CWE-400— Uncontrolled Resource Consumption (Denial of Service)
3,215 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-400page 55 of 65
- CVE-2025-46115HIGHCVSS 7.5EG 7.52026-04-30
An issue in open5gs v.2.7.3 allows a remote attacker to cause a denial of service via a crafted PDU Session Modification Request
- CVE-2025-46171MEDIUMCVSS 5.4EG 5.42025-07-23
vBulletin 3.8.7 is vulnerable to a denial-of-service condition via the misc.php?do=buddylist endpoint. If an authenticated user has a sufficiently large buddy list, processing the list can consume excessive memory, exhausting system resour…
- CVE-2025-46206MEDIUMCVSS 6.5EG 7.52025-08-04
An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to cause a denial of service via an infinite recursion in the `mutool clean` utility. When processing a crafted PDF file containing cyclic /Next references in the outline st…
- CVE-2025-46304MEDIUMCVSS 5.7EG 5.52026-02-11
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A mali…
- CVE-2025-46392MEDIUMCVSS 6.5EG 6.52025-05-09
Uncontrolled Resource Consumption vulnerability in Apache Commons Configuration 1.x. There are a number of issues in Apache Commons Configuration 1.x that allow excessive resource consumption when loading untrusted configurations or using…
- CVE-2025-46580HIGHCVSS 7.7EG 7.72025-04-27
There is a code-related vulnerability in the GoldenDB database product. Attackers can access system tables to disrupt the normal operation of business SQL.
- CVE-2025-46593MEDIUMCVSS 5.1EG 5.12025-05-06
Process residence vulnerability in abnormal scenarios in the print module Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2025-46727HIGHCVSS 7.5EG 7.52025-05-07
Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, `Rack::QueryParser` parses query strings and `application/x-www-form-urlencoded` bodies into Ruby data structures without imposing any limit on the …
- CVE-2025-46728HIGHCVSS 7.5EG 7.52025-05-06
cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size limits on incoming request bodies when `Transfer-Encoding: chunked` is used or when no `Content-Le…
- CVE-2025-4727LOWCVSS 3.7EG 3.72025-05-15
A vulnerability was found in Meteor up to 3.2.1 and classified as problematic. This issue affects the function Object.assign of the file packages/ddp-server/livedata_server.js. The manipulation of the argument forwardedFor leads to ineffic…
- CVE-2025-47270HIGHCVSS 7.5EG 7.52025-05-12
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. The `nimiq-network-libp2p` subcrate of nimiq/core-rs-albatross is vulnerable to a Denial of Service (DoS) att…
- CVE-2025-48038MEDIUMCVSS 5.3EG 0.02025-09-11
Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. Th…
- CVE-2025-48039MEDIUMCVSS 5.3EG 0.02025-09-11
Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. Th…
- CVE-2025-48040MEDIUMCVSS 6.9EG 0.02025-09-11
Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP from OTP 17.…
- CVE-2025-48041HIGHCVSS 7.1EG 0.02025-09-11
Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affec…
- CVE-2025-48053HIGHCVSS 7.5EG 7.52025-06-09
Discourse is an open-source discussion platform. Prior to version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch, sending a malicious URL in a PM to a bot us…
- CVE-2025-48392HIGHCVSS 7.5EG 7.52025-09-24
A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.3.3 through 1.3.4, from 2.0.1-beta through 2.0.4. Users are recommended to upgrade to version 2.0.5, which fixes the issue.
- CVE-2025-48542MEDIUMCVSS 5.5EG 5.52025-09-04
In multiple functions of AccountManagerService.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is…
- CVE-2025-48569MEDIUMCVSS 5.5EG 5.52025-12-08
In multiple locations, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2025-48576MEDIUMCVSS 5.5EG 5.52025-12-08
In updateNotificationChannelGroupFromPrivilegedListener of NotificationManagerService.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution…
- CVE-2025-48584MEDIUMCVSS 5.5EG 5.52025-12-08
In multiple functions of NotificationManagerService.java, there is a possible way to bypass the per-package channel limits causing resource exhaustion. This could lead to local denial of service with no additional execution privileges need…
- CVE-2025-48590MEDIUMCVSS 5.5EG 5.52025-12-08
In verifyAndGetBypass of AppOpsService.java, there is a possible method for a malicious app to prevent dialing emergency services under limited circumstances due to resource exhaustion. This could lead to local denial of service with no ad…
- CVE-2025-48603MEDIUMCVSS 5.5EG 5.52025-12-08
In InputMethodInfo of InputMethodInfo.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not need…
- CVE-2025-48615HIGHCVSS 7.8EG 7.82025-12-08
In getComponentName of MediaButtonReceiverHolder.java, there is a possible desync in persistence due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction …
- CVE-2025-48631MEDIUMCVSS 6.5EG 7.52025-12-08
In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not…
- CVE-2025-48648MEDIUMCVSS 5.5EG 5.52026-06-01
In isSameApp of NotificationManagerService.java, there is a possible persistent dos due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for e…
- CVE-2025-48795MEDIUMCVSS 5.6EG 5.62025-07-15
Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the entire temporary file is read into memory and then logged. An attacker might be able to exploit this to cau…
- CVE-2025-48956HIGHCVSS 7.5EG 7.52025-08-21
vLLM is an inference and serving engine for large language models (LLMs). From 0.1.0 to before 0.10.1.1, a Denial of Service (DoS) vulnerability can be triggered by sending a single HTTP GET request with an extremely large header to an HTT…
- CVE-2025-49000LOWCVSS 3.5EG 3.52025-06-03
InvenTree is an Open Source Inventory Management System. Prior to version 0.17.13, the skip field in the built-in `label-sheet` plugin lacks an upper bound, so a large value forces the server to allocate an enormous Python list. This lets …
- CVE-2025-49460MEDIUMCVSS 4.3EG 4.32025-09-09
Uncontrolled resource consumption in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access.
- CVE-2025-49494HIGHCVSS 7.5EG 7.52025-11-04
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 2100, 1280, 2200, 1330, 1380, 1480, 9110, Modem 5123. Mishandling of an 5G NRMM packet leads to a Denial of Service.
- CVE-2025-49595MEDIUMCVSS 4.9EG 4.92025-07-03
n8n is a workflow automation platform. Prior to version 1.99.0, there is a denial of Service vulnerability in /rest/binary-data endpoint when processing empty filesystem URIs (filesystem:// or filesystem-v2://). This allows authenticated a…
- CVE-2025-49716HIGHCVSS 7.5EG 5.92025-07-08
Uncontrolled resource consumption in Windows Netlogon allows an unauthorized attacker to deny service over a network.
- CVE-2025-49722MEDIUMCVSS 5.7EG 5.72025-07-08
Uncontrolled resource consumption in Windows Print Spooler Components allows an authorized attacker to deny service over an adjacent network.
- CVE-2025-49763HIGHCVSS 7.5EG 7.52025-06-19
ESI plugin does not have the limit for maximum inclusion depth, and that allows excessive memory consumption if malicious instructions are inserted. Users can use a new setting for the plugin (--max-inclusion-depth) to limit it. This issu…
- CVE-2025-50057MEDIUMCVSS 6.9EG 0.02025-07-18
A DOS vulnerability in RSFiles! component 1.16.3-1.17.7 Joomla was discovered. The issue allows unauthenticated remote attackers to deny access to service via the search feature.
- CVE-2025-50076MEDIUMCVSS 6.5EG 6.52025-07-15
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.25. Easily exploitable vulnerability allows low privileged attacker with network access via multiple pr…
- CVE-2025-50077MEDIUMCVSS 4.9EG 4.92025-07-15
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with netw…
- CVE-2025-50078MEDIUMCVSS 6.5EG 6.52025-07-15
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows low privileged attacker with …
- CVE-2025-50079MEDIUMCVSS 4.9EG 4.92025-07-15
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacke…
- CVE-2025-50080MEDIUMCVSS 4.9EG 4.92025-07-15
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged …
- CVE-2025-50082MEDIUMCVSS 6.5EG 6.52025-07-15
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows low privileged attacker…
- CVE-2025-50083MEDIUMCVSS 6.5EG 6.52025-07-15
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows low privileged attacker…
- CVE-2025-50088MEDIUMCVSS 4.9EG 4.92025-07-15
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with netw…
- CVE-2025-50089MEDIUMCVSS 4.9EG 4.92025-07-15
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multi…
- CVE-2025-50091MEDIUMCVSS 4.9EG 4.92025-07-15
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacke…
- CVE-2025-50092MEDIUMCVSS 4.9EG 4.92025-07-15
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with netw…
- CVE-2025-50093MEDIUMCVSS 4.9EG 4.92025-07-15
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with…
- CVE-2025-50094MEDIUMCVSS 4.9EG 4.92025-07-15
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.42, 8.4.5 and 9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access vi…
- CVE-2025-50095MEDIUMCVSS 4.9EG 4.92025-07-15
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multi…
Map vulnerabilities like CWE-400 to your infrastructure
EchelonGraph correlates every CVE — across CWE-400 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →