CWE-248— Uncaught Exception
An exception is thrown from a function, but it is not caught.— MITRE CWE catalog
214 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-248page 5 of 5
- CVE-2026-46689HIGHCVSS 8.7EG 8.72026-05-06
Kanidm is an identity management platform. Prior to version 1.9.3, a single unauthenticated GET to any /scim/v1/... endpoint with a ?filter= query string of a few thousand nested parentheses (≈ 4–12 KB) drives the recursive-descent PEG…
- CVE-2026-50129HIGHCVSS 7.5EG 7.52026-06-24
Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.11, 4.4.18, and 4.3.24, a DoS can be triggered by (Uncaught Exception vulerability), due to missing exception handling in the math sanitizer. Malforme…
- CVE-2026-54775MEDIUMCVSS 6.5EG 6.52026-06-19
CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service listening on a Kafka topic stops processing new records from that topic when KafkaTransportPump recei…
- CVE-2026-54908MEDIUMCVSS 6.3EG 6.32026-07-01
Pion DTLS is a Go implementation of Datagram Transport Layer Security. Versions prior to 3.1.4 are vulnerable to Remote Denial of Service via panic while parsing a crafted ECDHE_PSK ServerKeyExchange message. This issue has been fixed in v…
- CVE-2026-55517MEDIUMCVSS 4.3EG 4.32026-06-17
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.5, a Deno program that opens a client WebSocket connection could be crashed by the remote server. While handling the WebSocket handshake response, Deno parsed the Sec-…
- CVE-2026-55780LOWCVSS 2.4EG 2.42026-07-10
NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's .NET single-file bundle handler in NanaZip.Codecs.Archive.DotNetSingleFile.cpp sizes its extraction buffer from the bundle entry Siz…
- CVE-2026-58208HIGHCVSS 7.5EG 7.52026-07-08
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a WebSocket listener could route requests for the MQTT-over-WebSocket path into MQTT handling even when MQTT was…
- CVE-2026-59162MEDIUMCVSS 6.9EG 6.92026-07-10
Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, Excelize parses shared-string cell values with strconv.Atoi and checks only the upper bound before indexing the shared string slice, a…
- CVE-2026-5937MEDIUMCVSS 5.5EG 5.52026-04-27
Insufficient parameter verification leads to the occurrence of format errors in files, which will trigger an unhandled "std::invalid_argument" exception, ultimately causing the program to terminate.
- CVE-2026-59875MEDIUMCVSS 5.3EG 5.32026-07-08
node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.17, node-tar does not strip NUL bytes from PAX path and linkpath records in src/pax.ts, allowing a crafted archive with values to reach fs.lstat or fs.open and termin…
- CVE-2026-59892HIGHCVSS 7.5EG 7.52026-07-08
OpenTelemetry JavaScript is the OpenTelemetry JavaScript client. Prior to 2.9.0, @opentelemetry/propagator-jaeger decodes incoming uber-trace-id and uberctx-* HTTP header values with decodeURIComponent() without handling decode errors, all…
- CVE-2026-7183MEDIUMCVSS 5.3EG 5.32026-04-27
A vulnerability has been found in aligungr UERANSIM up to 3.2.7. The affected element is the function rls::DecodeRlsMessage in the library src/lib/rls/rls_pdu.cpp of the component Radio Link Simulation Layer. The manipulation of the argume…
- CVE-2026-8161HIGHCVSS 7.5EG 7.52026-05-12
[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with an inherited Object.prototype property such as __proto__, constru…
- CVE-2026-9509HIGHCVSS 8.7EG 8.72026-05-29
An unhandled exception in Suprema BioStar 2 (Server), versions 2.9.8, 2.9.10, and 2.9.11, that allows an unauthenticated remote attacker to cause a denial of service (DoS) by sending HTTP POST requests to the ‘/api/migration’ endpoint.…
Map vulnerabilities like CWE-248 to your infrastructure
EchelonGraph correlates every CVE — across CWE-248 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →