CWE-230— Improper Handling of Missing Values
The product does not handle or incorrectly handles when a parameter, field, or argument name is specified, but the associated value is missing, i.e. it is empty, blank, or null.— MITRE CWE catalog
11 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-230page 1 of 1
- CVE-2023-1697MEDIUMCVSS 6.5EG 6.52023-04-17
An Improper Handling of Missing Values vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a dcpfe process core and thereby a Denial of Service (DoS). Conti…
- CVE-2024-0048HIGHCVSS 7.8EG 8.42024-03-11
In Session of AccountManagerService.java, there is a possible method to retain foreground service privileges due to incorrect handling of null responses. This could lead to local escalation of privilege with no additional execution privile…
- CVE-2024-0208HIGHCVSS 7.5EG 7.82024-01-03
GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file
- CVE-2024-10508CRITICALCVSS 9.8EG 9.82024-11-09
The RegistrationMagic – User Registration Plugin with Custom Registration Forms plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0.2.6. This is due to the plugin not …
- CVE-2024-11024CRITICALCVSS 9.8EG 9.82024-11-26
The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.6. This is due to the plugin not properly validating a user's password reset …
- CVE-2024-6237MEDIUMCVSS 6.5EG 5.32024-07-09
A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service.
- CVE-2024-9781HIGHCVSS 7.8EG 7.82024-10-10
AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file
- CVE-2025-23225MEDIUMCVSS 6.5EG 6.52025-02-28
IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user to cause a denial of service due to the improper handling of invalid headers sent to the queue.
- CVE-2026-1461MEDIUMCVSS 6.5EG 6.52026-02-19
The Simple Membership plugin for WordPress is vulnerable to Improper Handling of Missing Values in all versions up to, and including, 4.7.0 via the Stripe webhook handler. This is due to the plugin only validating webhook signatures when t…
- CVE-2026-25658MEDIUMCVSS 6.5EG 6.52026-06-05
Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Missing Values (CWE-230) vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact …
- CVE-2026-25659MEDIUMCVSS 6.5EG 6.52026-06-05
Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Missing Values (CWE-230) vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact …
Map vulnerabilities like CWE-230 to your infrastructure
EchelonGraph correlates every CVE — across CWE-230 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →