VYPR

CWE-400

Uncontrolled Resource Consumption

ClassDraftLikelihood: High

Description

The product does not properly control the allocation and maintenance of a limited resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-147 · CAPEC-227 · CAPEC-492

CVEs mapped to this weakness (1,853)

page 72 of 93
  • CVE-2026-10692MedJun 3, 2026
    risk 0.21cvss 4.3epss 0.00

    A weakness has been identified in johnhuang316 code-index-mcp up to 2.14.0. Affected is the function is_safe_regex_pattern of the component search_code_advanced. Executing a manipulation of the argument regex can lead to inefficient regular expression complexity. It is possible…

  • CVE-2026-10691MedJun 3, 2026
    risk 0.21cvss 4.3epss 0.00

    A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component start_search. Performing a manipulation of the argument SearchResult[] results in inefficient regular…

  • CVE-2026-10291MedJun 1, 2026
    risk 0.21cvss 4.3epss 0.00

    A security vulnerability has been detected in Enderfga claw-orchestrator up to 3.7.0. The impacted element is the function validateRegex of the file claw-orchestrator/src/embedded-server.ts of the component Session Grep Endpoint. The manipulation of the argument body.pattern…

  • CVE-2026-27857MedMar 27, 2026
    risk 0.21cvss 4.3epss 0.01

    Sending "NOOP (((...)))" command with 4000 parenthesis open+close results in ~1MB extra memory usage. Longer commands will result in client disconnection. This 1 MB can be left allocated for longer time periods by not sending the command ending LF. So attacker could connect…

  • CVE-2025-11274LowOct 5, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was determined in Open Asset Import Library Assimp 6.0.2. Affected is the function Q3DImporter::InternReadFile of the file assimp/code/AssetLib/Q3D/Q3DLoader.cpp. This manipulation causes allocation of resources. The attack is restricted to local execution. The…

  • CVE-2025-26697LowAug 12, 2025
    risk 0.21cvss 3.3epss 0.00

    Uncontrolled resource consumption in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable denial of service.

  • CVE-2025-6817LowJun 28, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5C__load_entry of the file /src/H5Centry.c. The manipulation leads to resource consumption. The attack needs to be approached locally. The exploit has been…

  • CVE-2025-6274LowJun 19, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been classified as problematic. Affected is the function OnDataCount of the file src/interp/binary-reader-interp.cc. The manipulation leads to resource consumption. Attacking locally is a requirement. The exploit…

  • CVE-2025-5895MedJun 9, 2025
    risk 0.21cvss 4.3epss 0.01

    A vulnerability was found in Metabase 54.10. It has been classified as problematic. This affects the function parseDataUri of the file frontend/src/metabase/lib/dom.js. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack…

  • CVE-2025-5891MedJun 9, 2025
    risk 0.21cvss 4.3epss 0.01

    A vulnerability classified as problematic was found in Unitech pm2 up to 6.0.6. This vulnerability affects unknown code of the file /lib/tools/Config.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. The exploit has…

  • CVE-2024-6126LowJul 3, 2024
    risk 0.21cvss 3.2epss 0.00

    A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which leads to a denial of service (DoS) attack.

  • CVE-2023-29333LowMay 9, 2023
    risk 0.21cvss 3.3epss 0.01

    Microsoft Access Denial of Service Vulnerability

  • CVE-2022-21733MedFeb 3, 2022
    risk 0.21cvss 4.3epss 0.01

    Tensorflow is an Open Source Machine Learning Framework. The implementation of `StringNGrams` can be used to trigger a denial of service attack by causing an out of memory condition after an integer overflow. We are missing a validation on `pad_witdh` and that result in…

  • CVE-2022-21732MedFeb 3, 2022
    risk 0.21cvss 4.3epss 0.01

    Tensorflow is an Open Source Machine Learning Framework. The implementation of `ThreadPoolHandle` can be used to trigger a denial of service attack by allocating too much memory. This is because the `num_threads` argument is only checked to not be negative, but there is no upper…

  • CVE-2021-29433MedApr 15, 2021
    risk 0.21cvss 4.3epss 0.01

    Sydent is a reference Matrix identity server. In Sydent versions 2.2.0 and prior, sissing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. A patch for…

  • CVE-2021-21274MedFeb 26, 2021
    risk 0.21cvss 4.3epss 0.02

    Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large…

  • CVE-2025-5031LowMay 21, 2025
    risk 0.20cvss 3.1epss 0.00

    A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing of the component wxapkg File Decompression Handler. The manipulation leads to resource consumption. The attack may be initiated remotely. The…

  • CVE-2024-6501LowJul 9, 2024
    risk 0.20cvss 3.1epss 0.00

    A flaw was found in NetworkManager. When a system running NetworkManager with DEBUG logs enabled and an interface eth1 configured with LLDP enabled, a malicious user could inject a malformed LLDP packet. NetworkManager would crash, leading to a denial of service.

  • CVE-2024-6434LowJul 4, 2024
    risk 0.20cvss 3.1epss 0.01

    The Premium Addons for Elementor plugin for WordPress is vulnerable to Regular Expression Denial of Service (ReDoS) in all versions up to, and including, 4.10.35. This is due to processing user-supplied input as a regular expression. This makes it possible for authenticated…

  • CVE-2021-3912MedNov 11, 2021
    risk 0.20cvss 4.2epss 0.01

    OctoRPKI tries to load the entire contents of a repository in memory, and in the case of a GZIP bomb, unzip it in memory, making it possible to create a repository that makes OctoRPKI run out of memory (and thus crash).