CWE-400

High likelihood

Uncontrolled Resource Consumption

Parent: CWE-664 - Improper Control of a Resource Through its Lifetime

The product does not properly control the allocation and maintenance of a limited resource.

3,094 vulnerabilities with CWE-400
CVE-2026-27633 HIGH
TinyWeb < 2.02 - Unauthenticated Denial of Service via Large Content-Length Header
CVSS 7.5
CVE-2026-27630 HIGH
TinyWeb < 2.02 - Unauthenticated Denial of Service via Slowloris Attack
CVSS 7.5
CVE-2026-27204 MEDIUM
Wasmtime <24.0.6/36.0.6/40.0.4/41.0.4/42.0.0 - DoS
CVSS 6.5
CVE-2026-26066 MEDIUM
ImageMagick <7.1.2-15/6.9.13-40 - DoS
CVSS 6.2
CVE-2026-24485 HIGH
ImageMagick <7.1.2-15/6.9.13-40 - DoS
CVSS 7.5
CVE-2026-24484 MEDIUM
ImageMagick <7.1.2-15/6.9.13-40 - DoS
CVSS 5.3
CVE-2026-27576 MEDIUM
OpenClaw < 2026.2.17 - Uncontrolled Resource Consumption via Large Prompt Payloads
CVSS 4.0
CVE-2026-26047 MEDIUM
Moodle 4.5.0-4.5.8 and 5.1.0-beta-5.1.1 - Authenticated Denial of Service via TeX Formula Rendering
CVSS 6.5
CVE-2026-25535 HIGH
jsPDF < 4.2.0 - Denial of Service via GIF Image Header Parsing
CVSS 7.5
CVE-2026-20139 MEDIUM
Splunk Enterprise <10.2.0 - DoS
CVSS 4.3
CVE-2026-23596 MEDIUM
Aruba Networking Private 5G Core 1.24.3.0-1.24.3.2 - Unauthenticated Denial of Service via Management API
CVSS 6.5
CVE-2026-25949 HIGH
Traefik < 3.6.8 - Unauthenticated Denial of Service via STARTTLS Request Bypass
CVSS 7.5
CVE-2026-21435 MEDIUM
webtransport-go < 0.10.0 - Denial of Service via WebTransport Session Closure Blocking
CVSS 5.3
CVE-2026-20676 MEDIUM
Safari < 26.3 - Uncontrolled Resource Consumption via Web Extensions
CVSS 5.3
CVE-2026-20652 HIGH
Safari < 26.3 - Denial of Service via Uncontrolled Resource Consumption
CVSS 7.5
CVE-2026-20650 HIGH
watchOS tvOS macOS visionOS iOS iPadOS <26.3 - DoS
CVSS 7.5
CVE-2026-20602 MEDIUM
macOS < 14.8.4, < 15.7.4, < 26.3 - Denial of Service via Cache Handling
CVSS 5.5
CVE-2026-25791 HIGH
Sliver < 1.7.0 - Unauthenticated Memory Exhaustion via DNS C2 Listener Session Allocation
CVSS 7.5
CVE-2026-25762 HIGH
AdonisJS bodyparser < 10.1.3 - Denial of Service via Multipart File Handling
CVSS 7.5
CVE-2026-25579 MEDIUM
Navidrome < 0.60.0 - Authenticated Denial of Service via Large Cover Art Size Parameter
CVSS 6.5
CVE-2026-25140 HIGH
apko 0.14.8-1.1.1 - Denial of Service via Unbounded APK Decompression
CVSS 7.5
CVE-2026-25122 MEDIUM
apko 0.14.8-1.0.9 - Resource Exhaustion via Unbounded Gzip Stream Inflation
CVSS 5.5
CVE-2026-22228 MEDIUM
TP-Link Archer BE230 < 1.2.4 - Authenticated Denial of Service via Crafted Configuration File
CVSS 4.9
CVE-2026-0599 HIGH
huggingface/text-generation-inference < 3.3.7 - Unauthenticated Resource Exhaustion via Markdown Image Link Fetching
CVSS 7.5
CVE-2026-24738 MEDIUM
gmrtd < 0.17.2 - Uncontrolled Resource Consumption via ReadFile TLV Length Handling
CVSS 6.5
Details
Vulnerabilities 3,094
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits