Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-770 (不加限制或调节的资源分配) — Vulnerability Class 795

795 vulnerabilities classified as CWE-770 (不加限制或调节的资源分配). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-42036 Axios: HTTP adapter streamed responses bypass maxContentLength — axios 5.3 Medium2026-04-24
CVE-2026-42034 Axios: HTTP adapter streamed uploads bypass maxBodyLength when maxRedirects: 0 — axios 5.3 Medium2026-04-24
CVE-2026-41309 Open Source Social Network (OSSN) Vulnerable to Resource Exhaustion via Malicious Image Processing — opensource-socialnetwork 8.2 High2026-04-24
CVE-2026-41173 Unbounded HTTP response body read in OpenTelemetry.Sampler.AWS — opentelemetry-dotnet-contrib 5.9 Medium2026-04-23
CVE-2026-41078 OpenTelemetry dotnet: Potential memory exhaustion via unbounded pooled-list sizing in Jaeger exporter conversion path — opentelemetry-dotnet 5.9 Medium2026-04-23
CVE-2026-34062 Nimiq has Allocation of Resources Without Limits or Throttling in its libp2p request/response — network-libp2p 5.3 Medium2026-04-22
CVE-2025-0186 Allocation of Resources Without Limits or Throttling in GitLab — GitLab 6.5 Medium2026-04-22
CVE-2025-3922 Allocation of Resources Without Limits or Throttling in GitLab — GitLab 6.5 Medium2026-04-22
CVE-2025-6016 Allocation of Resources Without Limits or Throttling in GitLab — GitLab 6.5 Medium2026-04-22
CVE-2026-1660 Allocation of Resources Without Limits or Throttling in GitLab — GitLab 6.5 Medium2026-04-22
CVE-2026-40881 Zebra: addr/addrv2 Deserialization Resource Exhaustion — zebrad 9.8AICriticalAI2026-04-21
CVE-2026-40608 Next AI Draw.io: Unbounded HTTP Body — Denial of Service — next-ai-draw-io 6.2 Medium2026-04-21
CVE-2026-5807 Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations — Vault 7.5 High2026-04-17
CVE-2026-39313 MCP-Framework: Unbounded memory allocation in readRequestBody allows denial of service via HTTP transport — mcp-framework 7.5AIHighAI2026-04-16
CVE-2026-35469 SpdyStream: DOS on CRI — spdystream 9.8AICriticalAI2026-04-16
CVE-2026-40192 Pillow is vulnerable to a FITS GZIP decompression bomb — Pillow 6.5 -2026-04-15
CVE-2026-3505 Unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion. — BC-JAVA 7.5 -2026-04-15
CVE-2026-40104 XWiki's REST APIs can list all pages/spaces, leading to unavailability — org.xwiki.platform:xwiki-platform-oldcore 7.5 -2026-04-15
CVE-2026-40395 Varnish Enterprise 安全漏洞 — Varnish Enterprise 4.0 Medium2026-04-12
CVE-2026-40073 SvelteKit has a BODY_SIZE_LIMIT bypass in @sveltejs/adapter-node — kit 5.3 -2026-04-10
CVE-2026-35602 Vikunja has a File Size Limit Bypass via Vikunja Import — vikunja 5.4 Medium2026-04-10
CVE-2026-40116 PraisonAI's Unauthenticated WebSocket Endpoint Proxies to Paid OpenAI Realtime API Without Rate Limits — PraisonAI 7.5 High2026-04-09
CVE-2026-40115 PraisonAI has an Unrestricted Upload Size in WSGI Recipe Registry Server Enables Memory Exhaustion DoS — PraisonAI 6.2 Medium2026-04-09
CVE-2026-39959 Tmds.DBus: malicious D-Bus peers can spoof signals, exhaust file descriptor resources, and cause denial of service — Tmds.DBus 7.1 High2026-04-09
CVE-2026-24661 Unbounded Request Body Read in MS Teams Plugin {{/changes}} Webhook Endpoint — Mattermost 3.7 Low2026-04-09
CVE-2026-21388 Unbounded Request Body Read in MS Teams Plugin {{/lifecycle}} Webhook Endpoint — Mattermost 3.7 Low2026-04-09
CVE-2026-40036 Unfurl < 2026.04 - Denial of Service via Unbounded zlib Decompression — unfurl 7.5 High2026-04-08
CVE-2026-39414 MinIO affected a DoS via Unbounded Memory Allocation in S3 Select CSV Parsing — minio 5.5AIMediumAI2026-04-08
CVE-2026-35401 Saleor has a resource exhaustion vulnerability in GraphQL queries — saleor 7.5 High2026-04-08
CVE-2026-33756 Saleor Affected by Denial of Service via Unbounded GraphQL Query Batching — saleor 7.5 High2026-04-08

Vulnerabilities classified as CWE-770 (不加限制或调节的资源分配) represent 795 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.