Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-407

CWE-407

Low likelihood

Inefficient Algorithmic Complexity

Parent: CWE-405 - Asymmetric Resource Consumption (Amplification)

An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached.

90 vulnerabilities with CWE-407

CVE-2026-31933 HIGH

Suricata stream: quadratic complexity in stream inspection

CVE-2026-31932 HIGH

Suricata krb5: quadratic complexity in krb5 buffering

CVE-2026-34573 HIGH

Parse Server: GraphQL complexity validator exponential fragment traversal DoS

CVE-2026-3988 HIGH

Inefficient Algorithmic Complexity in GitLab

CVE-2026-33123 MEDIUM

pypdf has inefficient decoding of array-based streams

CVE-2026-28804 MEDIUM

pypdf < 6.7.5 - Denial of Service via ASCIIHexDecode Filter

CVE-2026-27903 HIGH

minimatch < 10.2.3 DoS via Globstar Pattern Backtracking

CVE-2026-1285 HIGH

Django 4.2-4.2.27, 5.2-5.2.10, 6.0-6.0.1 - Denial of Service via Unmatched HTML End Tags

CVE-2025-67841 HIGH

Nordic Semiconductor IronSide SE <23.0.2+17 - DoS

CVE-2025-14831 MEDIUM

GnuTLS - Denial of Service

CVE-2025-14550 HIGH

Django 4.2-4.2.27, 5.2-5.2.10, 6.0-6.0.1 - Denial of Service via Duplicate ASGI Headers

CVE-2025-14822 LOW

Mattermost 10.11.0-10.11.8 - Authenticated Denial of Service via Hashtag Processing

CVE-2025-12084 MEDIUM

Python < 3.13.11 - Denial of Service via Quadratic Complexity in xml.dom.minidom

CVE-2025-64460 HIGH

Django 4.2-4.2.26 5.1-5.1.14 5.2a1-5.2.8 - Denial of Service via XML Deserializer

CVE-2025-66382 LOW

libexpat < 2.7.3 - Denial of Service via Crafted File Processing

CVE-2025-11230 HIGH

HAProxy Aloha Appliance 14.5.0-14.5.32 and HAProxy 2.4.0-2.4.29 - Denial of Service via mjson JSON Request Parsing

CVE-2025-64458 HIGH

Django 4.2-4.2.25, 5.1-5.1.13, 5.2-5.2.7 - Denial of Service via NFKC Unicode Normalization

CVE-2025-58187 HIGH

Certificate Validation - Info Disclosure

CVE-2025-62727 HIGH

Starlette 0.39.0-0.49.0 - Unauthenticated Denial of Service via HTTP Range Header

CVE-2025-55304 MEDIUM

Exiv2 < 0.28.6 - Denial of Service via Crafted JPEG ICC Profile

CVE-2025-27209 HIGH

Node.js 24.0.0-24.4.0 - Denial of Service via Hash Collision in String Hashing

CVE-2025-29908 MEDIUM

Netty QUIC codec <0.0.71. Final - Hash DoS

CVE-2025-30348 MEDIUM

Qt < 5.15.19 - Inefficient Algorithmic Complexity in QDom encodeText

CVE-2025-24947 MEDIUM

LSQUIC < 4.2.0 - Denial of Service via Hash Collision in Connection ID Hash Table

CVE-2025-24946 MEDIUM

picoquic < b80fd3f5903279ae3e7714ee4109363d9ab4491a - Denial of Service via Hash Table Collision

Previous Page 2 of 4 Next

Details

Vulnerabilities 90

Exploit Likelihood Low

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy