VYPR

CWE-459

Incomplete Cleanup

BaseDraft

Description

The product does not properly "clean up" and remove temporary or supporting resources after they have been used.

Hierarchy (View 1000)

CVEs mapped to this weakness (55)

page 2 of 3
  • CVE-2005-2293MedJul 18, 2005
    risk 0.36cvss 5.5epss 0.02

    Oracle Formsbuilder 9.0.4 stores database usernames and passwords in a temporary file, which is not deleted after it is used, which allows local users to obtain sensitive information.

  • CVE-2002-0788MedAug 12, 2002
    risk 0.36cvss 5.5epss 0.00

    An interaction between PGP 7.0.3 with the "wipe deleted files" option, when used on Windows Encrypted File System (EFS), creates a cleartext temporary files that cannot be wiped or deleted due to strong permissions, which could allow certain local users or attackers with…

  • CVE-2025-29934MedNov 21, 2025
    risk 0.34cvss 5.3epss 0.00

    A bug within some AMD CPUs could allow a local admin-privileged attacker to run a SEV-SNP guest using stale TLB entries, potentially resulting in loss of data integrity.

  • CVE-2025-20293MedSep 24, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in the Day One setup process of Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers for Cloud (9800-CL) could allow an unauthenticated, remote attacker to access the public-key infrastructure (PKI) server that is running on an affected device. …

  • CVE-2026-0427MedMay 15, 2026
    risk 0.30cvss epss 0.00

    Improper cleanup of shared register resources in GPU firmware could allow an admin-privileged attacker from a Guest Virtual machine (VM) to access these shared resources from another Guest VM, potentially resulting in the loss of confidentiality, integrity, or availability.

  • CVE-2018-11068MedSep 11, 2018
    risk 0.30cvss 4.6epss 0.00

    RSA BSAFE SSL-J versions prior to 6.2.4 contain a Heap Inspection vulnerability that could allow an attacker with physical access to the system to recover sensitive key material.

  • CVE-2026-43395MedMay 8, 2026
    risk 0.29cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: drm/xe/sync: Cleanup partially initialized sync on parse failure xe_sync_entry_parse() can allocate references (syncobj, fence, chain fence, or user fence) before hitting a later failure path. Several of those…

  • CVE-2023-31356MedAug 13, 2024
    risk 0.29cvss 4.4epss 0.00

    Incomplete system memory cleanup in SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of data integrity.

  • CVE-2026-53867MedJun 12, 2026
    risk 0.28cvss 4.3epss 0.00

    Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remove them. Attackers can access orphaned image files through previously generated URLs, allowing unauthorized retrieval of user-uploaded content.

  • CVE-2026-5038MedJun 15, 2026
    risk 0.27cvss 5.3epss 0.00

    Impact: multer versions 2.0.0-alpha.1 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service when using diskStorage. Aborted or malformed multipart uploads leave orphaned partial files on disk because the Readable.pipe() call does not propagate the stream destroy…

  • CVE-2018-12332MedJun 17, 2018
    risk 0.27cvss 4.2epss 0.00

    Incomplete Cleanup vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via a compromised host PC after a reset.

  • CVE-2024-21977LowSep 5, 2025
    risk 0.21cvss 3.2epss 0.00

    Incomplete cleanup after loading a CPU microcode patch may allow a privileged attacker to degrade the entropy of the RDRAND instruction, potentially resulting in loss of integrity for SEV-SNP guests.

  • CVE-2026-35361LowApr 22, 2026
    risk 0.15cvss 3.4epss 0.00

    The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before setting the SELinux context. If labeling fails, the utility attempts cleanup using std::fs::remove_dir, which cannot remove device nodes or FIFOs. This leaves…

  • CVE-2026-6830LowApr 21, 2026
    risk 0.14cvss 3.3epss 0.00

    nesquena hermes-webui contains an environment variable leakage vulnerability where profile switching does not clear environment variables from the previously active profile before loading the next profile. Attackers or users can exploit additive dotenv reload behavior to access…

  • CVE-2023-20518LowAug 13, 2024
    risk 0.12cvss 1.9epss 0.00

    Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality.

  • CVE-2025-31650Apr 28, 2025
    risk 0.01cvss epss 0.67

    Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException…

  • CVE-2026-28268Feb 27, 2026
    risk 0.00cvss epss 0.01

    Vikunja is an open-source self-hosted task management platform. Versions prior to 2.1.0 have a business logic vulnerability exists in the password reset mechanism of vikunja/api that allows password reset tokens to be reused indefinitely. Due to a failure to invalidate tokens…

  • CVE-2026-3304Feb 27, 2026
    risk 0.00cvss epss 0.01

    Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing resource exhaustion. Users should upgrade to version…

  • CVE-2026-21438Feb 12, 2026
    risk 0.00cvss epss 0.00

    webtransport-go is an implementation of the WebTransport protocol. Prior to 0.10.0, an attacker can cause unbounded memory consumption repeatedly creating and closing many WebTransport streams. Closed streams were not removed from an internal session map, preventing garbage…

  • CVE-2025-66675Dec 10, 2025
    risk 0.00cvss epss 0.01

    Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the…