CWE-459 191 個 CVE MITRE 定義 ↗

CWE-459:Incomplete Cleanup

概覽

CWE-459(Incomplete Cleanup)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

The product does not properly "clean up" and remove temporary or supporting resources after they have been used.

適用平台

類型 名稱 普遍性 OS / CPE
language Not Language-Specific Undetermined

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2026-7639 2026-07-10 Software installed and run as a non-privileged user may conduct a sequence of improper GPU system calls causing use after free, which helps in facilitating unprivileged memory access from a shader cod…
CVE-2026-11576 2026-06-19 The security fix for CVE-2025-0728 in eclipse-threadx NetX Duo refactors error handling in the HTTP server PUT process to use a shared cleanup label, but this unified cleanup path unconditionally call…
CVE-2026-5038 2026-06-15 Impact: multer versions 2.0.0-alpha.1 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service when using diskStorage. Aborted or malformed multipart uploads leave orphaned partial files …
CVE-2026-53867 2026-06-12 Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remove them. Attackers can access orphaned image files through previously generated …
CVE-2026-33232 2026-05-18 AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.4.2 through 0.6.51 are vulnerable to an unauthenticated Denial of …
CVE-2026-0427 2026-05-14 Improper cleanup of shared register resources in GPU firmware could allow an admin-privileged attacker from a Guest Virtual machine (VM) to access these shared resources from another Guest VM, potenti…
CVE-2026-34263 2026-05-11 Due to improper Spring Security configuration, SAP Commerce Cloud allows an unauthenticated user to perform malicious input injection, resulting in arbitrary server-side code execution, leading to hig…
CVE-2026-43395 2026-05-08 In the Linux kernel, the following vulnerability has been resolved: drm/xe/sync: Cleanup partially initialized sync on parse failure xe_sync_entry_parse() can allocate references (syncobj, fence, ch…
CVE-2025-66467 2026-05-08 Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously owned. If another user creates a new bucket with the same name, the…
CVE-2026-35361 2026-04-22 The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before setting the SELinux context. If labeling fails, the utility attempts cleanup using std:…
CVE-2026-6830 2026-04-21 nesquena hermes-webui contains an environment variable leakage vulnerability where profile switching does not clear environment variables from the previously active profile before loading the next pro…
CVE-2026-28268 2026-02-27 Vikunja is an open-source self-hosted task management platform. Versions prior to 2.1.0 have a business logic vulnerability exists in the password reset mechanism of vikunja/api that allows password r…
CVE-2026-3304 2026-02-27 Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by sending malformed request…
CVE-2026-28196 2026-02-25 In JetBrains TeamCity before 2025.11.3 disabling versioned settings left a credentials config on disk
CVE-2026-21438 2026-02-12 webtransport-go is an implementation of the WebTransport protocol. Prior to 0.10.0, an attacker can cause unbounded memory consumption repeatedly creating and closing many WebTransport streams. Closed…
CVE-2025-15331 2026-02-05 Tanium addressed an uncontrolled resource consumption vulnerability in Connect.
CVE-2025-66675 2025-12-10 Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.…
CVE-2025-64775 2025-12-01 Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.…
CVE-2025-29934 2025-11-21 A bug within some AMD CPUs could allow a local admin-privileged attacker to run a SEV-SNP guest using stale TLB entries, potentially resulting in loss of data integrity.
CVE-2025-60730 2025-10-24 PerfreeBlog v4.0.11 has an arbitrary file deletion vulnerability in the unInstallTheme function

內容提交

名稱
PLOVER
日期
2006-07-19
版本
Draft 3

內容修訂

日期 名稱 版本 重要性 評論
2008-07-01 Sean Eidemiller 1.0 added/updated demonstrative examples
2008-07-01 Eric Dalci 1.0 updated Time_of_Introduction
2008-09-08 CWE Content Team 1.0 updated Relationships, Other_Notes, Taxonomy_Mappings
2009-05-27 CWE Content Team 1.4 updated Relationship_Notes, Relationships
2011-06-01 CWE Content Team 1.13 updated Common_Consequences, Relationships, Taxonomy_Mappings
2012-05-11 CWE Content Team 2.2 updated Relationships, Taxonomy_Mappings
2012-10-30 CWE Content Team 2.3 updated Potential_Mitigations
2014-06-23 CWE Content Team 2.7 updated Common_Consequences, Other_Notes, Relationship_Notes
2014-07-30 CWE Content Team 2.8 updated Relationships, Taxonomy_Mappings
2017-11-08 CWE Content Team 3.0 updated Applicable_Platforms, Taxonomy_Mappings
2019-01-03 CWE Content Team 3.2 updated Relationships, Taxonomy_Mappings
2019-06-20 CWE Content Team 3.3 updated Relationships
2020-08-20 CWE Content Team 4.2 updated Relationships
2023-01-31 CWE Content Team 4.10 updated Description
2023-04-27 CWE Content Team 4.11 updated Detection_Factors, Relationships, Time_of_Introduction
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2025-12-11 CWE Content Team 4.19 updated Weakness_Ordinalities
cvelogic Threat Intelligence