VYPR

CWE-459

Incomplete Cleanup

BaseDraft

Description

The product does not properly "clean up" and remove temporary or supporting resources after they have been used.

Hierarchy (View 1000)

CVEs mapped to this weakness (55)

page 3 of 3
  • CVE-2025-64775Dec 1, 2025
    risk 0.00cvss epss 0.01

    Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the…

  • CVE-2025-21609Jan 3, 2025
    risk 0.00cvss epss 0.01

    SiYuan is self-hosted, open source personal knowledge management software. SiYuan Note version 3.1.18 has an arbitrary file deletion vulnerability. The vulnerability exists in the `POST /api/history/getDocHistoryContent` endpoint. An attacker can craft a payload to exploit this…

  • CVE-2024-38275Jun 18, 2024
    risk 0.00cvss epss 0.00

    The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.

  • CVE-2024-23672Mar 13, 2024
    risk 0.00cvss epss 0.02

    Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through…

  • CVE-2023-41835Dec 5, 2023
    risk 0.00cvss epss 0.06

    When a Multipart request is performed but some of the fields exceed the maxStringLength  limit, the upload files will remain in struts.multipart.saveDir  even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts…

  • CVE-2023-42795Oct 10, 2023
    risk 0.00cvss epss 0.02

    Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some…

  • CVE-2023-42794Oct 10, 2023
    risk 0.00cvss epss 0.02

    Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, in progress refactoring that exposed a potential denial of service on Windows if a…

  • CVE-2023-36468Jun 29, 2023
    risk 0.00cvss epss 0.02

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an XWiki installation is upgraded and that upgrade contains a fix for a bug in a document, just a new version of that document is added. In some cases, it's still…

  • CVE-2023-20862Apr 19, 2023
    risk 0.00cvss epss 0.01

    In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty…

  • CVE-2023-28859Mar 26, 2023
    risk 0.00cvss epss 0.01

    redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request. (This could, for example, happen for a non-pipeline operation.) NOTE: the…

  • CVE-2022-45347Dec 22, 2022
    risk 0.00cvss epss 0.01

    Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as database backend didn't cleanup the database session completely after client authentication failed, which allowed an attacker to execute normal commands by constructing a special MySQL client. This vulnerability has…

  • CVE-2022-1473May 3, 2022
    risk 0.00cvss epss 0.02

    The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys…

  • CVE-2021-45706Dec 26, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in the zeroize_derive crate before 1.1.1 for Rust. Dropped memory is not zeroed out for an enum.

  • CVE-2020-10685May 11, 2020
    risk 0.00cvss epss 0.00

    A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as…

  • CVE-2019-11514Apr 25, 2019
    risk 0.00cvss epss 0.01

    User/Command/ConfirmEmailHandler.php in Flarum before 0.1.0-beta.8 mishandles invalidation of user email tokens.