CWE-1104 (Use of Unmaintained Third Party Components) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.
The product relies on third-party components that are not actively supported or maintained by the original developer or a trusted proxy for the original developer.
| Kind | Name | Class | Prevalence | OS / CPE |
|---|---|---|---|---|
| language | — | Not Language-Specific | Undetermined | — |
| technology | — | Not Technology-Specific | Undetermined | — |
| technology | — | ICS/OT | Undetermined | — |
These CVEs are mapped to this weakness in this database and kept for traceability and search.
| CVE | Published | Summary |
|---|---|---|
| CVE-2026-21821 | 2026-05-13 | The HCL BigFix SCM Reporting site contains an outdated and unsupported version of the jQuery 1.x library. Since jQuery 1.x has reached end-of-life and no longer receives security updates, it may expos… |
| CVE-2026-41468 | 2026-04-22 | Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives. When combined with template injection present in the same application, these pr… |
| CVE-2025-55277 | 2026-03-26 | HCL Aftermarket DPC is affected by Use of Vulnerable/Outdated Versions vulnerability using which an attacker may make use of the exploits available across the internet and craft attacks against the ap… |
| CVE-2025-20010 | 2025-11-11 | Use of unmaintained third party components for some Intel(R) Processor Identification Utility before version 8.0.43 within Ring 3: User Applications may allow an escalation of privilege. System softwa… |
| CVE-2025-12104 | 2025-10-23 | Outdated and Vulnerable UI Dependencies might potentially lead to exploitation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. |
| CVE-2025-52658 | 2025-10-03 | HCL MyXalytics is affected by the use of vulnerable/outdated versions which can expose the application to known security risks that could be exploited. |
| CVE-2025-34193 | 2025-09-19 | Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413 include Windows client components (PrinterInstallerClientInterface.ex… |
| CVE-2025-34192 | 2025-09-19 | Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.893 and Application versions prior to 20.0.2140 (macOS/Linux client deployments) are built against OpenSSL 1.0.2h-fip… |
| CVE-2025-10220 | 2025-09-10 | Use of Unmaintained Third Party Components (CWE-1104) in the NuGet dependency components in AxxonSoft Axxon One VMS 2.0.0 through 2.0.4 on Windows allows a remote attacker to execute arbitrary code or… |
| CVE-2025-48862 | 2025-08-14 | Ambiguous wording in the web interface of the ctrlX OS setup mechanism could lead the user to believe that the backup file is encrypted when a password is set. However, only the private key - if avail… |
| CVE-2025-3497 | 2025-07-09 | The Linux distribution underlying the Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1.20) is obsolete and reached end of life (EOL) on June 30, 2024. Thus, any unmitigated vulnerability could be … |
| CVE-2025-40906 | 2025-05-16 | BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities. Those include CVE-2017-14227, CVE-2018-16790, CVE-2023-0437, CVE-2024-6381, CVE-2024-… |
| CVE-2024-11999 | 2024-12-17 | CWE-1104: Use of Unmaintained Third-Party Components vulnerability exists that could cause complete control of the device when an authenticated user installs malicious code into HMI product. |
| CVE-2024-8885 | 2024-10-02 | A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption 2024.2.0 and older allows writing of arbitrary files. |
| CVE-2024-35252 | 2024-06-11 | Azure Storage Movement Client Library Denial of Service Vulnerability |
| CVE-2024-21631 | 2024-01-03 | Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor's `vapor_urlparser_parse` function uses `uint16_t` indexes when parsing a URI's components, which may cause integer overflows w… |
| CVE-2023-7102 | 2023-12-24 | Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 t… |
| CVE-2021-22142 | 2023-11-22 | Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbit… |
| CVE-2022-46871 | 2022-12-22 | An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox < 108. |
| Date | Name | Version | Importance | Comment |
|---|---|---|---|---|
| 2021-10-28 | CWE Content Team | 4.6 | — | updated Relationships |
| 2022-04-28 | CWE Content Team | 4.7 | — | updated References, Relationships |
| 2022-10-13 | CWE Content Team | 4.9 | — | updated References |
| 2023-01-31 | CWE Content Team | 4.10 | — | updated Applicable_Platforms, Description, Relationships |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated Relationships |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |
| 2025-12-11 | CWE Content Team | 4.19 | — | updated Applicable_Platforms, Common_Consequences, Description, Detection_Factors, Diagram, Relationships, Time_of_Introduction |
| 2026-04-30 | CWE Content Team | 4.20 | — | updated Observed_Examples |