A10:2025 Mishandling of Exceptional Conditions

OWASP Top 10:2025 · Back to the list

New for 2025. Error and exception paths leak information, fail open, or land in inconsistent states. Includes fail-open authentication and logic-flaw error handling.

Member CWEs (24)

• CWE-209 Generation of Error Message Containing Sensitive Information
• CWE-215 Insertion of Sensitive Information Into Debugging Code
• CWE-234 Failure to Handle Missing Parameter
• CWE-235 Improper Handling of Extra Parameters
• CWE-248 Uncaught Exception
• CWE-252 Unchecked Return Value
• CWE-274 Improper Handling of Insufficient Privileges
• CWE-280 Improper Handling of Insufficient Permissions or Privileges
• CWE-369 Divide By Zero
• CWE-390 Detection of Error Condition Without Action
• CWE-391 Unchecked Error Condition
• CWE-394 Unexpected Status Code or Return Value
• CWE-396 Declaration of Catch for Generic Exception
• CWE-397 Declaration of Throws for Generic Exception
• CWE-460 Improper Cleanup on Thrown Exception
• CWE-476 NULL Pointer Dereference
• CWE-478 Missing Default Case in Multiple Condition Expression
• CWE-484 Omitted Break Statement in Switch
• CWE-550 Server-generated Error Message Containing Sensitive Information
• CWE-636 Not Failing Securely ('Failing Open')
• CWE-703 Improper Check or Handling of Exceptional Conditions
• CWE-754 Improper Check for Unusual or Exceptional Conditions
• CWE-755 Improper Handling of Exceptional Conditions
• CWE-756 Missing Custom Error Page

Tagged CVEs (showing 50 most recent of 7,945)

• CVE-2026-8783
• CVE-2026-8782
• CVE-2026-8781
• CVE-2026-8723
• CVE-2026-8491
• CVE-2026-8252
• CVE-2026-8162
• CVE-2026-8161
• CVE-2026-8091
• CVE-2026-8063
• CVE-2026-7860
• CVE-2026-7701
• CVE-2026-7376
• CVE-2026-7262
• CVE-2026-7259
• CVE-2026-7183
• CVE-2026-6845
• CVE-2026-6805
• CVE-2026-6778
• CVE-2026-6772
• CVE-2026-6766
• CVE-2026-6666
• CVE-2026-6526
• CVE-2026-6525
• CVE-2026-5946
• CVE-2026-5937
• CVE-2026-5747
• CVE-2026-5745
• CVE-2026-5590
• CVE-2026-5511
• CVE-2026-4994
• CVE-2026-4751
• CVE-2026-4748
• CVE-2026-4743
• CVE-2026-47316
• CVE-2026-47315
• CVE-2026-47308
• CVE-2026-47307
• CVE-2026-4719
• CVE-2026-4714
• CVE-2026-4713
• CVE-2026-4709
• CVE-2026-4708
• CVE-2026-4707
• CVE-2026-4706
• CVE-2026-4699
• CVE-2026-4697
• CVE-2026-4695
• CVE-2026-4694
• CVE-2026-4693

Data: OWASP Top 10:2025 (CC BY-SA 4.0) · CWE memberships from cwe-api.mitre.org (meta-category CWE-1445).