CWE-392— Missing Report of Error Condition
The product encounters an error but does not provide a status code or return value to indicate that an error has occurred.— MITRE CWE catalog
10 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-392page 1 of 1
- CVE-2023-42444HIGHCVSS 7.5EG 8.62023-09-19
phonenumber is a library for parsing, formatting and validating international phone numbers. Prior to versions `0.3.3+8.13.9` and `0.2.5+8.11.3`, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the pho…
- CVE-2023-42447HIGHCVSS 7.5EG 8.62023-09-19
blurhash-rs is a pure Rust implementation of Blurhash, software for encoding images into ASCII strings that can be turned into a gradient of colors representing the original image. In version 0.1.1, the blurhash parsing code may panic due …
- CVE-2023-48430LOWCVSS 2.7EG 2.72023-12-12
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The REST API of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sendi…
- CVE-2024-12797MEDIUMCVSS 6.3EG 6.32025-02-11
Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSL_VERIFY_PEER verification mode is set. I…
- CVE-2024-39697HIGHCVSS 8.6EG 8.62024-07-09
phonenumber is a library for parsing, formatting and validating international phone numbers. Since 0.3.4, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment…
- CVE-2025-23270HIGHCVSS 7.1EG 7.12025-07-17
NVIDIA Jetson Linux contains a vulnerability in UEFI Management mode, where an unprivileged local attacker may cause exposure of sensitive information via a side channel vulnerability. A successful exploit of this vulnerability might lead …
- CVE-2025-26268LOWCVSS 3.3EG 3.32025-04-17
DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. The validity of the scan cursor was not checked.
- CVE-2025-32743CRITICALCVSS 9.0EG 9.02025-04-10
In ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c can be NULL or an empty string when the TC (Truncated) bit is set in a DNS response. This allows attackers to cause a denial of service (application crash) or possibly e…
- CVE-2025-59398LOWCVSS 3.1EG 3.12025-09-15
The OCPP implementation in libocpp before 0.26.2 allows a denial of service (EVerest crash) via JSON input larger than 255 characters, because a CiString<255> object is created with StringTooLarge set to Throw.
- CVE-2026-42246HIGHCVSS 7.4EG 7.42026-05-09
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAP#starttls to return "successfully", without sta…
Map vulnerabilities like CWE-392 to your infrastructure
EchelonGraph correlates every CVE — across CWE-392 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →