CWE-755— Improper Handling of Exceptional Conditions
577 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-755page 11 of 12
- CVE-2024-34639MEDIUMCVSS 4.6EG 4.62024-09-04
Improper handling of exceptional conditions in Setupwizard prior to SMR Aug-2024 Release 1 allows physical attackers to bypass proper validation.
- CVE-2024-34750HIGHCVSS 7.5EG 7.52024-07-03
Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscountin…
- CVE-2024-36112MEDIUMCVSS 6.3EG 6.32024-05-28
Nautobot is a Network Source of Truth and Network Automation Platform. A user with permissions to view Dynamic Group records (`extras.view_dynamicgroup` permission) can use the Dynamic Group detail UI view (`/extras/dynamic-groups/<uuid>/`…
- CVE-2024-36730HIGHCVSS 7.5EG 7.52024-06-06
Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting negative values into the oneflow.zeros/ones parameter.
- CVE-2024-37284MEDIUMCVSS 5.5EG 5.52025-01-21
Improper handling of alternate encoding occurs when Elastic Defend on Windows systems attempts to scan a file or process encoded as a multibyte character. This leads to an uncaught exception causing Elastic Defend to crash which in turn wi…
- CVE-2024-39525HIGHCVSS 7.5EG 7.52024-10-09
An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specific BGP packet to cause rp…
- CVE-2024-39526MEDIUMCVSS 6.5EG 6.52024-10-11
An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on MX Series with MPC10/MPC11/LC9600 line cards, EX9200 with EX9200-15C lines cards, MX304 devices, and Juniper Networks Junos O…
- CVE-2024-39541MEDIUMCVSS 6.5EG 6.52024-07-11
An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). When conf…
- CVE-2024-39547HIGHCVSS 7.5EG 7.52024-10-11
An Improper Handling of Exceptional Conditions vulnerability in the rpd-server of Juniper Networks Junos OS and Junos OS Evolved within cRPD allows an unauthenticated network-based attacker sending crafted TCP traffic to the routing engin…
- CVE-2024-39552HIGHCVSS 7.5EG 7.52024-07-11
An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network based, unauthenticated attacker to cause the RPD process to crash leading …
- CVE-2024-39555HIGHCVSS 7.5EG 7.52024-07-10
An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker sending a specific malformed BGP update message to cause the session to …
- CVE-2024-39560MEDIUMCVSS 6.5EG 6.52024-07-10
An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a logically adjacent downstream RSVP neighbor to cause kernel memory exhaustion, lea…
- CVE-2024-39691MEDIUMCVSS 4.3EG 4.32024-07-05
matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The fix for GHSA-wm4w-7h2q-3pf7 / CVE-2024-32000 included in matrix-appservice-irc 2.0.0 relied on the Matrix homeserver-provided timestamp to determine wheth…
- CVE-2024-41886MEDIUMCVSS 6.9EG 0.02024-12-24
Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. An attacker could inject malformed data into url input parameters to reboot the NVR. The manufacturer has released patch firmware fo…
- CVE-2024-45038HIGHCVSS 7.5EG 7.52024-08-27
Meshtastic device firmware is a firmware for meshtastic devices to run an open source, off-grid, decentralized, mesh network built to run on affordable, low-power devices. Meshtastic device firmware is subject to a denial of serivce vulner…
- CVE-2024-46988MEDIUMCVSS 4.8EG 4.82024-10-14
Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.40, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6, users might receive email notific…
- CVE-2024-47489MEDIUMCVSS 5.8EG 5.82024-10-11
An Improper Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of the Juniper Networks Junos OS Evolved on ACX Series devices allows an unauthenticated, network based attacker sending specific transit pr…
- CVE-2024-47491MEDIUMCVSS 5.9EG 7.52024-10-11
An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause Denial of Service (DoS). When a …
- CVE-2024-47609MEDIUMCVSS 6.9EG 0.02024-10-01
Tonic is a native gRPC client & server implementation with async/await support. When using tonic::transport::Server there is a remote DoS attack that can cause the server to exit cleanly on accepting a TCP/TLS stream. This can be triggered…
- CVE-2024-47766MEDIUMCVSS 4.9EG 4.92024-10-14
Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.110, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, administrators of a project can …
- CVE-2024-47767MEDIUMCVSS 4.3EG 4.32024-10-14
Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.113, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, users might see tracker names th…
- CVE-2024-49841HIGHCVSS 7.8EG 7.82025-05-06
Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling.
