Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-770

CWE-770

High likelihood

Allocation of Resources Without Limits or Throttling

Parent: CWE-400 - Uncontrolled Resource Consumption

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

1,858 vulnerabilities with CWE-770

CVE-2025-15474 MEDIUM

AuntyFey Smart Combination Lock - DoS

CVE-2025-69229 MEDIUM

aiohttp < 3.13.3 - Denial of Service via Chunked Message Handling

CVE-2025-69228 HIGH

aiohttp < 3.13.3 - Denial of Service via Request.post() Memory Exhaustion

CVE-2025-69223 HIGH

aiohttp < 3.13.3 - Denial of Service via Zip Bomb Decompression

CVE-2025-68456 CRITICAL

Craft CMS 3.0.0-4.16.16 and 5.0.0-RC1-5.8.20 - Unauthenticated Resource Exhaustion via Database Backup Trigger

CVE-2025-64422 MEDIUM

Coolify >= 4.0.0-beta.434 - Unauthenticated Rate Limit Bypass via X-Forwarded-For Header Rotation

CVE-2025-57705 MEDIUM

QNAP QTS and QuTS hero - Resource Exhaustion via Administrator Account

CVE-2025-47208 MEDIUM

QNAP QTS and QuTS hero - Authenticated Denial of Service via Resource Exhaustion

CVE-2025-68272 HIGH

Signal K Server < 2.19.0 - Unauthenticated Denial of Service via Access Request Endpoint Flooding

CVE-2025-68148 MEDIUM

FreshRSS 1.27.0-1.28.0 - Denial of Service via Proxy Retry-After Header Manipulation

CVE-2025-11419 HIGH

Keycloak < 26.0.16 - Unauthenticated Denial of Service via TLS 1.2 Client-Initiated Renegotiation

CVE-2025-14299 MEDIUM

Tapo C200 V3 Firmware - Unauthenticated Denial of Service via HTTPS Content-Length Header Overflow

CVE-2025-68390 MEDIUM

Elasticsearch 7.0.0-7.17.28 and 8.0.0-8.19.7 - Authenticated Denial of Service via Snapshot Restore Memory Allocation

CVE-2025-68389 MEDIUM

Kibana 7.0.0-7.17.29 - Authenticated Denial of Service via Resource Exhaustion

CVE-2025-68388 MEDIUM

Packetbeat 8.6.0-8.19.8 & <7.0.0-alpha2 - DoS via Malicious IPv4 Fragments

CVE-2025-68384 MEDIUM

Elasticsearch 7.0.0-7.17.28 and 8.0.0-8.19.8 - Authenticated Denial of Service via Oversized User Settings Data

CVE-2025-14466 MEDIUM

Güralp Fortimus/Minimus/Certimus - DoS

CVE-2025-68156 HIGH

expr < 1.17.7 - Denial of Service via Recursive Builtin Function Stack Overflow

CVE-2025-64702 MEDIUM

quic-go < 0.57.0 - Memory Exhaustion via QPACK-Encoded HEADERS Frame

CVE-2025-4097 MEDIUM

GitLab 11.10-18.4.5, 18.5-18.5.3, 18.6-18.6.1 - Authenticated Denial of Service via Image Upload

CVE-2025-14157 MEDIUM

GitLab 6.3-18.4.5, 18.5-18.5.3, 18.6-18.6.1 - Authenticated Denial of Service via Large API Content Parameters

CVE-2025-12562 HIGH

GitLab 11.10-18.4.5, 18.5-18.5.3, 18.6-18.6.1 - Unauthenticated Denial of Service via GraphQL Query Complexity Bypass

CVE-2025-66473 HIGH

XWiki < 16.10.11 - Denial of Service via Unrestricted REST API Item Requests

CVE-2025-9368 HIGH

Rockwell Automation 432ES-IG3 Series A - Denial of Service

CVE-2025-41694 MEDIUM

Phoenix Contact FL SWITCH Firmware < 3.50 - Denial of Service via Empty Command

Previous Page 17 of 75 Next

Details

Vulnerabilities 1,858

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy