CWE-770: CWE-770

A vulnerability in libvirt's XML processing allows authenticated users with limited permissions to cause denial-of-service through memory exhaustion. ...

An attacker with SSH access to an unprivileged account can disrupt services including SSH itself, causing persistent denial of service. This affects s...

This vulnerability in Eclipse ThreadX allows threads to be created with higher priority than configured maximum, potentially causing denial of service...

OpenEXR 3.3.2 has a vulnerability where it trusts unvalidated dataWindow size values from file headers, allowing malicious EXR files to trigger excess...

This vulnerability allows an attacker to cause a denial-of-service crash by loading a specially crafted ICNS image file in Qt's QImage component. It a...

A race condition vulnerability in the Linux kernel's virtio sound driver where uninitialized work_struct structures can trigger kernel warnings during...

A memory management vulnerability in the Linux kernel's PowerPC code patching subsystem incorrectly marks a text patching area as VM_ALLOC when it's n...

A race condition in the Linux kernel's Btrfs filesystem can cause double accounting of ordered extents when btrfs_run_delalloc_range() fails, leading ...

A vulnerability in the Linux kernel's storvsc SCSI driver allows hypervisor errors to trigger excessive warning logs, consuming CPU resources and caus...

This vulnerability in Apple operating systems allows an attacker to cause unexpected app termination (denial of service) by tricking a user into openi...

A vulnerability in macOS file parsing can cause unexpected application termination when processing malicious files. This affects users running macOS v...

This vulnerability in IBM App Connect Enterprise Certified Container allows attackers to write unlimited data to the local filesystem, potentially exh...

This vulnerability allows an attacker to cause a denial of service (DoS) by tricking a user into processing a maliciously crafted file on affected App...

A Linux kernel vulnerability where the RLIMIT_SIGPENDING resource limit is incorrectly enforced even when override_rlimit is set, preventing proper si...

The Linux kernel's uinput subsystem fails to properly validate the number of multitouch slots requested during device creation, allowing attackers to ...

CVE-2024-41175 is a local denial-of-service vulnerability in the IPC-Diagnostics package of TwinCAT/BSD that allows low-privileged local users to cras...

A race condition vulnerability in the Linux kernel's DMA memory management subsystem allows a use-after-free scenario when freeing DMA-allocated memor...

This Linux kernel vulnerability in the SDHCI driver incorrectly sets maximum segment size for memory pages, causing a kernel warning and potential sys...

A memory management vulnerability in the Linux kernel's hugetlb subsystem where failure to allocate memory for reservation structures can cause improp...

A race condition in the Linux kernel's IPv6 implementation allows a use-after-free vulnerability when ipv6_get_ifaddr and ipv6_del_addr execute concur...

This memory handling vulnerability in Apple operating systems allows malicious apps to execute arbitrary code with kernel privileges, potentially gain...

This vulnerability in Android's SnoozeHelper component allows local attackers to cause persistent denial of service through resource exhaustion. It af...

A memory management vulnerability in the Linux kernel's framebuffer console (fbcon) font handling can lead to a kernel panic or system crash. When fbc...

This vulnerability in PowerDNS Recursor allows attackers to cause denial of service through resource exhaustion or perform DNS cache poisoning attacks...

This vulnerability in IBM Db2 Big SQL on Cloud Pak for Data allows authenticated users with internal knowledge to cause a denial of service by exploit...

This vulnerability in GitLab allows unauthenticated attackers to cause denial of service by sending repeated malformed SSH authentication requests. It...

AIOHTTP versions 3.13.2 and below contain a vulnerability where handling chunked HTTP messages can cause excessive blocking CPU usage. Attackers can e...

This vulnerability in Packetbeat allows unauthenticated remote attackers to send malicious IPv4 fragments that trigger excessive memory and CPU alloca...

An unauthenticated attacker can send specially-crafted HTTP requests to the web interface of Güralp Fortimus, Minimus, and Certimus series devices, c...

quic-go versions 0.56.0 and below are vulnerable to memory exhaustion attacks through HTTP/3 QPACK header decoding. Attackers can send specially craft...

This vulnerability in SSH servers allows attackers to cause denial of service through memory exhaustion by sending malformed GSSAPI authentication req...

This vulnerability in Go's DER parsing allows an attacker to cause memory exhaustion by sending maliciously crafted DER payloads. It affects applicati...

This vulnerability affects BIG-IP Advanced WAF with SSRF protection or NGINX with App Protect Bot Defense, where undisclosed requests can disrupt new ...

This vulnerability allows attackers to send excessively large payloads during failed login attempts, which are then logged without validation. This co...

This vulnerability in the xz Go package allows attackers to prepend arbitrary data before LZMA-encoded streams, causing excessive memory allocation du...

This vulnerability allows unauthenticated attackers to send specially crafted GraphQL requests to GitLab instances, causing denial-of-service conditio...

IBM WebSphere Application Server Liberty versions 18.0.0.2 through 25.0.0.8 are vulnerable to a denial of service attack where a remote attacker can s...

This CVE describes an HTTP/2 implementation flaw that allows attackers to send malformed HTTP/2 control frames to bypass the max concurrent streams li...

This vulnerability allows attackers to bypass email confirmation rate limits in Mastodon by rotating IP addresses, enabling them to send unlimited con...

CVE-2025-54939 is a memory leak vulnerability in LiteSpeed's LSQUIC library that occurs when processing QUIC packets before handshake completion. This...

A denial-of-service vulnerability in Starlette's file upload handling allows attackers to block the main event loop by sending large multipart form fi...

This vulnerability in Cloudflare's quiche QUIC library allows attackers to manipulate congestion control, causing affected systems to send data faster...

This vulnerability in IBM Db2 allows authenticated users to cause denial of service through CPU resource exhaustion when using Q replication. It affec...

A vulnerability in Rust's Ring cryptography library allows attackers to trigger a panic (crash) by sending specially crafted QUIC packets when overflo...

This vulnerability in Django's strip_tags() function and striptags template filter allows attackers to cause denial-of-service through slow performanc...

This vulnerability in IBM Db2 allows authenticated users to cause denial of service by exhausting memory resources under specific configurations. It a...

Dell PowerScale OneFS versions 9.5.0.0 through 9.10.0.0 contain an uncontrolled resource consumption vulnerability. An unauthenticated remote attacker...

This vulnerability allows remote unauthenticated attackers to cause denial-of-service conditions in affected HMI devices by exploiting resource alloca...

This vulnerability in Directus's S3 storage driver allows attackers to cause denial of service for all assets by sending multiple malformed transforma...

This vulnerability allows attackers to send excessive password reset emails to legitimate users by exploiting missing rate limiting in the 'Forgot Pas...