Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-770

CWE-770

High likelihood

Allocation of Resources Without Limits or Throttling

Parent: CWE-400 - Uncontrolled Resource Consumption

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

1,858 vulnerabilities with CWE-770

CVE-2026-40881 HIGH

Zebra: addr/addrv2 Deserialization Resource Exhaustion

CVE-2026-33812 MEDIUM

Excessive memory allocation when decoding malicious SFNT in golang.org/x/image

CVE-2026-40608 MEDIUM

Next AI Draw.io: Unbounded HTTP Body — Denial of Service

CVE-2026-40498 CRITICAL

FreeScout has Authentication Bypass and Information Disclosure in SystemController via /system/cron

CVE-2026-39396 LOW

OpenBao has Decompression Bomb via Unbounded Copy in OCI Plugin Extraction (DoS)

CVE-2026-6060 MEDIUM

OTRS 7.0.x-8.0.x, 2023.x-2025.x, <2026.3.x - Denial of Service via SQL Box Resource Consumption

CVE-2026-5807 HIGH

Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations

CVE-2026-39313 HIGH

MCP-Framework: Unbounded memory allocation in readRequestBody allows denial of service via HTTP transport

CVE-2026-35469 HIGH

SpdyStream: DOS on CRI

CVE-2026-40192 HIGH

Pillow is vulnerable to a FITS GZIP decompression bomb

CVE-2026-3505 HIGH

Unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion.

CVE-2026-40104 HIGH

XWiki's REST APIs can list all pages/spaces, leading to unavailability

CVE-2026-31283 CRITICAL

Totara LMS <=v19.1.5 - Email Bombing

CVE-2026-40395 MEDIUM

Varnish Enterprise < 6.0.16r12 - Denial of Service via Headerplus Workspace Overflow

CVE-2026-40073 HIGH

SvelteKit <2.57.1 adapter-node - BODY_SIZE_LIMIT Bypass

CVE-2026-35602 MEDIUM

Vikunja <2.3.0 Import Size Field - File Size Limit Bypass

CVE-2026-40116 HIGH

PraisonAI's Unauthenticated WebSocket Endpoint Proxies to Paid OpenAI Realtime API Without Rate Limits

CVE-2026-40115 MEDIUM

PraisonAI <4.5.128 WSGI Recipe Registry - Denial of Service

CVE-2026-35633 MEDIUM

OpenClaw < 2026.3.22 - Unbounded Memory Allocation via Remote Media Error Responses

CVE-2026-39959 HIGH

Tmds.DBus: malicious D-Bus peers can spoof signals, exhaust file descriptor resources, and cause denial of service

CVE-2026-5440 HIGH

Memory Exhaustion via Unbounded Content-Length

CVE-2026-5439 HIGH

Memory Exhaustion via Forged ZIP Metadata

CVE-2026-5438 HIGH

Gzip Decompression Bomb via Content-Encoding Header

CVE-2026-24661 LOW

Unbounded Request Body Read in MS Teams Plugin {{/changes}} Webhook Endpoint

CVE-2026-21388 LOW

Unbounded Request Body Read in MS Teams Plugin {{/lifecycle}} Webhook Endpoint

Previous Page 7 of 75 Next

Details

Vulnerabilities 1,858

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy