CWE-770— Allocation of Resources Without Limits or Throttling

1,771 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →

CVEs classified under CWE-770page 23 of 36

CVE-2024-53647MEDIUMCVSS 6.5EG 6.5
2024-12-31
Trend Micro ID Security, version 3.0 and below contains a vulnerability that could allow an attacker to send an unlimited number of email verification requests without any restriction, potentially leading to abuse or denial of service.
CVE-2024-53857HIGHCVSS 7.5EG 7.5
2024-12-05
rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows attackers to trigger resource exhaustion vulnerabilities in rpgp by providing crafted messages. This affects general message parsing and decryption with symmetric …
CVE-2024-53907HIGHCVSS 7.5EG 7.5
2024-12-06
An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large seq…
CVE-2024-53981HIGHCVSS 7.5EG 7.5
2024-12-02
python-multipart is a streaming multipart parser for Python. When parsing form data, python-multipart skips line breaks (CR \r or LF \n) in front of the first boundary and any tailing bytes after the last boundary. This happens one byte at…
CVE-2024-54497MEDIUMCVSS 6.5EG 6.5
2025-01-27
The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.4, macOS Sequoia 15.2, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing web content may …
CVE-2024-54501MEDIUMCVSS 5.5EG 5.5
2024-12-12
The issue was addressed with improved checks. This issue is fixed in iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing a maliciously cr…
CVE-2024-54538HIGHCVSS 7.5EG 7.5
2024-12-20
A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, …
CVE-2024-55195HIGHCVSS 7.5EG 7.5
2025-01-23
An allocation-size-too-big bug in the component /imagebuf.cpp of OpenImageIO v3.1.0.0dev may cause a Denial of Service (DoS) when the program to requests to allocate too much space.
CVE-2024-55563MEDIUMCVSS 5.3EG 5.3
2024-12-09
Bitcoin Core through 27.2 allows transaction-relay jamming via an off-chain protocol attack, a related issue to CVE-2024-52913. For example, the outcome of an HTLC (Hashed Timelock Contract) can be changed because a flood of transaction tr…
CVE-2024-56316HIGHCVSS 7.5EG 7.5
2025-01-27
In AXESS ACS (Auto Configuration Server) through 5.2.0, unsanitized user input in the TR069 API allows remote unauthenticated attackers to cause a permanent Denial of Service via crafted TR069 requests on TCP port 9675 or 7547. Rebooting d…
CVE-2024-56319HIGHCVSS 7.5EG 7.5
2024-12-18
In Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0 before e3277eb, unlimited user label appends in a userlabel cluster can lead to a denial of service (resource exhaustion).
CVE-2024-56332MEDIUMCVSS 5.3EG 5.3
2025-01-03
Next.js is a React framework for building full-stack web applications. Starting in version 13.0.0 and prior to versions 13.5.8, 14.2.21, and 15.1.2, Next.js is vulnerable to a Denial of Service (DoS) attack that allows attackers to constru…
CVE-2024-56374MEDIUMCVSS 5.8EG 5.8
2025-01-14
An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The u…
CVE-2024-56584MEDIUMCVSS 5.5EG 5.5
2024-12-27
In the Linux kernel, the following vulnerability has been resolved: io_uring/tctx: work around xa_store() allocation error issue syzbot triggered the following WARN_ON: WARNING: CPU: 0 PID: 16 at io_uring/tctx.c:51 __io_uring_free+0xfa/…
CVE-2024-56722MEDIUMCVSS 5.5EG 5.5
2024-12-29
In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix cpu stuck caused by printings during reset During reset, cmd to destroy resources such as qp, cq, and mr may fail, and error logs will be printed. When a l…
CVE-2024-56940HIGHCVSS 7.5EG 7.5
2025-02-12
An issue in the profile image upload function of LearnDash v6.7.1 allows attackers to cause a Denial of Service (DoS) via excessive file uploads.
CVE-2024-57519HIGHCVSS 7.5EG 7.5
2025-01-28
An issue in Open5GS v.2.7.2 allows a remote attacker to cause a denial of service via the ogs_dbi_auth_info function in lib/dbi/subscription.c file.
CVE-2024-57662HIGHCVSS 7.5EG 7.5
2025-01-14
An issue in the sqlg_hash_source component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
CVE-2024-57663HIGHCVSS 7.5EG 7.5
2025-01-14
An issue in the sqlg_place_dpipes component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
CVE-2024-57664HIGHCVSS 7.5EG 7.5
2025-01-14
An issue in the sqlg_group_node component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
CVE-2024-57672MEDIUMCVSS 5.5EG 5.5
2025-02-06
An issue in floodlight v1.2 allows a local attacker to cause a denial of service via the Topology Manager module, Topologylnstance module, Routing module.
CVE-2024-57673MEDIUMCVSS 5.5EG 5.5
2025-02-06
An issue in floodlight v1.2 allows a local attacker to cause a denial of service via the Topology Manager module and Linkdiscovery module
CVE-2024-57722HIGHCVSS 7.5EG 7.5
2025-01-23
lunasvg v3.0.0 was discovered to contain a allocation-size-too-big bug via the component plutovg_surface_create.
CVE-2024-57972MEDIUMCVSS 6.5EG 6.5
2025-03-06
The pairing API request handler in Microsoft HoloLens 1 (Windows Holographic) through 10.0.17763.3046 and HoloLens 2 (Windows Holographic) through 10.0.22621.1244 allows remote attackers to cause a Denial of Service (resource consumption a…
CVE-2024-58089MEDIUMCVSS 5.5EG 5.5
2025-03-12
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double accounting race when btrfs_run_delalloc_range() failed [BUG] When running btrfs with block size (4K) smaller than page size (64K, aarch64), there is a …
CVE-2024-58114MEDIUMCVSS 4.0EG 4.0
2025-06-06
Resource allocation control failure vulnerability in the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-58259HIGHCVSS 8.2EG 8.2
2025-09-02
A vulnerability has been identified within Rancher Manager in which it did not enforce request body size limits on certain public (unauthenticated) and authenticated API endpoints. This allows a malicious user to exploit this by sending…
CVE-2024-58339HIGHCVSS 7.5EG 7.5
2026-01-12
LlamaIndex (run-llama/llama_index) versions up to and including 0.12.2 contain an uncontrolled resource consumption vulnerability in the VannaPack VannaQueryEngine implementation. The custom_query() logic generates SQL statements from a us…
CVE-2024-6004MEDIUMCVSS 6.5EG 6.5
2024-08-16
A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to deny printer connections until the system is rebooted.
CVE-2024-6037CRITICALCVSS 9.1EG 7.5
2024-07-10
A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows an attacker to create arbitrary folders at any location on the server, including the root directory (C: dir). This can lead to uncontrolled resource consumption, resulti…
CVE-2024-6098MEDIUMCVSS 5.3EG 5.3
2024-08-16
When performing an online tag generation to devices which communicate using the ControlLogix protocol, a machine-in-the-middle, or a device that is not configured correctly, could deliver a response leading to unrestricted or unregulate…
CVE-2024-6176MEDIUMCVSS 4.8EG 0.0
2024-06-20
Allocation of Resources Without Limits or Throttling vulnerability in LG Electronics LG SuperSign CMS allows Port Scanning.This issue affects LG SuperSign CMS: from 4.1.3 before < 4.3.1.
CVE-2024-6427HIGHCVSS 7.5EG 7.5
2024-07-03
Uncontrolled Resource Consumption vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can use the "message" parameter to inject a payload with dangerous JavaScript code, causing the application to loop request…
CVE-2024-6504MEDIUMCVSS 4.3EG 4.3
2024-07-18
Rapid7 InsightVM Console versions below 6.6.260 suffer from a protection mechanism failure whereby an attacker with network access to the InsightVM Console can cause it to overload or crash by sending repeated invalid REST requests in a sh…
CVE-2024-6509MEDIUMCVSS 6.5EG 6.5
2024-09-10
Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API alwaysmulti.cgi was vulnerable for file globbing which could lead to resource exhaustion of the Axis device. Axis has released patched AXIS OS versions for …
CVE-2024-6598MEDIUMCVSS 6.5EG 6.5
2024-07-09
A denial-of-service attack is possible through the execution functionality of KNIME Business Hub 1.10.0 and 1.10.1. It allows an authenticated attacker with job execution privileges to execute a job that causes internal messages to pile up…
CVE-2024-6600MEDIUMCVSS 6.3EG 6.3
2024-07-09
Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access could occur when allocating more than 8192 ints in private shader memory on macOS. This vulnerability affects Firefox < 128, Firefox ESR < 1…
CVE-2024-6762LOWCVSS 3.1EG 3.1
2024-10-14
Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory.
CVE-2024-6826MEDIUMCVSS 6.5EG 6.5
2024-10-24
An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. A denial of service could occur via importing a malicious crafted XML manifest file.
CVE-2024-7113HIGHCVSS 8.7EG 0.0
2024-08-13
If exploited, this vulnerability could cause a SuiteLink server to consume excessive system resources and slow down processing of Data I/O for the duration of the attack.
CVE-2024-7734MEDIUMCVSS 5.3EG 5.3
2024-09-10
An unauthenticated remote attacker can exploit the behavior of the pathfinder TCP encapsulation service by establishing a high number of TCP connections to the pathfinder TCP encapsulation service. The impact is limited to blocking of v…
CVE-2024-7768HIGHCVSS 7.5EG 7.5
2025-03-20
A vulnerability in the `/3/ImportFiles` endpoint of h2oai/h2o-3 version 3.46.1 allows an attacker to cause a denial of service. The endpoint takes a single GET parameter, `path`, which can be recursively set to reference itself. This leads…
CVE-2024-7803MEDIUMCVSS 6.5EG 6.5
2025-05-23
An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A Discord webhook integration may cause DoS.
CVE-2024-7807HIGHCVSS 7.5EG 7.5
2024-10-29
A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240628 allows for a Denial of Service (DOS) attack. When uploading a file, if an attacker appends a large number of characters to the end of a multipart boundary, the system will cont…
CVE-2024-7983HIGHCVSS 7.5EG 7.5
2025-03-20
In version 0.3.8 of open-webui, an endpoint for converting markdown to HTML is exposed without authentication. A maliciously crafted markdown payload can cause the server to spend excessive time converting it, leading to a denial of servic…
CVE-2024-8018HIGHCVSS 7.5EG 7.5
2025-03-20
A vulnerability in imartinez/privategpt version 0.5.0 allows for a Denial of Service (DOS) attack. When uploading a file, if an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously …
CVE-2024-8028HIGHCVSS 7.5EG 7.5
2025-03-20
A vulnerability in danswer-ai/danswer v0.3.94 allows an attacker to cause a Denial of Service (DoS) by uploading a file with a malformed multipart boundary. By appending a large number of characters to the end of the multipart boundary, th…
CVE-2024-8184MEDIUMCVSS 5.9EG 5.9
2024-10-14
There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger Out…
CVE-2024-8391HIGHCVSS 7.5EG 7.5
2024-09-04
In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload (Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client). This is fixed in the 4.5.10 version. Note th…
CVE-2024-8966HIGHCVSS 7.5EG 7.5
2025-03-20
A vulnerability in the file upload process of gradio-app/gradio version @gradio/video@0.10.2 allows for a Denial of Service (DoS) attack. An attacker can append a large number of characters to the end of a multipart boundary, causing the s…

Map vulnerabilities like CWE-770 to your infrastructure

EchelonGraph correlates every CVE — across CWE-770 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.

Start Free Scan →