VYPR

CWE-400

Uncontrolled Resource Consumption

ClassDraftLikelihood: High

Description

The product does not properly control the allocation and maintenance of a limited resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-147 · CAPEC-227 · CAPEC-492

CVEs mapped to this weakness (1,853)

page 11 of 93
  • CVE-2025-2586HigMar 31, 2025
    risk 0.49cvss 7.5epss 0.00

    A flaw was found in the OpenShift Lightspeed Service, which is vulnerable to unauthenticated API request flooding. Repeated queries to non-existent endpoints inflate metrics storage and processing, consuming excessive resources. This issue can lead to monitoring system…

  • CVE-2025-25374HigMar 25, 2025
    risk 0.49cvss 7.5epss 0.01

    In NASA cFS (Core Flight System) Aquila, it is possible to put the onboard software in a state that will prevent the launch of any external application, causing a platform denial of service.

  • CVE-2024-9229HigMar 20, 2025
    risk 0.49cvss 7.5epss 0.01

    A Denial of Service (DoS) vulnerability in the file upload feature of stangirard/quivr v0.0.298 allows unauthenticated attackers to cause excessive resource consumption by appending characters to the end of a multipart boundary in an HTTP request. This leads to the server…

  • CVE-2024-9056HigMar 20, 2025
    risk 0.49cvss 7.5epss 0.01

    BentoML version v1.3.4post1 is vulnerable to a Denial of Service (DoS) attack. The vulnerability can be exploited by appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request. This causes the server to continuously process each character,…

  • CVE-2024-12886HigMar 20, 2025
    risk 0.49cvss 7.5epss 0.01

    An Out-Of-Memory (OOM) vulnerability exists in the `ollama` server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP response, leading to the `ollama` server crashing. The vulnerability is present in the…

  • CVE-2024-12761HigMar 20, 2025
    risk 0.49cvss 7.5epss 0.01

    A Denial of Service (DoS) vulnerability exists in the brycedrennan/imaginairy repository, version 15.0.0. The vulnerability is present in the `/api/stablestudio/generate` endpoint, which can be exploited by sending an invalid request. This causes the server process to terminate…

  • CVE-2024-11043HigMar 20, 2025
    risk 0.49cvss 7.5epss 0.01

    A Denial of Service (DoS) vulnerability was discovered in the /api/v1/boards/{board_id} endpoint of invoke-ai/invokeai version v5.0.2. This vulnerability occurs when an excessively large payload is sent in the board_name field during a PATCH request. By sending a large payload,…

  • CVE-2024-10821HigMar 20, 2025
    risk 0.49cvss 7.5epss 0.01

    A Denial of Service (DoS) vulnerability in the multipart request boundary processing mechanism of the Invoke-AI server (version v5.0.1) allows unauthenticated attackers to cause excessive resource consumption. The server fails to handle excessive characters appended to the end…

  • CVE-2024-10713HigMar 20, 2025
    risk 0.49cvss 7.5epss 0.00

    A vulnerability in szad670401/hyperlpr v3.0 allows for a Denial of Service (DoS) attack. The server fails to handle excessive characters appended to the end of multipart boundaries, regardless of the character used. This flaw can be exploited by sending malformed multipart…

  • CVE-2024-57081HigFeb 5, 2025
    risk 0.49cvss 7.5epss 0.00

    A prototype pollution in the lib.fromQuery function of underscore-contrib v0.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

  • CVE-2024-57076HigFeb 5, 2025
    risk 0.49cvss 7.5epss 0.00

    A prototype pollution in the lib.post function of ajax-request v1.2.3 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

  • CVE-2024-57074HigFeb 5, 2025
    risk 0.49cvss 7.5epss 0.00

    A prototype pollution in the lib.merge function of xe-utils v3.5.31 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

  • CVE-2024-24424HigJan 21, 2025
    risk 0.49cvss 7.5epss 0.00

    A reachable assertion in the decode_access_point_name_ie function of Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.

  • CVE-2024-50953HigJan 15, 2025
    risk 0.49cvss 7.5epss 0.00

    An issue in XINJE XL5E-16T V3.7.2a allows attackers to cause a Denial of Service (DoS) via a crafted Modbus message.

  • CVE-2024-54730HigJan 14, 2025
    risk 0.49cvss 7.5epss 0.00

    Flatnotes <v5.3.1 is vulnerable to denial of service through the upload image function.

  • CVE-2024-56200HigDec 19, 2024
    risk 0.49cvss 8.6epss 0.01

    Altair is a fork of Misskey v12. Affected versions lack of request validation and lack of authentication in the image proxy for compressing and resizing remote files could allow attacks that could affect availability, such as by abnormally increasing the CPU usage of the server…

  • CVE-2024-48989HigNov 13, 2024
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in the PROFINET stack implementation of the IndraDrive (all versions) of Bosch Rexroth allows an attacker to cause a denial of service, rendering the device unresponsive by sending arbitrary UDP messages.

  • CVE-2024-47850HigOct 4, 2024
    risk 0.49cvss 7.5epss 0.01

    CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be…

  • CVE-2024-43647HigSep 10, 2024
    risk 0.49cvss 7.5epss 0.01

    A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20…

  • CVE-2024-21526HigJul 10, 2024
    risk 0.49cvss 7.5epss 0.01

    All versions of the package speaker are vulnerable to Denial of Service (DoS) when providing unexpected input types to the channels property of the Speaker object makes it possible to reach an assert macro. Exploiting this vulnerability can lead to a process crash.