Skip to main content

CWE-440

Expected Behavior Violation

37 CVEs Avg CVSS 6.0 MITRE
2
CRITICAL
5
HIGH
27
MEDIUM
3
LOW
6
POC
0
KEV

Monthly

CVE-2026-8806 HIGH CISA Act Now

Denial-of-service in Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Modules (all versions) allows unauthenticated remote attackers to halt the module's communication function by flooding its Ethernet port with packets. The high packet rate overwhelms internal anomaly-detection processing and stops communications - a critical impact for the industrial control environments these PLCs operate in. No public exploit identified at time of analysis, but the CVSS 4.0 score of 8.7 reflects high availability impact in operational technology contexts.

Information Disclosure Mitsubishi Electric Melsec Iq F Series Fx5 Enet Ip Ethernet Module Fx5 Enet Ip
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2026-42752 MEDIUM This Month

Unauthenticated bypass in the Stripe Payments WordPress plugin (versions up to and including 2.0.98) allows remote, unauthenticated attackers to circumvent authentication controls, resulting in limited confidentiality and integrity impact against affected WordPress installations. Reported by Patchstack (ENISA EUVD-2026-36838), the flaw is classified under CWE-440 (Expected Behavior Violation), indicating the plugin's actual enforcement diverges from its intended or documented security model. No public exploit code has been identified at time of analysis, and this CVE does not appear in the CISA KEV catalog.

Authentication Bypass Stripe Payments
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-49316 MEDIUM This Month

CAN bus error-frame injection on the 2025 Indian Motorcycle Scout Bobber + Tech defeats the Wireless Control Module (WCM)-enforced immobilizer, enabling vehicle operation without legitimate anti-theft deactivation. An attacker within physical or adjacent proximity drives the WCM's CAN controller into bus-off state by incrementing its transmit error counter past the threshold, permanently silencing the WCM's periodic shutdown command. Because peer ECUs treat WCM silence as benign rather than a security event - a fail-open design - the motorcycle becomes fully operable as though the immobilizer were properly unlocked. No public exploit code has been identified at time of analysis; ASRG is withholding full protocol details pending vendor remediation, reported under CVE-2026-49316.

Authentication Bypass Scout Bobber Tech
NVD VulDB
CVSS 4.0
4.1
EPSS
0.0%
CVE-2026-42534 MEDIUM PATCH This Month

Resolution performance degradation in NLnet Labs Unbound 1.25.0 and earlier allows an unauthenticated remote attacker - who also controls a malicious or slow authoritative nameserver - to subvert the jostle logic designed to evict stalled queries, ultimately causing denial of resolution service. The jostle mechanism, which activates when the num-queries-per-thread limit is reached, is bypassed because retransmitted duplicate queries reset the aging timestamp to the latest duplicate rather than preserving the original query start time, preventing aged queries from being correctly identified and replaced. No public exploit has been identified at time of analysis; however, the vendor has confirmed the issue and released a patch in version 1.25.1.

Information Disclosure Unbound
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-41136 Go MEDIUM PATCH GHSA This Month

Improper error handling in free5GC AMF prior to version 1.4.3 allows remote attackers to invoke the HTTPUEContextTransfer handler with uninitialized request objects by sending requests with unsupported Content-Type headers. The missing default case in the Content-Type switch statement silently skips deserialization without raising an error, resulting in integrity loss when malformed or crafted payloads reach the processor with null/uninitialized state. CVSS score of 5.5 reflects low integrity impact; publicly available exploit code exists (E:P).

Deserialization Amf Free5gc
NVD GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-3344 MEDIUM This Month

WatchGuard Fireware OS contains a filesystem integrity bypass vulnerability in versions 12.0-12.11.7, 12.5.9-12.5.16, and 2025.1-2026.1.1 that allows authenticated attackers with high privileges to deploy malicious firmware updates and establish limited persistence on affected appliances. An attacker could circumvent security checks designed to validate firmware authenticity, though currently no patch is available.

Authentication Bypass Fireware
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-13940 MEDIUM This Month

An Expected Behavior Violation [CWE-440] vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS boot time system integrity check and prevent the Firebox from shutting down in the event of a system integrity check failure. The on-demand system integrity check in the Fireware Web UI will correctly show a failed system integrity check message in the event of a failure.This issue affects Fireware OS: from 12.8.1 through 12.11.4, from 2025.1 through 2025.1.2.

Authentication Bypass Fireware
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-52953 MEDIUM PATCH This Month

An Expected Behavior Violation vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending a valid BGP UPDATE packet to cause a BGP session reset, resulting in a Denial of Service (DoS).  Continuous receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects iBGP and eBGP and both IPv4 and IPv6 are affected by this vulnerability. This issue affects Junos OS: * All versions before 21.2R3-S9, * from 21.4 before 21.4R3-S11, * from 22.2 before 22.2R3-S7, * from 22.4 before 22.4R3-S7, * from 23.2 before 23.2R2-S4, * from 23.4 before 23.4R2-S4, * from 24.2 before 24.2R2, * from 24.4 before 24.4R1-S3, 24.4R2 Junos OS Evolved: * All versions before 22.2R3-S7-EVO, * from 22.4-EVO before 22.4R3-S7-EVO, * from 23.2-EVO before 23.2R2-S4-EVO, * from 23.4-EVO before 23.4R2-S4-EVO, * from 24.2-EVO before 24.2R2-EVO, * from 24.4-EVO before 24.4R1-S3-EVO, 24.4R2-EVO.

Juniper Denial Of Service Junos Os Evolved Junos
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-6211 PyPI MEDIUM POC PATCH This Month

A vulnerability in the DocugamiReader class of the run-llama/llama_index repository, up to version 0.12.28, involves the use of MD5 hashing to generate IDs for document chunks. This approach leads to hash collisions when structurally distinct chunks contain identical text, resulting in one chunk overwriting another. This can cause loss of semantically or legally important document content, breakage of parent-child chunk hierarchies, and inaccurate or hallucinated responses in AI outputs. The issue is resolved in version 0.3.1.

Information Disclosure Llamaindex Red Hat
NVD GitHub
CVSS 3.0
6.5
EPSS
0.1%
CVE-2025-3044 PyPI MEDIUM POC PATCH This Month

A vulnerability in the ArxivReader class of the run-llama/llama_index repository, versions up to v0.12.22.post1, allows for MD5 hash collisions when generating filenames for downloaded papers. This can lead to data loss as papers with identical titles but different contents may overwrite each other, preventing some papers from being processed for AI model training. The issue is resolved in version 0.12.28.

Information Disclosure Llamaindex Red Hat
NVD GitHub
CVSS 3.0
5.3
EPSS
0.0%
EPSS 0% CVSS 8.7
HIGH Act Now

Denial-of-service in Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Modules (all versions) allows unauthenticated remote attackers to halt the module's communication function by flooding its Ethernet port with packets. The high packet rate overwhelms internal anomaly-detection processing and stops communications - a critical impact for the industrial control environments these PLCs operate in. No public exploit identified at time of analysis, but the CVSS 4.0 score of 8.7 reflects high availability impact in operational technology contexts.

Information Disclosure Mitsubishi Electric Melsec Iq F Series Fx5 Enet Ip Ethernet Module Fx5 Enet Ip
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Unauthenticated bypass in the Stripe Payments WordPress plugin (versions up to and including 2.0.98) allows remote, unauthenticated attackers to circumvent authentication controls, resulting in limited confidentiality and integrity impact against affected WordPress installations. Reported by Patchstack (ENISA EUVD-2026-36838), the flaw is classified under CWE-440 (Expected Behavior Violation), indicating the plugin's actual enforcement diverges from its intended or documented security model. No public exploit code has been identified at time of analysis, and this CVE does not appear in the CISA KEV catalog.

Authentication Bypass Stripe Payments
NVD
EPSS 0% CVSS 4.1
MEDIUM This Month

CAN bus error-frame injection on the 2025 Indian Motorcycle Scout Bobber + Tech defeats the Wireless Control Module (WCM)-enforced immobilizer, enabling vehicle operation without legitimate anti-theft deactivation. An attacker within physical or adjacent proximity drives the WCM's CAN controller into bus-off state by incrementing its transmit error counter past the threshold, permanently silencing the WCM's periodic shutdown command. Because peer ECUs treat WCM silence as benign rather than a security event - a fail-open design - the motorcycle becomes fully operable as though the immobilizer were properly unlocked. No public exploit code has been identified at time of analysis; ASRG is withholding full protocol details pending vendor remediation, reported under CVE-2026-49316.

