VYPR

CWE-400

Uncontrolled Resource Consumption

ClassDraftLikelihood: High

Description

The product does not properly control the allocation and maintenance of a limited resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-147 · CAPEC-227 · CAPEC-492

CVEs mapped to this weakness (1,853)

page 60 of 93
  • CVE-2025-6493MedJun 22, 2025
    risk 0.34cvss 5.3epss 0.00

    A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown Mode. This manipulation causes inefficient regular expression complexity. It is possible to initiate the attack remotely.…

  • CVE-2025-6492MedJun 22, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability has been found in MarkText up to 0.17.1 and classified as problematic. Affected by this vulnerability is the function getRecommendTitleFromMarkdownString of the file marktext/src/main/utils/index.js. The manipulation leads to inefficient regular expression…

  • CVE-2025-32472MedApr 28, 2025
    risk 0.34cvss 5.3epss 0.01

    The multiScan and picoScan are vulnerable to a denial-of-service (DoS) attack. A remote attacker can exploit this vulnerability by conducting a Slowloris-type attack, causing the web page to become unresponsive.

  • CVE-2024-23814MedFeb 11, 2025
    risk 0.34cvss 5.3epss 0.01

    The integrated ICMP service of the network stack of affected devices can be forced to exhaust its available memory resources when receiving specially crafted messages targeting IP fragment re-assembly. This could allow an unauthenticated remote attacker to cause a temporary…

  • CVE-2024-38828MedNov 18, 2024
    risk 0.34cvss 5.3epss 0.01

    Spring MVC controller methods with an @RequestBody byte[] method parameter are vulnerable to a DoS attack.

  • CVE-2024-38826MedNov 11, 2024
    risk 0.34cvss epss 0.00

    Authenticated users can upload specifically crafted files to leak server resources. This behavior can potentially be used to run a denial of service attack against Cloud Controller. The Cloud Foundry project recommends upgrading the following releases: * Upgrade capi…

  • CVE-2024-33498MedMay 14, 2024
    risk 0.34cvss 5.3epss 0.01

    A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating…

  • CVE-2017-15345MedFeb 15, 2018
    risk 0.34cvss 5.3epss 0.00

    Huawei Smartphones with software LON-L29DC721B186 have a denial of service vulnerability. An attacker could make an loop exit condition that cannot be reached by sending the crafted 3GPP message. Successful exploit could cause the device to reboot.

  • CVE-2026-35406MedApr 7, 2026
    risk 0.33cvss 6.2epss 0.00

    Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable infinite error loop at 100% CPU. This vulnerability is fixed in 1.17.1.

  • CVE-2024-5569MedJul 9, 2024
    risk 0.33cvss 6.2epss 0.00

    A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython,…

  • CVE-2023-35925MedJun 23, 2023
    risk 0.33cvss 6.2epss 0.00

    FastAsyncWorldEdit (FAWE) is designed for efficient world editing. This vulnerability enables the attacker to select a region with the `Infinity` keyword (case-sensitive!) and executes any operation. This has a possibility of bringing the performing server down. This issue has…

  • CVE-2023-25153MedFeb 16, 2023
    risk 0.33cvss 6.2epss 0.00

    containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of…

  • CVE-2026-45802MedJun 11, 2026
    risk 0.32cvss epss 0.00

    FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. Prior to version 2.6.7, an attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion…

  • CVE-2026-11790MedJun 9, 2026
    risk 0.32cvss 4.9epss 0.00

    A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password storage plugin does not enforce an upper bound on the iteration count extracted from stored password hashes. A privileged attacker who can modify a user's password hash can cause excessive CPU consumption…

  • CVE-2026-28967MedMay 11, 2026
    risk 0.32cvss 4.9epss 0.00

    A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4. An attacker in a privileged network position may be able to cause a denial-of-service.

  • CVE-2026-34304MedApr 21, 2026
    risk 0.32cvss 4.9epss 0.00

    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to…

  • CVE-2026-34293MedApr 21, 2026
    risk 0.32cvss 4.9epss 0.00

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. …

  • CVE-2026-34278MedApr 21, 2026
    risk 0.32cvss 4.9epss 0.00

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL…

  • CVE-2026-34267MedApr 21, 2026
    risk 0.32cvss 4.9epss 0.00

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL…

  • CVE-2026-22005MedApr 21, 2026
    risk 0.32cvss 4.9epss 0.00

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple…