Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVEs (3,097)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-44559 - - Jul 2, 2025 Jun 27, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An issue in the Bluetooth Low Energy (BLE) stack of Realtek RTL8762E BLE SDK v1.4.0 allows attackers within Bluetooth range to cause a Denial of Service (DoS) via sending a specific sequence of crafted control packets.
CVE-2025-52887 1Yhirose 1Cpp Httplib Aug 6, 2025 Jun 26, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In version 0.21.0, when many http headers fields are passed in, the library does not limit the number of headers, and the memory associate...Show more cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In version 0.21.0, when many http headers fields are passed in, the library does not limit the number of headers, and the memory associated with the headers will not be released when the connection is disconnected. This leads to potential exhaustion of system memory and results in a server crash or unresponsiveness. Version 0.22.0 contains a patch for the issue.Show less
CVE-2024-57708 - - Jul 25, 2025 Jun 25, 2025 N/A· v4 5.7 MEDIUM· v3 N/A· v2 An issue in OneTrust SDK v.6.33.0 allows a local attacker to cause a denial of service via the Object.setPrototypeOf, __proto__, and Object.assign components. NOTE: this is disputed by the Supplier who does not agree it...Show more An issue in OneTrust SDK v.6.33.0 allows a local attacker to cause a denial of service via the Object.setPrototypeOf, __proto__, and Object.assign components. NOTE: this is disputed by the Supplier who does not agree it is a prototype pollution vulnerability.Show less
CVE-2025-44531 1Realtek 1Rtl8762e Software Development Kit Jul 9, 2025 Jun 24, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue in Realtek RTL8762EKF-EVB RTL8762E SDK v1.4.0 allows attackers to cause a Denial of Service (DoS) via sending a crafted before a pairing public key is received during a Bluetooth connection attempt.
CVE-2025-44528 - - Jun 24, 2025 Jun 23, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue in Texas Instruments LP-CC2652RB SimpleLink CC13XX CC26XX SDK 7.41.00.17 allows attackers to cause a Denial of Service (DoS) via sending a crafted LL_Pause_Enc_Req packet during the authentication and connection...Show more An issue in Texas Instruments LP-CC2652RB SimpleLink CC13XX CC26XX SDK 7.41.00.17 allows attackers to cause a Denial of Service (DoS) via sending a crafted LL_Pause_Enc_Req packet during the authentication and connection phase, causing a Denial of Service (DoS).Show less
CVE-2025-6493 - - Sep 29, 2025 Jun 22, 2025 5.5 MEDIUM· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown Mode. This manipulation causes inefficient regular expression co...Show more A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown Mode. This manipulation causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. Upgrading to version 6.0 is able to address this issue. You should upgrade the affected component. Not all code samples mentioned in the GitHub issue can be found. The repository mentions, that "CodeMirror 6 exists, and is [...] much more actively maintained."Show less
CVE-2025-6492 - - Jun 23, 2025 Jun 22, 2025 5.5 MEDIUM· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability has been found in MarkText up to 0.17.1 and classified as problematic. Affected by this vulnerability is the function getRecommendTitleFromMarkdownString of the file marktext/src/main/utils/index.js. The...Show more A vulnerability has been found in MarkText up to 0.17.1 and classified as problematic. Affected by this vulnerability is the function getRecommendTitleFromMarkdownString of the file marktext/src/main/utils/index.js. The manipulation leads to inefficient regular expression complexity. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-6365 1Hobbesosr 1Kitten Sep 30, 2025 Jun 20, 2025 6.9 MEDIUM· v4 7.5 HIGH· v3 5.2 MEDIUM· v2 A vulnerability was found in HobbesOSR Kitten up to c4f8b7c3158983d1020af432be1b417b28686736 and classified as critical. Affected by this issue is the function set_pte_at in the library /include/arch-arm64/pgtable.h. The...Show more A vulnerability was found in HobbesOSR Kitten up to c4f8b7c3158983d1020af432be1b417b28686736 and classified as critical. Affected by this issue is the function set_pte_at in the library /include/arch-arm64/pgtable.h. The manipulation leads to resource consumption. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.Show less
CVE-2025-44203 1Digitaldruid 1Hoteldruid Jun 26, 2025 Jun 20, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose SQL error messages on creadb.php before the 'create database' button is pressed. By sending malformed POST requests to this endpoint, the attacker may...Show more In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose SQL error messages on creadb.php before the 'create database' button is pressed. By sending malformed POST requests to this endpoint, the attacker may obtain the administrator username, password hash, and salt. In some cases, the attack results in a Denial of Service (DoS), preventing the administrator from logging in even with the correct credentials.Show less
CVE-2025-6274 1Webassembly 1Wabt Apr 29, 2026 Jun 19, 2025 1.9 LOW· v4 3.3 LOW· v3 1.7 LOW· v2 A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been classified as problematic. Affected is the function OnDataCount of the file src/interp/binary-reader-interp.cc. The manipulation leads to resource c...Show more A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been classified as problematic. Affected is the function OnDataCount of the file src/interp/binary-reader-interp.cc. The manipulation leads to resource consumption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. A similar issue reported during the same timeframe was disputed by the code maintainer because it might not affect "real world wasm programs". Therefore, this entry might get disputed as well in the future.Show less
CVE-2025-49763 1Apache 1Traffic Server Jul 1, 2025 Jun 19, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 ESI plugin does not have the limit for maximum inclusion depth, and that allows excessive memory consumption if malicious instructions are inserted. Users can use a new setting for the plugin (--max-inclusion-depth) to...Show more ESI plugin does not have the limit for maximum inclusion depth, and that allows excessive memory consumption if malicious instructions are inserted. Users can use a new setting for the plugin (--max-inclusion-depth) to limit it. This issue affects Apache Traffic Server: from 10.0.0 through 10.0.5, from 9.0.0 through 9.2.10. Users are recommended to upgrade to version 9.2.11 or 10.0.6, which fixes the issue.Show less
CVE-2025-6140 1Gabime 1Spdlog Apr 29, 2026 Jun 16, 2025 1.9 LOW· v4 3.3 LOW· v3 1.7 LOW· v2 A vulnerability, which was classified as problematic, was found in spdlog up to 1.15.1. This affects the function scoped_padder in the library include/spdlog/pattern_formatter-inl.h. The manipulation leads to resource co...Show more A vulnerability, which was classified as problematic, was found in spdlog up to 1.15.1. This affects the function scoped_padder in the library include/spdlog/pattern_formatter-inl.h. The manipulation leads to resource consumption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 1.15.2 is able to address this issue. The identifier of the patch is 10320184df1eb4638e253a34b1eb44ce78954094. It is recommended to upgrade the affected component.Show less
CVE-2025-3526 1Liferay 2Digital Experience Platform Liferay Portal Dec 16, 2025 Jun 16, 2025 8.7 HIGH· v4 7.5 HIGH· v3 N/A· v2 SessionClicks in Liferay Portal 7.0.0 through 7.4.3.21, and Liferay DXP 7.4 GA through update 9, 7.3 GA through update 25, and older unsupported versions does not restrict the saving of request parameters in the HTTP ses...Show more SessionClicks in Liferay Portal 7.0.0 through 7.4.3.21, and Liferay DXP 7.4 GA through update 9, 7.3 GA through update 25, and older unsupported versions does not restrict the saving of request parameters in the HTTP session, which allows remote attackers to consume system memory leading to denial-of-service (DoS) conditions via crafted HTTP requests.Show less
CVE-2025-3602 1Liferay 2Digital Experience Platform Liferay Portal Dec 16, 2025 Jun 16, 2025 8.7 HIGH· v4 7.5 HIGH· v3 N/A· v2 Liferay Portal 7.4.0 through 7.4.3.97, and Liferay DXP 2023.Q3.1 through 2023.Q3.2, 7.4 GA through update 92, 7.3 GA through update 35, and 7.2 fix pack 8 through fix pack 20 does not limit the depth of a GraphQL queries...Show more Liferay Portal 7.4.0 through 7.4.3.97, and Liferay DXP 2023.Q3.1 through 2023.Q3.2, 7.4 GA through update 92, 7.3 GA through update 35, and 7.2 fix pack 8 through fix pack 20 does not limit the depth of a GraphQL queries, which allows remote attackers to perform denial-of-service (DoS) attacks on the application by executing complex queries.Show less
CVE-2025-22242 - - Jun 17, 2025 Jun 13, 2025 N/A· v4 5.6 MEDIUM· v3 N/A· v2 Worker process denial of service through file read operation. .A vulnerability exists in the Master's “pub_ret” method which is exposed to all minions. The un-sanitized input value “jid” is used to construct a path which...Show more Worker process denial of service through file read operation. .A vulnerability exists in the Master's “pub_ret” method which is exposed to all minions. The un-sanitized input value “jid” is used to construct a path which is then opened for reading. An attacker could exploit this vulnerabilities by attempting to read from a filename that will not return any data, e.g. by targeting a pipe node on the proc file system.Show less
CVE-2025-33068 1Microsoft 5Windows Server 2012 Windows Server 2016Windows Server 2019+2 more Jul 10, 2025 Jun 10, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
CVE-2025-32724 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Jul 10, 2025 Jun 10, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.
CVE-2025-3112 - - Jun 12, 2025 Jun 10, 2025 7.1 HIGH· v4 6.5 MEDIUM· v3 N/A· v2 CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause Denial of Service when an authenticated malicious user sends manipulated HTTPS Content-Length header to the webserver.
CVE-2025-5897 1Vuejs 1Vue Cli Jul 10, 2025 Jun 9, 2025 5.3 MEDIUM· v4 7.5 HIGH· v3 4.0 MEDIUM· v2 A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markd...Show more A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markdown Code Handler. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely.Show less
CVE-2025-5896 1Taro 1Taro Jul 10, 2025 Jun 9, 2025 5.3 MEDIUM· v4 7.5 HIGH· v3 4.0 MEDIUM· v2 A vulnerability was found in tarojs taro up to 4.1.1. It has been declared as problematic. This vulnerability affects unknown code of the file taro/packages/css-to-react-native/src/index.js. The manipulation leads to ine...Show more A vulnerability was found in tarojs taro up to 4.1.1. It has been declared as problematic. This vulnerability affects unknown code of the file taro/packages/css-to-react-native/src/index.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. Upgrading to version 4.1.2 is able to address this issue. The name of the patch is c2e321a8b6fc873427c466c69f41ed0b5e8814bf. It is recommended to upgrade the affected component.Show less

Previous 1...343536...155 Next