CWE-404 · Improper Resource Shutdown or Release
727 CVEs classified under CWE-404 (Improper Resource Shutdown or Release). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-24444 | Critical | 9.8 | 2023-01-26 | Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login. |
CVE-2024-31611 | Critical | 9.1 | 2024-06-10 | SeaCMS 12.9 has a file deletion vulnerability via admin_template.php. |
CVE-2018-8450 | High | 8.8 | 2018-11-14 | A remote code execution vulnerability exists when Windows Search handles objects in memory, aka "Windows Search Remote Code Execution Vulnerability." This affe… |
CVE-2022-25762 | High | 8.6 | 2022-05-13 | If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomca… |
CVE-2020-26070 | High | 8.6 | 2020-11-12 | A vulnerability in the ingress packet processing function of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauth… |
CVE-2019-1708 | High | 8.6 | 2019-05-03 | A vulnerability in the Internet Key Exchange Version 2 Mobility and Multihoming Protocol (MOBIKE) feature for the Cisco Adaptive Security Appliance (ASA) Softw… |
CVE-2019-1706 | High | 8.6 | 2019-05-03 | A vulnerability in the software cryptography module of the Cisco Adaptive Security Virtual Appliance (ASAv) and Firepower 2100 Series running Cisco Adaptive Se… |
CVE-2017-1145 | High | 8.6 | 2017-03-20 | IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents when they are no longer needed, which could allow a user to cause a denial of service throu… |
CVE-2022-39368 | High | 8.2 | 2022-11-10 | Eclipse Californium is a Java implementation of RFC7252 - Constrained Application Protocol for IoT Cloud services. In versions prior to 3.7.0, and 2.7.4, Calif… |
CVE-2025-5867 | High | 8.0 | 2025-06-09 | A vulnerability classified as critical was found in RT-Thread 5.1.0. This vulnerability affects the function csys_sendto of the file rt-thread/components/lwp/l… |
CVE-2022-23634 | High | 8.0 | 2022-02-11 | Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to… |
CVE-2026-45174 | High | 7.8 | 2026-06-11 | Idira Endpoint Privilege Manager Linux Agent versions prior to 26.5 allow a local attacker to potentially compromise the agent daemon initialization. CyberArk… |
CVE-2025-38385 | High | 7.8 | 2025-07-25 | In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect Remove redundant net… |
CVE-2022-23033 | High | 7.8 | 2022-01-25 | arm: guest_physmap_remove_page not removing the p2m mappings The functions to remove one or more entries from a guest p2m pagetable on Arm (p2m_remove_mapping… |
CVE-2021-0984 | High | 7.8 | 2021-12-15 | In onNullBinding of ManagedServices.java, there is a possible permission bypass due to an incorrectly unbound service. This could lead to local escalation of p… |
CVE-2021-1098 | High | 7.8 | 2021-07-21 | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it doesn't release some resources during driver unload requests f… |
CVE-2020-0203 | High | 7.8 | 2020-06-11 | In freeIsolatedUidLocked of ProcessList.java, there is a possible UID reuse due to improper cleanup. This could lead to local escalation of privilege between c… |
CVE-2019-5607 | High | 7.8 | 2019-07-26 | In FreeBSD 12.0-STABLE before r350222, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350223, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE b… |
CVE-2019-5603 | High | 7.8 | 2019-07-26 | In FreeBSD 12.0-STABLE before r350261, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350263, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE b… |
CVE-2019-6488 | High | 7.8 | 2019-01-18 | The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit registe… |