CWE-672 · Operation on a Resource after Expiration or Release
42 CVEs classified under CWE-672 (Operation on a Resource after Expiration or Release). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-33278 | Critical | 9.8 | 2026-05-20 | NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote cod… |
CVE-2013-10075 | Critical | 9.1 | 2026-05-08 | Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DB_Fil… |
CVE-2026-43585 | High | 8.1 | 2026-05-06 | OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain valid after SecretRef rotation. Gateway HTT… |
CVE-2024-47571 | High | 7.9 | 2025-01-14 | An operation on a resource after expiration or release in Fortinet FortiManager 6.4.12 through 7.4.0 allows an attacker to gain improper access to FortiGate vi… |
CVE-2026-30978 | High | 7.8 | 2026-03-10 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-use-after-free in CIccCmm::AddXf… |
CVE-2017-14895 | High | 7.8 | 2017-12-05 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, after a subsystem reset, iwpriv is not giving c… |
CVE-2017-0544 | High | 7.8 | 2017-04-07 | An elevation of privilege vulnerability in CameraBase could enable a local malicious application to execute arbitrary code. This issue is rated as High because… |
CVE-2025-55669 | High | 7.5 | 2025-10-15 | When the BIG-IP Advanced WAF and ASM security policy and a server-side HTTP/2 profile are configured on a virtual server, undisclosed traffic can cause the Tra… |
CVE-2025-6031 | High | 7.5 | 2025-06-12 | Amazon Cloud Cam is a home security camera that was deprecated on December 2, 2022, is end of life, and is no longer actively supported. When a user powers o… |
CVE-2024-27308 | High | 7.5 | 2024-03-06 | Mio is a Metal I/O library for Rust. When using named pipes on Windows, mio will under some circumstances return invalid tokens that correspond to named pipes… |
CVE-2022-22197 | High | 7.5 | 2022-04-14 | An Operation on a Resource after Expiration or Release vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved all… |
CVE-2021-37204 | High | 7.5 | 2022-02-09 | A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9… |
CVE-2021-37185 | High | 7.5 | 2022-02-09 | A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl… |
CVE-2025-69415 | High | 7.1 | 2026-01-02 | In Plex Media Server (PMS) through 1.42.2.10156, ability to access /myplex/account with a device token is not properly aligned with whether the device is curre… |
CVE-2024-57929 | High | 7.1 | 2025-01-19 | In the Linux kernel, the following vulnerability has been resolved: dm array: fix releasing a faulty array block twice in dm_array_cursor_end When dm_bm_read… |
CVE-2019-15794 | High | 7.1 | 2020-04-23 | Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, both replace vma->vm_file… |
CVE-2019-15791 | High | 7.1 | 2020-04-23 | In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() installs an fd referenc… |
CVE-2025-21117 | Medium | 6.6 | 2025-02-05 | Dell Avamar, version 19.4 or later, contains an access token reuse vulnerability in the AUI. A low privileged local attacker could potentially exploit this vul… |
CVE-2025-10060 | Medium | 6.5 | 2025-09-05 | MongoDB Server may allow upsert operations retried within a transaction to violate unique index constraints, potentially causing an invariant failure and serve… |
CVE-2020-11027 | Medium | 6.1 | 2020-04-30 | In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password. Access would be needed to the email… |