Skip to main content

CWE-390

Detection of Error Condition Without Action

16 CVEs Avg CVSS 7.3 MITRE
3
CRITICAL
5
HIGH
7
MEDIUM
0
LOW
3
POC
0
KEV

Monthly

CVE-2026-53434 CRITICAL Act Now

Improper handling of a Certificate Revocation List (CRL) error condition in Apache Tomcat's FFM-based (Foreign Function & Memory / OpenSSL) connector allows revoked client certificates to be accepted during mutual TLS authentication, defeating revocation checking. The flaw affects Tomcat 9.0.83-9.0.118, 10.1.0-M7-10.1.55, and 11.0.0-M1-11.0.22 when a CRL is configured on the FFM connector, letting an attacker holding a revoked-but-otherwise-valid client certificate reach protected resources. There is no public exploit identified at time of analysis and the issue is not on CISA KEV, though the CVSS base score is 9.1 (CWE-390).

Information Disclosure Tomcat Apache Apache Tomcat
NVD VulDB
CVSS 3.1
9.1
EPSS
0.2%
CVE-2026-52989 CRITICAL PATCH Act Now

Memory-safety flaw in the Linux kernel's NVMe-over-TCP target driver (nvmet-tcp) lets a connected initiator drive the kernel into reading received network data through an uninitialized iov_iter. Because nvmet_tcp_build_pdu_iovec() reported out-of-bounds PDU length/offset only via a fatal-error side effect while returning void, callers such as nvmet_tcp_handle_h2c_data_pdu() continued and advanced the receive state machine over an uninitialized cmd->recv_msg.msg_iter, leading to memory corruption or denial of service. NVD rates this 9.8 (CVSS:3.1 AV:N/AC:L/PR:N/UI:N), but EPSS is low (0.17%, 7th percentile) and there is no public exploit identified at time of analysis; it is not in CISA KEV.

Linux Buffer Overflow
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-48792 MEDIUM PATCH This Month

Authentication bypass in pam_usb prior to 0.9.1 allows a local low-privileged user to circumvent hardware token requirements by exploiting silent EACCES error suppression in the virtual input device scanner. When the PAM module's evdev.c component fails to open /dev/input/event* nodes due to permission errors, it returns a false negative indicating no virtual devices are present, and the caller in local.c proceeds with authentication as if the hardware check passed cleanly. No public exploit has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Pam Usb
NVD GitHub
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-0029 Monitor

Improper handling of error condition during host-induced faults can allow a local high-privileged attack to selectively drop guest DMA writes, potentially resulting in a loss of SEV-SNP guest memory integrity

Information Disclosure
NVD
EPSS
0.0%
CVE-2025-46367 HIGH This Month

Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain a Detection of Error Condition Without Action vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell RCE Alienware Command Center
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-49841 HIGH This Week

Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Snapdragon Ar2 Gen 1 Firmware Snapdragon Auto 5g Modem Rf Gen 2 Firmware Snapdragon X24 Lte Modem Firmware Snapdragon X32 5g Modem Rf Firmware +166
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-26465 MEDIUM PATCH This Month

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 60.0%.

Information Disclosure SSH Openssh Active Iq Unified Manager Ontap +3
NVD
CVSS 3.1
6.8
EPSS
60.0%
CVE-2025-25204 Go MEDIUM PATCH This Month

`gh` is GitHub’s official command line tool. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Suse
NVD GitHub
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-12086 MEDIUM POC PATCH This Month

A flaw was found in rsync. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Rsync Openshift Container Platform Enterprise Linux Almalinux +4
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.6%
CVE-2024-11942 PHP MEDIUM PATCH This Month

A vulnerability in Drupal Core allows File Manipulation.0.0 before 10.2.10. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Drupal
NVD
CVSS 3.1
5.9
EPSS
0.4%
EPSS 0% CVSS 9.1
CRITICAL Act Now

Improper handling of a Certificate Revocation List (CRL) error condition in Apache Tomcat's FFM-based (Foreign Function & Memory / OpenSSL) connector allows revoked client certificates to be accepted during mutual TLS authentication, defeating revocation checking. The flaw affects Tomcat 9.0.83-9.0.118, 10.1.0-M7-10.1.55, and 11.0.0-M1-11.0.22 when a CRL is configured on the FFM connector, letting an attacker holding a revoked-but-otherwise-valid client certificate reach protected resources. There is no public exploit identified at time of analysis and the issue is not on CISA KEV, though the CVSS base score is 9.1 (CWE-390).

Information Disclosure Tomcat Apache +1
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Memory-safety flaw in the Linux kernel's NVMe-over-TCP target driver (nvmet-tcp) lets a connected initiator drive the kernel into reading received network data through an uninitialized iov_iter. Because nvmet_tcp_build_pdu_iovec() reported out-of-bounds PDU length/offset only via a fatal-error side effect while returning void, callers such as nvmet_tcp_handle_h2c_data_pdu() continued and advanced the receive state machine over an uninitialized cmd->recv_msg.msg_iter, leading to memory corruption or denial of service. NVD rates this 9.8 (CVSS:3.1 AV:N/AC:L/PR:N/UI:N), but EPSS is low (0.17%, 7th percentile) and there is no public exploit identified at time of analysis; it is not in CISA KEV.

Linux Buffer Overflow
NVD VulDB
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

Authentication bypass in pam_usb prior to 0.9.1 allows a local low-privileged user to circumvent hardware token requirements by exploiting silent EACCES error suppression in the virtual input device scanner. When the PAM module's evdev.c component fails to open /dev/input/event* nodes due to permission errors, it returns a false negative indicating no virtual devices are present, and the caller in local.c proceeds with authentication as if the hardware check passed cleanly. No public exploit has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Pam Usb
NVD GitHub
EPSS 0%
Monitor

Improper handling of error condition during host-induced faults can allow a local high-privileged attack to selectively drop guest DMA writes, potentially resulting in a loss of SEV-SNP guest memory integrity

Information Disclosure
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain a Detection of Error Condition Without Action vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell RCE Alienware Command Center
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Snapdragon Ar2 Gen 1 Firmware Snapdragon Auto 5g Modem Rf Gen 2 Firmware +168
NVD
EPSS 60% CVSS 6.8
MEDIUM PATCH This Month

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 60.0%.

Information Disclosure SSH Openssh +5
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

`gh` is GitHub’s official command line tool. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Suse
NVD GitHub
EPSS 1% CVSS 6.8
MEDIUM POC PATCH This Month

A flaw was found in rsync. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Rsync Openshift Container Platform +6
NVD GitHub VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

A vulnerability in Drupal Core allows File Manipulation.0.0 before 10.2.10. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Drupal
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy