Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-400 (未加控制的资源消耗(资源穷尽)) — Vulnerability Class 1385

1385 vulnerabilities classified as CWE-400 (未加控制的资源消耗(资源穷尽)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2022-4986 Hirschmann EagleSDV Denial of Service via TLS — Hirschmann EagleSDV 7.5 High2026-04-02
CVE-2024-14033 Hirschmann EagleSDV Denial of Service via TLS — Hirschmann EagleSDV 7.5 High2026-04-02
CVE-2026-34593 Ash Framework: Ash.Type.Module.cast_input/2 atom exhaustion via unchecked Module.concat allows BEAM VM crash — ash 6.5AIMediumAI2026-04-02
CVE-2026-34829 Rack: Denial of Service via Unbounded Multipart File Upload Without Content-Length — rack 7.5 High2026-04-02
CVE-2026-34826 Rack: Unbounded Range Count in get_byte_ranges Enables DoS — rack 5.3 Medium2026-04-02
CVE-2026-34230 Rack: Quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding header — rack 5.3 Medium2026-04-02
CVE-2026-31935 Suricata http2: unbounded resource consumption — suricata 7.5 High2026-04-02
CVE-2026-22815 AIOHTTP: Uncapped memory usage possible through aiohttp allowing unlimited trailer headers — aiohttp 7.5 -2026-04-01
CVE-2026-34404 Nuxt OG Image vulnerable to DoS via image generation — og-image 7.5 -2026-03-31
CVE-2026-34043 Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects — serialize-javascript 5.9 Medium2026-03-31
CVE-2026-33750 brace-expansion: Zero-step sequence causes process hang and memory exhaustion — brace-expansion 6.5 Medium2026-03-27
CVE-2026-27859 Open-Xchange OX Dovecot Pro 安全漏洞 — OX Dovecot Pro 5.3 Medium2026-03-27
CVE-2026-27857 Open-Xchange OX Dovecot Pro 安全漏洞 — OX Dovecot Pro 4.3 Medium2026-03-27
CVE-2026-27858 Open-Xchange OX Dovecot Pro 安全漏洞 — OX Dovecot Pro 7.5 High2026-03-27
CVE-2026-33541 TSPortal's Uncontrolled User Creation via Validation Side Effects Leads to Potential Denial of Service — TSPortal 6.5 Medium2026-03-26
CVE-2026-4926 path-to-regexp vulnerable to Denial of Service via sequential optional groups — path-to-regexp 7.5 High2026-03-26
CVE-2026-3116 Improper Input Validation in Zoom Plugin Webhook Handler — Mattermost 4.9 Medium2026-03-26
CVE-2026-26233 Denial of Service via HTTP/2 single packet attack on login endpoint — Mattermost 4.3 Medium2026-03-25
CVE-2026-20084 Cisco IOS XE Software 资源管理错误漏洞 — Cisco IOS XE Software 8.6 High2026-03-25
CVE-2026-33268 Nanoleaf Lines unauthenticated firmware file store — Lines 6.5 Medium2026-03-25
CVE-2026-33538 Parse Server: Denial of service via unindexed database query for unconfigured auth providers — parse-server 7.5 -2026-03-24
CVE-2026-33474 Vikunja Affected by DoS via Image Preview Generation — vikunja 6.5 Medium2026-03-24
CVE-2026-33176 Rails Active Support has a possible DoS vulnerability in its number helpers — activesupport 7.5 -2026-03-23
CVE-2026-33169 Rails Active Support has a possible ReDoS vulnerability in number_to_delimited — activesupport 7.5 -2026-03-23
CVE-2026-33204 SimpleJWT has an Unauthenticated Denial of Service via JWE header tampering — simplejwt 7.5 High2026-03-20
CVE-2026-33155 DeepDiff has Memory Exhaustion DoS through SAFE_TO_IMPORT — deepdiff 7.5 -2026-03-20
CVE-2026-33123 pypdf has inefficient decoding of array-based streams — pypdf 6.5 -2026-03-20
CVE-2026-27980 Next.js: Unbounded next/image disk cache growth can exhaust storage — next.js 6.5 -2026-03-18
CVE-2026-25771 Wazuh Vulnerable to Denial of Service via Synchronous I/O Blocking in Asynchronous Authentication Middleware — wazuh 5.3 Medium2026-03-17
CVE-2026-4174 Radare2 Mach-O File mach0.c walk_exports_trie resource consumption — Radare2 3.3 Low2026-03-15

Vulnerabilities classified as CWE-400 (未加控制的资源消耗(资源穷尽)) represent 1385 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.