目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1310

100%
请我们喝杯咖啡

CWE-248 未捕获的异常 类漏洞列表 161

CWE-248 未捕获的异常 类弱点 161 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-248 属于未捕获异常漏洞,指函数抛出异常但未被代码正确捕获处理。攻击者通常通过构造特定输入触发异常,导致程序崩溃引发拒绝服务,或泄露堆栈跟踪等敏感信息。开发者应通过完善异常处理机制,使用 try-catch 块包裹潜在风险代码,并记录详细日志而非直接暴露内部细节,从而提升系统稳定性与安全性。

MITRE CWE 官方描述
CWE:CWE-248 未捕获异常 (Uncaught Exception) 英文:函数中抛出了异常,但该异常未被捕获。 当异常未被捕获时,可能导致程序崩溃或暴露敏感信息。
常见影响 (1)
Availability, ConfidentialityDoS: Crash, Exit, or Restart, Read Application Data
An uncaught exception could cause the system to be placed in a state that could lead to a crash, exposure of sensitive information or other unintended behaviors.
代码示例 (2)
The following example attempts to resolve a hostname.
protected void doPost (HttpServletRequest req, HttpServletResponse res) throws IOException { String ip = req.getRemoteAddr(); InetAddress addr = InetAddress.getByName(ip); ... out.println("hello " + addr.getHostName()); }
Bad · Java
The _alloca() function allocates memory on the stack. If an allocation request is too large for the available stack space, _alloca() throws an exception. If the exception is not caught, the program will crash, potentially enabling a denial of service attack. _alloca() has been deprecated as of Microsoft Visual Studio 2005(R). It has been replaced with the more secure _alloca_s().
CVE ID标题CVSS风险等级Published
CVE-2026-45554 NiceGUI 未授权日志泛洪拒绝服务漏洞 — nicegui 5.3 Medium2026-06-02
CVE-2026-9509 Suprema BioStar 安全漏洞 — BioStar 2 (server)--2026-05-29
CVE-2025-15649 Unzip 安全漏洞 — IO::Uncompress::Unzip--2026-05-27
CVE-2026-44905 Vanetza 安全漏洞 — vanetza 7.5 High2026-05-26
CVE-2026-43988 Vanetza 安全漏洞 — vanetza 7.5 High2026-05-26
CVE-2026-44001 vm2 安全漏洞 — vm2 8.6 High2026-05-13
CVE-2026-42545 granian 安全漏洞 — granian 5.9 Medium2026-05-12
CVE-2026-8161 multiparty 安全漏洞 — multiparty 7.5 High2026-05-12
CVE-2026-41585 zebra 安全漏洞 — zebra 6.5AIMediumAI2026-05-08
CVE-2026-7183 UERANSIM 安全漏洞 — UERANSIM 5.3 Medium2026-04-27
CVE-2026-5937 Foxit PDF Reader和Foxit PDF Editor 安全漏洞 — Foxit PDF Editor 5.5 Medium2026-04-27
CVE-2026-35348 uutils coreutils 安全漏洞 — coreutils 5.5 Medium2026-04-22
CVE-2026-34944 wasmtime 安全漏洞 — wasmtime 7.5AIHighAI2026-04-09
CVE-2026-34943 wasmtime 安全漏洞 — wasmtime 7.5AIHighAI2026-04-09
CVE-2026-24175 NVIDIA Triton Inference Server 安全漏洞 — Triton Inference Server 7.5 High2026-04-07
CVE-2026-34986 Go JOSE 安全漏洞 — go-jose 7.5 High2026-04-06
CVE-2026-34752 Haraka 安全漏洞 — Haraka 5.3AIMediumAI2026-04-02
CVE-2026-33203 SiYuan 访问控制错误漏洞 — siyuan 7.5 High2026-03-20
CVE-2026-32770 Parse Server 安全漏洞 — parse-server 5.9 Medium2026-03-18
CVE-2026-32314 Yamux 安全漏洞 — rust-yamux 7.5AIHighAI2026-03-13
CVE-2026-31949 LibreChat 安全漏洞 — LibreChat 6.5 Medium2026-03-13
CVE-2026-2229 undici 安全漏洞 — undici 7.5 High2026-03-12
CVE-2026-1528 undici 安全漏洞 — undici 7.5 High2026-03-12
CVE-2026-31870 cpp-httplib 安全漏洞 — cpp-httplib 7.5 High2026-03-11
CVE-2026-31812 Quinn 安全漏洞 — quinn 7.5 -2026-03-10
CVE-2026-20068 Cisco Secure Firewall Threat Defense和Cisco IOS XE Software 安全漏洞 — Cisco Cyber Vision 5.8 Medium2026-03-04
CVE-2026-20031 Cisco Secure Endpoint 安全漏洞 — Cisco Secure Endpoint 5.3 Medium2026-03-04
CVE-2026-27631 Exiv2 安全漏洞 — exiv2 5.5AIMediumAI2026-03-02
CVE-2026-1507 AVEVA PI Data Archive PI Server 安全漏洞 — PI Data Archive PI Server 7.5 High2026-02-10
CVE-2026-25577 Emmett-Core 安全漏洞 — core 7.5 High2026-02-10

CWE-248(未捕获的异常) 是常见的弱点类别,本平台收录该类弱点关联的 161 条 CVE 漏洞。