Common Weakness Enumeration
CWE-248
AllowedUncaught Exception
Abstraction: Base · Status: Draft
An exception is thrown from a function, but it is not caught.
422 vulnerabilities reference this CWE, most recent first.
GHSA-XRCQ-533Q-8RXW
Vulnerability from github – Published: 2025-09-09 09:31 – Updated: 2025-09-09 20:10
VLAI
Summary
TYPO3 Bookmark Toolbar vulnerable to denial of service
Details
An uncaught exception in the Bookmark Toolbar of TYPO3 CMS versions 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17 lets administrator‑level backend users trigger a denial‑of‑service condition in the backend user interface by saving manipulated data in the bookmark toolbar.
Severity
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c 11.5.48"
},
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms-backend"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0"
},
{
"fixed": "12.4.37"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms-backend"
},
"ranges": [
{
"events": [
{
"introduced": "12.0.0"
},
{
"fixed": "12.4.37"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms-backend"
},
"ranges": [
{
"events": [
{
"introduced": "13.0.0"
},
{
"fixed": "13.4.18"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-59014"
],
"database_specific": {
"cwe_ids": [
"CWE-248"
],
"github_reviewed": true,
"github_reviewed_at": "2025-09-09T20:10:26Z",
"nvd_published_at": "2025-09-09T09:15:39Z",
"severity": "MODERATE"
},
"details": "An uncaught exception in the Bookmark Toolbar of TYPO3 CMS versions 11.0.0\u201311.5.47, 12.0.0\u201312.4.36, and 13.0.0\u201313.4.17 lets administrator\u2011level backend users trigger a denial\u2011of\u2011service condition in the backend user interface by saving manipulated data in the bookmark toolbar.",
"id": "GHSA-xrcq-533q-8rxw",
"modified": "2025-09-09T20:10:26Z",
"published": "2025-09-09T09:31:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59014"
},
{
"type": "WEB",
"url": "https://github.com/TYPO3-CMS/backend/commit/04db7e25de1d3bb2d082ba68f7f974ccd917cc3f"
},
{
"type": "PACKAGE",
"url": "https://github.com/TYPO3-CMS/backend"
},
{
"type": "WEB",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2025-018"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "TYPO3 Bookmark Toolbar vulnerable to denial of service"
}
GHSA-XVCG-2Q82-R87J
Vulnerability from github – Published: 2022-01-06 22:18 – Updated: 2026-01-23 22:33
VLAI
Summary
Panic mishandled in libpulse-binding
Details
An issue was discovered in the libpulse-binding crate before 2.6.0 for Rust. It mishandles a panic that crosses a Foreign Function Interface (FFI) boundary.
Severity
7.5 (High)
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "libpulse-binding"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.6.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-25055"
],
"database_specific": {
"cwe_ids": [
"CWE-248"
],
"github_reviewed": true,
"github_reviewed_at": "2022-01-06T18:18:40Z",
"nvd_published_at": "2021-12-27T00:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in the libpulse-binding crate before 2.6.0 for Rust. It mishandles a panic that crosses a Foreign Function Interface (FFI) boundary.",
"id": "GHSA-xvcg-2q82-r87j",
"modified": "2026-01-23T22:33:12Z",
"published": "2022-01-06T22:18:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25055"
},
{
"type": "WEB",
"url": "https://github.com/jnqnfe/pulse-binding-rust/commit/7fd282aef7787577c385aed88cb25d004b85f494"
},
{
"type": "PACKAGE",
"url": "https://github.com/jnqnfe/pulse-binding-rust"
},
{
"type": "WEB",
"url": "https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/libpulse-binding/RUSTSEC-2019-0038.md"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2019-0038.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Panic mishandled in libpulse-binding"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.