CWE-400
High likelihoodUncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.
3,100 vulnerabilities with CWE-400
CVE-2026-25579
MEDIUM
Navidrome < 0.60.0 - Authenticated Denial of Service via Large Cover Art Size Parameter
CVSS 6.5
CVE-2026-25140
HIGH
apko 0.14.8-1.1.1 - Denial of Service via Unbounded APK Decompression
CVSS 7.5
CVE-2026-25122
MEDIUM
apko 0.14.8-1.0.9 - Resource Exhaustion via Unbounded Gzip Stream Inflation
CVSS 5.5
CVE-2026-22228
MEDIUM
TP-Link Archer BE230 < 1.2.4 - Authenticated Denial of Service via Crafted Configuration File
CVSS 4.9
CVE-2026-0599
HIGH
huggingface/text-generation-inference < 3.3.7 - Unauthenticated Resource Exhaustion via Markdown Image Link Fetching
CVSS 7.5
CVE-2026-24738
MEDIUM
gmrtd < 0.17.2 - Uncontrolled Resource Consumption via ReadFile TLV Length Handling
CVSS 6.5
CVE-2026-22259
HIGH
Suricata < 7.0.14 - Denial of Service via DNP3 Traffic Parsing
CVSS 7.5
CVE-2026-22258
HIGH
Suricata < 7.0.14 - Denial of Service via DCERPC Traffic Buffer Expansion
CVSS 7.5
CVE-2026-21720
HIGH
Grafana 3.0.0-11.6.8, 12.0.0-12.0.7, 12.1.0-12.1.4, 12.2.0-12.2.2, 12.3.0 - Resource Consumption via Gravatar
CVSS 7.5
CVE-2026-23864
HIGH
React Server Components 19.0.0-19.0.3, 19.1.0-19.1.4, 19.2.0-19.2.3 - DoS via Crafted HTTP Requests
CVSS 7.5
CVE-2026-24001
HIGH
jsdiff <8.0.3, 5.2.2, 4.0.4, 3.5.1 - DoS
CVSS 7.5
CVE-2026-20080
MEDIUM
Cisco IEC6400 Wireless Backhaul Edge Compute - DoS
CVSS 5.3
CVE-2026-21956
HIGH
Oracle VM VirtualBox 7.1.14 and 7.2.4 - Uncontrolled Resource Consumption
CVSS 8.2
CVE-2026-21955
HIGH
Oracle VM VirtualBox 7.1.14 and 7.2.4 - Uncontrolled Resource Consumption
CVSS 8.2
CVE-2026-21952
MEDIUM
MySQL Server 9.0.0-9.5.0 - Denial of Service in Parser
CVSS 4.9
CVE-2026-21950
MEDIUM
MySQL Server 9.0.0-9.5.0 - Authenticated Denial of Service in Optimizer
CVSS 6.5
CVE-2026-21949
MEDIUM
MySQL Server 9.0.0-9.5.0 - Denial of Service in Optimizer
CVSS 6.5
CVE-2026-21948
MEDIUM
MySQL Server 8.0.0-8.0.44, 8.4.0-8.4.7, 9.0.0-9.5.0 - Authenticated Denial of Service in Optimizer
CVSS 4.9
CVE-2026-21945
HIGH
Oracle GraalVM and Java SE - Unauthenticated Denial of Service via Resource Consumption
CVSS 7.5
CVE-2026-21942
MEDIUM
Oracle Solaris 10 and 11 - Denial of Service in Filesystems
CVSS 5.0
CVE-2026-21941
MEDIUM
MySQL Server 8.0.0-8.0.44, 8.4.0-8.4.7, 9.0.0-9.5.0 - Authenticated Denial of Service in Optimizer
CVSS 4.9
CVE-2026-21637
HIGH
Node.js 4.0.0-19.9.0 - Denial of Service via TLS PSK/ALPN Callback Exception Bypass
CVSS 7.5
CVE-2026-21696
MEDIUM
Pterodactyl Wings 1.7.0-1.11.9 - Uncontrolled Resource Consumption via Activity Log Processing
CVSS 6.5
CVE-2026-1174
MEDIUM
birkir prime < 0.4.0 - Uncontrolled Resource Consumption in GraphQL Alias Handler
CVSS 5.3
CVE-2026-23842
HIGH
ChatterBot < 1.2.11 - Denial of Service via SQLAlchemy Connection Pool Exhaustion
CVSS 7.5
Details
Vulnerabilities
3,100
Exploit Likelihood
High