Skip to main content

CWE-226

Sensitive Information in Resource Not Removed Before Reuse

12 CVEs Avg CVSS 5.5 MITRE
0
CRITICAL
4
HIGH
5
MEDIUM
3
LOW
1
POC
0
KEV

Monthly

CVE-2026-32960 HIGH CISA Act Now

Authentication bypass in silex technology SD-330AC (≤1.42) and AMC Manager (≤5.0.2) allows remote attackers to gain unauthorized access by sending specially crafted packets that exploit residual sensitive data in memory. Attacker can log in without valid credentials due to improper clearance of authentication tokens or session data between requests. EPSS score of 0.03% (7th percentile) indicates low observed exploitation probability. JPCERT/CC reported this vulnerability, and vendor advisory confirms patches are available. Requires user interaction (CVSS 4.0 UI:P), limiting automated exploitation.

Information Disclosure Sd 330Ac Amc Manager
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-5795 Maven HIGH PATCH GHSA This Week

Privilege escalation in Eclipse Jetty 9.4.0-12.1.7 allows unauthenticated remote attackers to bypass authentication via ThreadLocal variable pollution in JASPIAuthenticator. Early returns from authentication checks fail to clear ThreadLocal values, causing subsequent requests on the same thread to inherit elevated privileges. CVSS 7.4 with high complexity but no authentication required. EPSS and KEV status not provided; no public exploit identified at time of analysis. Affects all major Jetty versions from 9.x through 12.x.

Privilege Escalation Eclipse Jetty
NVD GitHub HeroDevs VulDB
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-14858 MEDIUM This Month

Information disclosure vulnerability in Semtech LR11xx LoRa transceivers (LR1110, LR1120, LR1121) allows attackers with physical SPI interface access to retrieve decrypted firmware contents by exploiting improper memory cleanup after firmware validation. The device fails to clear the last decrypted firmware block from memory after integrity checks complete, enabling an attacker to bypass firmware encryption protection via subsequent SPI memory read commands. This affects early firmware versions and requires direct physical access to the SPI interface.

Information Disclosure Lr1110 Lr1120 Lr1121
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2019-25560 HIGH POC This Week

Lyric Video Creator 2.1 contains a denial of service vulnerability that allows attackers to crash the application by processing malformed MP3 files.

Denial Of Service Lyric Video Creator
NVD Exploit-DB VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-13108 MEDIUM This Month

Db2 Merge Backup versions up to 12.1.0.0 contains a vulnerability that allows attackers to access sensitive information in memory due to the buffer not properly clearing r (CVSS 5.5).

Windows Linux IBM Db2 Merge Backup
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-0647 HIGH This Week

In certain Arm CPUs, a CPP RCTX instruction executed on one Processing Element (PE) may inhibit TLB invalidation when a TLBI is issued to the PE, either by the same PE or another PE in the shareability domain. [CVSS 7.9 HIGH]

Information Disclosure C1 Premium Firmware C1 Ultra Firmware Cortex A710 Firmware Cortex X2 Firmware +7
NVD
CVSS 3.1
7.9
EPSS
0.0%
CVE-2025-33200 LOW Monitor

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Nvidia Dgx Os
NVD
CVSS 3.1
2.3
EPSS
0.0%
CVE-2025-33198 LOW Monitor

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Nvidia Dgx Os
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-33196 MEDIUM This Month

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Nvidia Dgx Os
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-20622 LOW Monitor

Sensitive information uncleared in resource before release for reuse for some Intel(R) NPU Drivers for Windows before version 32.0.100.4023 within Ring 3: User Applications may allow an information. Rated low severity (CVSS 2.0), this vulnerability is low attack complexity. No vendor patch available.

Windows Information Disclosure Microsoft Intel
NVD
CVSS 4.0
2.0
EPSS
0.0%
EPSS 0% CVSS 7.1
HIGH Act Now

Authentication bypass in silex technology SD-330AC (≤1.42) and AMC Manager (≤5.0.2) allows remote attackers to gain unauthorized access by sending specially crafted packets that exploit residual sensitive data in memory. Attacker can log in without valid credentials due to improper clearance of authentication tokens or session data between requests. EPSS score of 0.03% (7th percentile) indicates low observed exploitation probability. JPCERT/CC reported this vulnerability, and vendor advisory confirms patches are available. Requires user interaction (CVSS 4.0 UI:P), limiting automated exploitation.

Information Disclosure Sd 330Ac Amc Manager
NVD
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Privilege escalation in Eclipse Jetty 9.4.0-12.1.7 allows unauthenticated remote attackers to bypass authentication via ThreadLocal variable pollution in JASPIAuthenticator. Early returns from authentication checks fail to clear ThreadLocal values, causing subsequent requests on the same thread to inherit elevated privileges. CVSS 7.4 with high complexity but no authentication required. EPSS and KEV status not provided; no public exploit identified at time of analysis. Affects all major Jetty versions from 9.x through 12.x.

Privilege Escalation Eclipse Jetty
NVD GitHub HeroDevs VulDB
EPSS 0% CVSS 5.1
MEDIUM This Month

Information disclosure vulnerability in Semtech LR11xx LoRa transceivers (LR1110, LR1120, LR1121) allows attackers with physical SPI interface access to retrieve decrypted firmware contents by exploiting improper memory cleanup after firmware validation. The device fails to clear the last decrypted firmware block from memory after integrity checks complete, enabling an attacker to bypass firmware encryption protection via subsequent SPI memory read commands. This affects early firmware versions and requires direct physical access to the SPI interface.

Information Disclosure Lr1110 Lr1120 +1
NVD
EPSS 0% CVSS 8.7
HIGH POC This Week

Lyric Video Creator 2.1 contains a denial of service vulnerability that allows attackers to crash the application by processing malformed MP3 files.

Denial Of Service Lyric Video Creator
NVD Exploit-DB VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Db2 Merge Backup versions up to 12.1.0.0 contains a vulnerability that allows attackers to access sensitive information in memory due to the buffer not properly clearing r (CVSS 5.5).

Windows Linux IBM +1
NVD
EPSS 0% CVSS 7.9
HIGH This Week

In certain Arm CPUs, a CPP RCTX instruction executed on one Processing Element (PE) may inhibit TLB invalidation when a TLBI is issued to the PE, either by the same PE or another PE in the shareability domain. [CVSS 7.9 HIGH]

Information Disclosure C1 Premium Firmware C1 Ultra Firmware +9
NVD
EPSS 0% CVSS 2.3
LOW Monitor

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Nvidia Dgx Os
NVD
EPSS 0% CVSS 3.3
LOW Monitor

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Nvidia Dgx Os
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Nvidia Dgx Os
NVD
EPSS 0% CVSS 2.0
LOW Monitor

Sensitive information uncleared in resource before release for reuse for some Intel(R) NPU Drivers for Windows before version 32.0.100.4023 within Ring 3: User Applications may allow an information. Rated low severity (CVSS 2.0), this vulnerability is low attack complexity. No vendor patch available.

Windows Information Disclosure Microsoft +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy