CWE-459 · Incomplete Cleanup

190 CVEs classified under CWE-459 (Incomplete Cleanup). Browse by severity and year.

Top CVEs for CWE-459
CVESeverityScorePublishedSummary
CVE-2023-36468Critical9.92023-06-29XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an XWiki installation is upgraded and that upgrad…
CVE-2026-28268Critical9.82026-02-27Vikunja is an open-source self-hosted task management platform. Versions prior to 2.1.0 have a business logic vulnerability exists in the password reset mechan…
CVE-2022-45347Critical9.82022-12-22Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as database backend didn't cleanup the database session completely after client authentication fail…
CVE-2021-45330Critical9.82022-02-09An issue exsits in Gitea through 1.15.7, which could let a malicious user gain privileges due to client side cookies not being deleted and the session remains…
CVE-2021-45706Critical9.82021-12-27An issue was discovered in the zeroize_derive crate before 1.1.1 for Rust. Dropped memory is not zeroed out for an enum.
CVE-2021-32928Critical9.82021-06-16The Sentinel LDK Run-Time Environment installer (Versions 7.6 and prior) adds a firewall rule named “Sentinel License Manager” that allows incoming connections…
CVE-2020-13451Critical9.82021-01-07An incomplete-cleanup vulnerability in the Office rendering engine of Gotenberg through 6.2.1 allows an attacker to overwrite LibreOffice configuration files a…
CVE-2005-1744Critical9.82005-05-24BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to conti…
CVE-2026-34263Critical9.62026-05-12Due to improper Spring Security configuration, SAP Commerce Cloud allows an unauthenticated user to perform malicious input injection, resulting in arbitrary s…
CVE-2025-21609Critical9.12025-01-03SiYuan is self-hosted, open source personal knowledge management software. SiYuan Note version 3.1.18 has an arbitrary file deletion vulnerability. The vulnera…
CVE-2024-28265Critical9.12024-11-01IBOS v4.5.5 has an arbitrary file deletion vulnerability via \system\modules\dashboard\controllers\LoginController.php.
CVE-2022-1552High8.82022-08-31A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The A…
CVE-2020-24489High8.82021-06-09Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-25016High8.82021-01-28In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execut…
CVE-2019-18191High8.82019-12-16A privilege escalation vulnerability in the Trend Micro Deep Security as a Service Quick Setup cloud formation template could allow an authenticated entity wit…
CVE-2018-18924High8.82018-11-04The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with "#exec cmd" because rejected file…
CVE-2025-66675High8.22025-12-10Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0…
CVE-2022-39368High8.22022-11-10Eclipse Californium is a Java implementation of RFC7252 - Constrained Application Protocol for IoT Cloud services. In versions prior to 3.7.0, and 2.7.4, Calif…
CVE-2025-43711High8.12025-07-05Tunnelblick 3.5beta06 before 7.0, when incompletely uninstalled, allows attackers to execute arbitrary code as root (upon the next boot) by dragging a crafted…
CVE-2021-36205High8.12022-04-15Under certain circumstances the session token is not cleared on logout.