CWE-404— Improper Resource Shutdown or Release
The product does not release or incorrectly releases a resource before it is made available for re-use.— MITRE CWE catalog
731 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-404page 14 of 15
- CVE-2026-3816MEDIUMCVSS 4.3EG 4.32026-03-09
A security vulnerability has been detected in OWASP DefectDojo up to 2.55.4. This vulnerability affects the function input_zip.read of the file parser.py of the component SonarQubeParser/MSDefenderParser. The manipulation leads to denial o…
- CVE-2026-38641HIGHCVSS 7.5EG 7.52026-06-26
An issue in the DSO::mmap_and_copy function of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via loading a crafted shared library.
- CVE-2026-40136MEDIUMCVSS 4.3EG 4.32026-05-12
SAP Financial Consolidation allows an authenticated attacker to disconnect other users by terminating their sessions temporarily preventing access. However, the application itself cannot be compromised resulting in a low impact on availabi…
- CVE-2026-45090HIGHCVSS 7.5EG 7.52026-05-27
Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, ParameterAnalysis in pkg/scanning/parameterAnalysis.go runs two sequential worker stages that both write to the same results channel. The chan…
- CVE-2026-45174HIGHCVSS 7.8EG 7.82026-06-11
Idira Endpoint Privilege Manager Linux Agent versions prior to 26.5 allow a local attacker to potentially compromise the agent daemon initialization. CyberArk Security Bulletin: CA26-19
- CVE-2026-47213MEDIUMCVSS 6.5EG 6.52026-05-29
Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. In versions 0.8.2 and prior, Boxlite allows users to configure a timeout for service…
- CVE-2026-4833LOWCVSS 3.3EG 3.32026-03-26
A weakness has been identified in Orc discount up to 3.0.1.2. This issue affects the function compile of the file markdown.c of the component Markdown Handler. This manipulation causes uncontrolled recursion. The attack is restricted to lo…
- CVE-2026-4988LOWCVSS 3.7EG 3.72026-03-27
A security flaw has been discovered in Open5GS 2.7.6. This issue affects the function smf_gx_cca_cb/smf_gy_cca_cb/smf_s6b of the component CCA Message Handler. The manipulation results in denial of service. The attack may be launched remot…
- CVE-2026-5313MEDIUMCVSS 4.3EG 4.32026-04-01
A vulnerability has been found in Nothings stb up to 2.30. This issue affects the function stbi__gif_load_next in the library stb_image.h of the component GIF Decoder. Such manipulation leads to denial of service. The attack may be launche…
- CVE-2026-54280HIGHCVSS 7.5EG 7.52026-06-15
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, payload resources are not closed correctly when a client disconnects in the middle of a write. If a payload is using an open file or similar l…
- CVE-2026-5661MEDIUMCVSS 5.3EG 5.32026-04-06
A vulnerability was identified in Free5GC 4.2.0. This affects an unknown function of the component NGSetupRequest Handler. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit is publicly available…
- CVE-2026-59725HIGHCVSS 7.5EG 7.52026-07-08
Socket.IO enables bidirectional and low-latency communication for every platform. From 4.1.0 before 6.6.7, Engine.IO protocol v4 polling transport does not properly close the HTTP response for invalid binary POST requests with Content-Type…
- CVE-2026-6042LOWCVSS 3.3EG 3.32026-04-10
A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. T…
- CVE-2026-6601MEDIUMCVSS 4.3EG 4.32026-04-20
A vulnerability has been found in Lagom WHMCS Template up to 2.4.2. This impacts an unknown function of the component Datatables. The manipulation leads to resource consumption. Remote exploitation of the attack is possible. The exploit ha…
- CVE-2026-6607MEDIUMCVSS 5.3EG 5.32026-04-20
A security vulnerability has been detected in lm-sys fastchat up to 0.2.36. This issue affects the function api_generate of the component Worker API Endpoint. The manipulation leads to resource consumption. The attack can be initiated remo…
- CVE-2026-6797MEDIUMCVSS 4.3EG 4.32026-04-21
A vulnerability was identified in Sanluan PublicCMS up to 6.202506.d. Affected by this vulnerability is the function ZipSecureFile.setMinflateRatio of the file common/src/main/java/com/publiccms/common/tools/DocToHtmlUtils.java. Such manip…
- CVE-2026-6985MEDIUMCVSS 5.3EG 5.32026-04-25
A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handle_opt of the file /src/net_builtin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite …
- CVE-2026-7263HIGHCVSS 7.5EG 7.52026-05-10
In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, DOMNode::C14N() method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent process…
- CVE-2026-7518MEDIUMCVSS 4.3EG 4.32026-05-01
A flaw has been found in Open5GS up to 2.7.7. This issue affects the function amf_namf_callback_handle_sdm_data_change_notify of the file /namf-callback/v1/{id}/sdmsubscription-notify of the component AMF SBI Endpoint. This manipulation of…
- CVE-2026-7535MEDIUMCVSS 4.3EG 4.32026-05-01
A vulnerability was found in Open5GS up to 2.7.7. This affects the function amf_namf_comm_handle_registration_status_update_request in the library /lib/app/ogs-init.c of the file /namf-comm/v1/ue-contexts/{ueContextId}/transfer-update. Per…
- CVE-2026-7536MEDIUMCVSS 5.3EG 5.32026-05-01
A vulnerability was determined in Open5GS up to 2.7.7. This vulnerability affects the function bsf_sess_add_by_ip_address of the file /nbsf-management/v1/pcfBindings of the component BSF. Executing a manipulation of the argument ipv4Addr c…
- CVE-2026-7583MEDIUMCVSS 4.3EG 4.32026-05-01
A flaw has been found in Open5GS up to 2.7.7. This issue affects the function bsf_sess_find_by_ipv6prefix of the file /src/bsf/context.c of the component BSF. This manipulation of the argument ipv6Prefix causes denial of service. It is pos…
- CVE-2026-7585MEDIUMCVSS 4.3EG 4.32026-05-01
A vulnerability was determined in Open5GS up to 2.7.7. The impacted element is the function amf_nudm_sdm_handle_provisioned of the file /src/amf/nudm-handler.c of the component AMF. Executing a manipulation can lead to denial of service. T…
- CVE-2026-7586MEDIUMCVSS 4.3EG 4.32026-05-01
A weakness has been identified in Open5GS up to 2.7.7. Affected is the function ogs_id_get_value of the file /src/amf/nudm-handler.c of the component AMF. This manipulation causes denial of service. Remote exploitation of the attack is pos…
- CVE-2026-7587MEDIUMCVSS 4.3EG 4.32026-05-01
A vulnerability has been found in Open5GS up to 2.7.7. This vulnerability affects the function amf_nsmf_pdusession_handle_update_sm_context of the file /src/amf/nsmf-handler.c of the component AMF. The manipulation leads to denial of servi…
- CVE-2026-7601MEDIUMCVSS 4.3EG 4.32026-05-02
A vulnerability has been found in Open5GS up to 2.7.6. Affected is an unknown function of the file src/amf/gmm-handler.c of the component AMF. The manipulation of the argument reg_type leads to denial of service. The attack is possible to …
- CVE-2026-7701MEDIUMCVSS 4.3EG 4.32026-05-03
A security vulnerability has been detected in Telegram Desktop up to 6.7.5. This vulnerability affects the function RequestButton of the file Telegram/SourceFiles/boxes/url_auth_box.cpp of the component Bot API. The manipulation of the arg…
- CVE-2026-7706MEDIUMCVSS 4.3EG 4.32026-05-03
A vulnerability has been found in Open5GS up to 2.7.7. This issue affects the function gmm_handle_service_request of the file /src/amf/gmm-handler.c of the component AMF. The manipulation leads to denial of service. The attack can be initi…
- CVE-2026-7707MEDIUMCVSS 4.3EG 4.32026-05-03
A vulnerability was found in Open5GS up to 2.7.7. Impacted is the function udr_nudr_dr_handle_subscription_context of the file /src/udr/nudr-handler.c of the component UDR. The manipulation of the argument pei results in denial of service.…
- CVE-2026-7708MEDIUMCVSS 4.3EG 4.32026-05-03
A vulnerability was determined in Open5GS up to 2.7.7. The affected element is the function ogs_dbi_subscription_data in the library /lib/dbi/subscription.c of the component UDR. This manipulation of the argument supi_id causes denial of s…
- CVE-2026-7734MEDIUMCVSS 5.3EG 5.32026-05-04
A vulnerability has been found in osrg GoBGP up to 4.3.0. This impacts the function SRv6L3ServiceAttribute.DecodeFromBytes of the file pkg/packet/bgp/prefix_sid.go of the component SRv6 L3 Service. Such manipulation of the argument data le…
- CVE-2026-7739LOWCVSS 3.3EG 3.32026-05-04
A weakness has been identified in justdan96 tsMuxer up to 2.7.0. This vulnerability affects the function HevcVpsUnit::setFPS of the file /AFLplusplus/tsMuxer_prev/tsMuxer/hevc.cpp. This manipulation of the argument track_id causes denial o…
- CVE-2026-7740LOWCVSS 3.3EG 3.32026-05-04
A security vulnerability has been detected in justdan96 tsMuxer up to 2.7.0. This issue affects the function VvcVpsUnit::setFPS of the file tsMuxer/vvc.cpp. Such manipulation of the argument track_id leads to denial of service. An attack h…
- CVE-2026-7779MEDIUMCVSS 4.3EG 4.32026-05-04
A security flaw has been discovered in Open5GS up to 2.7.7. Affected is the function udm_nudr_dr_handle_subscription_authentication of the file /src/udm/nudr-handler.c of the component authentication-subscription Endpoint. Performing a man…
- CVE-2026-7780MEDIUMCVSS 4.3EG 4.32026-05-04
A weakness has been identified in Open5GS up to 2.7.7. Affected by this vulnerability is the function udm_state_operational of the file /src/udm/udm-sm.c of the component smf-registrations Endpoint. Executing a manipulation can lead to den…
- CVE-2026-7781MEDIUMCVSS 4.3EG 4.32026-05-04
A security vulnerability has been detected in Open5GS up to 2.7.7. Affected by this issue is the function udm_nudm_uecm_handle_amf_registration_update of the file /src/udm/nudm-handler.c of the component amf-3gpp-access Endpoint. The manip…
- CVE-2026-8119LOWCVSS 3.3EG 3.32026-05-08
A vulnerability was detected in Open5GS up to 2.7.7. Impacted is the function ogs_sbi_stream_find_by_id in the library /lib/sbi/nghttp2-server.c of the component NSSF. Performing a manipulation results in denial of service. Attacking local…
- CVE-2026-8120MEDIUMCVSS 4.3EG 4.32026-05-08
A flaw has been found in Open5GS up to 2.7.7. The affected element is the function nssf_nnrf_nsselection_handle_get_from_amf_or_vnssf of the file /src/nssf/nnssf-handler.c of the component NSSF. Executing a manipulation can lead to denial …
- CVE-2026-8121MEDIUMCVSS 4.3EG 4.32026-05-08
A vulnerability has been found in Open5GS up to 2.7.7. The impacted element is the function ogs_sbi_parse_plmn_list in the library /lib/sbi/conv.c of the component NSSF. The manipulation leads to denial of service. The attack is possible t…
- CVE-2026-8122MEDIUMCVSS 4.3EG 4.32026-05-08
A vulnerability was found in Open5GS up to 2.7.7. This affects the function ogs_sbi_discovery_option_add_service_names in the library /lib/sbi/message.c of the component NSSF. The manipulation results in denial of service. The attack may b…
- CVE-2026-8123MEDIUMCVSS 4.3EG 4.32026-05-08
A vulnerability was determined in Open5GS up to 2.7.7. This impacts the function ogs_sbi_discovery_option_add_snssais in the library /lib/sbi/message.c of the component NSSF. This manipulation causes denial of service. It is possible to in…
- CVE-2026-8187MEDIUMCVSS 5.3EG 5.32026-05-09
A flaw has been found in Open5GS up to 2.7.7. This impacts the function _gtpv1_u_recv_cb of the file src/upf/gtp-path.c of the component UPF. Executing a manipulation can lead to resource consumption. The attack may be performed from remot…
- CVE-2026-8222MEDIUMCVSS 5.3EG 5.32026-05-10
A vulnerability has been found in Open5GS up to 2.7.7. Affected is the function pcf_nbsf_management_handle_register of the file src/pcf/nbsf-handler.c of the component sm-policies Endpoint. Such manipulation leads to denial of service. The…
- CVE-2026-8223MEDIUMCVSS 5.3EG 5.32026-05-10
A vulnerability was found in Open5GS up to 2.7.7. Affected by this vulnerability is the function pcf_sess_sbi_discover_and_send of the component sm-policies Endpoint. Performing a manipulation results in denial of service. It is possible t…
- CVE-2026-8224MEDIUMCVSS 5.3EG 5.32026-05-10
A vulnerability was determined in Open5GS up to 2.7.7. Affected by this issue is the function pcf_sess_set_ipv6prefix of the file /src/pcf/context.c of the component PCF. Executing a manipulation of the argument SmPolicyContextData.ipv6Add…
- CVE-2026-8225MEDIUMCVSS 5.3EG 5.32026-05-10
A vulnerability was identified in Open5GS up to 2.7.7. This affects the function pcf_npcf_smpolicycontrol_handle_delete of the file src/pcf/sm-sm.c of the component delete Endpoint. The manipulation leads to denial of service. The attack c…
- CVE-2026-8226MEDIUMCVSS 5.3EG 5.32026-05-10
A security flaw has been discovered in Open5GS up to 2.7.7. This vulnerability affects the function ogs_pcc_rule_install_flow_from_media in the library /lib/proto/types.c. The manipulation results in denial of service. The attack can be la…
- CVE-2026-8232LOWCVSS 3.5EG 3.52026-05-10
A vulnerability was found in Dotouch XproUPF 2.0.0-release-088aa7c4. This impacts the function vlib_worker_loop in the library /usr/xpro/upf/tools/libs/libvlib.so of the component UPF Process. The manipulation results in denial of service.…
- CVE-2026-8248MEDIUMCVSS 4.3EG 4.32026-05-10
A vulnerability was detected in Open5GS up to 2.7.7. The affected element is the function update_authorized_pcc_rule_and_qos of the file /src/smf/npcf-handler.c of the component SMF. The manipulation results in denial of service. The attac…
- CVE-2026-8249MEDIUMCVSS 4.3EG 4.32026-05-10
A flaw has been found in Open5GS up to 2.7.7. The impacted element is the function update_authorized_pcc_rule_and_qos of the file /src/smf/npcf-handler.c of the component SMF. This manipulation causes denial of service. Remote exploitation…
Map vulnerabilities like CWE-404 to your infrastructure
EchelonGraph correlates every CVE — across CWE-404 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →