CWE · MITRE source
CWE-909Missing Initialization of Resource
The product does not initialize a critical resource.
Many resources require initialization before they can be properly used. If a resource is not initialized, it could contain unpredictable or expired data, or it could be initialized to defaults that are invalid. This can have security implications when the resource is expected to have certain properties or values.
Last updated: 09 May 2026 03:25 UTC
NIST 800-53 r5 controls that address this weakness (0)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
| No NIST controls proposed yet. | |||
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2019-9639 | 2.4 | 7.5 | 0.1454 | 2019-03-09 |
CVE-2018-1000224 | 2.3 | 7.5 | 0.1316 | 2018-08-20 |
CVE-2020-16932 | 2.1 | 7.8 | 0.0961 | 2020-10-16 |
CVE-2022-22704 | 2.0 | 9.8 | 0.0042 | 2022-01-06 |
CVE-2024-8178 | 1.9 | 8.8 | 0.0296 | 2024-09-05 |
CVE-2018-10811 | 1.8 | 7.5 | 0.0556 | 2018-06-19 |
CVE-2019-3804 | 1.8 | 7.5 | 0.0431 | 2019-03-26 |
CVE-2019-12410 | 1.8 | 7.5 | 0.0528 | 2019-11-08 |
CVE-2020-11741 | 1.8 | 8.8 | 0.0011 | 2020-04-14 |
CVE-2019-25016 | 1.8 | 8.8 | 0.0102 | 2021-01-28 |
CVE-2021-23994 | 1.8 | 8.8 | 0.0035 | 2021-06-24 |
CVE-2021-29980 | 1.8 | 8.8 | 0.0041 | 2021-08-17 |
CVE-2019-12408 | 1.7 | 7.5 | 0.0292 | 2019-11-08 |
CVE-2022-29968 | 1.7 | 7.8 | 0.0166 | 2022-05-02 |
CVE-2005-1036 | 1.6 | 7.8 | 0.0011 | 2005-05-02 |
CVE-2018-14647 | 1.6 | 7.5 | 0.0125 | 2018-09-25 |
CVE-2019-16714 | 1.6 | 7.5 | 0.0112 | 2019-09-23 |
CVE-2018-21247 | 1.6 | 7.5 | 0.0148 | 2020-06-17 |
CVE-2020-0438 | 1.6 | 7.8 | 0.0001 | 2020-11-10 |
CVE-2021-1405 | 1.6 | 7.5 | 0.0149 | 2021-04-08 |
CVE-2021-23386 | 1.6 | 7.7 | 0.0045 | 2021-05-20 |
CVE-2024-43873 | 1.6 | 7.8 | 0.0002 | 2024-08-21 |
CVE-2024-9780 | 1.6 | 7.8 | 0.0005 | 2024-10-10 |
CVE-2019-19553 | 1.5 | 7.5 | 0.0066 | 2019-12-05 |
CVE-2021-31919 | 1.5 | 7.5 | 0.0035 | 2021-04-30 |