CWE-404— Improper Resource Shutdown or Release
The product does not release or incorrectly releases a resource before it is made available for re-use.— MITRE CWE catalog
731 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-404page 12 of 15
- CVE-2025-8761HIGHCVSS 7.5EG 7.52025-08-13
A vulnerability has been found in INSTAR 2K+ and 4K 3.11.1 Build 1124. This vulnerability affects unknown code of the component Backend IPC Server. The manipulation leads to denial of service. The attack can be initiated remotely. The expl…
- CVE-2025-8799HIGHCVSS 7.5EG 5.32025-08-10
A vulnerability was identified in Open5GS up to 2.7.5. Affected by this vulnerability is the function amf_npcf_am_policy_control_build_create/amf_nsmf_pdusession_build_create_sm_context of the file src/amf/npcf-build.c of the component AMF…
- CVE-2025-8800HIGHCVSS 7.5EG 5.32025-08-10
A vulnerability has been found in Open5GS up to 2.7.5. Affected by this issue is the function esm_handle_pdn_connectivity_request of the file src/mme/esm-handler.c of the component AMF Component. The manipulation leads to denial of service…
- CVE-2025-8801HIGHCVSS 7.5EG 5.32025-08-10
A vulnerability was found in Open5GS up to 2.7.5. This affects the function gmm_state_exception of the file src/amf/gmm-sm.c of the component AMF. The manipulation leads to denial of service. It is possible to initiate the attack remotely.…
- CVE-2025-8802HIGHCVSS 7.5EG 5.32025-08-10
A vulnerability was determined in Open5GS up to 2.7.5. This vulnerability affects the function smf_state_operational of the file src/smf/smf-sm.c of the component SMF. The manipulation of the argument stream leads to denial of service. The…
- CVE-2025-8803HIGHCVSS 7.5EG 5.32025-08-10
A vulnerability has been found in Open5GS up to 2.7.5. Affected is the function gmm_state_de_registered/gmm_state_exception of the file src/amf/gmm-sm.c of the component AMF. The manipulation leads to denial of service. It is possible to l…
- CVE-2025-8805HIGHCVSS 7.5EG 5.32025-08-10
A vulnerability was determined in Open5GS up to 2.7.5. Affected by this issue is the function smf_gsm_state_wait_pfcp_deletion of the file src/smf/gsm-sm.c of the component SMF. The manipulation leads to denial of service. The attack may b…
- CVE-2025-8835MEDIUMCVSS 5.5EG 3.32025-08-11
A vulnerability was found in JasPer up to 4.2.5. Affected by this vulnerability is the function jas_image_chclrspc of the file src/libjasper/base/jas_image.c of the component Image Color Space Conversion Handler. The manipulation leads to …
- CVE-2025-8844MEDIUMCVSS 5.5EG 3.32025-08-11
A vulnerability was determined in NASM Netwide Assember 2.17rc0. This vulnerability affects the function parse_smacro_template of the file preproc.c. The manipulation leads to null pointer dereference. Attacking locally is a requirement. T…
- CVE-2025-9165LOWCVSS 2.5EG 3.32025-08-19
A flaw has been found in LibTIFF 4.7.0. This affects the function _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tiffcmp.c of the component tiffcmp. Executing manipulation can lead to memory leak. The attac…
- CVE-2025-9384MEDIUMCVSS 5.5EG 3.32025-08-24
A vulnerability was detected in appneta tcpreplay up to 4.5.1. Impacted is the function tcpedit_post_args of the file /src/tcpedit/parse_args.c. The manipulation results in null pointer dereference. The attack is only possible with local a…
- CVE-2025-9396MEDIUMCVSS 5.5EG 3.32025-08-24
A security flaw has been discovered in ckolivas lrzip up to 0.651. This impacts the function __GI_____strtol_l_internal of the file strtol_l.c. Performing manipulation results in null pointer dereference. The attack is only possible with l…
- CVE-2025-9649MEDIUMCVSS 5.5EG 3.32025-08-29
A security vulnerability has been detected in appneta tcpreplay 4.5.1. Impacted is the function calc_sleep_time of the file send_packets.c. Such manipulation leads to divide by zero. An attack has to be approached locally. The exploit has …
- CVE-2025-9784HIGHCVSS 7.5EG 7.52025-09-02
A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server…
- CVE-2026-0731MEDIUMCVSS 5.3EG 5.32026-01-08
A vulnerability has been found in TOTOLINK WA1200 5.9c.2914. The impacted element is an unknown function of the file cstecgi.cgi of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack is possi…
- CVE-2026-10069HIGHCVSS 7.5EG 7.52026-05-29
A vulnerability has been found in Shibby Tomato 1.28. The impacted element is an unknown function of the file usr/sbin/miniupnpd. Such manipulation leads to resource consumption. The attack may be launched remotely. This project is superse…
- CVE-2026-10113MEDIUMCVSS 4.3EG 4.32026-05-30
A vulnerability was found in Open5GS up to 2.7.7. Affected by this vulnerability is an unknown functionality in the library lib/sbi/nnrf-handler.c of the component Shared NF-profile Parser. The manipulation results in denial of service. It…
