CWE-770— Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.— MITRE CWE catalog
1,933 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-770page 29 of 39
- CVE-2025-48603MEDIUMCVSS 5.5EG 5.52025-12-08
In InputMethodInfo of InputMethodInfo.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not need…
- CVE-2025-48615HIGHCVSS 7.8EG 7.82025-12-08
In getComponentName of MediaButtonReceiverHolder.java, there is a possible desync in persistence due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction …
- CVE-2025-48631MEDIUMCVSS 6.5EG 7.52025-12-08
In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not…
- CVE-2025-48738MEDIUMCVSS 6.9EG 6.92025-05-23
An e-mail flooding vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows unauthenticated remote attackers to use the password reset feature without limits. This can…
- CVE-2025-48976HIGHCVSS 7.5EG 7.52025-06-16
Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are …
- CVE-2025-48988HIGHCVSS 7.5EG 7.52025-06-16
Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. The following versions we…
- CVE-2025-49000LOWCVSS 3.5EG 3.52025-06-03
InvenTree is an Open Source Inventory Management System. Prior to version 0.17.13, the skip field in the built-in `label-sheet` plugin lacks an upper bound, so a large value forces the server to allocate an enormous Python list. This lets …
- CVE-2025-49007MEDIUMCVSS 5.3EG 5.32025-06-04
Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.16, there is a denial of service vulnerability in the Content-Disposition parsing component of Rack. This is very similar to the previous secur…
- CVE-2025-49140HIGHCVSS 7.5EG 7.52025-06-09
Pion Interceptor is a framework for building RTP/RTCP communication software. Versions v0.1.36 through v0.1.38 contain a bug in a RTP packet factory that can be exploited to trigger a panic with Pion based SFU via crafted RTP packets, This…
- CVE-2025-50172MEDIUMCVSS 6.5EG 6.52025-08-12
Allocation of resources without limits or throttling in Windows DirectX allows an authorized attacker to deny service over a network.
- CVE-2025-50334HIGHCVSS 7.5EG 7.52026-01-08
An issue in Technitium DNS Server v.13.5 allows a remote attacker to cause a denial of service via the rate-limiting component
- CVE-2025-51846HIGHCVSS 7.5EG 7.52026-04-30
CryptPad 2025.3.1 allows unbounded WebSocket frame flood. A remote, unauthenticated attacker can significantly degrade or deny service for all users of a CryptPad instance. Fixed in 2026.2.2.
- CVE-2025-52494HIGHCVSS 7.5EG 7.52025-09-03
Adacore Ada Web Server (AWS) before 25.2 is vulnerable to a denial-of-service (DoS) condition due to improper handling of SSL handshakes during connection initialization. When a client initiates an HTTPS connection, the server performs the…
- CVE-2025-5253MEDIUMCVSS 6.5EG 6.52025-07-25
Allocation of Resources Without Limits or Throttling vulnerability in Kron Technologies Kron PAM allows HTTP DoS. This issue affects Kron PAM: before 3.7.
- CVE-2025-52568HIGHCVSS 8.8EG 8.82025-06-24
NeKernal is a free and open-source operating system stack. Prior to version 0.0.3, there are several memory safety issues that can lead to memory corruption, disk image corruption, denial of service, and potential code execution. These iss…
- CVE-2025-52570LOWCVSS 1.7EG 1.72025-06-24
Letmein is an authenticating port knocker. Prior to version 10.2.1, The connection limiter is implemented incorrectly. It allows an arbitrary amount of simultaneously incoming connections (TCP, UDP and Unix socket) for the services letmein…
- CVE-2025-52867MEDIUMCVSS 6.5EG 6.52025-10-03
An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already f…
- CVE-2025-52889LOWCVSS 3.4EG 3.42025-06-25
Incus is a system container and virtual machine manager. When using an ACL on a device connected to a bridge, Incus version 6.12 and 6.13 generates nftables rules for local services (DHCP, DNS...) that partially bypass security options `se…
- CVE-2025-52917MEDIUMCVSS 4.3EG 4.32025-06-21
The Yealink RPS API before 2025-05-26 lacks rate limiting, potentially enabling information disclosure via excessive requests.
- CVE-2025-53032MEDIUMCVSS 4.9EG 4.92025-07-15
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multi…
- CVE-2025-53069MEDIUMCVSS 4.9EG 4.92025-10-21
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileg…
- CVE-2025-53409MEDIUMCVSS 6.5EG 6.52025-11-07
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or…
- CVE-2025-53410MEDIUMCVSS 6.5EG 6.52025-11-07
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or…
- CVE-2025-53411MEDIUMCVSS 4.9EG 4.92025-11-07
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applic…
- CVE-2025-53413MEDIUMCVSS 6.5EG 6.52025-11-07
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or…
- CVE-2025-53521CRITICALCVSS 9.8EG 9.8⚠ KEV2025-10-15
When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
- CVE-2025-53530HIGHCVSS 7.5EG 7.52025-07-07
WeGIA is a web manager for charitable institutions. The Wegia server has a vulnerability that allows excessively long HTTP GET requests to a specific URL. This issue arises from the lack of validation for the length of the errorstr paramet…
- CVE-2025-53531HIGHCVSS 7.5EG 7.52025-07-07
WeGIA is a web manager for charitable institutions. The Wegia server has a vulnerability that allows excessively long HTTP GET requests to a specific URL. This issue arises from the lack of validation for the length of the fid parameter. T…
- CVE-2025-53538HIGHCVSS 7.5EG 7.52025-07-22
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions 7.0.10 and below and 8.0.0-beta1 through 8.0.0-rc1, mishandling of data on HTTP2 stream 0 c…
- CVE-2025-53628HIGHCVSS 8.8EG 8.82025-07-10
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.20.1, cpp-httplib does not have a limit for a unique line, permitting an attacker to explore this to allocate memory arbitrarily. This vulnerabili…
- CVE-2025-53629HIGHCVSS 7.5EG 7.52025-07-10
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.23.0, incoming requests using Transfer-Encoding: chunked in the header can allocate memory arbitrarily in the server, potentially leading to its e…
- CVE-2025-53634HIGHCVSS 7.5EG 7.52025-07-10
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. The HTTP Gateway processes headers, but with no timeout set. With a slow loris attack, an attacker could cause Denial of Service (DoS). Exploitatio…
- CVE-2025-54121MEDIUMCVSS 5.3EG 5.32025-07-21
Starlette is a lightweight ASGI (Asynchronous Server Gateway Interface) framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files (greater than the …
- CVE-2025-54149MEDIUMCVSS 5.5EG 5.52026-02-11
An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fi…
- CVE-2025-54150MEDIUMCVSS 5.5EG 5.52026-02-11
An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fi…
- CVE-2025-54151MEDIUMCVSS 5.5EG 5.52026-02-11
An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fi…
- CVE-2025-54155MEDIUMCVSS 4.9EG 4.92026-02-11
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applic…
- CVE-2025-54161MEDIUMCVSS 4.9EG 4.92026-02-11
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applic…
- CVE-2025-54320MEDIUMCVSS 4.3EG 4.32025-11-18
In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the invite user function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating invite requests.
- CVE-2025-54500MEDIUMCVSS 5.3EG 5.32025-08-13
An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HTTP/2 MadeYouReset Attack). Note: Software versions which have reached End of …
- CVE-2025-54572MEDIUMCVSS 6.9EG 6.92025-07-30
The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the message_max_bytesize setting configured. The vulnerability…
- CVE-2025-54575MEDIUMCVSS 5.3EG 5.32025-07-30
ImageSharp is a 2D graphics library. In versions below 2.1.11 and 3.0.0 through 3.1.10, a specially crafted GIF file containing a malformed comment extension block (with a missing block terminator) can cause the ImageSharp GIF decoder to e…
- CVE-2025-54869MEDIUMCVSS 6.0EG 6.02025-08-06
FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. In versions 2.6.2 and below, any application that uses FPDI to process user-supplied PDF files is at risk, c…
- CVE-2025-54879MEDIUMCVSS 5.3EG 5.32025-08-06
Mastodon is a free, open-source social network server based on ActivityPub Mastodon which facilitates LDAP configuration for authentication. In versions 3.1.5 through 4.2.24, 4.3.0 through 4.3.11 and 4.4.0 through 4.4.3, Mastodon's rate-li…
- CVE-2025-54884HIGHCVSS 8.7EG 8.72025-08-06
Vision UI is a collection of enterprise-grade, dependency-free modules for modern web projects. In versions 1.4.0 and below, the generateSecureId and getSecureRandomInt functions in security-kit versions prior to 3.5.0 (packaged in Vision …
- CVE-2025-54939MEDIUMCVSS 5.3EG 5.32025-08-01
LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak.
- CVE-2025-55079MEDIUMCVSS 5.5EG 5.52025-10-15
In Eclipse ThreadX before version 6.4.3, the thread module has a setting of maximum priority. In some cases the check of that maximum priority wasn't performed, allowing, as a result, to obtain a thread with higher priority than expected a…
- CVE-2025-55102HIGHCVSS 7.5EG 7.52026-01-27
A denial-of-service vulnerability exists in the NetX IPv6 component functionality of Eclipse ThreadX NetX Duo. A specially crafted network packet of "Packet Too Big" with more than 15 different source address can lead to denial of service.…
- CVE-2025-55163HIGHCVSS 7.5EG 7.52025-08-13
Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses malformed HT…
- CVE-2025-55197HIGHCVSS 7.5EG 7.52025-08-13
pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM being exhausted. This requires just reading the file if a series of FlateDecode filters is used on a malici…
Map vulnerabilities like CWE-770 to your infrastructure
EchelonGraph correlates every CVE — across CWE-770 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →