VYPR

CWE-672

Operation on a Resource after Expiration or Release

ClassDraft

Description

The product uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.

Hierarchy (View 1000)

CVEs mapped to this weakness (34)

page 1 of 2
  • CVE-2013-10075CriMay 8, 2026
    risk 0.59cvss 9.1epss 0.00

    Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DB_File will create a session that does not exist. This can lead to sessions being revived, potentially with data that was to…

  • CVE-2026-33278CriMay 20, 2026
    risk 0.57cvss 9.8epss 0.01

    NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary…

  • CVE-2017-14895HigDec 5, 2017
    risk 0.51cvss 7.8epss 0.00

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, after a subsystem reset, iwpriv is not giving correct information.

  • CVE-2017-0544HigApr 7, 2017
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability in CameraBase could enable a local malicious application to execute arbitrary code. This issue is rated as High because it is a local arbitrary code execution in a privileged process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0,…

  • CVE-2025-6031HigJun 12, 2025
    risk 0.49cvss 7.5epss 0.00

    Amazon Cloud Cam is a home security camera that was deprecated on December 2, 2022, is end of life, and is no longer actively supported. When a user powers on the Amazon Cloud Cam, the device attempts to connect to a remote service infrastructure that has been deprecated due…

  • CVE-2009-3547HigNov 4, 2009
    risk 0.49cvss 7.0epss 0.05

    Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.

  • CVE-2026-43585HigMay 6, 2026
    risk 0.46cvss 8.1epss 0.01

    OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain valid after SecretRef rotation. Gateway HTTP and WebSocket handlers fail to re-resolve authentication per-request, enabling attackers to use rotated-out bearer…

  • CVE-2024-57929HigJan 19, 2025
    risk 0.46cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: dm array: fix releasing a faulty array block twice in dm_array_cursor_end When dm_bm_read_lock() fails due to locking or checksum errors, it releases the faulty block implicitly while leaving an invalid output…

  • CVE-2026-2379MedJun 5, 2026
    risk 0.38cvss 5.9epss 0.00

    On affected platforms with hardware IPSec support running Arista EOS with certain IPsec features enabled, EOS may exhibit unexpected behavior in specific cases. Physical interface flaps and certain agent restarts can cause IPsec tunnel re-establishment with existing Security…

  • CVE-2024-49955MedOct 21, 2024
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ACPI: battery: Fix possible crash when unregistering a battery hook When a battery hook returns an error when adding a new battery, then the battery hook is automatically unregistered. However the battery hook…

  • CVE-2024-4693MedMay 14, 2024
    risk 0.36cvss 5.5epss 0.00

    A flaw was found in the QEMU Virtio PCI Bindings (hw/virtio/virtio-pci.c). An improper release and use of the irqfd for vector 0 during the boot process leads to a guest triggerable crash via vhost_net_stop(). This flaw allows a malicious guest to crash the QEMU process on the…

  • CVE-2019-20022MedDec 27, 2019
    risk 0.35cvss 6.5epss 0.01

    An invalid memory address dereference was discovered in load_pnm in frompnm.c in libsixel before 1.8.3.

  • CVE-2026-45005MedMay 11, 2026
    risk 0.32cvss 6.0epss 0.00

    OpenClaw before 2026.4.23 caches resolved webhook route secrets backed by SecretRef values, allowing stale secrets to remain valid after rotation and reload. Attackers with previously valid webhook route secrets can continue authenticating requests and invoking configured…

  • CVE-2026-33463MedMay 28, 2026
    risk 0.27cvss 5.3epss 0.00

    Operation on a Resource after Expiration or Termination (CWE-672) in Kibana can lead to unauthorized information disclosure. A logic error in how expiration timestamps were validated allowed a time-bounded access token to remain usable beyond its intended validity window,…

  • CVE-2026-32244MedMay 19, 2026
    risk 0.27cvss 5.3epss 0.00

    Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unprivileged users who cannot regenerate summaries. This issue has been fixed in…

  • CVE-2026-42791LowMay 27, 2026
    risk 0.17cvss 3.7epss 0.00

    Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP response verification in pubkey_ocsp:verify_response/5 and…

  • CVE-2025-2517LowApr 21, 2025
    risk 0.15cvss epss 0.00

    Reference to Expired Domain Vulnerability in OpenText™ ArcSight Enterprise Security Manager.

  • CVE-2026-4053LowMay 15, 2026
    risk 0.13cvss 3.1epss 0.00

    Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to enforce the PostEditTimeLimit on non-message post fields which allows an authenticated user to modify post file attachments, props, and pin status after the edit window has expired via the post patch and update…

  • CVE-2026-1237LowJan 28, 2026
    risk 0.07cvss epss 0.00

    Vulnerable cross-model authorization in juju. If a charm's cross-model permissions are revoked or expire, a malicious user who is able to update database records can mint an invalid macaroon that is incorrectly validated by the juju controller, enabling a charm to maintain…

  • CVE-2025-22149LowJan 9, 2025
    risk 0.07cvss epss 0.01

    JWK Set (JSON Web Key Set) is a JWK and JWK Set Go implementation. Prior to 0.6.0, the project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a…