CWE-392

5 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →

CVEs classified under CWE-392page 1 of 1

CVE-2023-42444HIGHCVSS 8.6EG 8.6
2023-09-19
phonenumber is a library for parsing, formatting and validating international phone numbers. Prior to versions `0.3.3+8.13.9` and `0.2.5+8.11.3`, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the pho…
CVE-2023-42447HIGHCVSS 8.6EG 8.6
2023-09-19
blurhash-rs is a pure Rust implementation of Blurhash, software for encoding images into ASCII strings that can be turned into a gradient of colors representing the original image. In version 0.1.1, the blurhash parsing code may panic due …
CVE-2023-48430LOWCVSS 2.7EG 2.7
2023-12-12
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The REST API of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sendi…
CVE-2024-39697HIGHCVSS 8.6EG 8.6
2024-07-09
phonenumber is a library for parsing, formatting and validating international phone numbers. Since 0.3.4, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment…
CVE-2026-42246HIGHCVSS 7.4EG 7.4
2026-05-09
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAP#starttls to return "successfully", without sta…

Map vulnerabilities like CWE-392 to your infrastructure

EchelonGraph correlates every CVE — across CWE-392 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.

Start Free Scan →