CWE-413
Improper Resource Locking
Description
The product does not lock or does not correctly lock a resource when the product must have exclusive access to the resource.
Hierarchy (View 1000)
CVEs mapped to this weakness (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-3450 | Cri | 0.65 | 10.0 | 0.00 | Oct 7, 2025 | An Improper Resource Locking vulnerability in the SDM component of B&R Automation Runtime versions before 6.3 and before Q4.93 may allow an unauthenticated network-based attacker to delete data causing denial of service conditions. | ||
| CVE-2022-24946 | Hig | 0.49 | 7.5 | 0.02 | Jun 15, 2022 | Improper Resource Locking vulnerability in Mitsubishi Electric MELSEC iQ-R Series R12CCPU-V firmware versions "16" and prior, Mitsubishi Electric MELSEC-Q Series Q03UDECPU the first 5 digits of serial No. "24061" and prior, Mitsubishi Electric MELSEC-Q Series… | ||
| CVE-2025-0003 | Hig | 0.47 | 7.3 | 0.00 | Nov 24, 2025 | Inadequate lock protection within Xilinx Run time may allow a local attacker to trigger a Use-After-Free condition potentially resulting in loss of confidentiality or availability | ||
| CVE-2022-49737 | — | Hig | 0.43 | 7.7 | 0.00 | Mar 16, 2025 | In X.Org X server 20.11 through 21.1.16, when a client application uses easystroke for mouse gestures, the main thread modifies various data structures used by the input thread without acquiring a lock, aka a race condition. In particular, AttachDevice in dix/devices.c does not… | |
| CVE-2023-32253 | Med | 0.38 | 5.9 | 0.00 | Aug 2, 2025 | A flaw was found in the Linux kernel's ksmbd component. A deadlock is triggered by sending multiple concurrent session setup requests, possibly leading to a denial of service. | ||
| CVE-2026-44608 | Med | 0.31 | 5.9 | 0.00 | May 20, 2026 | NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a locking inconsistency vulnerability that when certain conditions are met (multi-threaded, RPZ XFR reload, RPZ zone with 'rpz-nsip'/'rpz-nsdname' triggers) it could result in heap use-after-free and eventual… | ||
| CVE-2025-69198 | 0.00 | — | 0.00 | Jan 19, 2026 | Pterodactyl is a free, open-source game server management panel. Pterodactyl implements rate limits that are applied to the total number of resources (e.g. databases, port allocations, or backups) that can exist for an individual server. These resource limits are applied on a… |
- risk 0.65cvss 10.0epss 0.00
An Improper Resource Locking vulnerability in the SDM component of B&R Automation Runtime versions before 6.3 and before Q4.93 may allow an unauthenticated network-based attacker to delete data causing denial of service conditions.
- risk 0.49cvss 7.5epss 0.02
Improper Resource Locking vulnerability in Mitsubishi Electric MELSEC iQ-R Series R12CCPU-V firmware versions "16" and prior, Mitsubishi Electric MELSEC-Q Series Q03UDECPU the first 5 digits of serial No. "24061" and prior, Mitsubishi Electric MELSEC-Q Series…
- risk 0.47cvss 7.3epss 0.00
Inadequate lock protection within Xilinx Run time may allow a local attacker to trigger a Use-After-Free condition potentially resulting in loss of confidentiality or availability
- risk 0.43cvss 7.7epss 0.00
In X.Org X server 20.11 through 21.1.16, when a client application uses easystroke for mouse gestures, the main thread modifies various data structures used by the input thread without acquiring a lock, aka a race condition. In particular, AttachDevice in dix/devices.c does not…
- risk 0.38cvss 5.9epss 0.00
A flaw was found in the Linux kernel's ksmbd component. A deadlock is triggered by sending multiple concurrent session setup requests, possibly leading to a denial of service.
- risk 0.31cvss 5.9epss 0.00
NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a locking inconsistency vulnerability that when certain conditions are met (multi-threaded, RPZ XFR reload, RPZ zone with 'rpz-nsip'/'rpz-nsdname' triggers) it could result in heap use-after-free and eventual…
- CVE-2025-69198Jan 19, 2026risk 0.00cvss —epss 0.00
Pterodactyl is a free, open-source game server management panel. Pterodactyl implements rate limits that are applied to the total number of resources (e.g. databases, port allocations, or backups) that can exist for an individual server. These resource limits are applied on a…