Skip to main content

CWE-664

Improper Control of a Resource Through its Lifetime

36 CVEs Avg CVSS 6.5 MITRE
1
CRITICAL
13
HIGH
21
MEDIUM
1
LOW
6
POC
1
KEV

Monthly

CVE-2026-20158 HIGH This Week

Remote denial of service in Cisco RoomOS software allows unauthenticated attackers to exhaust or corrupt a resource over the network, disrupting availability of Cisco collaboration room endpoints. Disclosed as part of a Cisco-internal security hardening review under the CWE-664 resource-lifetime pillar, the flaw carries a 7.5 CVSS score with an availability-only impact (C:N/I:N/A:H). No public exploit identified at time of analysis, and it is not listed in CISA KEV.

Cisco Information Disclosure Cisco Roomos Software
NVD VulDB
CVSS 3.1
7.5
CVE-2026-43503 HIGH PATCH This Week

Memory corruption and potential information disclosure in the Linux kernel networking stack (skbuff) occurs because skb_try_coalesce() fails to propagate the SKBFL_SHARED_FRAG marker when transferring paged fragments between socket buffers. The flaw breaks an invariant relied upon by IPsec ESP input processing, which may then decrypt data in-place over page-cache-backed fragments belonging to other contexts. No public exploit identified at time of analysis, EPSS sits at 0.02%, and the issue is patched across multiple stable trees.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-8582 MEDIUM PATCH This Month

Object lifecycle issue in Dawn in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-8517 HIGH PATCH This Week

Object lifecycle issue in WebShare in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

RCE Google Red Hat Suse Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-54621 MEDIUM This Month

Iterator failure issue in the WantAgent module. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-54619 MEDIUM This Month

Iterator failure issue in the multi-mode input module. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-54613 MEDIUM This Month

Iterator failure vulnerability in the card management module. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-54612 MEDIUM This Month

Iterator failure vulnerability in the card management module. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2024-41169 Maven HIGH PATCH This Week

CVE-2024-41169 is an unauthenticated information disclosure vulnerability in Apache Zeppelin's raft server protocol that allows remote attackers to enumerate and view server resources, including sensitive directories and files, without authentication. Versions 0.10.1 through 0.12.0 are affected. The vulnerability has a CVSS score of 7.5 (High) with a network-accessible attack vector and no authentication requirements, making it trivially exploitable by unauthenticated remote actors.

Apache Information Disclosure Authentication Bypass Zeppelin
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-21593 HIGH This Month

An Improper Control of a Resource Through its Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVSS 7.5
HIGH This Week

Remote denial of service in Cisco RoomOS software allows unauthenticated attackers to exhaust or corrupt a resource over the network, disrupting availability of Cisco collaboration room endpoints. Disclosed as part of a Cisco-internal security hardening review under the CWE-664 resource-lifetime pillar, the flaw carries a 7.5 CVSS score with an availability-only impact (C:N/I:N/A:H). No public exploit identified at time of analysis, and it is not listed in CISA KEV.

Cisco Information Disclosure Cisco Roomos Software
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Memory corruption and potential information disclosure in the Linux kernel networking stack (skbuff) occurs because skb_try_coalesce() fails to propagate the SKBFL_SHARED_FRAG marker when transferring paged fragments between socket buffers. The flaw breaks an invariant relied upon by IPsec ESP input processing, which may then decrypt data in-place over page-cache-backed fragments belonging to other contexts. No public exploit identified at time of analysis, EPSS sits at 0.02%, and the issue is patched across multiple stable trees.

Linux Information Disclosure
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Object lifecycle issue in Dawn in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Information Disclosure Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Object lifecycle issue in WebShare in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

RCE Google Red Hat +2
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Iterator failure issue in the WantAgent module. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Iterator failure issue in the multi-mode input module. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Iterator failure vulnerability in the card management module. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Iterator failure vulnerability in the card management module. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

CVE-2024-41169 is an unauthenticated information disclosure vulnerability in Apache Zeppelin's raft server protocol that allows remote attackers to enumerate and view server resources, including sensitive directories and files, without authentication. Versions 0.10.1 through 0.12.0 are affected. The vulnerability has a CVSS score of 7.5 (High) with a network-accessible attack vector and no authentication requirements, making it trivially exploitable by unauthenticated remote actors.

Apache Information Disclosure Authentication Bypass +1
NVD GitHub
EPSS 0% CVSS 7.1
HIGH This Month

An Improper Control of a Resource Through its Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy