Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-400

CWE-400

High likelihood

Uncontrolled Resource Consumption

Parent: CWE-664 - Improper Control of a Resource Through its Lifetime

The product does not properly control the allocation and maintenance of a limited resource.

2,909 vulnerabilities with CWE-400

CVE-2026-40481 HIGH

monetr: Unauthenticated Stripe webhook reads attacker-sized request bodies before signature validation

CVE-2026-40303 HIGH

zrok allows unauthenticated DoS via unbounded memory allocation in striped session cookie parsing

CVE-2026-40192 HIGH

Pillow is vulnerable to a FITS GZIP decompression bomb

CVE-2026-3505 HIGH

Unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion.

CVE-2026-35034 MEDIUM

Jellyfin: Potential Application DoS from excessively large SyncPlay group names

CVE-2026-27308 LOW

ColdFusion | Uncontrolled Resource Consumption (CWE-400)

CVE-2026-27307 LOW

ColdFusion | Uncontrolled Resource Consumption (CWE-400)

CVE-2026-33116 HIGH

.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

CVE-2026-26171 HIGH

.NET Denial of Service Vulnerability

CVE-2026-2405 MEDIUM

Schneider Electric PowerChute™ Serial Shutdown - Denial of Service

CVE-2026-30998 HIGH

FFmpeg 8.0.1 - DoS

CVE-2026-39304 HIGH

Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Incorrect handling of TLSv1.3 KeyUpdate can be exploited to cause DoS via OOM

CVE-2026-5986 MEDIUM

Zod jsVideoUrlParser util.js getTime redos

CVE-2026-23869 HIGH

Meta React-server-dom-turbopack < 19.0.4 - Denial of Service

CVE-2026-34166 LOW

LiquidJS has a Memory Limit Bypass via Quadratic Amplification in `replace` Filter

CVE-2026-33459 MEDIUM

Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

CVE-2026-39865 MEDIUM

Axios HTTP/2 Session Cleanup State Corruption Vulnerability

CVE-2026-35406 MEDIUM

Aardvark-dns has incorrect error handling for malformed tcp packets

CVE-2026-34045 HIGH

Podman Desktop WebView Server Exposed

CVE-2026-32588 MEDIUM

Apache Cassandra: Authenticated DoS via ALTER ROLE Password Hashing

CVE-2026-35441 MEDIUM

Directus Affected by GraphQL Alias Amplification Denial-of-Service Due to Missing Query Cost/Complexity Limits

CVE-2026-0049 MEDIUM

Google Android < 16-qpr2 - Denial of Service

CVE-2026-34148 HIGH

Fedify affected by resource exhaustion caused by unbounded redirect following during remote key/document resolution

CVE-2026-26477 MEDIUM

Dokuwiki 2025-05-14b - DoS

CVE-2026-34827 HIGH

Rack: Algorithmic-Complexity DoS in Rack::Multipart::Parser

Previous Page 3 of 117 Next

Details

Vulnerabilities 2,909

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy