CWE-909— Missing Initialization of Resource
The product does not initialize a critical resource.— MITRE CWE catalog
108 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-909page 3 of 3
- CVE-2024-9780HIGHCVSS 7.8EG 7.82024-10-10
ITS dissector crash in Wireshark 4.4.0 allows denial of service via packet injection or crafted capture file
- CVE-2025-38532MEDIUMCVSS 5.5EG 5.52025-08-16
In the Linux kernel, the following vulnerability has been resolved: net: libwx: properly reset Rx ring descriptor When device reset is triggered by feature changes such as toggling Rx VLAN offload, wx->do_reset() is called to reinitializ…
- CVE-2025-38601MEDIUMCVSS 5.5EG 5.52025-08-19
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: clear initialized flag for deinit-ed srng lists In a number of cases we see kernel panics on resume due to ath11k kernel page fault, which happens under th…
- CVE-2025-54388MEDIUMCVSS 4.6EG 4.62025-07-30
Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. In versions 28.2.0 through 28.3.2, when the firewalld ser…
- CVE-2025-54410LOWCVSS 3.3EG 3.32025-07-30
Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. A firewalld vulnerability affects Moby releases before 28…
- CVE-2025-8117HIGHCVSS 7.5EG 7.52025-09-30
PAD CMS improperly initializes parameter used for password recovery, which allows to change password for any user that did not use reset password functionality. This issue affects all 3 templates: www, bip and www+bip. This product is End…
- CVE-2026-40687MEDIUMCVSS 4.8EG 4.82026-04-30
In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write that crashes the connection instance, or erroneous data processing that divulges data from uninitialize…
- CVE-2026-43040HIGHCVSS 7.1EG 7.12026-05-01
In the Linux kernel, the following vulnerability has been resolved: net: ipv6: ndisc: fix ndisc_ra_useropt to initialize nduseropt_padX fields to zero to prevent an info-leak When processing Router Advertisements with user options the ke…
Map vulnerabilities like CWE-909 to your infrastructure
EchelonGraph correlates every CVE — across CWE-909 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →