CWE-392
10 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-392page 1 of 1
- CVE-2023-42444HIGHCVSS 8.6EG 8.62023-09-19
phonenumber is a library for parsing, formatting and validating international phone numbers. Prior to versions `0.3.3+8.13.9` and `0.2.5+8.11.3`, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the pho…
- CVE-2023-42447HIGHCVSS 8.6EG 8.62023-09-19
blurhash-rs is a pure Rust implementation of Blurhash, software for encoding images into ASCII strings that can be turned into a gradient of colors representing the original image. In version 0.1.1, the blurhash parsing code may panic due …
- CVE-2023-48430LOWCVSS 2.7EG 2.72023-12-12
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The REST API of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sendi…
- CVE-2024-12797MEDIUMCVSS 6.3EG 6.32025-02-11
Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSL_VERIFY_PEER verification mode is set. I…
- CVE-2024-39697HIGHCVSS 8.6EG 8.62024-07-09
phonenumber is a library for parsing, formatting and validating international phone numbers. Since 0.3.4, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment…
- CVE-2025-23270HIGHCVSS 7.1EG 7.12025-07-17
NVIDIA Jetson Linux contains a vulnerability in UEFI Management mode, where an unprivileged local attacker may cause exposure of sensitive information via a side channel vulnerability. A successful exploit of this vulnerability might lead …
- CVE-2025-26268LOWCVSS 3.3EG 3.32025-04-17
DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. The validity of the scan cursor was not checked.
- CVE-2025-32743CRITICALCVSS 9.0EG 9.02025-04-10
In ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c can be NULL or an empty string when the TC (Truncated) bit is set in a DNS response. This allows attackers to cause a denial of service (application crash) or possibly e…
- CVE-2025-59398LOWCVSS 3.1EG 3.12025-09-15
The OCPP implementation in libocpp before 0.26.2 allows a denial of service (EVerest crash) via JSON input larger than 255 characters, because a CiString<255> object is created with StringTooLarge set to Throw.
- CVE-2026-42246HIGHCVSS 7.4EG 7.42026-05-09
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAP#starttls to return "successfully", without sta…
Map vulnerabilities like CWE-392 to your infrastructure
EchelonGraph correlates every CVE — across CWE-392 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →