Skip to main content

CWE-391

Unchecked Error Condition

8 CVEs Avg CVSS 7.4 MITRE
2
CRITICAL
3
HIGH
3
MEDIUM
0
LOW
1
POC
0
KEV

Monthly

CVE-2025-71325 PyPI CRITICAL PATCH Act Now

Detection bypass in picklescan versions prior to 0.0.27 allows attackers to smuggle malicious Python pickle files past the scanner by exploiting an off-by-one parsing error in STACK_GLOBAL opcode handling. The flaw, reported by VulnCheck and tracked under GHSA-9gvj-pp9x-gcfr, lets crafted pickles trigger an unexpected exception in _list_globals so dangerous imports such as os.system go unflagged; a working PoC is published in the advisory and a vendor patch is available, though no public exploitation against deployments has been observed.

Authentication Bypass Picklescan
NVD GitHub
CVSS 4.0
9.3
EPSS
0.5%
CVE-2024-52316 Maven CRITICAL PATCH Act Now

Unchecked Error Condition vulnerability in Apache Tomcat. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Authentication Bypass Debian Linux
NVD
CVSS 3.1
9.8
EPSS
6.3%
CVE-2024-23326 HIGH This Week

Envoy is a cloud-native, open source edge and service proxy. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Envoy
NVD GitHub
CVSS 3.1
8.2
EPSS
0.4%
CVE-2023-0572 PHP MEDIUM POC PATCH This Month

Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Froxlor
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2020-14383 MEDIUM PATCH This Month

A flaw was found in samba's DNS server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Samba Enterprise Linux
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2019-14853 PyPI HIGH PATCH This Week

An error-handling flaw was found in python-ecdsa before version 0.13.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Python Python Ecdsa
NVD GitHub
CVSS 3.1
7.5
EPSS
2.5%
CVE-2018-1091 MEDIUM PATCH This Month

In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-7496 HIGH This Week

fedora-arm-installer up to and including 1.99.16 is vulnerable to local privilege escalation due to lack of checking the error condition of mount operation failure on unsafely created temporary. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation Arm Installer
NVD
CVSS 3.0
7.0
EPSS
0.1%
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Detection bypass in picklescan versions prior to 0.0.27 allows attackers to smuggle malicious Python pickle files past the scanner by exploiting an off-by-one parsing error in STACK_GLOBAL opcode handling. The flaw, reported by VulnCheck and tracked under GHSA-9gvj-pp9x-gcfr, lets crafted pickles trigger an unexpected exception in _list_globals so dangerous imports such as os.system go unflagged; a working PoC is published in the advisory and a vendor patch is available, though no public exploitation against deployments has been observed.

Authentication Bypass Picklescan
NVD GitHub
EPSS 6% CVSS 9.8
CRITICAL PATCH Act Now

Unchecked Error Condition vulnerability in Apache Tomcat. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Authentication Bypass +1
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Envoy is a cloud-native, open source edge and service proxy. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Envoy
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Froxlor
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

A flaw was found in samba's DNS server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Samba Enterprise Linux
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

An error-handling flaw was found in python-ecdsa before version 0.13.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Python Python Ecdsa
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel
NVD GitHub
EPSS 0% CVSS 7.0
HIGH This Week

fedora-arm-installer up to and including 1.99.16 is vulnerable to local privilege escalation due to lack of checking the error condition of mount operation failure on unsafely created temporary. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation Arm Installer
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy