VYPR

CWE-664

Improper Control of a Resource Through its Lifetime

PillarDraft

Description

The product does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-196 · CAPEC-21 · CAPEC-60 · CAPEC-61 · CAPEC-62

CVEs mapped to this weakness (10)

  • CVE-2026-8517HigMay 14, 2026
    risk 0.57cvss 8.8epss 0.01

    Object lifecycle issue in WebShare in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2016-8763HigApr 2, 2017
    risk 0.51cvss 7.8epss 0.01

    The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 and earlier versions has an improper resource release vulnerability, which allows…

  • CVE-2025-34226HigOct 3, 2025
    risk 0.46cvss epss 0.01

    OpenPLC Runtime v3 contains an input validation flaw in the /upload-program-action endpoint: the epoch_time field supplied during program uploads is not validated and can be crafted to induce corruption of the programs database. After a successful malformed upload the runtime…

  • CVE-2024-22365MedFeb 6, 2024
    risk 0.36cvss 5.5epss 0.00

    linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.

  • CVE-2026-8582MedMay 14, 2026
    risk 0.34cvss 5.3epss 0.00

    Object lifecycle issue in Dawn in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2024-41169Jul 12, 2025
    risk 0.00cvss epss 0.01

    The attacker can use the raft server protocol in an unauthenticated way. The attacker can see the server's resources, including directories and files. This issue affects Apache Zeppelin: from 0.10.1 up to 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes…

  • CVE-2024-23639Feb 9, 2024
    risk 0.00cvss epss 0.00

    Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks.…

  • CVE-2022-31153Jul 15, 2022
    risk 0.00cvss epss 0.01

    OpenZeppelin Contracts for Cairo is a library for contract development written in Cairo for StarkNet, a decentralized ZK Rollup. Version 0.2.0 is vulnerable to an error that renders account contracts unusable on live networks. This issue affects all accounts (vanilla and…

  • CVE-2022-1385Apr 19, 2022
    risk 0.00cvss epss 0.01

    Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels.

  • CVE-2019-16779Dec 16, 2019
    risk 0.00cvss epss 0.01

    In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response.…