- CVE-2024-50001MEDIUMCVSS 5.5EG 5.52024-10-21
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix error path in multi-packet WQE transmit Remove the erroneous unmap in case no DMA mapping was established The multi-packet WQE transmit code attempts to o…
- CVE-2024-50002MEDIUMCVSS 5.5EG 5.52024-10-21
In the Linux kernel, the following vulnerability has been resolved: static_call: Handle module init failure correctly in static_call_del_module() Module insertion invokes static_call_add_module() to initialize the static calls in a modul…
- CVE-2024-50176MEDIUMCVSS 5.5EG 5.52024-11-08
In the Linux kernel, the following vulnerability has been resolved: remoteproc: k3-r5: Fix error handling when power-up failed By simply bailing out, the driver was violating its rule and internal assumptions that either both or no rproc…
- CVE-2024-50202MEDIUMCVSS 5.5EG 5.52024-11-08
In the Linux kernel, the following vulnerability has been resolved: nilfs2: propagate directory read errors from nilfs_find_entry() Syzbot reported that a task hang occurs in vcs_open() during a fuzzing test for nilfs2. The root cause o…
- CVE-2024-51502MEDIUMCVSS 5.1EG 0.02024-11-04
loona is an experimental, HTTP/1.1 and HTTP/2 implementation in Rust on top of io-uring. `loona-hpack` suffers from the same vulnerability as the original `hpack` as documented in issue #11. All users who try to decode untrusted input usin…
- CVE-2024-51744LOWCVSS 3.1EG 3.12024-11-04
golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token …
- CVE-2024-51766MEDIUMCVSS 6.5EG 6.52024-11-22
A potential security vulnerability has been identified in the HPE NonStop DISK UTIL (T9208) product. This vulnerability could be exploited to cause a denial of service (DoS) to NonStop server. It exists in all prior DISK UTIL product versi…
- CVE-2024-52529MEDIUMCVSS 5.8EG 5.82024-11-25
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For users with the following configuration: 1. An allow policy that selects a Layer 3 destination and a port range `AND` 2. A Layer 7 allow policy t…
- CVE-2024-53063MEDIUMCVSS 5.5EG 5.52024-11-19
In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: prevent the risk of out of memory access The dvbdev contains a static variable used to store dvb minors. The behavior of it depends if CONFIG_DVB_DYNAMIC…
- CVE-2024-53984MEDIUMCVSS 4.3EG 4.32024-12-02
Nanopb is a small code-size Protocol Buffers implementation. When the compile time option PB_ENABLE_MALLOC is enabled, the message contains at least one field with FT_POINTER field type, custom stream callback is used with unknown stream …
- CVE-2024-6594HIGHCVSS 7.5EG 7.52024-09-25
Improper Handling of Exceptional Conditions vulnerability in the WatchGuard Single Sign-On Client on Windows causes the client to crash while handling malformed commands. An attacker with network access to the client could create a denial …
- CVE-2024-7521HIGHCVSS 8.8EG 9.82024-08-06
Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
- CVE-2024-8376HIGHCVSS 7.5EG 7.52024-10-11
In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets.
- CVE-2024-9413HIGHCVSS 8.0EG 8.02024-11-13
The transport_message_handler function in SCP-Firmware release versions 2.11.0-2.15.0 does not properly handle errors, potentially allowing an Application Processor (AP) to cause a buffer overflow in System Control Processor (SCP) firmware.
- CVE-2025-10156CRITICALCVSS 9.8EG 9.82025-09-17
An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314 picklescan allows a remote attacker to bypass security scans. This is achieved by crafting a ZIP archive containing a file wit…
- CVE-2025-21596MEDIUMCVSS 5.5EG 5.52025-01-09
An Improper Handling of Exceptional Conditions vulnerability in the command-line processing of Juniper Networks Junos OS on SRX1500, SRX4100, and SRX4200 devices allows a local, low-privileged authenticated attacker executing the 'show cha…
- CVE-2025-21602MEDIUMCVSS 6.5EG 6.52025-01-09
An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending a specific BGP update packet to cause r…
- CVE-2025-24478HIGHCVSS 7.1EG 0.02025-01-28
A denial-of-service vulnerability exists in the affected products. The vulnerability could allow a remote, non-privileged user to send malicious requests resulting in a major nonrecoverable fault causing a denial-of-service.
- CVE-2025-27465MEDIUMCVSS 4.3EG 6.52025-07-16
Certain instructions need intercepting and emulating by Xen. In some cases Xen emulates the instruction by replaying it, using an executable stub. Some instructions may raise an exception, which is supposed to be handled gracefully. Cer…
- CVE-2025-29826HIGHCVSS 7.3EG 7.32025-05-13
Improper handling of insufficient permissions or privileges in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.
- CVE-2025-30652MEDIUMCVSS 5.5EG 5.52025-04-09
An Improper Handling of Exceptional Conditions vulnerability in routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker executing a CLI command to cause a Denial of Service (D…
- CVE-2025-34193CRITICALCVSS 9.8EG 9.82025-09-19
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413 include Windows client components (PrinterInstallerClientInterface.exe, PrinterInstallerClient.exe, PrinterI…
- CVE-2025-41222MEDIUMCVSS 5.3EG 5.32025-07-08
A vulnerability has been identified in RUGGEDCOM i800 (All versions), RUGGEDCOM i801 (All versions), RUGGEDCOM i802 (All versions), RUGGEDCOM i803 (All versions), RUGGEDCOM M2100 (All versions), RUGGEDCOM M2200 (All versions), RUGGEDCOM M9…
- CVE-2025-43864HIGHCVSS 7.5EG 7.52025-04-25
React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch t…
- CVE-2025-4649MEDIUMCVSS 4.9EG 4.92025-05-13
Improper Handling of Exceptional Conditions vulnerability in Centreon web allows Privilege Escalation. ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display …
- CVE-2025-46584HIGHCVSS 7.8EG 7.82025-05-06
Vulnerability of improper authentication logic implementation in the file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2025-46733HIGHCVSS 7.9EG 7.92025-07-04
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In version 4.5.0, using a specially crafted tee-supplicant binary running in …
- CVE-2025-48886MEDIUMCVSS 4.8EG 4.82025-06-19
Hydra is a layer-two scalability solution for Cardano. Prior to version 0.22.0, the process assumes L1 event finality and does not consider failed transactions. Currently, Cardano L1 is monitored for certain events which are necessary for …
Map vulnerabilities like CWE-755 to your infrastructure
EchelonGraph correlates every CVE — across CWE-755 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →