Prior to 1.10.1, the application hangs when receiving a Host header with a value that `@hono/node-server` can't handle well. Invalid values are those that cannot be parsed by the `URL` as a… | |||
| CVE-2024-28869 | 0.00 | — | 0.01 | Apr 12, 2024 | Traefik is an HTTP reverse proxy and load balancer. In affected versions sending a GET request to any Traefik endpoint with the "Content-length" request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to… | |||
| CVE-2024-32001 | 0.00 | — | 0.01 | Apr 10, 2024 | SpiceDB is a graph database purpose-built for storing and evaluating access control data. Use of a relation of the form: `relation folder: folder | folder#parent` with an arrow such as `folder->view` can cause LookupSubjects to only return the subjects found under subjects for… | |||
| CVE-2023-6267 | — | 0.00 | — | 0.01 | Jan 25, 2024 | A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed (deserialized) prior to the security constraints being evaluated and applied. This does not happen with… | ||
| CVE-2024-21907 | 0.00 | — | 0.33 | Jan 3, 2024 | Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the… | |||
| CVE-2023-50728 | 0.00 | — | 0.01 | Dec 15, 2023 | octokit/webhooks is a GitHub webhook events toolset for Node.js. Starting in 9.26.0 and prior to 9.26.3, 10.9.2, 11.1.2, and 12.0.4, there is a problem caused by an issue with error handling in the @octokit/webhooks library because the error can be undefined in some cases. The… | |||
| CVE-2023-6599 | 0.00 | — | 0.00 | Dec 8, 2023 | Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to 2.0. | |||
| CVE-2023-46673 | 0.00 | — | 0.01 | Nov 22, 2023 | It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API. | |||
| CVE-2023-41378 | — | 0.00 | — | 0.01 | Nov 6, 2023 | In certain conditions for Calico Typha (v3.26.2, v3.25.1 and below), and Calico Enterprise Typha (v3.17.1, v3.16.3, v3.15.3 and below), a client TLS handshake can block the Calico Typha server indefinitely, resulting in denial of service. The TLS Handshake() call is performed… | ||
| CVE-2023-45820 | 0.00 | — | 0.01 | Oct 19, 2023 | Directus is a real-time API and App dashboard for managing SQL database content. In affected versions any Directus installation that has websockets enabled can be crashed if the websocket server receives an invalid frame. A malicious user could leverage this bug to crash… | |||
| CVE-2023-41332 | 0.00 | — | 0.00 | Sep 26, 2023 | Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In Cilium clusters where Cilium's Layer 7 proxy has been disabled, creating workloads with `policy.cilium.io/proxy-visibility` annotations (in Cilium >= v1.13) or… | |||
| CVE-2023-41317 | 0.00 | — | 0.01 | Sep 5, 2023 | The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Affected versions are subject to a Denial-of-Service (DoS) type vulnerability which causes the Router to panic and terminate when… | |||
| CVE-2023-1732 | 0.00 | — | 0.00 | May 10, 2023 | When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read() returns an error. In rare deployment cases (error thrown by the Read() function), this could lead to a predictable shared secret. The tkn20 and… | |||
| CVE-2023-29520 | 0.00 | — | 0.01 | Apr 18, 2023 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to break many translations coming from wiki pages by creating a corrupted document containing a translation object. This will lead to a broken page. The… |
- CVE-2025-66622Dec 9, 2025risk 0.00cvss —epss 0.00
matrix-sdk-base is the base component to build a Matrix client library. Versions 0.14.1 and prior are unable to handle responses that include custom m.room.join_rules values due to a serialization bug. This can be exploited to cause a denial-of-service condition, if a user is…
- CVE-2025-62711Oct 24, 2025risk 0.00cvss —epss 0.00
Wasmtime is a runtime for WebAssembly. In versions from 38.0.0 to before 38.0.3, the implementation of component-model related host-to-wasm trampolines in Wasmtime contained a bug where it's possible to carefully craft a component, which when called in a specific way, would…
- CVE-2025-10156Sep 17, 2025risk 0.00cvss —epss 0.01
An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314 picklescan allows a remote attacker to bypass security scans. This is achieved by crafting a ZIP archive containing a file with a bad Cyclic Redundancy Check (CRC),…
- CVE-2024-12704Mar 20, 2025risk 0.00cvss —epss 0.01
A vulnerability in the LangChainLLM class of the run-llama/llama_index repository, version v0.12.5, allows for a Denial of Service (DoS) attack. The stream_complete method executes the llm using a thread and retrieves the result via the get_response_gen method of the…
- CVE-2024-52529Nov 25, 2024risk 0.00cvss —epss 0.01
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For users with the following configuration: 1. An allow policy that selects a Layer 3 destination and a port range `AND` 2. A Layer 7 allow policy that selects a specific port within the…
- CVE-2024-34750Jul 3, 2024risk 0.00cvss —epss 0.05
Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn…
- CVE-2024-32652Apr 19, 2024risk 0.00cvss —epss 0.01
The adapter @hono/node-server allows you to run your Hono application on Node.js. Prior to 1.10.1, the application hangs when receiving a Host header with a value that `@hono/node-server` can't handle well. Invalid values are those that cannot be parsed by the `URL` as a…
- CVE-2024-28869Apr 12, 2024risk 0.00cvss —epss 0.01
Traefik is an HTTP reverse proxy and load balancer. In affected versions sending a GET request to any Traefik endpoint with the "Content-length" request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to…
- CVE-2024-32001Apr 10, 2024risk 0.00cvss —epss 0.01
SpiceDB is a graph database purpose-built for storing and evaluating access control data. Use of a relation of the form: `relation folder: folder | folder#parent` with an arrow such as `folder->view` can cause LookupSubjects to only return the subjects found under subjects for…
- CVE-2023-6267Jan 25, 2024risk 0.00cvss —epss 0.01
A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed (deserialized) prior to the security constraints being evaluated and applied. This does not happen with…
- CVE-2024-21907Jan 3, 2024risk 0.00cvss —epss 0.33
Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the…
- CVE-2023-50728Dec 15, 2023risk 0.00cvss —epss 0.01
octokit/webhooks is a GitHub webhook events toolset for Node.js. Starting in 9.26.0 and prior to 9.26.3, 10.9.2, 11.1.2, and 12.0.4, there is a problem caused by an issue with error handling in the @octokit/webhooks library because the error can be undefined in some cases. The…
- CVE-2023-6599Dec 8, 2023risk 0.00cvss —epss 0.00
Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to 2.0.
- CVE-2023-46673Nov 22, 2023risk 0.00cvss —epss 0.01
It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API.
- CVE-2023-41378Nov 6, 2023risk 0.00cvss —epss 0.01
In certain conditions for Calico Typha (v3.26.2, v3.25.1 and below), and Calico Enterprise Typha (v3.17.1, v3.16.3, v3.15.3 and below), a client TLS handshake can block the Calico Typha server indefinitely, resulting in denial of service. The TLS Handshake() call is performed…
- CVE-2023-45820Oct 19, 2023risk 0.00cvss —epss 0.01
Directus is a real-time API and App dashboard for managing SQL database content. In affected versions any Directus installation that has websockets enabled can be crashed if the websocket server receives an invalid frame. A malicious user could leverage this bug to crash…
- CVE-2023-41332Sep 26, 2023risk 0.00cvss —epss 0.00
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In Cilium clusters where Cilium's Layer 7 proxy has been disabled, creating workloads with `policy.cilium.io/proxy-visibility` annotations (in Cilium >= v1.13) or…
- CVE-2023-41317Sep 5, 2023risk 0.00cvss —epss 0.01
The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Affected versions are subject to a Denial-of-Service (DoS) type vulnerability which causes the Router to panic and terminate when…
- CVE-2023-1732May 10, 2023risk 0.00cvss —epss 0.00
When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read() returns an error. In rare deployment cases (error thrown by the Read() function), this could lead to a predictable shared secret. The tkn20 and…
- CVE-2023-29520Apr 18, 2023risk 0.00cvss —epss 0.01
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to break many translations coming from wiki pages by creating a corrupted document containing a translation object. This will lead to a broken page. The…