CWE-400

High likelihood

Uncontrolled Resource Consumption

Parent: CWE-664 - Improper Control of a Resource Through its Lifetime

The product does not properly control the allocation and maintenance of a limited resource.

3,094 vulnerabilities with CWE-400
CVE-2026-30405 HIGH
GoBGP gobgpd 4.2.0 - Denial of Service via NEXT_HOP Path Attribute
CVSS 7.5
CVE-2026-4174 LOW
Radare2 5.9.9 - Uncontrolled Resource Consumption in Mach-O File Parser
CVSS 3.3
CVE-2026-30955 MEDIUM
Gokapi < 2.2.4 - Authenticated Denial of Service via Unbounded Request Body
CVSS 6.5
CVE-2026-29776 LOW
FreeRDP <3.24.0 - Memory Corruption
CVSS 3.1
CVE-2026-25819 HIGH
HMS Networks Ewon Flexy <15.0s4 - DoS
CVSS 7.5
CVE-2026-23940 MEDIUM
hexpm < 495f01607d3eae4aed7ad09b2f54f31ec7a7df01 - Denial of Service via Oversized Package Upload
CVSS 6.5
CVE-2026-31958 HIGH
Tornado < 6.5.5 - Denial of Service via Multipart Form Data Parsing
CVSS 7.5
CVE-2026-30980 MEDIUM
iccdev < 2.3.1.5 - Denial of Service via Stack Overflow in CIccBasicStructFactory::CreateStruct()
CVSS 5.5
CVE-2026-26018 HIGH
CoreDNS < 1.14.2 - Denial of Service via Predictable PRNG in Loop Detection Plugin
CVSS 7.5
CVE-2026-29049 MEDIUM
melange < 0.40.5 - Server-Side Request Forgery via Unbounded URI Download
CVSS 4.3
CVE-2026-28789 HIGH
olivetin < 3000.10.3 - Unauthenticated Denial of Service via OAuth2 Login Concurrent Map Access
CVSS 7.5
CVE-2026-28342 HIGH
olivetin < 3000.10.2 - Unauthenticated Denial of Service via PasswordHash Endpoint
CVSS 7.5
CVE-2026-26999 HIGH
Traefik < 2.11.38 - Unauthenticated Denial of Service via TLS Handshake Stall
CVSS 7.5
CVE-2026-1605 HIGH
Eclipse Jetty 12.0.0-12.0.31/12.1.0-12.0.5 - Memory Corruption
CVSS 7.5
CVE-2026-28435 HIGH
cpp-httplib < 0.35.0 - Uncontrolled Resource Consumption via Decompressed Request Body Bypass
CVSS 7.5
CVE-2026-20066 MEDIUM
Cisco Snort 3 Detection Engine - Unauthenticated Denial of Service via JSTokenizer JavaScript Normalization
CVSS 5.8
CVE-2026-23809 MEDIUM
ArubaOS 6.5.4.0-8.10.0.21, AOS-10 & AOS-8 8.13.0.0-10.8.0.0 - Resource Consumption via Port-Stealing
CVSS 5.4
CVE-2026-26673 HIGH
DJI Mavic Mini/Spark/Air <0.1.00.0500 - DoS
CVSS 7.5
CVE-2026-25673 HIGH
Django 6.0-6.0.2/5.2-5.2.11/4.2-4.2.28 - DoS
CVSS 7.5
CVE-2026-28412 MEDIUM
Textream < 1.5.1 - Unauthenticated Denial of Service via WebSocket Connection Flood
CVSS 6.5
CVE-2026-28351 MEDIUM
pypdf < 6.7.4 - Uncontrolled Resource Consumption via RunLengthDecode Filter
CVSS 5.3
CVE-2026-21619 HIGH
hex_core < 0.12.1, hex < 2.3.2, rebar3 < 3.27.0 - Resource Consumption & Untrusted Data Deserialization
CVSS 7.5
CVE-2026-3293 LOW
snowflakedb snowflake-jdbc <=4.0.1 - DoS
CVSS 3.3
CVE-2026-26937 MEDIUM
Kibana 8.0.0-8.19.11 - Denial of Service via Timelion Input Data Manipulation
CVSS 6.5
CVE-2026-27888 HIGH
pypdf < 6.7.3 - Denial of Service via XFA Property with FlateDecode Compression
CVSS 7.5
Details
Vulnerabilities 3,094
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits