CWE-672
Operation on a Resource after Expiration or Release
Description
The product uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.
Hierarchy (View 1000)
CVEs mapped to this weakness (34)
page 2 of 2| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-31875 | 0.00 | — | 0.00 | Mar 11, 2026 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.7 and 8.6.33, when multi-factor authentication (MFA) via TOTP is enabled for a user account, Parse Server generates two single-use recovery codes. These… | |||
| CVE-2025-53901 | 0.00 | — | 0.00 | Jul 18, 2025 | Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0.2, and 34.0.2, a bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in the host (embedder). The specific bug is triggered by calling… | |||
| CVE-2025-30351 | 0.00 | — | 0.00 | Mar 26, 2025 | Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 10.10.0 and prior to version 11.5.0, a suspended user can use the token generated in session auth mode to access the API despite their status. This happens because there is a… | |||
| CVE-2024-46999 | 0.00 | — | 0.00 | Sep 19, 2024 | Zitadel is an open source identity management platform. ZITADEL's user grants deactivation mechanism did not work correctly. Deactivated user grants were still provided in token, which could lead to unauthorized access to applications and resources. Additionally, the management… | |||
| CVE-2024-47000 | 0.00 | — | 0.00 | Sep 19, 2024 | Zitadel is an open source identity management platform. ZITADEL's user account deactivation mechanism did not work correctly with service accounts. Deactivated service accounts retained the ability to request tokens, which could lead to unauthorized access to applications and… | |||
| CVE-2024-47060 | 0.00 | — | 0.00 | Sep 19, 2024 | Zitadel is an open source identity management platform. In Zitadel, even after an organization is deactivated, associated projects, respectively their applications remain active. Users across other organizations can still log in and access through these applications, leading to… | |||
| CVE-2024-45244 | — | 0.00 | — | 0.01 | Aug 25, 2024 | Hyperledger Fabric through 3.0.0 and 2.5.x through 2.5.9 do not verify that a request has a timestamp within the expected time window. | ||
| CVE-2024-27308 | 0.00 | — | 0.01 | Mar 6, 2024 | Mio is a Metal I/O library for Rust. When using named pipes on Windows, mio will under some circumstances return invalid tokens that correspond to named pipes that have already been deregistered from the mio registry. The impact of this vulnerability depends on how mio is used.… | |||
| CVE-2023-48220 | 0.00 | — | 0.01 | Feb 20, 2024 | Decidim is a participatory democracy framework. Starting in version 0.4.rc3 and prior to version 2.0.9 of the `devise_invitable` gem, the invites feature allows users to accept the invitation for an unlimited amount of time through the password reset functionality. This issue… | |||
| CVE-2024-23332 | 0.00 | — | 0.00 | Jan 19, 2024 | The Notary Project is a set of specifications and tools intended to provide a cross-industry standard for securing software supply chains by using authentic container images and other OCI artifacts. An external actor with control of a compromised container registry can provide… | |||
| CVE-2023-42446 | 0.00 | — | 0.00 | Sep 18, 2023 | Pow is a authentication and user management solution for Phoenix and Plug-based apps. Starting in version 1.0.14 and prior to version 1.0.34, use of `Pow.Store.Backend.MnesiaCache` is susceptible to session hijacking as expired keys are not being invalidated correctly on… | |||
| CVE-2020-36212 | — | 0.00 | — | 0.01 | Jan 22, 2021 | An issue was discovered in the abi_stable crate before 0.9.1 for Rust. DrainFilter lacks soundness because of a double drop. | ||
| CVE-2020-15270 | 0.00 | — | 0.01 | Oct 22, 2020 | Parse Server (npm package parse-server) broadcasts events to all clients without checking if the session token is valid. This allows clients with expired sessions to still receive subscription objects. It is not possible to create subscription objects with invalid session… | |||
| CVE-2019-17638 | 0.00 | — | 0.11 | Jul 9, 2020 | In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice.… |
- CVE-2026-31875Mar 11, 2026risk 0.00cvss —epss 0.00
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.7 and 8.6.33, when multi-factor authentication (MFA) via TOTP is enabled for a user account, Parse Server generates two single-use recovery codes. These…
- CVE-2025-53901Jul 18, 2025risk 0.00cvss —epss 0.00
Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0.2, and 34.0.2, a bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in the host (embedder). The specific bug is triggered by calling…
- CVE-2025-30351Mar 26, 2025risk 0.00cvss —epss 0.00
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 10.10.0 and prior to version 11.5.0, a suspended user can use the token generated in session auth mode to access the API despite their status. This happens because there is a…
- CVE-2024-46999Sep 19, 2024risk 0.00cvss —epss 0.00
Zitadel is an open source identity management platform. ZITADEL's user grants deactivation mechanism did not work correctly. Deactivated user grants were still provided in token, which could lead to unauthorized access to applications and resources. Additionally, the management…
- CVE-2024-47000Sep 19, 2024risk 0.00cvss —epss 0.00
Zitadel is an open source identity management platform. ZITADEL's user account deactivation mechanism did not work correctly with service accounts. Deactivated service accounts retained the ability to request tokens, which could lead to unauthorized access to applications and…
- CVE-2024-47060Sep 19, 2024risk 0.00cvss —epss 0.00
Zitadel is an open source identity management platform. In Zitadel, even after an organization is deactivated, associated projects, respectively their applications remain active. Users across other organizations can still log in and access through these applications, leading to…
- CVE-2024-45244Aug 25, 2024risk 0.00cvss —epss 0.01
Hyperledger Fabric through 3.0.0 and 2.5.x through 2.5.9 do not verify that a request has a timestamp within the expected time window.
- CVE-2024-27308Mar 6, 2024risk 0.00cvss —epss 0.01
Mio is a Metal I/O library for Rust. When using named pipes on Windows, mio will under some circumstances return invalid tokens that correspond to named pipes that have already been deregistered from the mio registry. The impact of this vulnerability depends on how mio is used.…
- CVE-2023-48220Feb 20, 2024risk 0.00cvss —epss 0.01
Decidim is a participatory democracy framework. Starting in version 0.4.rc3 and prior to version 2.0.9 of the `devise_invitable` gem, the invites feature allows users to accept the invitation for an unlimited amount of time through the password reset functionality. This issue…
- CVE-2024-23332Jan 19, 2024risk 0.00cvss —epss 0.00
The Notary Project is a set of specifications and tools intended to provide a cross-industry standard for securing software supply chains by using authentic container images and other OCI artifacts. An external actor with control of a compromised container registry can provide…
- CVE-2023-42446Sep 18, 2023risk 0.00cvss —epss 0.00
Pow is a authentication and user management solution for Phoenix and Plug-based apps. Starting in version 1.0.14 and prior to version 1.0.34, use of `Pow.Store.Backend.MnesiaCache` is susceptible to session hijacking as expired keys are not being invalidated correctly on…
- CVE-2020-36212Jan 22, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the abi_stable crate before 0.9.1 for Rust. DrainFilter lacks soundness because of a double drop.
- CVE-2020-15270Oct 22, 2020risk 0.00cvss —epss 0.01
Parse Server (npm package parse-server) broadcasts events to all clients without checking if the session token is valid. This allows clients with expired sessions to still receive subscription objects. It is not possible to create subscription objects with invalid session…
- CVE-2019-17638Jul 9, 2020risk 0.00cvss —epss 0.11
In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice.…