Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-770 (不加限制或调节的资源分配) — Vulnerability Class 795

795 vulnerabilities classified as CWE-770 (不加限制或调节的资源分配). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2021-47791 SmartFTP Client 10.0.2909.0 - 'Multiple' Denial of Service — SmartFTP Client 7.5 High2026-01-15
CVE-2026-22045 Traefik's ACME TLS-ALPN fast path lacks timeouts and close on handshake stall — traefik 5.9 Medium2026-01-15
CVE-2021-47784 Cyberfox Web Browser 52.9.1 - Denial of Service (PoC) — Cyberfox Web Browser 7.5 High2026-01-15
CVE-2021-47771 RDP Manager 4.9.9.3 - Denial-of-Service (PoC) — RDP Manager 5.5 Medium2026-01-15
CVE-2021-47752 AWebServer GhostBuilding 18 - Denial of Service (DoS) — AWebServer GhostBuilding 7.5 High2026-01-15
CVE-2026-0897 Denial of Service in Keras via Excessive Memory Allocation in HDF5 Metadata — Keras 7.5 -2026-01-15
CVE-2026-22917 SICK TDC-X401GL 安全漏洞 — TDC-X401GL 4.3 Medium2026-01-15
CVE-2026-22036 Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion — undici 5.9 Medium2026-01-14
CVE-2026-0531 Allocation of Resources Without Limits or Throttling in Kibana Fleet — Kibana 6.5 Medium2026-01-13
CVE-2026-0530 Allocation of Resources Without Limits or Throttling in Kibana Leading to Excessive Allocation — Kibana 6.5 Medium2026-01-13
CVE-2024-58339 LlamaIndex <= 0.12.2 VannaQueryEngine SQL Execution Allows Resource Exhaustion — llama_index 7.5AIHighAI2026-01-12
CVE-2026-22773 vLLM is vulnerable to DoS in Idefics3 vision models via image payload with ambiguous dimensions — vllm 6.5 Medium2026-01-10
CVE-2025-10569 Allocation of Resources Without Limits or Throttling in GitLab — GitLab 6.5 Medium2026-01-09
CVE-2025-68151 CoreDNS gRPC/HTTPS/HTTP3 servers lack resource limits, enabling DoS via unbounded connections and oversized messages — coredns 7.5 -2026-01-08
CVE-2025-66560 Quarkus REST has potential worker thread starvation when HTTP connection is closed while waiting to write — quarkus 5.9 Medium2026-01-07
CVE-2025-15474 AuntyFey Smart Combination Lock BLE Connection Flood DoS — AuntyFey Smart Combination Lock 6.5 -2026-01-07
CVE-2020-36907 Extreme Networks Aerohive HiveOS <=11.x 11.x Unauthenticated Remote Denial of Service — Aerohive HiveOS 7.5 High2026-01-06
CVE-2025-69229 AIOHTTP vulnerable to DoS through chunked messages — aiohttp 7.5 -2026-01-05
CVE-2025-69228 AIOHTTP vulnerable to denial of service through large payloads — aiohttp 7.5 -2026-01-05
CVE-2025-68456 Unauthenticated Craft CMS users can trigger a database backup — cms 9.1 -2026-01-05
CVE-2025-64422 Rate-limit bypass on login via X-Forwarded-Host header — coolify 9.8 -2026-01-05
CVE-2025-57705 QTS, QuTS hero — QTS 6.8 -2026-01-02
CVE-2025-47208 QTS, QuTS hero — QTS 5.0 -2026-01-02
CVE-2022-50799 Fetch Softworks Fetch FTP Client 5.8.2 Remote CPU Consumption Denial of Service — Fetch Softworks Fetch FTP Client 7.5 High2025-12-30
CVE-2022-50695 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x ICMP Flood Attack via Network Commands — Impact/Pulse/First 7.5 High2025-12-30
CVE-2025-68148 FreshRSS globally denies access to feed via proxy modifying to 429 Retry-After — FreshRSS 4.3 Medium2025-12-26
CVE-2025-11419 Keycloak: keycloak tls client-initiated renegotiation denial of service 7.5 High2025-12-23
CVE-2021-47713 Hasura GraphQL 1.3.3 Denial of Service via Malicious GraphQL Query — Hasura GraphQL 7.5 High2025-12-22
CVE-2025-14299 Improper Content-Length Validation in HTTPS Requests on Tapo C200 — Tapo C200 V3 5.7AIMediumAI2025-12-20
CVE-2025-68390 Elasticsearch Allocation of Resources Without Limits or Throttling — Elasticsearch 4.9 Medium2025-12-18

Vulnerabilities classified as CWE-770 (不加限制或调节的资源分配) represent 795 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.