CWE-755: Improper Handling of Exceptional Conditions — known CVE vulnerabilities
CVEs classified under CWE-755 (Improper Handling of Exceptional Conditions), ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2025-34193 — CVSS 9.8 (critical): Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413 include…
CVE-2025-10156 — CVSS 9.8 (critical): An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314 picklescan allows a remote…
CVE-2021-42142 — CVSS 9.8 (critical): An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers mishandle the early use of a large epoch number…
CVE-2021-42141 — CVSS 9.8 (critical): An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. One incorrect handshake could complete with different epoch numbers in…
CVE-2023-38406 — CVSS 9.8 (critical): bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow."
CVE-2022-23121 — CVSS 9.8 (critical): This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required…
CVE-2021-4105 — CVSS 9.8 (critical): Improper Handling of Parameters vulnerability in BG-TEK COSLAT Firewall allows Remote Code Inclusion. This issue affects COSLAT Firewall…
CVE-2022-48329 — CVSS 9.8 (critical): MISP before 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute.php, app/Model/GalaxyCluster.php…
CVE-2022-48328 — CVSS 9.8 (critical): app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles ordered_url_params and additional_delimiters.
CVE-2021-40391 — CVSS 9.8 (critical): An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and…
CVE-2021-43272 — CVSS 9.8 (critical): An improper handling of exceptional conditions vulnerability exists in Open Design Alliance ODA Viewer sample before 2022.11. ODA Viewer…
CVE-2021-38384 — CVSS 9.8 (critical): Serverless Offline 8.0.0 returns a 403 HTTP status code for a route that has a trailing / character, which might cause a developer to…
CVE-2021-36128 — CVSS 9.8 (critical): An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. Autoblocks for CentralAuth-issued suppression blocks are…
CVE-2020-24753 — CVSS 9.8 (critical): A memory corruption vulnerability in Objective Open CBOR Run-time (oocborrt) in versions before 2020-08-12 could allow an attacker to…
CVE-2019-17195 — CVSS 9.8 (critical): Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application…
CVE-2019-14431 — CVSS 9.8 (critical): In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles incoming network messages leading to a heap-based buffer overflow of…
CVE-2019-12815 — CVSS 9.8 (critical): An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure…
CVE-2019-6256 — CVSS 9.8 (critical): A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93. It can cause an…
CVE-2018-19991 — CVSS 9.8 (critical): VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because there is no error handler (for get_uri_args…
CVE-2017-2877 — CVSS 9.8 (critical): A missing error check exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A…
CVE-2020-11012 — CVSS 9.3 (critical): MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API. Given an admin access key…
CVE-2026-27586 — CVSS 9.1 (critical): Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, two swallowed errors in `ClientAuthentication.prov…
CVE-2021-23859 — CVSS 9.1 (critical): An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS…
CVE-2026-40371 — CVSS 8.8 (high): Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to…
CVE-2024-7521 — CVSS 8.8 (high): Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR <…
CVE-2024-3150 — CVSS 8.8 (high): In mintplex-labs/anything-llm, a vulnerability exists in the thread update process that allows users with Default or Manager roles to…
CVE-2023-6866 — CVSS 8.8 (high): TypedArrays can be fallible and lacked proper exception handling. This could lead to abuse in other APIs which expect TypedArrays to always…
CVE-2022-22150 — CVSS 8.8 (high): A memory corruption vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.1.0.52543. A…
CVE-2021-1578 — CVSS 8.8 (high): A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy…
CVE-2021-33477 — CVSS 8.8 (high): rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (potentially remote) code execution because of improper handling of…
CVE-2020-16005 — CVSS 8.8 (high): Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap…
CVE-2019-14287 — CVSS 8.8 (high): In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules…
CVE-2019-14378 — CVSS 8.8 (high): ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the…
CVE-2019-5051 — CVSS 8.8 (high): An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error…
CVE-2026-49232: Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as running out of…
CVE-2025-9437: A security issue exists within the Studio 5000 Logix Designer add-on profile (AOP) for the ArmorStart Classic distributed motor controller…
CVE-2024-0108 — CVSS 8.7 (high): NVIDIA Jetson Linux contains a vulnerability in NvGPU where error handling paths in GPU MMU mapping code fail to clean up a failed mapping…
CVE-2023-6267 — CVSS 8.6 (high): A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may…
CVE-2023-20243 — CVSS 8.6 (high): A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote…
CVE-2022-46403 — CVSS 8.6 (high): The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) mishandles reject messages.
CVE-2022-20919 — CVSS 8.6 (high): A vulnerability in the processing of malformed Common Industrial Protocol (CIP) packets that are sent to Cisco IOS Software and Cisco IOS…
CVE-2022-20678 — CVSS 8.6 (high): A vulnerability in the AppNav-XE feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected…
CVE-2021-34781 — CVSS 8.6 (high): A vulnerability in the processing of SSH connections for multi-instance deployments of Cisco Firepower Threat Defense (FTD) Software could…
CVE-2020-1632 — CVSS 8.6 (high): In a certain condition, receipt of a specific BGP UPDATE message might cause Juniper Networks Junos OS and Junos OS Evolved devices to…
CVE-2019-6848 — CVSS 8.6 (high): A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 CPU (BMEx58*) and Modicon M580 communication…
CVE-2019-1858 — CVSS 8.6 (high): A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software…