CWE-248 (Uncaught Exception) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.
An exception is thrown from a function, but it is not caught.
| Kind | Name | Class | Prevalence | OS / CPE |
|---|---|---|---|---|
| language | C++ | — | Undetermined | — |
| language | Java | — | Undetermined | — |
| language | C# | — | Undetermined | — |
These CVEs are mapped to this weakness in this database and kept for traceability and search.
| CVE | Published | Summary |
|---|---|---|
| CVE-2026-45685 | 2026-06-02 | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.1.0 to before version 0.9.0, malformed MongoDB wire messages can trigger uncaught p… |
| CVE-2026-45676 | 2026-06-02 | OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI's replacement ELF parser trusts section offsets, counts, and string of… |
| CVE-2026-45554 | 2026-06-02 | NiceGUI is a Python-based UI framework. Prior to version 3.12.0, two FastAPI routes that serve per-component static assets in NiceGUI accept a sub-path parameter that may resolve to a directory rather… |
| CVE-2026-9509 | 2026-05-29 | An unhandled exception in Suprema BioStar 2 (Server), versions 2.9.8, 2.9.10, and 2.9.11, that allows an unauthenticated remote attacker to cause a denial of service (DoS) by sending HTTP POST request… |
| CVE-2025-15649 | 2026-05-27 | IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date. _dosToUnixTime() decodes the local-file-header last-modification dat… |
| CVE-2026-44905 | 2026-05-26 | Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the cryptographic verification pipeline of Vanetza.… |
| CVE-2026-43988 | 2026-05-26 | Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the ASN.1/OER parsing pipeline of Vanetza. When pro… |
| CVE-2026-44001 | 2026-05-13 | vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox escape vulnerability in vm2 v3.10.5 allows any sandboxed code to crash the host Node.js process via a single Promise constructo… |
| CVE-2026-42545 | 2026-05-12 | Granian is a Rust HTTP server for Python applications. From 0.2.0 to 2.7.4, Granian aborts a worker process if a WSGI application returns an invalid HTTP response header name or value. The WSGI respon… |
| CVE-2026-42544 | 2026-05-12 | Granian is a Rust HTTP server for Python applications. From 1.2.0 to 2.7.4, Granian aborts a worker process when an unauthenticated client sends a WebSocket upgrade request whose Sec-WebSocket-Protoco… |
| CVE-2026-42268 | 2026-05-12 | ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. From 3.0.0 to before 3.0.15, there is an unhandled exception (std::out_of_range) caused b… |
| CVE-2026-8161 | 2026-05-12 | [email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with an inherited Object.protot… |
| CVE-2026-41585 | 2026-05-08 | ZEBRA is a Zcash node written entirely in Rust. From zebrad versions 2.2.0 to before 4.3.1 and from zebra-rpc versions 1.0.0-beta.45 to before 6.0.2, a vulnerability in Zebra's JSON-RPC HTTP middlewar… |
| CVE-2026-37554 | 2026-05-01 | An issue was discovered in Vanetza V2X v26.02 allowing remote unauthorized attackers to cause a denial of service. The vulnerability exists in the GeoNetworking packet processing pipeline where OpenSS… |
| CVE-2026-7183 | 2026-04-27 | A vulnerability has been found in aligungr UERANSIM up to 3.2.7. The affected element is the function rls::DecodeRlsMessage in the library src/lib/rls/rls_pdu.cpp of the component Radio Link Simulatio… |
| CVE-2026-5937 | 2026-04-27 | Insufficient parameter verification leads to the occurrence of format errors in files, which will trigger an unhandled "std::invalid_argument" exception, ultimately causing the program to terminate. |
| CVE-2026-35348 | 2026-04-22 | The sort utility in uutils coreutils is vulnerable to a process panic when using the --files0-from option with inputs containing non-UTF-8 filenames. The implementation enforces UTF-8 encoding and uti… |
| CVE-2026-34944 | 2026-04-09 | Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, On x86-64 platforms with SSE3 disabled Wasmtime's compilation of the f64x2.splat WebAssembly instruction with Cranel… |
| CVE-2026-34943 | 2026-04-09 | Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime contains a possible panic which can happen when a flags-typed component model value is lifted with the Val … |
| CVE-2026-24175 | 2026-04-07 | NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malformed request header to the server. A successful exploit of this vulnerability mig… |
| Date | Name | Version | Importance | Comment |
|---|---|---|---|---|
| 2008-07-01 | Eric Dalci | 1.0 | — | updated Time_of_Introduction |
| 2008-08-15 | — | 1.0 | — | Suggested OWASP Top Ten 2004 mapping |
| 2008-09-08 | CWE Content Team | 1.0 | — | updated Applicable_Platforms, Relationships, Taxonomy_Mappings |
| 2008-09-24 | CWE Content Team | 1.1 | — | Removed C from Applicable_Platforms |
| 2008-10-14 | CWE Content Team | 1.0.1 | — | updated Applicable_Platforms |
| 2009-03-10 | CWE Content Team | 1.3 | — | updated Relationships |
| 2011-03-29 | CWE Content Team | 1.12 | — | updated Description, Relationships |
| 2011-06-01 | CWE Content Team | 1.13 | — | updated Common_Consequences, Relationships, Taxonomy_Mappings |
| 2012-05-11 | CWE Content Team | 2.2 | — | updated Common_Consequences, Demonstrative_Examples, Relationships, Taxonomy_Mappings |
| 2014-07-30 | CWE Content Team | 2.8 | — | updated Demonstrative_Examples, Relationships, Taxonomy_Mappings |
| 2017-11-08 | CWE Content Team | 3.0 | — | updated Relationships, Taxonomy_Mappings |
| 2019-01-03 | CWE Content Team | 3.2 | — | updated Relationships, Taxonomy_Mappings |
| 2019-06-20 | CWE Content Team | 3.3 | — | updated Related_Attack_Patterns |
| 2020-02-24 | CWE Content Team | 4.0 | — | updated References |
| 2020-08-20 | CWE Content Team | 4.2 | — | updated Relationships |
| 2020-12-10 | CWE Content Team | 4.3 | — | updated Relationships |
| 2021-03-15 | CWE Content Team | 4.4 | — | updated Relationships |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated Detection_Factors, Relationships |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes, Relationships |
| 2024-02-29 | CWE Content Team | 4.14 | — | updated Observed_Examples |
| 2025-12-11 | CWE Content Team | 4.19 | — | updated Relationships, Weakness_Ordinalities |