CWE-908

Medium likelihood

Use of Uninitialized Resource

Parent: CWE-665 - Improper Initialization

The product uses or accesses a resource that has not been initialized.

761 vulnerabilities with CWE-908
CVE-2026-42969 MEDIUM
Microsoft Windows 10 Version 1607 - Windows Push Notification Information Disclosure Vulnerability
CVSS 5.5
CVE-2026-48104 MEDIUM
GHSL-2026-120: 7-Zip SquashFS BlockToNode uninitialized heap read
CVSS 4.2
CVE-2026-48101 MEDIUM
GHSL-2026-117: 7-Zip UEFI Capsule uninitialized heap memory disclosure
CVSS 6.5
CVE-2026-11089 MEDIUM
Google Chrome - Use of Uninitialized Variable
CVSS 6.5
CVE-2026-26825 MEDIUM
libxls 1.6.3 - Use-After-Free in xls_parseWorkBook
CVSS 5.3
CVE-2026-46257 MEDIUM
clocksource/drivers/timer-sp804: Fix an Oops when read_current_timer is called on ARM32 platforms where the SP804 is not registered as the sched_clock.
CVSS 5.5
CVE-2026-46186 MEDIUM
Bluetooth: virtio_bt: validate rx pkt_type header length
CVSS 5.5
CVE-2026-46169 MEDIUM
hfsplus: fix uninit-value by validating catalog record size
CVSS 5.5
CVE-2026-46167 MEDIUM
usb: usblp: fix uninitialized heap leak via LPGETSTATUS ioctl
CVSS 5.5
CVE-2026-47272 HIGH
pam_usb: OTP pad authentication bypass via missing system pad check and uninitialized RNG buffer
CVSS 7.1
CVE-2026-32814 MEDIUM
libheif: Uninitialized Heap Memory Information Leak via Failed Grid Tiles
CVSS 6.5
CVE-2026-45736 MEDIUM
Node.js ws - Uninitialized Memory Disclosure
CVSS 4.4
CVE-2026-40364 HIGH
Microsoft Word Remote Code Execution Vulnerability
CVSS 8.4
CVE-2026-43474 MEDIUM
fs: init flags_valid before calling vfs_fileattr_get
CVSS 5.5
CVE-2026-43472 MEDIUM
unshare: fix unshare_fs() handling
CVSS 5.5
CVE-2026-43456 HIGH
bonding: fix type confusion in bond_setup_by_slave()
CVSS 7.8
CVE-2026-43405 HIGH
libceph: Use u32 for non-negative values in ceph_monmap_decode()
CVSS 7.5
CVE-2026-43349 MEDIUM
f2fs: fix to avoid uninit-value access in f2fs_sanity_check_node_footer
CVSS 5.5
CVE-2026-43291 HIGH
net: nfc: nci: Fix parameter validation for packet data
CVSS 8.3
CVE-2026-43288 MEDIUM
ext4: move ext4_percpu_param_init() before ext4_mb_init()
CVSS 5.5
CVE-2026-43221 MEDIUM
ipmi: ipmb: initialise event handler read bytes
CVSS 5.5
CVE-2026-43160 MEDIUM
mfd: macsmc: Initialize mutex
CVSS 5.5
CVE-2026-43139 HIGH
xfrm6: fix uninitialized saddr in xfrm6_get_saddr()
CVSS 8.6
CVE-2026-43036 MEDIUM
net: use skb_header_pointer() for TCPv4 GSO frag_off check
CVSS 5.5
CVE-2026-43035 MEDIUM
net: sched: cls_api: fix tc_chain_fill_node to initialize tcm_info to zero to prevent an info-leak
CVSS 5.5
Details
Vulnerabilities 761
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits