CWE-400: Resource Exhaustion

This vulnerability causes a slow kernel memory leak on Juniper SRX Series devices with link aggregation configured when AE interface statistics are fe...

This vulnerability in Eclipse Jetty allows denial-of-service attacks by causing 100% CPU usage when processing large invalid TLS frames. Attackers can...

CVE-2019-19343 is a memory leak vulnerability in Undertow's HttpOpenListener when using Remoting in Red Hat JBoss EAP. This flaw allows attackers to c...

CVE-2021-21341 is a denial-of-service vulnerability in XStream library where specially crafted XML input can cause 100% CPU consumption on target syst...

Node.js servers are vulnerable to denial of service attacks when attackers establish numerous connections with unknown protocols, causing file descrip...

This vulnerability allows attackers to spoof camera devices and send malicious data to UniFi Protect controllers, causing denial-of-service crashes. I...

A ReDoS (Regular Expression Denial of Service) vulnerability exists in the @progfay/scrapbox-parser package for Node.js, allowing attackers to cause d...

This vulnerability in Apache Thrift allows malicious RPC clients to send specially crafted short messages that trigger excessive memory allocation, po...

This vulnerability allows authenticated VPN users on BIG-IP APM to cause excessive memory consumption in the Traffic Management Microkernel (TMM), pot...

IBM Spectrum Protect Plus versions 10.1.0 through 10.1.7 contain a vulnerability that allows remote attackers to inject arbitrary data, causing resour...

This vulnerability in httplib2 allows a malicious server to cause denial of service by sending long sequences of non-breaking space characters in WWW-...

CVE-2021-21294 is a denial-of-service vulnerability in http4s-blaze-server where the underlying blaze-core library accepts connections without bounds,...

CVE-2020-27295 is a denial-of-service vulnerability in the OPC UA Tunneller software where uncontrolled resource consumption allows attackers to crash...

A logic flaw in Nextcloud Server's password reset functionality allows attackers to trigger a denial of service condition. This affects Nextcloud Serv...

This vulnerability in IBM MQ Internet Pass-Thru allows remote attackers to cause a denial of service by sending specially crafted MQ data requests tha...

This vulnerability causes a memory leak in Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPC when specific IRB and VPLS/bridg...

This vulnerability allows a remote authenticated attacker to cause a Denial of Service (Storage Processor Panic) on Dell EMC Unity storage systems by ...

CVE-2020-5423 is a denial-of-service vulnerability in Cloud Foundry's CAPI (Cloud Controller) where unauthenticated attackers can send malicious YAML ...

This vulnerability allows an unauthenticated attacker on the same network segment to send excessive ARP traffic to the management interface of Cisco I...

CVE-2022-29167 is a regular expression denial-of-service (ReDoS) vulnerability in the Hawk HTTP authentication library. Attackers can craft malicious ...

CVE-2021-32723 is a Regular Expression Denial of Service (ReDoS) vulnerability in Prism syntax highlighting library versions before 1.24.0. Attackers ...

A vulnerability in Stormshield Network Security (SNS) firewalls allows attackers to disrupt multicast traffic when multicast streams are enabled on mu...

This CVE describes an input validation vulnerability in multiple Apple operating systems that could allow an attacker on the local network to cause sy...

A memory leak vulnerability in the Linux kernel's nexthop notification chain allows unregistered listeners to retain references to nexthop objects, ca...

A vulnerability in mx-chain-go's transaction processing incorrectly increments the sender's nonce when a relayed inner transaction fails, allowing an ...

This vulnerability in the Linux kernel's KVM subsystem could allow an attacker to cause a denial-of-service (DoS) condition or potentially execute arb...

This CVE describes a denial-of-service vulnerability in VMware ESXi where an authenticated attacker with guest operation privileges can crash guest VM...

A denial-of-service vulnerability in Docker-proxy v18.09.0 allows attackers to crash or degrade the proxy service, disrupting container networking. Th...

This vulnerability allows authenticated Moodle users to craft malicious TeX formulas that consume excessive server resources when rendered, potentiall...

An uncontrolled resource consumption vulnerability in QNAP File Station 5 allows authenticated remote attackers to cause denial-of-service conditions....

This vulnerability allows authenticated users to crash Navidrome servers by sending requests with excessively large size parameters to image endpoints...

The gmrtd Go library for reading Machine Readable Travel Documents (MRTDs) has a vulnerability where ReadFile accepts TLV structures with lengths up t...

This vulnerability allows low-privileged users to trigger a database flood in Pterodactyl Panel by exploiting Wings' failure to respect SQLite's param...

This vulnerability allows attackers to perform denial-of-service attacks against Pterodactyl Wings servers by exploiting missing rate limiting and mes...

This CVE describes a race condition vulnerability in Pterodactyl Panel where concurrent requests can bypass resource limits. Malicious users can creat...

This vulnerability allows authenticated attackers to cause a Denial-of-Service (DoS) condition in Paessler PRTG Network Monitor by exploiting the Noti...

UxPlay 1.72 contains a double free vulnerability in RTSP request handling. Attackers can send specially crafted RTSP TEARDOWN requests to trigger mult...

This vulnerability allows attackers to send specially crafted OSPFv3 packets to Arista EOS devices, causing high CPU utilization that can restart the ...

This vulnerability in Android's LocalImageResolver component allows remote attackers to cause persistent denial of service through resource exhaustion...

An uncontrolled resource consumption vulnerability in userlog-index.php allows authenticated admin users to request arbitrarily large page sizes, pote...

An authenticated user can cause a denial-of-service by crashing the MFserver process in vulnerable M-Files Server versions. This affects organizations...

CVE-2025-62706 is a denial-of-service vulnerability in Authlib's JWE implementation where DEFLATE decompression lacks size limits. Attackers can send ...

A local privilege escalation vulnerability in Oracle Solaris 11 kernel allows authenticated low-privileged users to cause a complete denial-of-service...

An unauthenticated remote attacker can send specially crafted ethernet frames to vulnerable ArubaOS devices, causing denial of service that requires m...

An unauthenticated adjacent attacker can cause denial-of-service on affected Juniper PTX devices by sending specific valid CFM traffic that spikes CPU...

An uncontrolled resource consumption vulnerability in Qsync Central allows authenticated remote attackers to cause denial-of-service conditions. This ...

An uncontrolled resource consumption vulnerability in Qsync Central allows authenticated remote attackers to cause denial-of-service conditions. This ...

An authenticated attacker can send a specially crafted POST request to the /settings/localisation endpoint in Akaunting v3.1.18, causing a Denial of S...

This vulnerability in MySQL Server's optimizer component allows authenticated attackers with low privileges to cause denial of service by crashing or ...

This vulnerability in Oracle WebLogic Server allows authenticated attackers with low privileges to cause a denial of service (DoS) by crashing or hang...