CWE-682— Incorrect Calculation
The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.— MITRE CWE catalog
112 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-682page 3 of 3
- CVE-2025-55552HIGHCVSS 7.5EG 5.32025-09-25
pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.
- CVE-2025-59047LOWCVSS 2.7EG 2.72025-09-11
matrix-sdk-base is the base component to build a Matrix client library. In matrix-sdk-base before 0.14.1, calling the `RoomMember::normalized_power_level()` method can cause a panic if a room member has a power level of `Int::Min`. The iss…
- CVE-2026-0810HIGHCVSS 7.1EG 7.12026-01-26
A flaw was found in gix-date. The `gix_date::parse::TimeBuf::as_str` function can generate strings containing invalid non-UTF8 characters. This issue violates the internal safety invariants of the `TimeBuf` component, leading to undefined …
- CVE-2026-10512HIGHCVSS 7.5EG 7.52026-06-25
The X25519 x86_64 assembly implementation fails to clear the most significant bit during the final modular reduction, so the computed result may not be fully reduced modulo the field prime 2^255 - 19. This can leave the field element in a …
- CVE-2026-21911MEDIUMCVSS 6.5EG 6.52026-01-15
An Incorrect Calculation vulnerability in the Layer 2 Control Protocol Daemon (l2cpd) of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker flapping the management interface to cause the learning of n…
- CVE-2026-24783HIGHCVSS 7.5EG 7.52026-01-27
soroban-fixed-point-math is a fixed-point math library for Soroban smart contacts. In versions 1.3.0 and 1.4.0, the `mulDiv(x, y, z)` function incorrectly handled cases where both the intermediate product $x * y$ and the divisor $z$ were n…
- CVE-2026-25634HIGHCVSS 7.8EG 7.82026-02-06
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to 2.3.1.4, SrcPixel and DestPixel stack buffers overlap in CIccTagMultiProcessElement::Appl…
- CVE-2026-33487HIGHCVSS 7.5EG 7.52026-03-26
goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the `validateSignature` function in `validate.go` goes through the references in the `SignedInfo` block to find one that matches the signed element's ID. I…
- CVE-2026-44074LOWCVSS 3.7EG 3.72026-05-21
Netatalk 2.1.0 through 4.4.2 combines multiple errno values using bitwise OR, resulting in incorrect error codes when multiple error conditions occur simultaneously, which may allow a remote attacker to cause a minor service disruption via…
- CVE-2026-44498HIGHCVSS 7.5EG 7.52026-05-08
ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, Zebra's block validator undercounts transparent signature operations against the 20000-sigop block limit (MAX_BLOCK_SIGOPS), allowing it to accept blocks that zcashd r…
- CVE-2026-55597MEDIUMCVSS 5.5EG 5.52026-07-01
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-26, an incorrect handling of arguments can cause a heap buffer over-write in the JP2 encoder. This issue has been fixed i…
- CVE-2026-7836LOWCVSS 3.1EG 3.12026-05-21
An incorrect calculation in the hextoint macro in Netatalk 2.0.0 through 4.4.2 due to improper uppercase character handling allows a remote authenticated attacker to cause limited data modification via crafted hexadecimal input.
Map vulnerabilities like CWE-682 to your infrastructure
EchelonGraph correlates every CVE — across CWE-682 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →