Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-770 (不加限制或调节的资源分配) — Vulnerability Class 795

795 vulnerabilities classified as CWE-770 (不加限制或调节的资源分配). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-3260 Undertow: undertow: denial of service due to premature multipart/form-data parsing in get requests — Red Hat build of Apache Camel for Spring Boot 4 5.9 Medium2026-03-24
CVE-2026-33241 Salvo Affected by Denial of Service via Unbounded Memory Allocation in Form Data Parsing — salvo 7.5 -2026-03-23
CVE-2026-33483 AVideo Affected by Unauthenticated Disk Space Exhaustion via Unlimited Temp File Creation in aVideoEncoderChunk.json.php — AVideo 7.5 High2026-03-23
CVE-2026-32049 OpenClaw < 2026.2.22 - Denial of Service via Inbound Media Download Byte Limit Bypass — OpenClaw 7.5 High2026-03-21
CVE-2026-33012 Micronaut Framework vulnerable to a Denial of Service in HTML error response caching — micronaut-core 7.5 High2026-03-20
CVE-2026-32941 Sliver Vulnerable to Authenticated OOM via Memory Exhaustion in mTLS/WireGuard Transports — sliver 6.5 -2026-03-20
CVE-2026-32011 OpenClaw < 2026.3.2 - Slow-Request Denial of Service via Pre-Auth Webhook Body Parsing — OpenClaw 7.5 High2026-03-19
CVE-2026-28461 OpenClaw < 2026.3.1 - Unbounded Memory Growth in Zalo Webhook via Query String Key Churn — OpenClaw 7.5 High2026-03-19
CVE-2026-29112 @dicebear/converter vulnerable to ncontrolled memory allocation via crafted SVG dimensions — dicebear 7.5 High2026-03-18
CVE-2026-27979 Next.js: Unbounded postponed resume buffering can lead to DoS — next.js 5.4 -2026-03-18
CVE-2026-1376 IBM i Denial of Service — i 7.5 High2026-03-17
CVE-2026-24458 DoS attack via login attempts with multi-megabyte passwords — Mattermost 7.5 High2026-03-16
CVE-2026-30961 Gokapi's File Request MaxSize Limit Bypassed via Multi-Chunk Upload — Gokapi 4.3 Medium2026-03-13
CVE-2026-2581 undici is vulnerable to Unbounded Memory Consumption in in Undici's DeduplicationHandler via Response Buffering leads to DoS — undici 5.9 Medium2026-03-12
CVE-2026-31961 Unbounded memory allocation in Quill via unvalidated size fields in Mach-O binary parsing — quill 5.5 Medium2026-03-11
CVE-2026-31960 DoS in Quill via unbounded read of HTTP response body during notarization — quill 5.3 Medium2026-03-11
CVE-2019-25464 InputMapper 1.6.10 Local Denial of Service via Username Field — InputMapper 5.5 Medium2026-03-11
CVE-2026-31866 Allocation of Resources Without Limits or Throttling in flagd — flagd 7.5 High2026-03-11
CVE-2025-12576 Allocation of Resources Without Limits or Throttling in GitLab — GitLab 6.5 Medium2026-03-11
CVE-2025-13690 Allocation of Resources Without Limits or Throttling in GitLab — GitLab 6.5 Medium2026-03-11
CVE-2025-13929 Allocation of Resources Without Limits or Throttling in GitLab — GitLab 7.5 High2026-03-11
CVE-2026-32062 OpenClaw 2026.2.21-2 < 2026.2.22 - Unauthenticated WebSocket Resource Exhaustion via Media Stream — openclaw 7.5 High2026-03-11
CVE-2026-31826 pypdf: manipulated stream length values can exhaust RAM — pypdf 4.3 -2026-03-10
CVE-2026-30946 Parse Server affected by denial-of-service via unbounded query complexity in REST and GraphQL API — parse-server 7.5AIHighAI2026-03-10
CVE-2026-26130 ASP.NET Core Denial of Service Vulnerability — ASP.NET Core 10.0 7.5 High2026-03-10
CVE-2026-30827 express-rate-limit: IPv4-mapped IPv6 addresses bypass per-client rate limiting (all IPv4 clients share one bucket on dual-stack servers) — express-rate-limit 7.5 High2026-03-07
CVE-2026-29795 stellar-xdr: `StringM::from_str` bypasses max length validation — rs-stellar-xdr 4.0 Medium2026-03-06
CVE-2026-29062 jackson-core: Nesting Depth Constraint Bypass in `UTF8DataInputJsonParser` potentially allowing Resource Exhaustion — jackson-core 7.5 -2026-03-06
CVE-2026-29612 OpenClaw < 2026.2.14 - Denial of Service via Large Base64 Media File Decoding — OpenClaw 5.5 Medium2026-03-05
CVE-2026-29609 OpenClaw < 2026.2.14 - Denial of Service via Unbounded URL-backed Media Fetch — OpenClaw 7.5 High2026-03-05

Vulnerabilities classified as CWE-770 (不加限制或调节的资源分配) represent 795 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.