CWE-400 (未加控制的资源消耗(资源穷尽)) — Vulnerability Class 1385

1385 vulnerabilities classified as CWE-400 (未加控制的资源消耗(资源穷尽)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-41680	Marked: OOM Denial of Service via Infinite Recursion in marked Tokenizer — marked	7.5^AI	High^AI	2026-04-24
CVE-2026-41324	basic-ftp vulnerable to denial of service via unbounded memory consumption in Client.list() — basic-ftp	7.5	High	2026-04-24
CVE-2026-6844	Binutils: binutils: denial of service vulnerabilities in readelf via crafted elf files — Red Hat Enterprise Linux 10	5.5	Medium	2026-04-22
CVE-2026-6022	Uncontrolled Resource Consumption Vulnerability in Telerik UI for ASP.NET AJAX — Telerik UI for ASP.NET AJAX	7.5	High	2026-04-22
CVE-2026-6416	Tanium addressed an uncontrolled resource consumption vulnerability in Interact. — Interact	2.7	Low	2026-04-22
CVE-2026-41146	facil.io and downstream iodine ruby gem vulnerable to uncontrolled resource consumption and loop with unreachable exit condition — facil.io	5.9^AI	Medium^AI	2026-04-22
CVE-2026-41135	free5GC PCF: Memory Leak via CORS Middleware Registration in HTTP Handler Leads to Denial of Service — pcf	7.5	High	2026-04-21
CVE-2026-40924	Tekton Pipelines: HTTP Resolver Unbounded Response Body Read Enables Denial of Service via Memory Exhaustion — pipeline	6.5	Medium	2026-04-21
CVE-2026-6797	Sanluan PublicCMS DocToHtmlUtils.java ZipSecureFile.setMinflateRatio resource consumption — PublicCMS	4.3	Medium	2026-04-21
CVE-2026-39396	OpenBao has Decompression Bomb via Unbounded Copy in OCI Plugin Extraction (DoS) — openbao	3.1	Low	2026-04-21
CVE-2026-39320	Signal K Server has an Unauthenticated Regular Expression Denial of Service (ReDoS) via WebSocket Subscription Paths — signalk-server	7.5	High	2026-04-21
CVE-2026-6060	Possible DoS via SQL Box — OTRS	4.5	Medium	2026-04-20
CVE-2026-6607	lm-sys fastchat Worker API Endpoint api_generate resource consumption — fastchat	5.3	Medium	2026-04-20
CVE-2026-6601	Lagom WHMCS Template Datatables resource consumption — WHMCS Template	4.3	Medium	2026-04-20
CVE-2026-40347	Python-Multipart affected by Denial of Service via large multipart preamble or epilogue data — python-multipart	5.3	Medium	2026-04-17
CVE-2026-40481	monetr: Unauthenticated Stripe webhook reads attacker-sized request bodies before signature validation — monetr	7.5^AI	High^AI	2026-04-17
CVE-2026-40303	zrok allows unauthenticated DoS via unbounded memory allocation in striped session cookie parsing — zrok	7.5	High	2026-04-17
CVE-2024-33618	Bosch VMS Central Server 安全漏洞 — BVMS	7.5	High	2026-04-15
CVE-2026-35034	Jellyfin: Potential Application DoS from excessively large SyncPlay group names — jellyfin	6.5	Medium	2026-04-14
CVE-2026-27308	ColdFusion \| Uncontrolled Resource Consumption (CWE-400) — ColdFusion	2.4	Low	2026-04-14
CVE-2026-27307	ColdFusion \| Uncontrolled Resource Consumption (CWE-400) — ColdFusion	2.4	Low	2026-04-14
CVE-2026-26171	.NET Denial of Service Vulnerability — .NET 10.0	7.5	High	2026-04-14
CVE-2026-2405	Schneider Electric PowerChute Serial Shutdown 资源管理错误漏洞 — PowerChute™ Serial Shutdown	6.5	-	2026-04-14
CVE-2026-34166	LiquidJS has a Memory Limit Bypass via Quadratic Amplification in `replace` Filter — liquidjs	3.7	Low	2026-04-08
CVE-2026-33459	Uncontrolled Resource Consumption in Kibana Leading to Denial of Service — Kibana	6.5	Medium	2026-04-08
CVE-2026-39865	Axios HTTP/2 Session Cleanup State Corruption Vulnerability — axios	5.9	Medium	2026-04-08
CVE-2026-35406	Aardvark-dns has incorrect error handling for malformed tcp packets — aardvark-dns	6.2	Medium	2026-04-07
CVE-2026-32588	Apache Cassandra: Authenticated DoS via ALTER ROLE Password Hashing — Apache Cassandra	6.5^AI	Medium^AI	2026-04-07
CVE-2026-35441	Directus Affected by GraphQL Alias Amplification Denial-of-Service Due to Missing Query Cost/Complexity Limits — directus	6.5	Medium	2026-04-06
CVE-2026-34148	Fedify affected by resource exhaustion caused by unbounded redirect following during remote key/document resolution — fedify	7.5	High	2026-04-06

Vulnerabilities classified as CWE-400 (未加控制的资源消耗(资源穷尽)) represent 1385 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-400 (未加控制的资源消耗(资源穷尽)) — Vulnerability Class 1385