CWE-459 · Incomplete Cleanup
190 CVEs classified under CWE-459 (Incomplete Cleanup). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-36468 | Critical | 9.9 | 2023-06-29 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an XWiki installation is upgraded and that upgrad… |
CVE-2026-28268 | Critical | 9.8 | 2026-02-27 | Vikunja is an open-source self-hosted task management platform. Versions prior to 2.1.0 have a business logic vulnerability exists in the password reset mechan… |
CVE-2022-45347 | Critical | 9.8 | 2022-12-22 | Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as database backend didn't cleanup the database session completely after client authentication fail… |
CVE-2021-45330 | Critical | 9.8 | 2022-02-09 | An issue exsits in Gitea through 1.15.7, which could let a malicious user gain privileges due to client side cookies not being deleted and the session remains… |
CVE-2021-45706 | Critical | 9.8 | 2021-12-27 | An issue was discovered in the zeroize_derive crate before 1.1.1 for Rust. Dropped memory is not zeroed out for an enum. |
CVE-2021-32928 | Critical | 9.8 | 2021-06-16 | The Sentinel LDK Run-Time Environment installer (Versions 7.6 and prior) adds a firewall rule named “Sentinel License Manager” that allows incoming connections… |
CVE-2020-13451 | Critical | 9.8 | 2021-01-07 | An incomplete-cleanup vulnerability in the Office rendering engine of Gotenberg through 6.2.1 allows an attacker to overwrite LibreOffice configuration files a… |
CVE-2005-1744 | Critical | 9.8 | 2005-05-24 | BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to conti… |
CVE-2026-34263 | Critical | 9.6 | 2026-05-12 | Due to improper Spring Security configuration, SAP Commerce Cloud allows an unauthenticated user to perform malicious input injection, resulting in arbitrary s… |
CVE-2025-21609 | Critical | 9.1 | 2025-01-03 | SiYuan is self-hosted, open source personal knowledge management software. SiYuan Note version 3.1.18 has an arbitrary file deletion vulnerability. The vulnera… |
CVE-2024-28265 | Critical | 9.1 | 2024-11-01 | IBOS v4.5.5 has an arbitrary file deletion vulnerability via \system\modules\dashboard\controllers\LoginController.php. |
CVE-2022-1552 | High | 8.8 | 2022-08-31 | A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The A… |
CVE-2020-24489 | High | 8.8 | 2021-06-09 | Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2019-25016 | High | 8.8 | 2021-01-28 | In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execut… |
CVE-2019-18191 | High | 8.8 | 2019-12-16 | A privilege escalation vulnerability in the Trend Micro Deep Security as a Service Quick Setup cloud formation template could allow an authenticated entity wit… |
CVE-2018-18924 | High | 8.8 | 2018-11-04 | The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with "#exec cmd" because rejected file… |
CVE-2025-66675 | High | 8.2 | 2025-12-10 | Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0… |
CVE-2022-39368 | High | 8.2 | 2022-11-10 | Eclipse Californium is a Java implementation of RFC7252 - Constrained Application Protocol for IoT Cloud services. In versions prior to 3.7.0, and 2.7.4, Calif… |
CVE-2025-43711 | High | 8.1 | 2025-07-05 | Tunnelblick 3.5beta06 before 7.0, when incompletely uninstalled, allows attackers to execute arbitrary code as root (upon the next boot) by dragging a crafted… |
CVE-2021-36205 | High | 8.1 | 2022-04-15 | Under certain circumstances the session token is not cleared on logout. |