CWE-754 · Improper Check for Unusual or Exceptional Conditions
589 CVEs classified under CWE-754 (Improper Check for Unusual or Exceptional Conditions). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-4689 | Critical | 10.0 | 2026-03-24 | Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34… |
CVE-2026-24054 | Critical | 10.0 | 2026-01-29 | Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In versions… |
CVE-2021-0211 | Critical | 10.0 | 2021-01-15 | An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon (RPD) service allows an attac… |
CVE-2026-8091 | Critical | 9.8 | 2026-05-07 | Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, Thund… |
CVE-2024-52316 | Critical | 9.8 | 2024-11-18 | Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext co… |
CVE-2024-7826 | Critical | 9.8 | 2024-10-03 | Improper Check for Unusual or Exceptional Conditions vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrURL.Dll modules) a… |
CVE-2024-3729 | Critical | 9.8 | 2024-05-02 | The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'fea_encrypt' function in all ver… |
CVE-2023-37303 | Critical | 9.8 | 2023-06-30 | An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary brow… |
CVE-2017-20166 | Critical | 9.8 | 2023-01-10 | Ecto 2.2.0 lacks a certain protection mechanism associated with the interaction between is_nil and raise. |
CVE-2022-20130 | Critical | 9.8 | 2022-06-15 | In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code executi… |
CVE-2021-33622 | Critical | 9.8 | 2021-06-15 | Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3.5-8, has an Incorrect Check of a Function's Return Value. |
CVE-2020-28037 | Critical | 9.8 | 2020-11-02 | is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an att… |
CVE-2020-8986 | Critical | 9.8 | 2020-03-24 | lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta failed to properly check for equality when validating the session cookie, allowing an attacker to gain admini… |
CVE-2020-10571 | Critical | 9.8 | 2020-03-14 | An issue was discovered in psd-tools before 1.9.4. The Cython implementation of RLE decoding did not check for malicious data. |
CVE-2019-19646 | Critical | 9.8 | 2019-12-09 | pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns. |
CVE-2019-15900 | Critical | 9.8 | 2019-10-18 | An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. On platforms without strtonum(3), sscanf was used without checking… |
CVE-2019-0036 | Critical | 9.8 | 2019-04-10 | When configuring a stateless firewall filter in Junos OS, terms named using the format "internal-n" (e.g. "internal-1", "internal-2", etc.) are silently ignore… |
CVE-2020-15202 | Critical | 9.0 | 2020-09-25 | In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the last argument to be a function taking two `int64… |
CVE-2026-21693 | High | 8.8 | 2026-01-07 | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color manage… |
CVE-2024-43044 | High | 8.8 | 2024-08-07 | Jenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent processes to read arbitrary files from the Jenkins controller file system by using the `ClassLo… |