Skip to main content

CWE-392

Missing Report of Error Condition

8 CVEs Avg CVSS 5.7 MITRE
1
CRITICAL
2
HIGH
2
MEDIUM
3
LOW
2
POC
0
KEV

Monthly

CVE-2026-42246 Ruby HIGH PATCH GHSA This Week

Man-in-the-middle attackers can strip TLS protection from Ruby net-imap STARTTLS connections by injecting a premature tagged OK response with a predictable tag. The vulnerability allows attackers to bypass TLS encryption, forcing the client to transmit credentials and email content in cleartext while the application believes the connection is secure. Vendor-released patches (net-imap 0.6.4, 0.5.14, 0.4.24, 0.3.10) are available. CVSS 7.6 severity reflects network-accessible attack with low complexity but requires man-in-the-middle positioning. No public exploit code identified at time of analysis, though the attack mechanism is well-documented in security research (NO STARTTLS project).

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
7.6
EPSS
0.1%
CVE-2026-20005 MEDIUM This Month

Snort 3 Detection Engine contains a vulnerability that allows attackers to cause a denial of service (DoS) condition when the Snort 3 Detection Engine rest (CVSS 5.8).

Cisco TLS Denial Of Service
NVD
CVSS 3.1
5.8
EPSS
0.1%
CVE-2025-59398 LOW Monitor

The OCPP implementation in libocpp before 0.26.2 allows a denial of service (EVerest crash) via JSON input larger than 255 characters, because a CiString<255> object is created with StringTooLarge. Rated low severity (CVSS 3.1), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-26268 LOW POC PATCH Monitor

DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Redis Dragonfly
NVD GitHub
CVSS 3.1
3.3
EPSS
0.2%
CVE-2025-32743 CRITICAL Act Now

In ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c can be NULL or an empty string when the TC (Truncated) bit is set in a DNS response. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Denial Of Service
NVD
CVSS 3.1
9.0
EPSS
0.5%
CVE-2024-12797 PyPI MEDIUM POC PATCH This Month

Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.8%
CVE-2023-48430 LOW PATCH Monitor

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Sinec Ins
NVD
CVSS 3.1
2.7
EPSS
0.6%
CVE-2017-2342 HIGH This Week

MACsec feature on Juniper Networks Junos OS 15.1X49 prior to 15.1X49-D100 on SRX300 series does not report errors when a secure link can not be established. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos
NVD
CVSS 3.0
8.1
EPSS
0.1%
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Man-in-the-middle attackers can strip TLS protection from Ruby net-imap STARTTLS connections by injecting a premature tagged OK response with a predictable tag. The vulnerability allows attackers to bypass TLS encryption, forcing the client to transmit credentials and email content in cleartext while the application believes the connection is secure. Vendor-released patches (net-imap 0.6.4, 0.5.14, 0.4.24, 0.3.10) are available. CVSS 7.6 severity reflects network-accessible attack with low complexity but requires man-in-the-middle positioning. No public exploit code identified at time of analysis, though the attack mechanism is well-documented in security research (NO STARTTLS project).

Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 5.8
MEDIUM This Month

Snort 3 Detection Engine contains a vulnerability that allows attackers to cause a denial of service (DoS) condition when the Snort 3 Detection Engine rest (CVSS 5.8).

Cisco TLS Denial Of Service
NVD
EPSS 0% CVSS 3.1
LOW Monitor

The OCPP implementation in libocpp before 0.26.2 allows a denial of service (EVerest crash) via JSON input larger than 255 characters, because a CiString<255> object is created with StringTooLarge. Rated low severity (CVSS 3.1), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service
NVD GitHub
EPSS 0% CVSS 3.3
LOW POC PATCH Monitor

DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Redis Dragonfly
NVD GitHub
EPSS 0% CVSS 9.0
CRITICAL Act Now

In ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c can be NULL or an empty string when the TC (Truncated) bit is set in a DNS response. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Denial Of Service
NVD
EPSS 1% CVSS 6.3
MEDIUM POC PATCH This Month

Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Red Hat +1
NVD GitHub VulDB
EPSS 1% CVSS 2.7
LOW PATCH Monitor

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Sinec Ins
NVD
EPSS 0% CVSS 8.1
HIGH This Week

MACsec feature on Juniper Networks Junos OS 15.1X49 prior to 15.1X49-D100 on SRX300 series does not report errors when a secure link can not be established. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy