VYPR

CWE-400

Uncontrolled Resource Consumption

ClassDraftLikelihood: High

Description

The product does not properly control the allocation and maintenance of a limited resource.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-147 · CAPEC-227 · CAPEC-492

CVEs mapped to this weakness (1,853)

page 8 of 93
  • CVE-2026-23824HigMay 12, 2026
    risk 0.49cvss 7.5epss 0.00

    Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages to the affected service. Due to insufficient input validation, successful…

  • CVE-2026-28908HigMay 11, 2026
    risk 0.49cvss 7.5epss 0.00

    A denial of service issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to modify protected parts of the file system.

  • CVE-2026-28872HigMay 11, 2026
    risk 0.49cvss 7.5epss 0.00

    A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4. A remote attacker may be able to cause a denial-of-service.

  • CVE-2026-31247HigMay 11, 2026
    risk 0.49cvss 7.5epss 0.00

    Docling's JATS XML backend is vulnerable to XML Entity Expansion (XXE) attacks thru 2.61.0. The backend uses etree.parse() to parse XML files without disabling entity resolution. An attacker can craft a malicious XML file containing a nested entity expansion payload (XML Bomb).…

  • CVE-2024-27686HigMay 8, 2026
    risk 0.49cvss 7.5epss 0.01

    Mikrotik RouterOS (x86) 6.40.5 through 6.49.10 (fixed in 7) allows a remote attacker to cause a denial of service (device crash) via crafted packet data to the SMB service on TCP port 445.

  • CVE-2025-65122HigMay 7, 2026
    risk 0.49cvss 7.5epss 0.00

    Regex Denial of Service in youtube-regex npm package through version 1.0.5.

  • CVE-2026-42467HigMay 1, 2026
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe (2025-11-30) in SAE_J1939_Read_Binary_Data_Transfer_DM16 causing a denial of service via crafted CAN frame on the J1939 bus.

  • CVE-2026-42403HigMay 1, 2026
    risk 0.49cvss 7.5epss 0.01

    Apache Neethi does not properly detect circular references in policy definitions. When a WS-Policy document contains circular policy references (where Policy A references Policy B which references Policy A), the policy normalization process can enter an infinite loop or cause…

  • CVE-2026-42402HigMay 1, 2026
    risk 0.49cvss 7.5epss 0.01

    Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization. Specially crafted WS-Policy documents can trigger an exponential Cartesian cross-product expansion during the normalization process, causing unbounded memory…

  • CVE-2025-46115HigApr 30, 2026
    risk 0.49cvss 7.5epss 0.00

    An issue in open5gs v.2.7.3 allows a remote attacker to cause a denial of service via a crafted PDU Session Modification Request

  • CVE-2026-36958HigApr 30, 2026
    risk 0.49cvss 7.5epss 0.00

    A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wireless router. By sending a large number of concurrent HTTP requests to random or non-existent endpoints on the web management interface, an attacker can exhaust system resources in the embedded Boa HTTP…

  • CVE-2026-36957HigApr 30, 2026
    risk 0.49cvss 7.5epss 0.00

    Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router V1.0.0 is vulnerable to Denial of Service via the boa web server URI handler. By initiating a high-volume flood of HTTP GET requests to non-existent URIs, an attacker can exhaust critical system resources, including file…

  • CVE-2026-30350HigApr 27, 2026
    risk 0.49cvss 7.5epss 0.00

    An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

  • CVE-2026-6022HigApr 22, 2026
    risk 0.49cvss 7.5epss 0.00

    In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resource consumption vulnerability that allows file uploads to exceed the configured maximum size due to missing cumulative size enforcement during chunk reassembly, leading to disk…

  • CVE-2026-34290HigApr 21, 2026
    risk 0.49cvss 7.5epss 0.00

    Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle…

  • CVE-2026-34282HigApr 21, 2026
    risk 0.49cvss 7.5epss 0.01

    Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK:…

  • CVE-2026-6781HigApr 21, 2026
    risk 0.49cvss 7.5epss 0.00

    Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

  • CVE-2026-6780HigApr 21, 2026
    risk 0.49cvss 7.5epss 0.00

    Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

  • CVE-2024-33618HigApr 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Uncontrolled Resource Consumption in Bosch VMS Central Server in Bosch VMS 12.0.1 allows attackers to consume excessive amounts of disk space via network interface.

  • CVE-2026-39304HigApr 10, 2026
    risk 0.49cvss 7.5epss 0.01

    Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ. ActiveMQ NIO SSL transports do not correctly handle TLSv1.3 handshake KeyUpdates triggered by clients. This makes it possible for a client to rapidly trigger…