CWE-672

Operation on a Resource after Expiration or Release

Parent: CWE-666 - Operation on Resource in Wrong Phase of Lifetime

The product uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.

78 vulnerabilities with CWE-672
CVE-2026-2379 MEDIUM
Arista EOS IPsec Tunnel Sequence Number Mismatch via Interface Flaps when Anti-Replay is Disabled
CVSS 5.9
CVE-2026-33463 MEDIUM
Operation on a Resource after Expiration or Termination in Kibana Leading to Unauthorized File Access
CVSS 5.3
CVE-2026-42791 LOW
OCSP responder certificate validity period not checked in public_key
CVSS 3.7
CVE-2026-33278 CRITICAL
Unbound 1.19.1-1.25.0 - Use-After-Free in DNSSEC Validator via Deep Copy Pointer Overwrite
CVSS 9.8
CVE-2026-32244 MEDIUM
Discourse: Cached outdated summaries can leak removed content
CVSS 5.3
CVE-2026-4053 LOW
post edit time limit is not enforced on some post update operations
CVSS 3.1
CVE-2026-45005 MEDIUM
OpenClaw < 2026.4.23 - Webhook Route Secret Cache Not Invalidated After Rotation
CVSS 6.0
CVE-2026-43585 HIGH
OpenClaw < 2026.4.15 - Bearer Token Validation Bypass via Stale SecretRef Resolution
CVSS 8.1
CVE-2026-1629 MEDIUM
Permalink Preview Information Disclosure After Permission Revocation
CVSS 4.3
CVE-2026-31875 MEDIUM
Parse Server <9.6.0-alpha.7/8.6.33 - Auth Bypass
CVSS 5.9
CVE-2026-30978 HIGH
iccdev < 2.3.1.5 - Use-After-Free in CIccCmm::AddXform()
CVSS 7.8
CVE-2026-1237 LOW
juju - Improper Verification of Cryptographic Signature in Cross-Model Authorization
CVE-2025-69415 HIGH
Plex Media Server <1.42.2.10156 - Info Disclosure
CVSS 7.1
CVE-2025-58149 HIGH
Xen >=4.0.0 - Use-After-Free in PCI Device Detach Logic
CVSS 7.5
CVE-2025-55669 HIGH
BIG-IP ASM 16.1.0-16.1.5 - Denial of Service via HTTP/2 Traffic
CVSS 7.5
CVE-2025-10060 MEDIUM
MongoDB Server <6.0.25-8.0.12 - Info Disclosure
CVSS 6.5
CVE-2025-39698 MEDIUM
Linux Kernel - Use-After-Free in io_uring/futex
CVSS 5.5
CVE-2025-53901 LOW
Wasmtime <24.0.4, 33.0.2, 34.0.2 - Memory Corruption
CVSS 3.5
CVE-2025-38290 MEDIUM
Linux Kernel 6.3-6.6.93, 6.7-6.12.33, 6.13-6.15.2 - Use-After-Free in ath12k WLAN Recovery
CVSS 5.5
CVE-2025-6031 HIGH
Amazon Cloud Cam - Unauthenticated SSL Pinning Bypass via Deprecated Remote Service
CVSS 7.5
CVE-2025-31253 HIGH
iPadOS < 18.5 - Use-After-Free in FaceTime Microphone Mute
CVSS 7.1
CVE-2025-2517 LOW
OpenText ArcSight - Info Disclosure
CVE-2025-30351 LOW
Directus <11.5.0 - Privilege Escalation
CVSS 3.5
CVE-2025-21117 MEDIUM
Dell Avamar >=19.4 - Privilege Escalation
CVSS 6.6
CVE-2025-22149 LOW
MicahParks jwkset 0.5.0-0.5.x - Use-After-Free in Auto-Caching HTTP Client
Details
Vulnerabilities 78
Links
MITRE CWE Entry Search this CWE With Exploits