- CVE-2026-10115MEDIUMCVSS 4.3EG 4.32026-05-30
A vulnerability was identified in Open5GS up to 2.7.7. This affects an unknown part in the library lib/sbi/nnrf-handler.c of the component Shared NF-profile Parser. Such manipulation leads to denial of service. The attack can be launched r…
- CVE-2026-10116MEDIUMCVSS 4.3EG 4.32026-05-30
A security flaw has been discovered in Open5GS up to 2.7.7. This vulnerability affects the function ogs_sbi_xact_add in the library /lib/core/ogs-timer.c of the component ue-authentications Endpoint. Performing a manipulation results in de…
- CVE-2026-10117MEDIUMCVSS 4.3EG 4.32026-05-30
A weakness has been identified in Open5GS up to 2.7.7. This issue affects the function ogs_pool_id_calloc in the library /lib/sbi/nghttp2-server.c. Executing a manipulation can lead to denial of service. The attack may be launched remotely…
- CVE-2026-10156MEDIUMCVSS 4.3EG 4.32026-05-30
A vulnerability was determined in Open5GS up to 2.7.7. This affects the function handle_amf_info in the library /lib/sbi/nnrf-handler.c of the component nf-instances Endpoint. Executing a manipulation of the argument nf_info_pool can lead …
- CVE-2026-10190MEDIUMCVSS 6.5EG 6.52026-05-31
A vulnerability was found in Tenda W12 3.0.0.7(4763). This issue affects the function cgiSysWebTimeoutSet of the file /bin/httpd of the component Web Management Interface. The manipulation of the argument web_over_time results in denial of…
- CVE-2026-10197LOWCVSS 3.3EG 3.32026-05-31
A vulnerability was detected in Assimp up to 6.0.4. Affected is the function glTF2Importer::ImportEmbeddedTextures in the library code/AssetLib/glTF2/glTF2Importer.cpp of the component TF File Handler. The manipulation results in null poin…
- CVE-2026-10198LOWCVSS 3.3EG 3.32026-05-31
A flaw has been found in Assimp up to 6.0.4. Affected by this vulnerability is the function Assimp::glTFImporter::ImportMeshes of the file glTFImporter.cpp of the component glTFImporter. This manipulation causes null pointer dereference. T…
- CVE-2026-10199LOWCVSS 3.3EG 3.32026-05-31
A vulnerability has been found in Assimp up to 6.0.4. Affected by this issue is the function glTF2::LazyDict in the library glTF2Asset.h. Such manipulation of the argument operator[] leads to null pointer dereference. The attack must be ca…
- CVE-2026-10201LOWCVSS 3.3EG 3.32026-05-31
A vulnerability was determined in Assimp up to 6.0.4. This vulnerability affects the function FBXExporter::WriteObjects of the file FBXExporter.cpp of the component UV Channel Handler. Executing a manipulation can lead to divide by zero. T…
- CVE-2026-10224MEDIUMCVSS 5.3EG 5.32026-06-01
A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. This vulnerability affects the function _handle_webhook_request of the file gateway/platforms/feishu.py of the component Webhook Endpoint. Such manipu…
- CVE-2026-10295LOWCVSS 3.3EG 3.32026-06-01
A vulnerability was found in SourceCodester Customer Review App 1.0. Affected by this vulnerability is the function add_review/save_review/get_all_reviews of the file review_app.py. Performing a manipulation of the argument name/comment re…
- CVE-2026-10298LOWCVSS 3.3EG 3.32026-06-01
A security flaw has been discovered in ggml-org whisper.cpp up to 1.8.2. This vulnerability affects the function whisper_model_load of the file ggml/src/ggml.c. The manipulation results in null pointer dereference. Attacking locally is a r…
- CVE-2026-10650MEDIUMCVSS 5.3EG 5.32026-06-02
A flaw has been found in warmcat libwebsockets up to 4.5.8. This issue affects the function lws_ssh_parse_plaintext of the file plugins/protocol_lws_ssh_base/sshd.c of the component SSH Protocol Handler. Executing a manipulation of the arg…
- CVE-2026-10705LOWCVSS 3.1EG 3.12026-06-03
A flaw has been found in dask up to 3.0. Affected by this issue is the function nunique_approx of the file dask/dataframe/hyperloglog.py of the component HLL Handler. This manipulation causes resource consumption. The attack is possible to…
- CVE-2026-10775MEDIUMCVSS 5.3EG 3.62026-06-03
A vulnerability was determined in sgl-project SGLang up to 0.5.11. Affected by this vulnerability is the function data_hash of the component Cache Handler. This manipulation causes denial of service. The attack is restricted to local execu…
- CVE-2026-10802MEDIUMCVSS 4.3EG 4.32026-06-04
A vulnerability was detected in keystonejs keystone up to 20260319. This vulnerability affects unknown code in the library packages/core/src/lib/core/queries/output-field.ts of the component GraphQL API Endpoint. The manipulation results i…
- CVE-2026-11312LOWCVSS 3.3EG 3.32026-06-05
A vulnerability was found in bytedance InfiniStore up to 0.2.33. The impacted element is the function purge_kv_map in the library /src/infinistore.h of the component KV Map Handler. Performing a manipulation results in inefficient algorith…
- CVE-2026-11317HIGHCVSS 0.0EG 0.02026-06-16
A denial of service security issue exists in the affected product. The security issue stems from... A denial of service security issue exists in the affected product. The security issue stems from a fault occurring when a crafted CIP mess…
- CVE-2026-1171MEDIUMCVSS 5.3EG 5.32026-01-19
A flaw has been found in birkir prime up to 0.4.0.beta.0. Impacted is an unknown function of the file /graphql of the component GraphQL Field Handler. Executing a manipulation can lead to denial of service. The attack may be launched remot…
- CVE-2026-1172MEDIUMCVSS 5.3EG 5.32026-01-19
A vulnerability has been found in birkir prime up to 0.4.0.beta.0. The affected element is an unknown function of the file /graphql of the component GraphQL Directive Handler. The manipulation leads to denial of service. Remote exploitatio…
- CVE-2026-1173MEDIUMCVSS 5.3EG 5.32026-01-19
A vulnerability was found in birkir prime up to 0.4.0.beta.0. The impacted element is an unknown function of the file /graphql of the component GraphQL Array Based Query Batch Handler. The manipulation results in denial of service. The att…
- CVE-2026-1174MEDIUMCVSS 5.3EG 5.32026-01-19
A vulnerability was determined in birkir prime up to 0.4.0.beta.0. This affects an unknown function of the file /graphql of the component GraphQL Alias Handler. This manipulation causes resource consumption. The attack is possible to be ca…
- CVE-2026-12575HIGHCVSS 7.5EG 7.52026-07-01
DVP80ES3 with Improper Resource Shutdown or Release vulnerability.
- CVE-2026-13491LOWCVSS 3.7EG 3.72026-06-28
A vulnerability was detected in 78 xiaozhi-esp32 up to 2.2.6. This vulnerability affects the function Application::GetInstance of the file main/protocols/mqtt_protocol.cc of the component MQTT Goodbye Handler. Performing a manipulation of …
- CVE-2026-13523LOWCVSS 3.3EG 3.32026-06-29
A weakness has been identified in GPAC up to 26.02.0. This affects an unknown part of the file src/utils/base_encoding.c of the component ISOBMFF Parser. Executing a manipulation can lead to highly compressed data. The attack needs to be l…
- CVE-2026-1415LOWCVSS 3.3EG 3.32026-01-26
A vulnerability was identified in GPAC up to 2.4.0. Affected is the function gf_media_export_webvtt_metadata of the file src/media_tools/media_export.c. The manipulation of the argument Name leads to null pointer dereference. The attack mu…
- CVE-2026-1416LOWCVSS 3.3EG 3.32026-01-26
A security flaw has been discovered in GPAC up to 2.4.0. Affected by this vulnerability is the function DumpMovieInfo of the file applications/mp4box/filedump.c. The manipulation results in null pointer dereference. The attack must be init…
- CVE-2026-1417LOWCVSS 3.3EG 3.32026-01-26
A weakness has been identified in GPAC up to 2.4.0. Affected by this issue is the function dump_isom_rtp of the file applications/mp4box/filedump.c. This manipulation causes null pointer dereference. The attack needs to be launched locally…
- CVE-2026-14618MEDIUMCVSS 4.3EG 4.32026-07-04
A vulnerability was detected in Open5GS up to 2.7.7. Affected by this vulnerability is the function amf_nnrf_handle_nf_discover of the file src/amf/nnrf-handler.c of the component AMF. The manipulation results in denial of service. The att…
- CVE-2026-14623MEDIUMCVSS 4.3EG 4.32026-07-04
A vulnerability was determined in omec-project amf up to 2.1.1. This issue affects the function RRCInactiveTransitionReport of the component NGAP Message Handler. Executing a manipulation can lead to denial of service. The attack may be pe…
- CVE-2026-14624MEDIUMCVSS 4.3EG 4.32026-07-04
A vulnerability was identified in omec-project amf up to 2.0.2/2.1.1. Impacted is an unknown function of the file /go/src/amf/ngap/handler.go of the component NGSetupRequest Handler. The manipulation leads to denial of service. It is possi…
- CVE-2026-14626MEDIUMCVSS 4.3EG 4.32026-07-04
A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. The impacted element is the function AIAgent.run_conversation of the file run_agent.py of the component HTTP API. This manipulation of the argument todos causes d…
- CVE-2026-14629MEDIUMCVSS 4.3EG 4.32026-07-04
A flaw has been found in RT-Thread up to 5.2.2. Affected is the function read/write/sys_ioctl of the file components/lwp/lwp_syscall.c of the component Parameter Handler. Executing a manipulation can lead to divide by zero. The attack may …
Map vulnerabilities like CWE-404 to your infrastructure
EchelonGraph correlates every CVE — across CWE-404 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →