CWE-460
Improper Cleanup on Thrown Exception
Description
The product does not clean up its state or incorrectly cleans up its state when an exception is thrown, leading to unexpected state or control flow.
Hierarchy (View 1000)
CVEs mapped to this weakness (14)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-43855 | Hig | 0.50 | — | 0.00 | Apr 24, 2025 | tRPC allows users to build & consume fully typesafe APIs without schemas or code generation. In versions starting from 11.0.0 to before 11.1.1, an unhandled error is thrown when validating invalid connectionParams which crashes a tRPC WebSocket server. This allows any… | ||
| CVE-2026-40583 | Hig | 0.46 | 8.2 | 0.00 | Apr 21, 2026 | UltraDAG is a minimal DAG-BFT blockchain in Rust. In version 0.1, a non-council attacker can submit a signed SmartOp::Vote transaction that passes signature, nonce, and balance prechecks, but fails authorization only after state mutation has already occurred. | ||
| CVE-2017-9657 | Med | 0.42 | 6.5 | 0.01 | Apr 30, 2018 | Under specific 802.11 network conditions, a partial re-association of the Philips IntelliVue MX40 Version B.06.18 WLAN monitor to the central monitoring station is possible. In this state, the central monitoring station can indicate the MX40 is not connected or associated to the… | ||
| CVE-2025-32439 | Med | 0.35 | 6.5 | 0.00 | Apr 15, 2025 | pleezer is a headless Deezer Connect player. Hook scripts in pleezer can be triggered by various events like track changes and playback state changes. In versions before 0.16.0, these scripts were spawned without proper process cleanup, leaving zombie processes in the system's… | ||
| CVE-2016-9592 | Med | 0.28 | 4.3 | 0.01 | Apr 16, 2018 | openshift before versions 3.3.1.11, 3.2.1.23, 3.4 is vulnerable to a flaw when a volume fails to detach, which causes the delete operation to fail with 'VolumeInUse' error. Since the delete operation is retried every 30 seconds for each volume, this could lead to a denial of… | ||
| CVE-2026-33481 | Med | 0.27 | 5.3 | 0.00 | Mar 26, 2026 | Syft is a a CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. Syft versions before v1.42.3 would not properly cleanup temporary storage if the temporary storage was exhausted during a scan. When scanning archives… | ||
| CVE-2026-48524 | Low | 0.17 | 3.7 | 0.00 | May 28, 2026 | PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.get_signing_key() forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no rate limiting. Since kid comes from the unverified token header, an attacker can… | ||
| CVE-2025-59399 | Low | 0.13 | 3.1 | 0.00 | Sep 15, 2025 | libocpp before 0.28.0 allows a denial of service (EVerest crash) because a secondary exception is thrown during error message generation. | ||
| CVE-2025-31650 | — | 0.01 | — | 0.67 | Apr 28, 2025 | Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException… | ||
| CVE-2025-30157 | 0.00 | — | 0.00 | Mar 21, 2025 | Envoy is a cloud-native high-performance edge/middle/service proxy. Prior to 1.33.1, 1.32.4, 1.31.6, and 1.30.10, Envoy's ext_proc HTTP filter is at risk of crashing if a local reply is sent to the external server due to the filter's life time issue. A known situation is the… | |||
| CVE-2024-12289 | 0.00 | — | 0.00 | Dec 12, 2024 | Boundary Community Edition and Boundary Enterprise (“Boundary”) incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. Boundary is only vulnerable to this flaw during the… | |||
| CVE-2022-3301 | — | 0.00 | — | 0.01 | Sep 26, 2022 | Improper Cleanup on Thrown Exception in GitHub repository ikus060/rdiffweb prior to 2.4.8. | ||
| CVE-2020-35923 | — | 0.00 | — | 0.00 | Dec 31, 2020 | An issue was discovered in the ordered-float crate before 1.1.1 and 2.x before 2.0.1 for Rust. A NotNan value can contain a NaN. | ||
| CVE-2017-15127 | Med | 0.00 | 5.5 | 0.00 | Jan 14, 2018 | A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG). |
- risk 0.50cvss —epss 0.00
tRPC allows users to build & consume fully typesafe APIs without schemas or code generation. In versions starting from 11.0.0 to before 11.1.1, an unhandled error is thrown when validating invalid connectionParams which crashes a tRPC WebSocket server. This allows any…
- risk 0.46cvss 8.2epss 0.00
UltraDAG is a minimal DAG-BFT blockchain in Rust. In version 0.1, a non-council attacker can submit a signed SmartOp::Vote transaction that passes signature, nonce, and balance prechecks, but fails authorization only after state mutation has already occurred.
- risk 0.42cvss 6.5epss 0.01
Under specific 802.11 network conditions, a partial re-association of the Philips IntelliVue MX40 Version B.06.18 WLAN monitor to the central monitoring station is possible. In this state, the central monitoring station can indicate the MX40 is not connected or associated to the…
- risk 0.35cvss 6.5epss 0.00
pleezer is a headless Deezer Connect player. Hook scripts in pleezer can be triggered by various events like track changes and playback state changes. In versions before 0.16.0, these scripts were spawned without proper process cleanup, leaving zombie processes in the system's…
- risk 0.28cvss 4.3epss 0.01
openshift before versions 3.3.1.11, 3.2.1.23, 3.4 is vulnerable to a flaw when a volume fails to detach, which causes the delete operation to fail with 'VolumeInUse' error. Since the delete operation is retried every 30 seconds for each volume, this could lead to a denial of…
- risk 0.27cvss 5.3epss 0.00
Syft is a a CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. Syft versions before v1.42.3 would not properly cleanup temporary storage if the temporary storage was exhausted during a scan. When scanning archives…
- risk 0.17cvss 3.7epss 0.00
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.get_signing_key() forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no rate limiting. Since kid comes from the unverified token header, an attacker can…
- risk 0.13cvss 3.1epss 0.00
libocpp before 0.28.0 allows a denial of service (EVerest crash) because a secondary exception is thrown during error message generation.
- CVE-2025-31650Apr 28, 2025risk 0.01cvss —epss 0.67
Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException…
- CVE-2025-30157Mar 21, 2025risk 0.00cvss —epss 0.00
Envoy is a cloud-native high-performance edge/middle/service proxy. Prior to 1.33.1, 1.32.4, 1.31.6, and 1.30.10, Envoy's ext_proc HTTP filter is at risk of crashing if a local reply is sent to the external server due to the filter's life time issue. A known situation is the…
- CVE-2024-12289Dec 12, 2024risk 0.00cvss —epss 0.00
Boundary Community Edition and Boundary Enterprise (“Boundary”) incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. Boundary is only vulnerable to this flaw during the…
- CVE-2022-3301Sep 26, 2022risk 0.00cvss —epss 0.01
Improper Cleanup on Thrown Exception in GitHub repository ikus060/rdiffweb prior to 2.4.8.
- CVE-2020-35923Dec 31, 2020risk 0.00cvss —epss 0.00
An issue was discovered in the ordered-float crate before 1.1.1 and 2.x before 2.0.1 for Rust. A NotNan value can contain a NaN.
- risk 0.00cvss 5.5epss 0.00
A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG).