VYPR

CWE-755

Improper Handling of Exceptional Conditions

ClassIncompleteLikelihood: Medium

Description

The product does not handle or incorrectly handles an exceptional condition.

Hierarchy (View 1000)

CVEs mapped to this weakness (140)

page 5 of 7
  • CVE-2025-66622Dec 9, 2025
    risk 0.00cvss epss 0.00

    matrix-sdk-base is the base component to build a Matrix client library. Versions 0.14.1 and prior are unable to handle responses that include custom m.room.join_rules values due to a serialization bug. This can be exploited to cause a denial-of-service condition, if a user is…

  • CVE-2025-62711Oct 24, 2025
    risk 0.00cvss epss 0.00

    Wasmtime is a runtime for WebAssembly. In versions from 38.0.0 to before 38.0.3, the implementation of component-model related host-to-wasm trampolines in Wasmtime contained a bug where it's possible to carefully craft a component, which when called in a specific way, would…

  • CVE-2025-10156Sep 17, 2025
    risk 0.00cvss epss 0.01

    An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314 picklescan allows a remote attacker to bypass security scans. This is achieved by crafting a ZIP archive containing a file with a bad Cyclic Redundancy Check (CRC),…

  • CVE-2024-12704Mar 20, 2025
    risk 0.00cvss epss 0.01

    A vulnerability in the LangChainLLM class of the run-llama/llama_index repository, version v0.12.5, allows for a Denial of Service (DoS) attack. The stream_complete method executes the llm using a thread and retrieves the result via the get_response_gen method of the…

  • CVE-2024-52529Nov 25, 2024
    risk 0.00cvss epss 0.01

    Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For users with the following configuration: 1. An allow policy that selects a Layer 3 destination and a port range `AND` 2. A Layer 7 allow policy that selects a specific port within the…

  • CVE-2024-34750Jul 3, 2024
    risk 0.00cvss epss 0.05

    Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn…

  • CVE-2024-32652Apr 19, 2024
    risk 0.00cvss epss 0.01

    The adapter @hono/node-server allows you to run your Hono application on Node.js. Prior to 1.10.1, the application hangs when receiving a Host header with a value that `@hono/node-server` can't handle well. Invalid values are those that cannot be parsed by the `URL` as a…

  • CVE-2024-28869Apr 12, 2024
    risk 0.00cvss epss 0.01

    Traefik is an HTTP reverse proxy and load balancer. In affected versions sending a GET request to any Traefik endpoint with the "Content-length" request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to…

  • CVE-2024-32001Apr 10, 2024
    risk 0.00cvss epss 0.01

    SpiceDB is a graph database purpose-built for storing and evaluating access control data. Use of a relation of the form: `relation folder: folder | folder#parent` with an arrow such as `folder->view` can cause LookupSubjects to only return the subjects found under subjects for…

  • CVE-2023-6267Jan 25, 2024
    risk 0.00cvss epss 0.01

    A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed (deserialized) prior to the security constraints being evaluated and applied. This does not happen with…

  • CVE-2024-21907Jan 3, 2024
    risk 0.00cvss epss 0.33

    Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the…

  • CVE-2023-50728Dec 15, 2023
    risk 0.00cvss epss 0.01

    octokit/webhooks is a GitHub webhook events toolset for Node.js. Starting in 9.26.0 and prior to 9.26.3, 10.9.2, 11.1.2, and 12.0.4, there is a problem caused by an issue with error handling in the @octokit/webhooks library because the error can be undefined in some cases. The…

  • CVE-2023-6599Dec 8, 2023
    risk 0.00cvss epss 0.00

    Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to 2.0.

  • CVE-2023-46673Nov 22, 2023
    risk 0.00cvss epss 0.01

    It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API.

  • CVE-2023-41378Nov 6, 2023
    risk 0.00cvss epss 0.01

    In certain conditions for Calico Typha (v3.26.2, v3.25.1 and below), and Calico Enterprise Typha (v3.17.1, v3.16.3, v3.15.3 and below), a client TLS handshake can block the Calico Typha server indefinitely, resulting in denial of service. The TLS Handshake() call is performed…

  • CVE-2023-45820Oct 19, 2023
    risk 0.00cvss epss 0.01

    Directus is a real-time API and App dashboard for managing SQL database content. In affected versions any Directus installation that has websockets enabled can be crashed if the websocket server receives an invalid frame. A malicious user could leverage this bug to crash…

  • CVE-2023-41332Sep 26, 2023
    risk 0.00cvss epss 0.00

    Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In Cilium clusters where Cilium's Layer 7 proxy has been disabled, creating workloads with `policy.cilium.io/proxy-visibility` annotations (in Cilium >= v1.13) or…

  • CVE-2023-41317Sep 5, 2023
    risk 0.00cvss epss 0.01

    The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Affected versions are subject to a Denial-of-Service (DoS) type vulnerability which causes the Router to panic and terminate when…

  • CVE-2023-1732May 10, 2023
    risk 0.00cvss epss 0.00

    When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read() returns an error. In rare deployment cases (error thrown by the Read() function), this could lead to a predictable shared secret. The tkn20 and…

  • CVE-2023-29520Apr 18, 2023
    risk 0.00cvss epss 0.01

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to break many translations coming from wiki pages by creating a corrupted document containing a translation object. This will lead to a broken page. The…