Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-405 (不对称的资源消耗(放大攻击)) — Vulnerability Class 33

33 vulnerabilities classified as CWE-405 (不对称的资源消耗(放大攻击)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-35665 OpenClaw < 2026.3.24 - Denial of Service via Feishu Webhook Pre-Auth Body Parsing — OpenClaw 5.3 Medium2026-04-10
CVE-2026-35626 OpenClaw < 2026.3.22 - Unauthenticated Resource Exhaustion via Voice Call Webhook — OpenClaw 5.3 Medium2026-04-09
CVE-2026-25611 Pre-Authentication Memory Exhaustion Denial of Service in MongoDB Server — MongoDB Server 7.5 High2026-02-10
CVE-2026-24324 Denial of service (DOS) vulnerability in SAP BusinessObjects Business Intelligence Platform (AdminTools) — SAP BusinessObjects Business Intelligence Platform (AdminTools) 6.5 Medium2026-02-10
CVE-2026-0485 Denial of service (DOS) vulnerability in SAP BusinessObjects BI Platform — SAP BusinessObjects BI Platform 7.5 High2026-02-10
CVE-2026-22775 devalue vulnerable to denial of service due to memory/CPU exhaustion in devalue.parse — devalue 7.5 High2026-01-15
CVE-2026-22774 devalue vulnerable to denial of service due to memory exhaustion in devalue.parse — devalue 7.5 High2026-01-15
CVE-2025-68480 Marshmallow has DoS in Schema.load(many) — marshmallow 5.3 Medium2025-12-22
CVE-2025-42876 Missing Authorization Check in SAP S/4 HANA Private Cloud (Financials General Ledger) — SAP S/4 HANA Private Cloud (Financials General Ledger) 7.1 High2025-12-09
CVE-2025-42874 Denial of service (DOS) in SAP NetWeaver (remote service for Xcelsius) — SAP NetWeaver (remote service for Xcelsius) 7.9 High2025-12-09
CVE-2025-42873 Denial of Service (DoS) in SAPUI5 framework (Markdown-it component) — SAPUI5 framework (Markdown-it component) 5.9 Medium2025-12-09
CVE-2025-66564 Sigstore Timestamp Authority allocates excessive memory during request parsing — timestamp-authority 7.5 High2025-12-04
CVE-2025-66506 Fulcio allocates excessive memory during token parsing — fulcio 7.5 High2025-12-04
CVE-2025-49643 Frontend DoS vulnerability due to asymmetric resource consumption — Zabbix 6.5AIMediumAI2025-12-01
CVE-2025-8677 Resource exhaustion via malformed DNSKEY handling — BIND 9 7.5 High2025-10-22
CVE-2025-26516 CVE-2025-26516 Denial of Service Vulnerability in StorageGRID (formerly StorageGRID Webscale) — StorageGRID 5.3 Medium2025-09-19
CVE-2025-31987 HCL Connections Docs is vulnerable to a Denial of Service (DoS) attack — Connections Docs 4.8 Medium2025-08-14
CVE-2025-53633 Chall-Manager's scenario decoding process does not check for zip bombs — chall-manager 9.1AICriticalAI2025-07-10
CVE-2025-30204 jwt-go allows excessive memory allocation during header parsing — jwt 7.5 High2025-03-21
CVE-2024-11187 Many records in the additional section cause CPU exhaustion — BIND 9 7.5 High2025-01-29
CVE-2025-24356 UDP traffic amplification via fastd's fast reconnect feature — fastd 7.5 -2025-01-27
CVE-2024-55628 Suricata oversized resource names utilizing DNS name compression can lead to resource starvation — suricata 7.5 High2025-01-06
CVE-2024-49363 Uncontrolled Recursion and Asymmetric Resource Consumption (Amplification) in media/file proxy in Misskey — misskey 7.4 High2024-12-18
CVE-2024-45590 body-parser vulnerable to denial of service when url encoding is enabled — body-parser 7.5 High2024-09-10
CVE-2024-40705 IBM InfoSphere Information Server denial of service — InfoSphere Information Server 6.5 Medium2024-08-15
CVE-2024-34702 Botan has a Denial of Service Due to Excessive Name Constraints — botan 5.3 Medium2024-07-08
CVE-2024-39743 IBM MQ Container denial of service — MQ Operator 5.9 Medium2024-07-08
CVE-2024-34703 Botan Vulnerable to Denial of Service Due to Overly Large Elliptic Curve Parameters — botan 7.5 High2024-06-30
CVE-2024-0450 Quoted zip-bomb protection for zipfile — CPython 6.2 Medium2024-03-19
CVE-2024-28214 nGrinder 安全漏洞 — nGrinder 7.5AIHighAI2024-03-07

Vulnerabilities classified as CWE-405 (不对称的资源消耗(放大攻击)) represent 33 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.