VYPR

CWE-400

Uncontrolled Resource Consumption

ClassDraftLikelihood: High

Description

The product does not properly control the allocation and maintenance of a limited resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-147 · CAPEC-227 · CAPEC-492

CVEs mapped to this weakness (1,853)

page 59 of 93
  • CVE-2016-0747MedFeb 15, 2016
    risk 0.35cvss 5.3epss 0.08

    The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.

  • CVE-2006-6017MedNov 21, 2006
    risk 0.35cvss 6.5epss 0.02

    WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized…

  • CVE-2026-48043MedJun 12, 2026
    risk 0.34cvss 5.3epss 0.01

    Netty is a network application framework for development of protocol servers and clients. In netty-codec-http2 prior to versions 4.1.135.Final and 4.2.15.Final, the `DelegatingDecompressorFrameListener` class orchestrates HTTP/2 decompression by embedding a per-stream…

  • CVE-2026-47244MedJun 12, 2026
    risk 0.34cvss 5.3epss 0.00

    Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, DefaultHttp2Connection.DefaultEndpoint initialises maxActiveStreams/maxStreams to Integer.MAX_VALUE, and Http2Settings never inserts…

  • CVE-2026-45664MedJun 10, 2026
    risk 0.34cvss 5.3epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, because of a missing check in the MNG coder it would be possible to read more images than the list limit policy would allow resulting in…

  • CVE-2026-45031MedJun 10, 2026
    risk 0.34cvss 5.3epss 0.01

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, due to a missing check in the PSD decoder it would be possible to bypass the list-length resource policy when decoding a PSD image. Other…

  • CVE-2026-10224MedJun 1, 2026
    risk 0.34cvss 5.3epss 0.00

    A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. This vulnerability affects the function _handle_webhook_request of the file gateway/platforms/feishu.py of the component Webhook Endpoint. Such manipulation leads to resource consumption.…

  • CVE-2026-46843MedMay 28, 2026
    risk 0.34cvss 5.3epss 0.00

    Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST Data Services. Successful attacks of…

  • CVE-2026-40016MedMay 12, 2026
    risk 0.34cvss 5.3epss 0.00

    Attacker can upload a malicious Sieve script over ManageSieve service (or locally) to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to degrade server performance and bypass configured CPU time limits for Sieve scripts.…

  • CVE-2026-8187MedMay 9, 2026
    risk 0.34cvss 5.3epss 0.01

    A flaw has been found in Open5GS up to 2.7.7. This impacts the function _gtpv1_u_recv_cb of the file src/upf/gtp-path.c of the component UPF. Executing a manipulation can lead to resource consumption. The attack may be performed from remote. The project was informed of the…

  • CVE-2026-42343MedMay 8, 2026
    risk 0.34cvss epss 0.00

    FastGPT is an AI Agent building platform. In versions 4.14.13 and prior, the code-sandbox component suffers from insufficient resource isolation and uncontrolled resource consumption. The service relies solely on an application-level soft limit (a 500ms polling interval) for…

  • CVE-2022-26523MedMay 8, 2026
    risk 0.34cvss 5.3epss 0.00

    The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti Rootkit driver before 22.1 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) due to a double fetch vulnerability at…

  • CVE-2026-22745MedApr 29, 2026
    risk 0.34cvss 5.3epss 0.00

    Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources. More precisely, an application can be vulnerable when all the following are true: * the application is using Spring MVC or Spring WebFlux * the application…

  • CVE-2026-31052MedApr 24, 2026
    risk 0.34cvss 5.3epss 0.01

    An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to cause a denial of service via the Checkout Authentication Flow component

  • CVE-2026-22021MedApr 21, 2026
    risk 0.34cvss 5.3epss 0.00

    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle…

  • CVE-2026-6777MedApr 21, 2026
    risk 0.34cvss 5.3epss 0.00

    Other issue in the Networking: DNS component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

  • CVE-2026-5986MedApr 9, 2026
    risk 0.34cvss 5.3epss 0.00

    A weakness has been identified in Zod jsVideoUrlParser up to 0.5.1. The impacted element is the function getTime in the library lib/util.js. This manipulation of the argument timestamp causes inefficient regular expression complexity. It is possible to initiate the attack…

  • CVE-2026-20676MedFeb 11, 2026
    risk 0.34cvss 5.3epss 0.00

    This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A website may be able to track users through Safari web extensions.

  • CVE-2026-20080MedJan 21, 2026
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in the SSH service of Cisco IEC6400 Wireless Backhaul Edge Compute Software could allow an unauthenticated, remote attacker to cause the SSH service to stop responding. This vulnerability exists because the SSH service lacks effective flood protection. An…

  • CVE-2025-9670MedAug 29, 2025
    risk 0.34cvss 5.3epss 0.00

    A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit…