Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-57081

Summary
Assigner-CPANSec
Assigner Org ID-9b29abf9-4ab0-4765-b253-1875cd9b441e
Published At-30 Jun, 2026 | 11:05
Updated At-30 Jun, 2026 | 15:04
Rejected At-
Credits

Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested bencoded input

Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested bencoded input. bdecode recurses once per nested list or dictionary level with no depth cap, and each recursive call receives the remaining buffer by value while the list and dictionary branches capture the whole remainder, so every live recursion frame keeps its own copy of the shrinking buffer (O(N^2) bytes for an N-deep input). The decoder runs on every untrusted bencode source: .torrent files, BEP09 metadata fetched from peers, DHT messages, and tracker responses. A bencoded input of roughly 150,000 nested lists (about 150 KB on the wire) drives multi-gigabyte peak memory, so one short message from any peer, or one crafted .torrent file or magnet link, terminates the client.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:CPANSec
Assigner Org ID:9b29abf9-4ab0-4765-b253-1875cd9b441e
Published At:30 Jun, 2026 | 11:05
Updated At:30 Jun, 2026 | 15:04
Rejected At:
â–¼CVE Numbering Authority (CNA)
Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested bencoded input

Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested bencoded input. bdecode recurses once per nested list or dictionary level with no depth cap, and each recursive call receives the remaining buffer by value while the list and dictionary branches capture the whole remainder, so every live recursion frame keeps its own copy of the shrinking buffer (O(N^2) bytes for an N-deep input). The decoder runs on every untrusted bencode source: .torrent files, BEP09 metadata fetched from peers, DHT messages, and tracker responses. A bencoded input of roughly 150,000 nested lists (about 150 KB on the wire) drives multi-gigabyte peak memory, so one short message from any peer, or one crafted .torrent file or magnet link, terminates the client.

Affected Products
Vendor
SANKO
Product
Net::BitTorrent
Collection URL
https://cpan.org/modules
Package Name
Net-BitTorrent
Repo
https://github.com/sanko/Net-BitTorrent.pm
Program Files
  • lib/Net/BitTorrent/Protocol/BEP03/Bencode.pm
Program Routines
  • Net::BitTorrent::Protocol::BEP03::Bencode::bdecode
Default Status
unaffected
Versions
Affected
  • From 0 through 2.0.1 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-674CWE-674 Uncontrolled Recursion
CWECWE-400CWE-400 Uncontrolled Resource Consumption
Type: CWE
CWE ID: CWE-674
Description: CWE-674 Uncontrolled Recursion
Type: CWE
CWE ID: CWE-400
Description: CWE-400 Uncontrolled Resource Consumption
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

There is no fixed release. Cap the bencode nesting depth (libtorrent rejects beyond about 100 levels) and decode without copying the buffer remainder at each level.

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/sanko/Net-BitTorrent.pm/security/advisories/GHSA-mv44-v82p-89xv
vendor-advisory
Hyperlink: https://github.com/sanko/Net-BitTorrent.pm/security/advisories/GHSA-mv44-v82p-89xv
Resource:
vendor-advisory
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:9b29abf9-4ab0-4765-b253-1875cd9b441e
Published At:30 Jun, 2026 | 12:16
Updated At:30 Jun, 2026 | 16:16

Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested bencoded input. bdecode recurses once per nested list or dictionary level with no depth cap, and each recursive call receives the remaining buffer by value while the list and dictionary branches capture the whole remainder, so every live recursion frame keeps its own copy of the shrinking buffer (O(N^2) bytes for an N-deep input). The decoder runs on every untrusted bencode source: .torrent files, BEP09 metadata fetched from peers, DHT messages, and tracker responses. A bencoded input of roughly 150,000 nested lists (about 150 KB on the wire) drives multi-gigabyte peak memory, so one short message from any peer, or one crafted .torrent file or magnet link, terminates the client.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
N/A
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-400Secondary9b29abf9-4ab0-4765-b253-1875cd9b441e
CWE-674Secondary9b29abf9-4ab0-4765-b253-1875cd9b441e
CWE ID: CWE-400
Type: Secondary
Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e
CWE ID: CWE-674
Type: Secondary
Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/sanko/Net-BitTorrent.pm/security/advisories/GHSA-mv44-v82p-89xv9b29abf9-4ab0-4765-b253-1875cd9b441e
N/A
Hyperlink: https://github.com/sanko/Net-BitTorrent.pm/security/advisories/GHSA-mv44-v82p-89xv
Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1483Records found

CVE-2025-21289
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-2.31% / 81.27%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:03
Updated-09 Jun, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_10_1809windows_server_2008windows_11_24h2windows_11_22h2windows_server_2012windows_server_2016windows_server_2022windows_server_2022_23h2windows_10_21h2windows_10_1507windows_server_2019windows_10_22h2windows_server_2025windows_11_23h2Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows 10 Version 21H2Windows 10 Version 1507Windows 11 Version 24H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows 11 version 22H3Windows Server 2008 Service Pack 2Windows Server 2016 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2025Windows Server 2022Windows Server 2012Windows 10 Version 22H2Windows Server 2012 R2
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-21290
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-2.31% / 81.27%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:03
Updated-09 Jun, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_10_1809windows_server_2008windows_11_24h2windows_11_22h2windows_server_2012windows_server_2016windows_server_2022windows_server_2022_23h2windows_10_21h2windows_10_1507windows_server_2019windows_10_22h2windows_server_2025windows_11_23h2Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows 10 Version 21H2Windows 10 Version 1507Windows 11 Version 24H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows 11 version 22H3Windows Server 2008 Service Pack 2Windows Server 2016 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2025Windows Server 2022Windows Server 2012Windows 10 Version 22H2Windows Server 2012 R2
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-6780
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.29% / 21.16%
||
7 Day CHG~0.00%
Published-21 Apr, 2026 | 12:41
Updated-26 May, 2026 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-service in the Audio/Video: Playback component

Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Action-Not Available
Vendor-Mozilla Corporation
Product-thunderbirdfirefoxFirefoxThunderbird
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-6781
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.29% / 21.16%
||
7 Day CHG~0.00%
Published-21 Apr, 2026 | 12:41
Updated-27 May, 2026 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-service in the Audio/Video: Playback component

Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Action-Not Available
Vendor-Mozilla Corporation
Product-thunderbirdfirefoxFirefoxThunderbird
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-6022
Matching Score-4
Assigner-Progress Software Corporation
ShareView Details
Matching Score-4
Assigner-Progress Software Corporation
CVSS Score-7.5||HIGH
EPSS-0.29% / 20.61%
||
7 Day CHG~0.00%
Published-22 Apr, 2026 | 07:07
Updated-05 May, 2026 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uncontrolled Resource Consumption Vulnerability in Telerik UI for ASP.NET AJAX

In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resource consumption vulnerability that allows file uploads to exceed the configured maximum size due to missing cumulative size enforcement during chunk reassembly, leading to disk space exhaustion.

Action-Not Available
Vendor-Progress Software Corporation
Product-telerik_ui_for_asp.net_ajaxTelerik UI for ASP.NET AJAX
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-46373
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.26% / 17.68%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 22:38
Updated-12 Jun, 2026 | 14:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQLFluff: Recursive Stack Overflow in Parser

SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.1.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious query with deliberate excessive nesting to any application using the parser to trigger a Denial of Service through resource exhaustion. This issue has been patched in version 4.1.0.

Action-Not Available
Vendor-sqlfluffsqlfluff
Product-sqlfluffsqlfluff
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2025-67731
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.35% / 26.58%
||
7 Day CHG~0.00%
Published-12 Dec, 2025 | 07:40
Updated-17 Mar, 2026 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Servify Express does not enforce rate limiting when parsing JSON

Servify Express is a Node.js package to start an Express server and log the port it's running on. Prior to 1.2, the Express server used express.json() without a size limit, which could allow attackers to send extremely large request bodies. This can cause excessive memory usage, degraded performance, or process crashes, resulting in a Denial of Service (DoS). Any application using the JSON parser without limits and exposed to untrusted clients is affected. The issue is not a flaw in Express itself, but in configuration. This issue is fixed in version 1.2. To work around, consider adding a limit option to the JSON parser, rate limiting at the application or reverse-proxy level, rejecting unusually large requests before parsing, or using a reverse proxy (such as NGINX) to enforce maximum request body sizes.

Action-Not Available
Vendor-servify-express.jsAarondoran
Product-servify_expressservify-express
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-25630
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.35% / 68.01%
||
7 Day CHG~0.00%
Published-08 Dec, 2020 | 00:13
Updated-04 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in Moodle where the decompressed size of zip files was not checked against available user quota before unzipping them, which could lead to a denial of service risk. This affects versions 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. Fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodleMoodle
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-7164
Matching Score-4
Assigner-FreeBSD
ShareView Details
Matching Score-4
Assigner-FreeBSD
CVSS Score-7.5||HIGH
EPSS-0.43% / 34.70%
||
7 Day CHG~0.00%
Published-30 Apr, 2026 | 07:23
Updated-01 May, 2026 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
pf can overflow the stack parsing crafted SCTP packets

Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic. Remote attackers can craft packets which cause affected systems to panic. This affects any system where pf is configured to process traffic, independent of the configured ruleset.

Action-Not Available
Vendor-FreeBSD Foundation
Product-freebsdFreeBSD
CWE ID-CWE-674
Uncontrolled Recursion
CWE ID-CWE-791
Incomplete Filtering of Special Elements
CVE-2025-21181
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-3.09% / 86.13%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:58
Updated-13 Feb, 2026 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2019windows_11_23h2windows_10_1809windows_11_22h2windows_server_2025windows_server_2022windows_11_24h2windows_server_2012windows_server_2016windows_server_2022_23h2windows_10_1507windows_10_21h2windows_10_22h2windows_10_1607windows_server_2008Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-20058
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-8.9||HIGH
EPSS-0.38% / 29.65%
||
7 Day CHG~0.00%
Published-05 Feb, 2025 | 17:31
Updated-21 Oct, 2025 | 11:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP message routing vulnerability

When a BIG-IP message routing profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_global_traffic_managerbig-ip_application_acceleration_managerbig-ip_carrier-grade_natbig-ip_ddos_hybrid_defenderbig-ip_advanced_firewall_managerbig-ip_policy_enforcement_managerbig-ip_local_traffic_managerbig-ip_webacceleratorbig-ip_access_policy_managerbig-ip_advanced_web_application_firewallbig-ip_fraud_protection_servicebig-ip_analyticsbig-ip_ssl_orchestratorbig-ip_edge_gatewaybig-ip_link_controllerbig-ip_container_ingress_servicesbig-ip_application_security_managerbig-ip_automation_toolchainbig-ip_domain_name_systembig-ip_application_visibility_and_reportingbig-ip_websafeBIG-IP
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-6479
Matching Score-4
Assigner-PostgreSQL
ShareView Details
Matching Score-4
Assigner-PostgreSQL
CVSS Score-7.5||HIGH
EPSS-0.47% / 37.34%
||
7 Day CHG~0.00%
Published-14 May, 2026 | 13:00
Updated-18 May, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion

Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.

Action-Not Available
Vendor-n/aThe PostgreSQL Global Development Group
Product-postgresqlPostgreSQL
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2025-21207
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-2.03% / 78.71%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-09 Jun, 2026 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability

Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_22h2windows_11_23h2windows_server_2019windows_server_2022windows_10_1809windows_11_24h2windows_server_2025windows_11_22h2windows_10_21h2windows_server_2022_23h2Windows 11 Version 23H2Windows 11 version 22H3Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2022Windows 10 Version 1809Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2019Windows Server 2025Windows Server 2019 (Server Core installation)Windows 10 Version 22H2Windows 10 Version 21H2
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-6051
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 7.47%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 13:07
Updated-28 May, 2026 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM® Db2® is vulnerable to a denial of service when executing a specially crafted query with a small statement heap

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when executing a specially crafted query with a small statement heap.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-windowslinux_kerneldb2aixlinux_on_ibm_zDb2
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-6052
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 15.32%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 13:09
Updated-28 May, 2026 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM® Db2® is vulnerable to running out of memory when executing certain queries with MDC tables

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to running out of memory when executing certain queries with MDC tables.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-windowslinux_kerneldb2aixlinux_on_ibm_zDb2
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-41881
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-1.47% / 70.51%
||
7 Day CHG~0.00%
Published-12 Dec, 2022 | 00:00
Updated-22 Apr, 2025 | 15:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder.

Action-Not Available
Vendor-Debian GNU/LinuxThe Netty Project
Product-nettydebian_linuxnetty
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2025-67779
Matching Score-4
Assigner-Meta Platforms, Inc.
ShareView Details
Matching Score-4
Assigner-Meta Platforms, Inc.
CVSS Score-7.5||HIGH
EPSS-18.88% / 96.95%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 23:36
Updated-12 Dec, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was found that the fix addressing CVE-2025-55184 in React Server Components was incomplete and does not prevent a denial of service attack in a specific case. React Server Components versions 19.0.2, 19.1.3 and 19.2.2 are affected, allowing unsafe deserialization of payloads from HTTP requests to Server Function endpoints. This can cause an infinite loop that hangs the server process and may prevent future HTTP requests from being served.

Action-Not Available
Vendor-vercelMeta Platforms, Inc.Facebook
Product-next.jsreactreact-server-dom-webpackreact-server-dom-turbopackreact-server-dom-parcel
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2013-3691
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.90% / 89.00%
||
7 Day CHG~0.00%
Published-11 Dec, 2019 | 18:22
Updated-06 Aug, 2024 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AirLive POE-2600HD allows remote attackers to cause a denial of service (device reset) via a long URL.

Action-Not Available
Vendor-ovislinkn/a
Product-airlive_poe2600hd_firmwareairlive_poe2600hdn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-21230
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-2.59% / 83.38%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-09 Jun, 2026 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10_1507windows_10_22h2windows_10_1607windows_11_23h2windows_server_2019windows_server_2022windows_10_1809windows_11_24h2windows_server_2025windows_11_22h2windows_server_2012windows_10_21h2windows_server_2008windows_server_2022_23h2Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows 10 Version 21H2Windows 10 Version 1507Windows 11 Version 24H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows 11 version 22H3Windows Server 2008 Service Pack 2Windows Server 2016 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2025Windows Server 2022Windows Server 2012Windows 10 Version 22H2Windows Server 2012 R2
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-21174
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-1.77% / 75.43%
||
7 Day CHG+0.06%
Published-08 Apr, 2025 | 17:23
Updated-13 Feb, 2026 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Standards-Based Storage Management Service Denial of Service Vulnerability

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2022windows_server_2019windows_server_2025windows_server_2016Windows Server 2025Windows Server 2022Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows Server 2012 R2Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2013-3074
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.71% / 74.63%
||
7 Day CHG~0.00%
Published-28 Jan, 2020 | 20:07
Updated-06 Aug, 2024 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NetGear WNDR4700 Media Server devices with firmware 1.0.0.34 allow remote attackers to cause a denial of service (device crash).

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wndr4700_firmwarewndr4700n/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-21218
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-2.50% / 82.73%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-09 Jun, 2026 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kerberos Denial of Service Vulnerability

Windows Kerberos Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_server_2025windows_server_2012windows_server_2022windows_server_2022_23h2Windows Server 2016 (Server Core installation)Windows Server 2016Windows Server 2022Windows Server 2025 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2025Windows Server 2012Windows Server 2012 R2
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-21087
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-8.9||HIGH
EPSS-0.38% / 29.65%
||
7 Day CHG~0.00%
Published-05 Feb, 2025 | 17:30
Updated-21 Oct, 2025 | 11:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TMM Vulnerability

When Client or Server SSL profiles are configured on a Virtual Server, or DNSSEC signing operations are in use, undisclosed traffic can cause an increase in memory and CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_global_traffic_managerbig-ip_application_acceleration_managerbig-ip_carrier-grade_natbig-ip_ddos_hybrid_defenderbig-ip_advanced_firewall_managerbig-ip_policy_enforcement_managerbig-ip_local_traffic_managerbig-ip_webacceleratorbig-ip_access_policy_managerbig-ip_advanced_web_application_firewallbig-ip_fraud_protection_servicebig-ip_analyticsbig-ip_ssl_orchestratorbig-ip_edge_gatewaybig-ip_link_controllerbig-ip_container_ingress_servicesbig-ip_application_security_managerbig-ip_automation_toolchainbig-ip_domain_name_systembig-ip_application_visibility_and_reportingbig-ip_websafeBIG-IP NextBIG-IP
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-21251
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-2.50% / 82.75%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:03
Updated-09 Jun, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_10_1809windows_server_2008windows_11_24h2windows_11_22h2windows_server_2012windows_server_2016windows_server_2022windows_server_2022_23h2windows_10_21h2windows_10_1507windows_server_2019windows_10_22h2windows_server_2025windows_11_23h2Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows 10 Version 21H2Windows 10 Version 1507Windows 11 Version 24H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows 11 version 22H3Windows Server 2008 Service Pack 2Windows Server 2016 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2025Windows Server 2022Windows Server 2012Windows 10 Version 22H2Windows Server 2012 R2
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-41932
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.52% / 40.22%
||
7 Day CHG~0.00%
Published-23 Nov, 2022 | 00:00
Updated-23 Apr, 2025 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Creation of new database tables through login form on PostgreSQL

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make XWiki create many new schemas and fill them with tables just by using a crafted user identifier in the login form. This may lead to degraded database performance. The problem has been patched in XWiki 13.10.8, 14.6RC1 and 14.4.2. Users are advised to upgrade. There are no known workarounds for this issue.

Action-Not Available
Vendor-XWiki SAS
Product-xwikixwiki-platform
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-56248
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.36% / 27.88%
||
7 Day CHG~0.00%
Published-23 Jun, 2026 | 12:12
Updated-23 Jun, 2026 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Capgo - Unauthenticated Denial-of-Service via audit_logs RLS Policy

Cap-go capgo (capgo-backend) before 12.128.12 contains an unauthenticated denial-of-service vulnerability arising from the audit_logs table's Row-Level Security (RLS) policy when accessed via the Supabase PostgREST API. Because the PostgreSQL query planner executes costly logic before RLS rejection, unfiltered queries to the public.audit_logs endpoint using the public anon key consistently trigger statement timeouts (PostgREST error 57014). Under concurrency, this exhausts database resources and causes cascading HTTP 500 failures on unrelated endpoints (e.g. /orgs), resulting in an application-layer denial of service.

Action-Not Available
Vendor-Cap-go
Product-capgo
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-1948
Matching Score-4
Assigner-Eclipse Foundation
ShareView Details
Matching Score-4
Assigner-Eclipse Foundation
CVSS Score-7.5||HIGH
EPSS-0.62% / 45.59%
||
7 Day CHG~0.00%
Published-08 May, 2025 | 17:48
Updated-31 Jul, 2025 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Eclipse Jetty HTTP clients can increase memory allocation

In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGS_MAX_HEADER_LIST_SIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified capacity to encode HTTP responses, likely resulting in OutOfMemoryError being thrown, or even the JVM process exiting.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-jettyJetty
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-16850
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.12% / 79.59%
||
7 Day CHG~0.00%
Published-30 Nov, 2020 | 21:34
Updated-04 Aug, 2024 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an unauthenticated attacker to halt the industrial process by sending a crafted packet over the network. This denial of service attack exposes Improper Input Validation. After halting, physical access to the PLC is required in order to restore production, and the device state is lost. This is related to R04CPU, RJ71GF11-T2, R04CPU, and RJ71GF11-T2.

Action-Not Available
Vendor-n/aMitsubishi Electric Corporation
Product-r08sfcpur16mtcpu_firmwarer04cpu_firmwarer64mtcpur16sfcpu_firmwarer16mtcpur04cpur32pcpur08cpur64mtcpu_firmwarer08pcpur00cpu_firmwarer32mtcpu_firmwarer08pcpu_firmwarer02cpu_firmwarer32mtcpur16sfcpur16cpu_firmwarer16pcpur120cpu_firmwarer32cpu_firmwarer00cpur08sfcpu_firmwarer120cpur32sfcpu_firmwarer32sfcpur01cpur32pcpu_firmwarer01cpu_firmwarer16cpur08cpu_firmwarer16pcpu_firmwarer02cpur120pcpu_firmwarer120sfcpur120sfcpu_firmwarer32cpur120pcpun/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-20
Improper Input Validation
CVE-2025-15532
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.98% / 57.91%
||
7 Day CHG~0.00%
Published-17 Jan, 2026 | 16:32
Updated-26 Feb, 2026 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open5GS Timer resource consumption

A security flaw has been discovered in Open5GS up to 2.7.5. This issue affects some unknown processing of the component Timer Handler. The manipulation results in resource consumption. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The patch is identified as c7c131f8d2cb1195ada5e0e691b6868ebcd8a845. It is best practice to apply a patch to resolve this issue.

Action-Not Available
Vendor-open5gsn/a
Product-open5gsOpen5GS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2026-44296
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.28% / 19.69%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 20:52
Updated-13 May, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Deskflow: TLS multiplexer DoS on failed `SSL_accept`

Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.167, a remote, unauthenticated denial of service (DoS) vulnerability affects Deskflow servers running with TLS enabled (the default). When any TCP peer connects to the listening port and its first bytes do not parse as a valid TLS ClientHello, SecureSocket::secureAccept enters its fatal-error branch and calls Arch::sleep(1) (a blocking 1-second sleep) on the multiplexer worker thread. That thread services every socket on the server, including established TLS clients delivering mouse motion, keyboard events, and clipboard updates. A single failed handshake therefore stalls input delivery to all connected screens for ~1 second, and a sustained drip of malformed connections (≥ 1/s) makes the server effectively unusable while the attack persists. This vulnerability is fixed in 1.26.0.167.

Action-Not Available
Vendor-deskflow
Product-deskflow
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-405
Asymmetric Resource Consumption (Amplification)
CVE-2026-56018
Matching Score-4
Assigner-CPAN Security Group
ShareView Details
Matching Score-4
Assigner-CPAN Security Group
CVSS Score-7.5||HIGH
EPSS-0.61% / 44.81%
||
7 Day CHG~0.00%
Published-29 Jun, 2026 | 19:38
Updated-30 Jun, 2026 | 14:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
JavaScript::Minifier::XS versions before 0.16 for Perl leak memory on every call to minify(), allowing unbounded memory growth

JavaScript::Minifier::XS versions before 0.16 for Perl leak memory on every call to minify(), allowing unbounded memory growth. In JsMinify (XS.xs) the cleanup frees only the NodeSet structures and never the per-token contents buffers allocated in JsSetNodeContents; JsDiscardNode unlinks nodes without freeing their contents. Each token's contents buffer is therefore leaked on every call, and the two early returns taken when the node list is empty leak the whole NodeSet. A long-lived process that minifies repeatedly, such as an asset pipeline or a server-side minifier endpoint, grows in memory without bound until it exhausts available memory and is killed, causing denial of service.

Action-Not Available
Vendor-GTERMARS
Product-JavaScript::Minifier::XS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2022-40617
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.63% / 73.40%
||
7 Day CHG~0.00%
Published-31 Oct, 2022 | 00:00
Updated-06 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data.

Action-Not Available
Vendor-strongswanstormshieldn/aDebian GNU/LinuxFedora ProjectCanonical Ltd.
Product-fedorastrongswandebian_linuxubuntu_linuxstormshield_network_securityn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-40513
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.41% / 32.57%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 06:58
Updated-03 Aug, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uncontrolled resource consumption in WLAN Firmware.

Transient DOS due to uncontrolled resource consumption in WLAN firmware when peer is freed in non qos state.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcn5024_firmwareipq5018_firmwarewsa8830wcd9380_firmwareqcn9070ssg2125pqcn9000ipq8072aipq8076a_firmwareipq8173_firmwareipq8078qca8084ipq8173qcn5164qcn5124qca4024_firmwareqca8082qcn9072qca8386qcn6122_firmwarewsa8835sxr1230p_firmwarecsr8811_firmwareipq8078aipq5028_firmwarewcd9380ipq6000qcn5154qca8075_firmwaressg2125p_firmwareqcn5024ssg2115pqcn5152_firmwareqca9889qcn6132_firmwaresxr1230pqca9888qcn9000_firmwareipq5018qcn5052_firmwareqcn9274_firmwareipq8070a_firmwarewcd9385_firmwareipq8076aqca8386_firmwareqcn6024_firmwareipq6018_firmwareipq8076_firmwaresd_8_gen1_5g_firmwareqca8084_firmwareipq8074aipq8076qcn5124_firmwareqca8082_firmwarewcn7850qcn5152qcn5164_firmwareqcn5122_firmwareipq6028qcn9024qca8081_firmwareqcn6023_firmwareipq9574_firmwareipq5010qcn9100ipq8078a_firmwareqcn9274ipq8174wcn7851ipq5028ipq8078_firmwareqcn5052wsa8832_firmwareqcn9070_firmwareipq6010ipq6028_firmwareipq8072a_firmwareqcn9074qca9889_firmwareqca8085ipq9574qcn5122qcn9024_firmwareipq8174_firmwareqcn6132wsa8832qca8081wcn7851_firmwareipq8071aqcn6023ipq6018qcn5022ipq8071a_firmwarewcd9385qca8085_firmwareqca9888_firmwareqcn6122ipq6010_firmwareqcn5154_firmwarecsr8811qca4024qcn9100_firmwareqca8075qcn9022_firmwarewsa8830_firmwareqcn6024qcn9022ipq8070aipq5010_firmwareipq8074a_firmwareqcn9072_firmwarewsa8835_firmwarewcn7850_firmwareipq6000_firmwaressg2115p_firmwareqcn9074_firmwaresm8475qcn5022_firmwareSnapdragon
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-17360
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.34% / 67.85%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 17:39
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.7.0-00 allows an unauthenticated remote user to trigger a denial of service (DoS) condition because of Uncontrolled Resource Consumption.

Action-Not Available
Vendor-n/aOracle CorporationLinux Kernel Organization, IncHitachi, Ltd.Microsoft Corporation
Product-solarislinux_kernelinfrastructure_analytics_advisorwindowstuning_managerreplication_managerdevice_managertiered_storage_managern/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2012-5366
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.11% / 79.56%
||
7 Day CHG~0.00%
Published-20 Feb, 2020 | 14:14
Updated-06 Aug, 2024 | 21:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IPv6 implementation in Apple Mac OS X (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-1492
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-7.8||HIGH
EPSS-0.28% / 19.84%
||
7 Day CHG~0.00%
Published-20 Feb, 2025 | 01:30
Updated-27 Mar, 2026 | 13:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uncontrolled Recursion in Wireshark

Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file

Action-Not Available
Vendor-Wireshark Foundation
Product-wiresharkWireshark
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2012-5363
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.50% / 82.76%
||
7 Day CHG~0.00%
Published-20 Feb, 2020 | 14:24
Updated-06 Aug, 2024 | 21:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than CVE-2011-2393.

Action-Not Available
Vendor-n/aNetBSDFreeBSD Foundation
Product-freebsdnetbsdn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-41568
Matching Score-4
Assigner-LY Corporation
ShareView Details
Matching Score-4
Assigner-LY Corporation
CVSS Score-7.5||HIGH
EPSS-0.62% / 45.16%
||
7 Day CHG~0.00%
Published-29 Nov, 2022 | 00:00
Updated-25 Apr, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LINE client for iOS before 12.17.0 might be crashed by sharing an invalid shared key of e2ee in group chat.

Action-Not Available
Vendor-linecorpLINE Corporation
Product-lineLINE client for iOS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2012-5365
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.50% / 82.76%
||
7 Day CHG~0.00%
Published-20 Feb, 2020 | 14:20
Updated-06 Aug, 2024 | 21:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries.

Action-Not Available
Vendor-n/aNetBSDFreeBSD Foundation
Product-freebsdnetbsdn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2012-5645
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-4.25% / 89.85%
||
7 Day CHG~0.00%
Published-30 Dec, 2019 | 19:57
Updated-06 Aug, 2024 | 21:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service flaw was found in the way the server component of Freeciv before 2.3.4 processed certain packets. A remote attacker could send a specially-crafted packet that, when processed would lead to memory exhaustion or excessive CPU consumption.

Action-Not Available
Vendor-freecivfreecivFedora Project
Product-fedorafreecivfreeciv
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2018-1000518
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.82% / 76.10%
||
7 Day CHG~0.00%
Published-26 Jun, 2018 | 16:00
Updated-05 Aug, 2024 | 12:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Servers and clients, unless configured with compression=None that can result in Denial of Service by memory exhaustion. This attack appear to be exploitable via Sending a specially crafted frame on an established connection. This vulnerability appears to have been fixed in 5.

Action-Not Available
Vendor-websockets_projectn/a
Product-websocketsn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2012-5362
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-14.19% / 96.14%
||
7 Day CHG~0.00%
Published-20 Feb, 2020 | 14:22
Updated-06 Aug, 2024 | 21:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IPv6 implementation in Microsoft Windows 7 and earlier allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than CVE-2010-4669.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xpwindows_vistawindows_server_2003n/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-14190
Matching Score-4
Assigner-Atlassian
ShareView Details
Matching Score-4
Assigner-Atlassian
CVSS Score-7.5||HIGH
EPSS-1.21% / 64.80%
||
7 Day CHG~0.00%
Published-25 Nov, 2020 | 22:40
Updated-16 Sep, 2024 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. The affected versions are before version 4.8.4.

Action-Not Available
Vendor-Atlassian
Product-fisheyecrucibleFisheyeCrucible
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2012-5364
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-14.19% / 96.14%
||
7 Day CHG~0.00%
Published-20 Feb, 2020 | 14:16
Updated-06 Aug, 2024 | 21:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IPv6 implementation in Microsoft Windows 7 and earlier allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xpwindows_vistawindows_server_2003n/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-39280
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.98% / 57.97%
||
7 Day CHG~0.00%
Published-06 Oct, 2022 | 00:00
Updated-23 Apr, 2025 | 16:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Regular expression denial of service in dparse

dparse is a parser for Python dependency files. dparse in versions before 0.5.2 contain a regular expression that is vulnerable to a Regular Expression Denial of Service. All the users parsing index server URLs with dparse are impacted by this vulnerability. A patch has been applied in version `0.5.2`, all the users are advised to upgrade to `0.5.2` as soon as possible. Users unable to upgrade should avoid passing index server URLs in the source file to be parsed.

Action-Not Available
Vendor-pyuppyupio
Product-dependency_parserdparse
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2025-13836
Matching Score-4
Assigner-Python Software Foundation
ShareView Details
Matching Score-4
Assigner-Python Software Foundation
CVSS Score-6.3||MEDIUM
EPSS-1.52% / 71.60%
||
7 Day CHG+0.06%
Published-01 Dec, 2025 | 18:02
Updated-18 May, 2026 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Excessive read buffering DoS in http.client

When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.

Action-Not Available
Vendor-Python Software Foundation
Product-pythonCPython
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-13623
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.15% / 63.03%
||
7 Day CHG~0.00%
Published-26 May, 2020 | 23:15
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JerryScript 2.2.0 allows attackers to cause a denial of service (stack consumption) via a proxy operation.

Action-Not Available
Vendor-jerryscriptn/a
Product-jerryscriptn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-40150
Matching Score-4
Assigner-Google LLC
ShareView Details
Matching Score-4
Assigner-Google LLC
CVSS Score-6.5||MEDIUM
EPSS-1.26% / 65.93%
||
7 Day CHG+0.05%
Published-16 Sep, 2022 | 00:00
Updated-21 Apr, 2025 | 13:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack Buffer Overflow in Jettison

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack.

Action-Not Available
Vendor-jettison_projectJettisonDebian GNU/Linux
Product-jettisondebian_linuxJettison
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2022-39294
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.69% / 48.22%
||
7 Day CHG~0.00%
Published-31 Oct, 2022 | 00:00
Updated-23 Apr, 2025 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
(DoS) Denial of Service from unchecked request length in conduit-hyper

conduit-hyper integrates a conduit application with the hyper server. Prior to version 0.4.2, `conduit-hyper` did not check any limit on a request's length before calling [`hyper::body::to_bytes`](https://docs.rs/hyper/latest/hyper/body/fn.to_bytes.html). An attacker could send a malicious request with an abnormally large `Content-Length`, which could lead to a panic if memory allocation failed for that request. In version 0.4.2, `conduit-hyper` sets an internal limit of 128 MiB per request, otherwise returning status 400 ("Bad Request"). This crate is part of the implementation of Rust's [crates.io](https://crates.io/), but that service is not affected due to its existing cloud infrastructure, which already drops such malicious requests. Even with the new limit in place, `conduit-hyper` is not recommended for production use, nor to directly serve the public Internet.

Action-Not Available
Vendor-conduit-hyper_projectconduit-rust
Product-conduit-hyperconduit-hyper
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2021-34549
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.61% / 72.95%
||
7 Day CHG~0.00%
Published-29 Jun, 2021 | 11:08
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data. Consequently. an attacker can trigger the use of an attacker-chosen circuit ID to cause algorithm inefficiency.

Action-Not Available
Vendor-torprojectn/a
Product-torn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 29
  • 30
  • Next
Details not found