Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-407

CWE-407

Low likelihood

Inefficient Algorithmic Complexity

Parent: CWE-405 - Asymmetric Resource Consumption (Amplification)

An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached.

74 vulnerabilities with CWE-407

CVE-2026-40476 MEDIUM

graphql-php: Denial of Service via quadratic complexity in OverlappingFieldsCanBeMerged validation

CVE-2026-40164 HIGH

jq: Algorithmic complexity DoS via hardcoded MurmurHash3 seed

CVE-2026-35599 MEDIUM

Vikunja has an Algorithmic Complexity DoS in Repeating Task Handler

CVE-2026-6042 LOW

musl libc GB18030 4-byte Decoder iconv.c iconv algorithmic complexity

CVE-2026-33033 MEDIUM

Potential denial-of-service vulnerability in MultiPartParser via base64-encoded file upload

CVE-2026-34827 HIGH

Rack: Algorithmic-Complexity DoS in Rack::Multipart::Parser

CVE-2026-34230 MEDIUM

Rack: Quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding header

CVE-2026-31937 HIGH

Suricata dcerpc: quadratic complexity in dcerpc buffering

CVE-2026-31934 HIGH

Suricata smtp/mine: quadratic complexity in extracting urls

CVE-2026-31933 HIGH

Suricata stream: quadratic complexity in stream inspection

CVE-2026-31932 HIGH

Suricata krb5: quadratic complexity in krb5 buffering

CVE-2026-34573 HIGH

Parse Server: GraphQL complexity validator exponential fragment traversal DoS

CVE-2026-3988 HIGH

Inefficient Algorithmic Complexity in GitLab

CVE-2026-33123 MEDIUM

pypdf has inefficient decoding of array-based streams

CVE-2026-28804 MEDIUM

pypdf <6.7.5 - DoS

CVE-2026-27903 HIGH

minimatch <10.2.3 - DoS

CVE-2026-1285 HIGH

Django <6.0.2-<4.2.28 - DoS

CVE-2025-67841 HIGH

Nordic Semiconductor IronSide SE <23.0.2+17 - DoS

CVE-2025-14831 MEDIUM

CVE-2025-14550 HIGH

Django <6.0.2-4.2.28 - DoS

CVE-2025-14822 LOW

Mattermost <10.11.9 - DoS

CVE-2025-12084 MEDIUM

xml.dom.minidom - Info Disclosure

CVE-2025-64460 HIGH

Django <5.2.9-4.2.27 - DoS

CVE-2025-66382 LOW

libexpat <2.7.3 - DoS

CVE-2025-11230 HIGH

Page 1 of 3 Next

Details

Vulnerabilities 74

Exploit Likelihood Low

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy