Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-400 (未加控制的资源消耗(资源穷尽)) — Vulnerability Class 1385

1385 vulnerabilities classified as CWE-400 (未加控制的资源消耗(资源穷尽)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-30955 Gokapi vulnerable to DoS in E2E Metadata Parser — Gokapi 6.5 Medium2026-03-13
CVE-2026-23940 Denial of Service via Oversized Package Upload — hexpm 7.5 -2026-03-13
CVE-2026-31958 Tornado has a DoS due to too many multipart parts — tornado 6.5AIMediumAI2026-03-11
CVE-2026-29049 melange: unbounded HTTP download in `melange update-cache` can exhaust disk in CI — melange 4.3 Medium2026-03-06
CVE-2026-26999 Traefik: tcp router clears read deadlines before tls forwarding, enabling stalled handshakes (slowloris doS) — traefik 7.5 High2026-03-05
CVE-2026-1605 Eclipse Jetty 安全漏洞 — Eclipse Jetty 7.5 High2026-03-05
CVE-2026-28435 Payload size limit bypass via gzip decompression in ContentReader (streaming) allows oversized request bodies in cpp-httplib — cpp-httplib 7.5 High2026-03-04
CVE-2026-20066 Multiple Cisco Products Snort 3 TBD Denial of Service Vulnerability — Cisco Secure Firewall Threat Defense (FTD) Software 5.8 Medium2026-03-04
CVE-2026-25673 Potential denial-of-service vulnerability in URLField via Unicode normalization on Windows — Django 7.5AIHighAI2026-03-03
CVE-2026-28412 Textream Vulnerable to Uncontrolled Resource Consumption (Denial of Service) — textream 6.5 Medium2026-03-02
CVE-2026-28351 Manipulated RunLengthDecode streams can exhaust RAM — pypdf 4.3 -2026-02-27
CVE-2026-21619 Unsafe Deserialization of Erlang Terms in hex_core — hex_core 9.8 -2026-02-27
CVE-2026-26937 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service — Kibana 6.5 Medium2026-02-26
CVE-2026-27888 pypdf: Manipulated FlateDecode XFA streams can exhaust RAM — pypdf 6.5AIMediumAI2026-02-26
CVE-2026-27633 TinyWeb has Unbounded Content-Length Memory Exhaustion (DoS) — TinyWeb 7.5AIHighAI2026-02-25
CVE-2026-27630 TinyWeb vulnerable to Remote Denial of Service via Thread/Connection Exhaustion (Slowloris) — TinyWeb 7.5AIHighAI2026-02-25
CVE-2026-27204 Wasmtime WASI implementations are vulnerable to guest-controlled resource exhaustion — wasmtime 6.5 -2026-02-24
CVE-2026-26066 ImageMagick has infinite loop when writing IPTCTEXT leads to denial of service via crafted profile — ImageMagick 6.2 Medium2026-02-24
CVE-2026-24485 ImageMagick: Infinite loop vulnerability when parsing a PCD file — ImageMagick 7.5 High2026-02-24
CVE-2026-24484 ImageMagick: Converting multi-layer nested MVG to SVG can cause DoS — ImageMagick 5.3 Medium2026-02-24
CVE-2026-27576 OpenClaw: ACP prompt-size checks missing in local stdio bridge could reduce responsiveness with very large inputs — openclaw 3.3 -2026-02-21
CVE-2026-26047 Moodle: moodle: uncontrolled resource consumption in tex formula editor leading to denial of service 6.5 Medium2026-02-21
CVE-2026-25535 jsPDF Affected by Client-Side/Server-Side Denial of Service via Malicious GIF Dimensions — jsPDF 6.5 -2026-02-19
CVE-2019-25401 Bematech Printer MP-4200 TH Denial of Service — MP-4200 7.5 High2026-02-18
CVE-2026-20139 Client-Side Denial of Service (DoS) through ''/splunkd/__raw/services/authentication/users/username'' REST API endpoint in Splunk Enterprise — Splunk Enterprise 4.3 Medium2026-02-18
CVE-2026-25949 Traefik: TCP readTimeout bypass via STARTTLS on Postgres — traefik 7.5 High2026-02-12
CVE-2026-21435 webtransport-go CloseWithError can block indefinitely — webtransport-go 5.3 Medium2026-02-12
CVE-2025-54149 Qsync Central — Qsync Central 6.2AIMediumAI2026-02-11
CVE-2025-54150 Qsync Central — Qsync Central 6.2AIMediumAI2026-02-11
CVE-2025-54151 Qsync Central — Qsync Central 6.2AIMediumAI2026-02-11

Vulnerabilities classified as CWE-400 (未加控制的资源消耗(资源穷尽)) represent 1385 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.