Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-405

CWE-405

Asymmetric Resource Consumption (Amplification)

Parent: CWE-400 - Uncontrolled Resource Consumption

The product does not properly control situations in which an adversary can cause the product to consume or produce excessive resources without requiring the adversary to invest equivalent work or otherwise prove authorization, i.e., the adversary's influence is "asymmetric."

43 vulnerabilities with CWE-405

CVE-2026-8594 MEDIUM

Text::LineFold versions through 2019.001 for Perl duplicate the output based on the number of special break characters

CVE-2026-45557 MEDIUM

Technitium DNS Server excessive DNSSEC requests

CVE-2026-44296 HIGH

Deskflow: TLS multiplexer DoS on failed `SSL_accept`

CVE-2026-35665 MEDIUM

OpenClaw < 2026.3.24 - Denial of Service via Feishu Webhook Pre-Auth Body Parsing

CVE-2026-35626 MEDIUM

OpenClaw < 2026.3.22 - Unauthenticated Resource Exhaustion via Voice Call Webhook

CVE-2026-25611 HIGH

MongoDB Server 7.0-7.0.28, 8.0-8.0.17, 8.2-8.2.3 - Unauthenticated Denial of Service via Memory Exhaustion

CVE-2026-24324 MEDIUM

SAP BusinessObjects Business Intelligence Platform - Authenticated Denial of Service via AdminTools Query

CVE-2026-0485 HIGH

SAP BusinessObjects BI Platform - DoS

CVE-2026-22775 HIGH

Svelte devalue 5.1.0-5.6.1 - Denial of Service via Malformed ArrayBuffer Input

CVE-2026-22774 HIGH

Svelte devalue 5.3.0-5.6.1 - Denial of Service via Typed Array Hydration

CVE-2025-46598 MEDIUM

Bitcoin Core < 0.30.0 - Denial of Service via Crafted Transaction

CVE-2025-68480 MEDIUM

marshmallow 3.0.0rc1-3.26.1 and 4.0.0-4.1.1 - Denial of Service via Schema.load

CVE-2025-42876 HIGH

SAP S/4 HANA Private Cloud - Info Disclosure

CVE-2025-42874 HIGH

SAP NetWeaver Xcelsius Remote Service - High-Privilege Remote Code Execution

CVE-2025-42873 MEDIUM

SAPUI5 framework Markdown-it component - Denial of Service via Infinite Loop

CVE-2025-66564 HIGH

Sigstore Timestamp Authority <2.0.3 - Info Disclosure

CVE-2025-66506 HIGH

Fulcio < 1.8.3 - Denial of Service via OIDC Identity Token Period Character Amplification

CVE-2025-49643 MEDIUM

Zabbix Frontend 6.0.0-6.0.41 - Authenticated Denial of Service via imgstore.php

CVE-2025-8677 HIGH

BIND 9 9.18.0-9.18.39, 9.20.0-9.20.13, 9.21.0-9.21.12 - DoS via Malformed DNSKEY

CVE-2025-22166 HIGH

Confluence Data Center and Server 8.5.0-8.5.24 - Denial of Service

CVE-2025-26516 MEDIUM

StorageGRID < 11.8.0.15 - Unauthenticated Denial of Service

CVE-2025-31987 MEDIUM

HCL Connections Docs - Denial of Service via Document Upload Validation Bypass

CVE-2025-53633 CRITICAL

ctfer-io chall-manager < 0.1.4 - Unauthenticated Denial of Service via Zip Bomb Decompression

CVE-2025-43857 MEDIUM

Net::IMAP DoS via Malicious Server Literal Byte Count

CVE-2025-30204 HIGH

golang-jwt <5.2.2,4.5.2 - Info Disclosure

Page 1 of 2 Next

Details

Vulnerabilities 43

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy