Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-770

CWE-770

High likelihood

Allocation of Resources Without Limits or Throttling

Parent: CWE-400 - Uncontrolled Resource Consumption

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

1,858 vulnerabilities with CWE-770

CVE-2026-49955 MEDIUM

Hermes WebUI < 0.51.270 Resource Exhaustion via passkey/options

CVE-2026-42570 HIGH

Svelte devalue: DoS via sparse array deserialization

CVE-2026-41851 MEDIUM

Spring Framework Denial of Service via Unbounded Cache in SpEL

CVE-2026-41710 MEDIUM

Cache Exhaustion in Stateful Retries leads to Denial of Service

CVE-2026-41007 HIGH

Spring HATEOAS heap exhaustion through unbounded internal caching

CVE-2026-43973 HIGH

gun HTTP/1.1 response buffer has no size limit allowing server-controlled memory exhaustion

CVE-2026-45290 HIGH

Cloudburst Network has DoS in RakNet connection handling due to missing bound checks

CVE-2026-50589 MEDIUM

Openstack Ironic < 35.0.1 - Allocation of Resources Without Limits or Throttling

CVE-2026-40898 MEDIUM

quic-go: HTTP/3 QPACK Trailer Expansion Memory Exhaustion

CVE-2026-36499 MEDIUM

Open vSwitch v3.6.90 - Denial of Service via Excessive Thread Allocation in udpif_set_threads()

CVE-2026-44545 MEDIUM

Unbounded WebSocket message and frame sizes can cause unauthenticated remote denial of service

CVE-2026-48597 HIGH

Atom table exhaustion via untrusted URL scheme in Tesla.Adapter.Mint

CVE-2026-35202 LOW

Pterodactyl Panel <1.12.3 Client API - Database Limit Bypass

CVE-2026-34077 HIGH

React Router vulnerable to Denial of Service via reflected user input in single-fetch

CVE-2026-28299 HIGH

SolarWinds Web Help Desk Denial-of-Service Vulnerability

CVE-2026-49754 HIGH

HTTP/2 CONTINUATION flood in Mint client via unbounded header-block accumulation

CVE-2026-48862 HIGH

Unbounded conn.streams growth in Mint HTTP/2 client via unenforced PUSH_PROMISE concurrency

CVE-2026-45682 MEDIUM

OpenTelemetry eBPF Instrumentation: CappedConcurrentHashMap leaks keys after removals

CVE-2026-45554 MEDIUM

NiceGUI: Unauthenticated log-flood DoS via trailing slash on ESM and per-component resource routes

CVE-2026-49140 MEDIUM

Nanobot < 0.2.1 - Authenticated Denial of Service via Matrix Media Download Handler

CVE-2026-40990 MEDIUM

Spring Cloud Function DoS via Function Registry Overflow

CVE-2026-10533 MEDIUM

Red Hat OpenShift - ResourceQuota Bypass Event Flood Denial of Service

CVE-2026-49361 HIGH

Apache Fluss Netty Frame Decoder Memory Exhaustion Vulnerability

CVE-2026-48187 MEDIUM

OTRS Email Handling - Resource Exhaustion Denial of Service

CVE-2026-46599 HIGH

Excessive resource consumption in PackBits decompression in golang.org/x/image/tiff

Previous Page 2 of 75 Next

Details

Vulnerabilities 1,858

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy