CWE-400— Uncontrolled Resource Consumption (Denial of Service)
The product does not properly control the allocation and maintenance of a limited resource.— MITRE CWE catalog
3,396 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-400page 57 of 68
- CVE-2025-53506HIGHCVSS 7.5EG 7.52025-07-10
Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams. This issue affects Apache Tomcat: from 11.0.0-M1 th…
- CVE-2025-53538HIGHCVSS 7.5EG 7.52025-07-22
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions 7.0.10 and below and 8.0.0-beta1 through 8.0.0-rc1, mishandling of data on HTTP2 stream 0 c…
- CVE-2025-53636MEDIUMCVSS 5.4EG 5.42025-07-11
Open OnDemand is an open-source HPC portal. Users can flood logs by interacting with the shell app and generating many errors. Users who flood logs can create very large log files causing a Denial of Service (DoS) to the ondemand system. T…
- CVE-2025-53645HIGHCVSS 7.5EG 7.52025-07-09
Zimbra Collaboration (ZCS) before 9.0.0 Patch 46, 10.0.x before 10.0.15, and 10.1.x before 10.1.9 is vulnerable to a denial of service condition due to improper handling of excessive, comma-separated path segments in the Admin Console. An …
- CVE-2025-53722HIGHCVSS 7.5EG 7.52025-08-12
Uncontrolled resource consumption in Windows Remote Desktop Services allows an unauthorized attacker to deny service over a network.
- CVE-2025-53893MEDIUMCVSS 6.5EG 6.52025-07-15
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename, and edit files. In version 2.38.0, a Denial of Service (DoS) vulnerability exists in the file processing lo…
- CVE-2025-54149MEDIUMCVSS 5.5EG 5.52026-02-11
An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fi…
- CVE-2025-54150MEDIUMCVSS 5.5EG 5.52026-02-11
An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fi…
- CVE-2025-54151MEDIUMCVSS 5.5EG 5.52026-02-11
An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fi…
- CVE-2025-54324HIGHCVSS 7.5EG 7.52026-04-06
An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. In…
- CVE-2025-54472HIGHCVSS 7.5EG 7.52025-08-14
Unlimited memory allocation in redis protocol parser in Apache bRPC (all versions < 1.14.1) on all platforms allows attackers to crash the service via network. Root Cause: In the bRPC Redis protocol parser code, memory for arrays or str…
- CVE-2025-54572MEDIUMCVSS 6.9EG 6.92025-07-30
The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the message_max_bytesize setting configured. The vulnerability…
- CVE-2025-54575MEDIUMCVSS 5.3EG 5.32025-07-30
ImageSharp is a 2D graphics library. In versions below 2.1.11 and 3.0.0 through 3.1.10, a specially crafted GIF file containing a malformed comment extension block (with a missing block terminator) can cause the ImageSharp GIF decoder to e…
- CVE-2025-54604HIGHCVSS 7.5EG 7.52025-10-28
Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 1 of 2).
- CVE-2025-54605HIGHCVSS 7.5EG 7.52025-10-28
Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 2 of 2).
- CVE-2025-54796HIGHCVSS 7.5EG 7.52025-08-02
Copyparty is a portable file server. Versions prior to 1.18.9, the filter parameter for the "Recent Uploads" page allows arbitrary RegExes. If this feature is enabled (which is the default), an attacker can craft a filter which deadlocks t…
- CVE-2025-54884HIGHCVSS 8.7EG 8.72025-08-06
Vision UI is a collection of enterprise-grade, dependency-free modules for modern web projects. In versions 1.4.0 and below, the generateSecureId and getSecureRandomInt functions in security-kit versions prior to 3.5.0 (packaged in Vision …
- CVE-2025-54995MEDIUMCVSS 6.5EG 6.52025-08-28
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resourc…
- CVE-2025-55028MEDIUMCVSS 6.5EG 6.52025-08-19
Malicious scripts utilizing repetitive JavaScript alerts could prevent client user interaction in some scenarios and allow for denial of service attacks. This vulnerability was fixed in Firefox for iOS 142.
- CVE-2025-55029HIGHCVSS 7.5EG 7.52025-08-19
Malicious scripts could bypass the popup blocker to spam new tabs, potentially resulting in denial of service attacks. This vulnerability was fixed in Firefox for iOS 142.
- CVE-2025-55102HIGHCVSS 7.5EG 7.52026-01-27
A denial-of-service vulnerability exists in the NetX IPv6 component functionality of Eclipse ThreadX NetX Duo. A specially crafted network packet of "Packet Too Big" with more than 15 different source address can lead to denial of service.…
- CVE-2025-55128MEDIUMCVSS 6.5EG 6.52025-11-20
HackerOne community member Dang Hung Vi (vidang04) has reported an uncontrolled resource consumption vulnerability in the “userlog-index.php”. An attacker with access to the admin interface could request an arbitrarily large number of …
- CVE-2025-55152MEDIUMCVSS 5.3EG 5.32025-08-09
oak is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. In versions 17.1.5 and below, it's possible to significantly slow down an oak server with specially crafted value…
- CVE-2025-55197HIGHCVSS 7.5EG 7.52025-08-13
pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM being exhausted. This requires just reading the file if a series of FlateDecode filters is used on a malici…
- CVE-2025-55521MEDIUMCVSS 6.5EG 6.52025-08-21
An issue in the component /settings/localisation of Akaunting v3.1.18 allows authenticated attackers to cause a Denial of Service (DoS) via a crafted POST request.
- CVE-2025-55551HIGHCVSS 7.5EG 7.52025-09-25
An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.
- CVE-2025-55558HIGHCVSS 7.5EG 7.52025-09-25
A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a Denial of Service (DoS).
- CVE-2025-55559HIGHCVSS 7.5EG 7.52025-09-25
An issue was discovered TensorFlow v2.18.0. A Denial of Service (DoS) occurs when padding is set to 'valid' in tf.keras.layers.Conv2D.
- CVE-2025-55560HIGHCVSS 7.5EG 7.52025-09-25
An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor.
- CVE-2025-55586HIGHCVSS 7.5EG 7.52025-08-18
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the url parameter at /boafrm/formFilter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2025-55587HIGHCVSS 7.5EG 7.52025-08-18
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the hostname parameter at /boafrm/formMapDelDevice. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2025-55588HIGHCVSS 7.5EG 7.52025-08-18
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the fw_ip parameter at /boafrm/formPortFw. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2025-55631MEDIUMCVSS 4.0EG 7.52025-08-22
Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 was discovered to manage users' sessions system wide instead of an account-by-account basis, potentially leading to a Denial of Service (DoS) via r…
- CVE-2025-55634HIGHCVSS 7.5EG 7.52025-08-22
Incorrect access control in the RTMP server settings of Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 allows unauthorized attackers to cause a Denial of Service (DoS) via initiating a large num…
- CVE-2025-55658MEDIUMCVSS 6.5EG 7.52026-06-09
GPAC MP4Box v2.4 was discovered to contain a floating point exception in the gf_opus_parse_packet_header function (media_tools/av_parsers.c). bThis vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.
- CVE-2025-55796HIGHCVSS 7.5EG 7.52025-11-18
The openml/openml.org web application version v2.0.20241110 uses predictable MD5-based tokens for critical user workflows such as signup confirmation, password resets, email confirmation resends, and email change confirmation. These tokens…
- CVE-2025-55847HIGHCVSS 8.8EG 7.52025-09-26
Wavlink M86X3A_V240730 contains a buffer overflow vulnerability in the /cgi-bin/ExportAllSettings.cgi file. The vulnerability arises because the Cookie parameter does not properly validate the length of input data. Attackers can exploit th…
- CVE-2025-55972HIGHCVSS 7.5EG 7.52025-10-03
A TCL Smart TV running a vulnerable UPnP/DLNA MediaRenderer implementation is affected by a remote, unauthenticated Denial of Service (DoS) condition. By sending a flood of malformed or oversized SetAVTransportURI SOAP requests to the UPnP…
- CVE-2025-56233HIGHCVSS 7.5EG 7.52025-09-29
Openindiana, kernel SunOS 5.11 has a denial of service vulnerability. For the processing of TCP packets with RST or SYN flag set, Openindiana has a wide acceptable range of sequence numbers. It does not require the sequence number to exact…
- CVE-2025-56234HIGHCVSS 7.5EG 7.52025-09-29
AT_NA2000 from Nanda Automation Technology vendor has a denial-of-service vulnerability. For the processing of TCP RST packets, PLC AT_NA2000 has a wide acceptable range of sequence numbers. It does not require the sequence number to exact…
- CVE-2025-56264HIGHCVSS 7.5EG 7.52025-09-16
The /api/comment endpoint in zhangyd-c OneBlog 2.3.9 contains a denial-of-service vulnerability.
- CVE-2025-56352HIGHCVSS 7.5EG 7.52026-05-18
In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-18), the broker mishandles protocol violations during CONNECT packet parsing. When receiving a CONNECT packet with a zero-length Client ID while CleanSession is set to 0,…
- CVE-2025-56424HIGHCVSS 7.5EG 7.52026-01-08
An issue in Insiders Technologies GmbH e-invoice pro before release 1 Service Pack 2 allows a remote attacker to cause a denial of service via a crafted script
- CVE-2025-56571HIGHCVSS 7.5EG 7.52025-09-30
Finance.js v4.1.0 contains a Denial of Service (DoS) vulnerability via the IRR function’s depth parameter. Improper handling of the recursion/iteration limit can lead to excessive CPU usage, causing application stalls or crashes.
- CVE-2025-56572HIGHCVSS 7.5EG 7.52025-09-30
An issue in finance.js v.4.1.0 allows a remote attacker to cause a denial of service via the seekZero() parameter.
- CVE-2025-57317HIGHCVSS 7.5EG 7.52025-09-25
apidoc-core is the core parser library to generate apidoc result following the apidoc-spec. A Prototype Pollution vulnerability in the preProcess function of apidoc-core versions thru 0.15.0 allows attackers to inject properties on Object.…
- CVE-2025-57440HIGHCVSS 7.5EG 7.52025-09-22
The Blackmagic ATEM Mini Pro 2.7 exposes an undocumented Telnet service on TCP port 9993, which accepts unauthenticated plaintext commands for controlling streaming, recording, formatting storage devices, and system reboot. This interface,…
- CVE-2025-57446HIGHCVSS 7.5EG 7.52025-09-25
An issue in O-RAN Near Realtime RIC ric-plt-submgr in the J-Release environment, allows remote attackers to cause a denial of service (DoS) via a crafted request to the Subscription Manager API component.
- CVE-2025-57614HIGHCVSS 7.5EG 7.52025-09-02
An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Integer overflow and invalid input vulnerability in the cached method allows an attacker to cause a denial of service or potentially execute arbitrary code. The vulnerabili…
- CVE-2025-57751HIGHCVSS 7.7EG 7.72025-08-21
pyLoad is the free and open-source Download Manager written in pure Python. The jk parameter is received in pyLoad CNL Blueprint. Due to the lack of jk parameter verification, the jk parameter input by the user is directly determined as dy…
Map vulnerabilities like CWE-400 to your infrastructure
EchelonGraph correlates every CVE — across CWE-400 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →