Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-770 (不加限制或调节的资源分配) — Vulnerability Class 795

795 vulnerabilities classified as CWE-770 (不加限制或调节的资源分配). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-29181 OpenTelemetry-Go multi-value `baggage` header extraction causes excessive allocations (remote dos amplification) — opentelemetry-go 7.5 High2026-04-07
CVE-2026-5762 ReportIncident DiscussionTools integration causes slow requests — MediaWiki - ReportIncident Extension 7.5AIHighAI2026-04-07
CVE-2026-35526 Strawberry GraphQL affected by a Denial of Service via unbounded WebSocket subscriptions — strawberry 7.5 High2026-04-07
CVE-2026-35480 go-ipld-prime's DAG-CBOR decoder unbounded memory allocation from CBOR headers — go-ipld-prime 6.2 Medium2026-04-07
CVE-2026-33034 Potential denial-of-service vulnerability in ASGI requests via memory upload limit bypass — Django 7.5AIHighAI2026-04-07
CVE-2026-35457 libp2p-rust has unbounded rendezvous DISCOVER cookies enable remote memory exhaustion — rust-libp2p 8.2 High2026-04-07
CVE-2026-35405 libp2p-rendezvous: Unlimited namespace registrations per peer enables OOM DoS on rendezvous servers — rust-libp2p 7.5 High2026-04-07
CVE-2026-20431 MediaTek Chipsets 安全漏洞 — MediaTek chipset 7.5AIHighAI2026-04-07
CVE-2026-34756 vLLM Affected by Unauthenticated OOM Denial of Service via Unbounded `n` Parameter in OpenAI API Server — vllm 6.5 Medium2026-04-06
CVE-2026-34755 vLLM Affected by Denial of Service via Unbounded Frame Count in video/jpeg Base64 Processing — vllm 6.5 Medium2026-04-06
CVE-2026-35562 Allocation of resources without limits in parsing components in Amazon Athena ODBC driver — Amazon Athena ODBC driver 7.5 High2026-04-03
CVE-2026-25043 Budibase: Unauthenticated Password Reset Endpoint Lacks Rate Limiting, Enabling Email Flooding — budibase 5.3 Medium2026-04-03
CVE-2026-26477 DokuWiki 安全漏洞 — DokuWiki 4.3 Medium2026-04-03
CVE-2026-32145 Multipart form body parser bypasses body size limits in wisp — wisp 7.5 -2026-04-02
CVE-2026-5316 Nothings stb stb_vorbis.c setup_free allocation of resources — stb 4.3 Medium2026-04-02
CVE-2025-66487 Multiple vulnerabilities have been addressed in IBM Aspera Shares — Aspera Shares 2.7 Low2026-04-01
CVE-2026-34517 AIOHTTP: Late size enforcement for non-file multipart fields causes memory DoS — aiohttp 7.5 -2026-04-01
CVE-2026-34516 AIOHTTP: Multipart Header Size Bypass — aiohttp 7.5 -2026-04-01
CVE-2026-34513 AIOHTTP: Denial of Service (DoS) via Unbounded DNS Cache in TCPConnector — aiohttp 7.5AIHighAI2026-04-01
CVE-2026-32980 OpenClaw < 2026.3.13 - Resource Exhaustion via Unauthenticated Telegram Webhook Request — OpenClaw 7.5 High2026-03-29
CVE-2026-33871 Netty HTTP/2 CONTINUATION Frame Flood DoS via Zero-Byte Frame Bypass — netty 7.5 -2026-03-27
CVE-2026-26061 Fleet's unbounded request body read allows remote Denial of Service — fleet 7.5 -2026-03-27
CVE-2026-33743 Incus vulnerable to denial of source through crafted bucket backup file — incus 6.5 Medium2026-03-26
CVE-2026-33658 Rails Active Storage has a possible DoS vulnerability in proxy mode via multi-range requests — activestorage 7.5AIHighAI2026-03-26
CVE-2026-33438 Stirling-PDF vulnerable to DoS via add-watermark — Stirling-PDF 6.5 Medium2026-03-26
CVE-2026-4897 Polkit: polkit: denial of service via unbounded input processing through standard input — Red Hat Enterprise Linux 10 5.5 Medium2026-03-26
CVE-2026-27663 Siemens CPCI85 Central Processing 安全漏洞 — CPCI85 Central Processing/Communication 6.5 Medium2026-03-26
CVE-2026-33219 NATS is vulnerable to pre-auth DoS through WebSockets client service — nats-server 5.3 Medium2026-03-25
CVE-2025-13436 Allocation of Resources Without Limits or Throttling in GitLab — GitLab 6.5 Medium2026-03-25
CVE-2026-29772 Astro: Memory exhaustion DoS due to missing request body size limit in Server Islands — astro 5.9 Medium2026-03-24

Vulnerabilities classified as CWE-770 (不加限制或调节的资源分配) represent 795 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.