CWE-404 · Improper Resource Shutdown or Release

727 CVEs classified under CWE-404 (Improper Resource Shutdown or Release). Browse by severity and year.

Top CVEs for CWE-404
CVESeverityScorePublishedSummary
CVE-2023-24444Critical9.82023-01-26Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login.
CVE-2024-31611Critical9.12024-06-10SeaCMS 12.9 has a file deletion vulnerability via admin_template.php.
CVE-2018-8450High8.82018-11-14A remote code execution vulnerability exists when Windows Search handles objects in memory, aka "Windows Search Remote Code Execution Vulnerability." This affe…
CVE-2022-25762High8.62022-05-13If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomca…
CVE-2020-26070High8.62020-11-12A vulnerability in the ingress packet processing function of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauth…
CVE-2019-1708High8.62019-05-03A vulnerability in the Internet Key Exchange Version 2 Mobility and Multihoming Protocol (MOBIKE) feature for the Cisco Adaptive Security Appliance (ASA) Softw…
CVE-2019-1706High8.62019-05-03A vulnerability in the software cryptography module of the Cisco Adaptive Security Virtual Appliance (ASAv) and Firepower 2100 Series running Cisco Adaptive Se…
CVE-2017-1145High8.62017-03-20IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents when they are no longer needed, which could allow a user to cause a denial of service throu…
CVE-2022-39368High8.22022-11-10Eclipse Californium is a Java implementation of RFC7252 - Constrained Application Protocol for IoT Cloud services. In versions prior to 3.7.0, and 2.7.4, Calif…
CVE-2025-5867High8.02025-06-09A vulnerability classified as critical was found in RT-Thread 5.1.0. This vulnerability affects the function csys_sendto of the file rt-thread/components/lwp/l…
CVE-2022-23634High8.02022-02-11Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to…
CVE-2026-45174High7.82026-06-11Idira Endpoint Privilege Manager Linux Agent versions prior to 26.5 allow a local attacker to potentially compromise the agent daemon initialization. CyberArk…
CVE-2025-38385High7.82025-07-25In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect Remove redundant net…
CVE-2022-23033High7.82022-01-25arm: guest_physmap_remove_page not removing the p2m mappings The functions to remove one or more entries from a guest p2m pagetable on Arm (p2m_remove_mapping…
CVE-2021-0984High7.82021-12-15In onNullBinding of ManagedServices.java, there is a possible permission bypass due to an incorrectly unbound service. This could lead to local escalation of p…
CVE-2021-1098High7.82021-07-21NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it doesn't release some resources during driver unload requests f…
CVE-2020-0203High7.82020-06-11In freeIsolatedUidLocked of ProcessList.java, there is a possible UID reuse due to improper cleanup. This could lead to local escalation of privilege between c…
CVE-2019-5607High7.82019-07-26In FreeBSD 12.0-STABLE before r350222, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350223, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE b…
CVE-2019-5603High7.82019-07-26In FreeBSD 12.0-STABLE before r350261, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350263, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE b…
CVE-2019-6488High7.82019-01-18The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit registe…