VYPR

CWE-400

Uncontrolled Resource Consumption

ClassDraftLikelihood: High

Description

The product does not properly control the allocation and maintenance of a limited resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-147 · CAPEC-227 · CAPEC-492

CVEs mapped to this weakness (1,853)

page 2 of 93
  • CVE-2018-6389HigFeb 6, 2018
    risk 0.58cvss 7.5epss 0.73

    In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.

  • CVE-2017-5637HigOct 10, 2017
    risk 0.58cvss 7.5epss 0.74

    Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue,…

  • CVE-2026-45169HigJun 12, 2026
    risk 0.57cvss epss 0.00

    Idira Privileged Access Manager (PAM) Self-Hosted Vault versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8 exhibit a validation vulnerability. Under specific circumstances and configuration scenarios, processing unexpected input could potentially lead to an unexpected service…

  • CVE-2023-53873HigDec 15, 2025
    risk 0.57cvss epss 0.00

    SyncBreeze 15.2.24 contains a denial of service vulnerability in the login authentication mechanism that allows attackers to crash the service. Attackers can send an oversized password parameter with repeated 'password=' values to overwhelm the login endpoint and potentially…

  • CVE-2024-58306HigDec 11, 2025
    risk 0.57cvss epss 0.00

    minaliC 2.0.0 contains a denial of service vulnerability that allows remote attackers to crash the web server by sending oversized GET requests. Attackers can send crafted HTTP requests with excessive data to overwhelm the server and cause service interruption.

  • CVE-2020-36872HigNov 26, 2025
    risk 0.57cvss epss 0.00

    BACnet Test Server versions up to and including 1.01 contains a remote denial of service vulnerability in its BACnet/IP BVLC packet handling. The server fails to properly validate the BVLC Length field in incoming UDP BVLC frames on the default BACnet port (47808/udp). A remote…

  • CVE-2021-4467HigNov 14, 2025
    risk 0.57cvss epss 0.00

    Positive Technologies MaxPatrol 8 and XSpider contain a remote denial-of-service vulnerability in the client communication service on TCP port 2002. The service generates a new session identifier for each incoming connection without adequately limiting concurrent requests. An…

  • CVE-2021-4465HigNov 14, 2025
    risk 0.57cvss epss 0.00

    ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro), 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 contain a remote denial-of-service vulnerability. The device can be shut down or rebooted by an unauthenticated attacker through a single crafted HTTP…

  • CVE-2023-7326HigNov 12, 2025
    risk 0.57cvss epss 0.00

    The Epson Stylus SX510W embedded web management service fails to properly handle consecutive ampersand characters in query parameters when accessing /PRESENTATION/HTML/TOP/INDEX.HTML. A remote attacker can send a malformed request that triggers improper input parsing or memory…

  • CVE-2025-41360HigJun 6, 2025
    risk 0.57cvss epss 0.00

    Uncontrolled resource consumption vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. The device is vulnerable to a packet flooding denial of service attack.

  • CVE-2024-10345HigNov 11, 2024
    risk 0.57cvss epss 0.00

    In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Karol Więsek.

  • CVE-2024-10344HigNov 11, 2024
    risk 0.57cvss epss 0.00

    In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the refuse function was identified. Reported by Karol Więsek.

  • CVE-2024-10314HigNov 11, 2024
    risk 0.57cvss epss 0.00

    In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the auto-generation function was identified. Reported by Karol Więsek.

  • CVE-2015-4412CriFeb 5, 2018
    risk 0.57cvss 9.8epss 0.05

    BSON injection vulnerability in the legal? function in BSON (bson-ruby) gem before 3.0.4 for Ruby allows remote attackers to cause a denial of service (resource consumption) or inject arbitrary data via a crafted string.

  • CVE-2025-10470HigMay 11, 2026
    risk 0.56cvss 8.6epss 0.00

    The Magic Link authentication flow accepts multiple invalid authentication requests without adequate rate limiting or resource control, leading to uncontrolled memory usage growth. This vulnerability can result in a denial-of-service condition, causing service unavailability…

  • CVE-2023-20125HigNov 15, 2024
    risk 0.56cvss 8.6epss 0.01

    A vulnerability in the local interface of Cisco BroadWorks Network Server could allow an unauthenticated, remote attacker to exhaust system resources, causing a denial of service (DoS) condition. This vulnerability exists because rate limiting does not occur for certain…

  • CVE-2018-15377HigOct 5, 2018
    risk 0.56cvss 8.6epss 0.02

    A vulnerability in the Cisco Network Plug and Play agent, also referred to as the Cisco Open Plug-n-Play agent, of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due…

  • CVE-2018-16132HigAug 29, 2018
    risk 0.56cvss 8.6epss 0.01

    The image rendering component (createGenericPreview) of the Open Whisper Signal app through 2.29.0 for iOS fails to check for unreasonably large images before manipulating received images. This allows for a large image sent to a user to exhaust all available memory when the…

  • CVE-2018-0418HigAug 15, 2018
    risk 0.56cvss 8.6epss 0.04

    A vulnerability in the Local Packet Transport Services (LPTS) feature set of Cisco ASR 9000 Series Aggregation Services Router Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to…

  • CVE-2018-0410HigAug 15, 2018
    risk 0.56cvss 8.6epss 0.04

    A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected system. The vulnerability exists…