Authentication Bypass Scout Bobber Tech
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Resolution performance degradation in NLnet Labs Unbound 1.25.0 and earlier allows an unauthenticated remote attacker - who also controls a malicious or slow authoritative nameserver - to subvert the jostle logic designed to evict stalled queries, ultimately causing denial of resolution service. The jostle mechanism, which activates when the num-queries-per-thread limit is reached, is bypassed because retransmitted duplicate queries reset the aging timestamp to the latest duplicate rather than preserving the original query start time, preventing aged queries from being correctly identified and replaced. No public exploit has been identified at time of analysis; however, the vendor has confirmed the issue and released a patch in version 1.25.1.

Information Disclosure Unbound
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Improper error handling in free5GC AMF prior to version 1.4.3 allows remote attackers to invoke the HTTPUEContextTransfer handler with uninitialized request objects by sending requests with unsupported Content-Type headers. The missing default case in the Content-Type switch statement silently skips deserialization without raising an error, resulting in integrity loss when malformed or crafted payloads reach the processor with null/uninitialized state. CVSS score of 5.5 reflects low integrity impact; publicly available exploit code exists (E:P).

Deserialization Amf Free5gc
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM This Month

WatchGuard Fireware OS contains a filesystem integrity bypass vulnerability in versions 12.0-12.11.7, 12.5.9-12.5.16, and 2025.1-2026.1.1 that allows authenticated attackers with high privileges to deploy malicious firmware updates and establish limited persistence on affected appliances. An attacker could circumvent security checks designed to validate firmware authenticity, though currently no patch is available.

Authentication Bypass Fireware
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An Expected Behavior Violation [CWE-440] vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS boot time system integrity check and prevent the Firebox from shutting down in the event of a system integrity check failure. The on-demand system integrity check in the Fireware Web UI will correctly show a failed system integrity check message in the event of a failure.This issue affects Fireware OS: from 12.8.1 through 12.11.4, from 2025.1 through 2025.1.2.

Authentication Bypass Fireware
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

An Expected Behavior Violation vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending a valid BGP UPDATE packet to cause a BGP session reset, resulting in a Denial of Service (DoS).  Continuous receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects iBGP and eBGP and both IPv4 and IPv6 are affected by this vulnerability. This issue affects Junos OS: * All versions before 21.2R3-S9, * from 21.4 before 21.4R3-S11, * from 22.2 before 22.2R3-S7, * from 22.4 before 22.4R3-S7, * from 23.2 before 23.2R2-S4, * from 23.4 before 23.4R2-S4, * from 24.2 before 24.2R2, * from 24.4 before 24.4R1-S3, 24.4R2 Junos OS Evolved: * All versions before 22.2R3-S7-EVO, * from 22.4-EVO before 22.4R3-S7-EVO, * from 23.2-EVO before 23.2R2-S4-EVO, * from 23.4-EVO before 23.4R2-S4-EVO, * from 24.2-EVO before 24.2R2-EVO, * from 24.4-EVO before 24.4R1-S3-EVO, 24.4R2-EVO.

Juniper Denial Of Service Junos Os Evolved +1
NVD
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

A vulnerability in the DocugamiReader class of the run-llama/llama_index repository, up to version 0.12.28, involves the use of MD5 hashing to generate IDs for document chunks. This approach leads to hash collisions when structurally distinct chunks contain identical text, resulting in one chunk overwriting another. This can cause loss of semantically or legally important document content, breakage of parent-child chunk hierarchies, and inaccurate or hallucinated responses in AI outputs. The issue is resolved in version 0.3.1.

Information Disclosure Llamaindex Red Hat
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

A vulnerability in the ArxivReader class of the run-llama/llama_index repository, versions up to v0.12.22.post1, allows for MD5 hash collisions when generating filenames for downloaded papers. This can lead to data loss as papers with identical titles but different contents may overwrite each other, preventing some papers from being processed for AI model training. The issue is resolved in version 0.12.28.

Information Disclosure Llamaindex Red Hat
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy