CWE-440 · Expected Behavior Violation
39 CVEs classified under CWE-440 (Expected Behavior Violation). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-32971 | Critical | 9.1 | 2024-05-02 | Apollo Router is a configurable, graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. The affected versions of Apollo Rout… |
CVE-2024-30246 | High | 7.6 | 2024-03-29 | Tuleap is an Open Source Suite to improve management of software developments and collaboration. A malicious user could exploit this issue on purpose to delete… |
CVE-2022-3281 | High | 7.5 | 2022-10-17 | WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100 and Edge Controller in multiple versions are prone to a loss of MAC-Address-Filteri… |
CVE-2023-32731 | High | 7.4 | 2023-06-09 | When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be ski… |
CVE-2019-5108 | High | 7.4 | 2019-12-23 | An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP… |
CVE-2019-5062 | High | 7.4 | 2019-12-12 | An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sessions. By… |
CVE-2019-5061 | High | 7.4 | 2019-12-12 | An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before… |
CVE-2025-52953 | Medium | 6.5 | 2025-07-11 | An Expected Behavior Violation vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated a… |
CVE-2025-6211 | Medium | 6.5 | 2025-07-10 | A vulnerability in the DocugamiReader class of the run-llama/llama_index repository, up to version 0.12.28, involves the use of MD5 hashing to generate IDs for… |
CVE-2023-6129 | Medium | 6.5 | 2024-01-09 | Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on Po… |
CVE-2024-47762 | Medium | 5.8 | 2024-10-03 | Backstage is an open framework for building developer portals. Configuration supplied through APP_CONFIG_* environment variables, for example APP_CONFIG_backen… |
CVE-2020-10768 | Medium | 5.5 | 2020-09-15 | A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disab… |
CVE-2020-10767 | Medium | 5.5 | 2020-09-15 | A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will b… |
CVE-2020-10766 | Medium | 5.5 | 2020-09-15 | A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. A bug in the logic handling allows an attacker with a local account to… |
CVE-2025-27094 | Medium | 5.4 | 2025-03-03 | Tuleap is an open-source suite designed to improve software development management and collaboration. A malicious user with access to a tracker could force-res… |
CVE-2026-42534 | Medium | 5.3 | 2026-05-20 | NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the jostle logic that could defeat its purpose and degrade resolution performance… |
CVE-2026-35040 | Medium | 5.3 | 2026-04-09 | fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to 6.2.1, using certain modifiers on RegExp objects in the allowedAud, allowedIss, allowedSub… |
CVE-2025-3044 | Medium | 5.3 | 2025-07-07 | A vulnerability in the ArxivReader class of the run-llama/llama_index repository, versions up to v0.12.22.post1, allows for MD5 hash collisions when generating… |
CVE-2023-32732 | Medium | 5.3 | 2023-06-09 | gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin… |
CVE-2025-40555 | Medium | 4.7 | 2025-05-13 | A vulnerability has been identified in APOGEE PXC+TALON TC Series (BACnet) (All versions). Affected devices start sending unsolicited BACnet broadcast messages… |