Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-770

CWE-770

High likelihood

Allocation of Resources Without Limits or Throttling

Parent: CWE-400 - Uncontrolled Resource Consumption

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

1,858 vulnerabilities with CWE-770

CVE-2025-41693 MEDIUM

Phoenix Contact FL SWITCH Firmware < 3.50 - Resource Exhaustion via SSH Command Execution

CVE-2025-36140 MEDIUM

IBM watsonx.data 2.2.0-2.2.1 - Authenticated Denial of Service via Ingestion Pods

CVE-2025-48569 MEDIUM

Android - Denial of Service via Resource Exhaustion

CVE-2025-48615 HIGH

MediaButtonReceiverHolder - Privilege Escalation

CVE-2025-48603 MEDIUM

Android - Local Denial of Service via InputMethodInfo Resource Exhaustion

CVE-2025-66418 HIGH

urllib3 1.24-2.5.x - Denial of Service via Unbounded Decompression Chain

CVE-2025-12385 HIGH

Qt <6.5.10, <6.8.5, <6.9.0 - Improper Validation of Specified Quant...

CVE-2025-63402 MEDIUM

HCLTech Dragon < 7.6.0 - Remote Code Execution via Unrestricted API Requests

CVE-2025-13751 MEDIUM

OpenVPN 2.5.0-2.6.16 and 2.7_alpha1-2.7_rc2 - Authenticated Denial of Service via Interactive Service Agent

CVE-2025-65113 MEDIUM

ClipBucket 5.3-5.5.2-164 - Unauthenticated Authorization Bypass via AJAX Flagging System

CVE-2025-64334 HIGH

Suricata 8.0.0-8.0.1 - Denial of Service via HTTP Compression Decompression

CVE-2025-7449 MEDIUM

GitLab 8.3-18.4.5, 18.5-18.5.3, 18.6-18.6.1 - Authenticated Denial of Service via HTTP Response Processing

CVE-2025-12571 HIGH

GitLab 17.10-18.4.5, 18.5-18.5.3, 18.6-18.6.1 - Unauthenticated Denial of Service via Malicious JSON Payloads

CVE-2025-65942 LOW

VictoriaMetrics <1.110.23, <1.122.8, <1.129.1 - DoS

CVE-2025-62426 MEDIUM

vLLM 0.5.5-0.11.1 - Denial of Service via Unvalidated chat_template_kwargs Parameter

CVE-2025-58181 MEDIUM

golang/crypto and x/crypto < 0.45.0 - Unbounded Memory Consumption via GSSAPI Mechanism Count

CVE-2025-11243 HIGH

Shelly Pro 4PM < 1.6 - Denial of Service via Excessive Resource Allocation

CVE-2025-65015 HIGH

joserfc 1.3.3-1.3.4 and 1.4.0-1.4.1 - Denial of Service via Large JWT Payload

CVE-2025-54320 MEDIUM

Ascertia SigningHub <= 8.6.8 - Authenticated Email Bombing via Invite User Function

CVE-2025-13165 HIGH

Digiwin EasyFlow GP 5.7.x-5.7.7.2, 5.8.8.3-5.8.11.1.0810112, 8.1.x-8.1.1.2 - DoS via Specific Requests

CVE-2025-59089 MEDIUM

kdcproxy < 1.1.0 - Denial of Service via Unbounded KDC Response Handling

CVE-2025-12748 MEDIUM

Red Hat Enterprise Linux 6-10 - Denial of Service via XML File Processing

CVE-2025-64529 MEDIUM

SpiceDB < 1.45.2 - Incorrect Permission Check Results via WriteRelationships Call

CVE-2025-64509 HIGH

Bugsink < 2.0.6 - Denial of Service via Brotli Decompression

CVE-2025-64508 HIGH

Bugsink < 2.0.5 - Denial of Service via Brotli Decompression Bomb

Previous Page 18 of 75 Next

Details

Vulnerabilities 1,858

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy