Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVEs (3,097)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-54546 1Apple 1Macos Mar 14, 2025 Mar 10, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An app may be able to cause unexpected system termination or corrupt kernel memory.
CVE-2024-44227 1Apple 3Ipados Iphone OsMacos Mar 14, 2025 Mar 10, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 The issue was addressed with improved memory handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to cause unexpected system termination or corrupt kernel memory.
CVE-2024-44192 1Apple 6Iphone Os MacosSafari+3 more Apr 2, 2026 Mar 10, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 The issue was addressed with improved checks. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. Processing maliciously crafted web content may lead to an unexpecte...Show more The issue was addressed with improved checks. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. Processing maliciously crafted web content may lead to an unexpected process crash.Show less
CVE-2024-53693 1Qnap 2Qts Quts Hero Sep 20, 2025 Mar 7, 2025 7.1 HIGH· v4 7.1 HIGH· v3 N/A· v2 An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gain...Show more An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.2.3.3006 build 20250108 and laterShow less
CVE-2024-53458 1Sysax 1Multi Server Sep 23, 2025 Mar 5, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Sysax Multi Server 6.99 is vulnerable to a denial of service (DoS) condition when processing specially crafted SSH packets.
CVE-2025-27669 1Printerlogic 2Vasion Print Virtual Appliance Apr 1, 2025 Mar 5, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Remote Network Scanning (XSPA)/DoS OVE-20230524-0013.
CVE-2025-27421 - - Mar 3, 2025 Mar 3, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Abacus is a highly scalable and stateless counting API. A critical goroutine leak vulnerability has been identified in the Abacus server's Server-Sent Events (SSE) implementation. The issue occurs when clients disconnect...Show more Abacus is a highly scalable and stateless counting API. A critical goroutine leak vulnerability has been identified in the Abacus server's Server-Sent Events (SSE) implementation. The issue occurs when clients disconnect from the /stream endpoint, as the server fails to properly clean up resources and terminate associated goroutines. This leads to resource exhaustion where the server continues running but eventually stops accepting new SSE connections while maintaining high memory usage. The vulnerability specifically involves improper channel cleanup in the event handling mechanism, causing goroutines to remain blocked indefinitely. This vulnerability is fixed in 1.4.0.Show less
CVE-2024-34036 - - Feb 25, 2025 Feb 25, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 An issue was discovered in O-RAN Near Realtime RIC I-Release. To exploit this vulnerability, an attacker can disrupt the initial connection between a gNB and the Near RT-RIC by inundating the system with a high volume of...Show more An issue was discovered in O-RAN Near Realtime RIC I-Release. To exploit this vulnerability, an attacker can disrupt the initial connection between a gNB and the Near RT-RIC by inundating the system with a high volume of subscription requests via an xApp.Show less
CVE-2024-34035 - - Feb 25, 2025 Feb 25, 2025 N/A· v4 5.7 MEDIUM· v3 N/A· v2 An issue was discovered in O-RAN Near Realtime RIC H-Release. To trigger the crashing of the e2mgr, an adversary must flood the system with a significant quantity of E2 Subscription Requests originating from an xApp.
CVE-2025-27100 - - Feb 21, 2025 Feb 21, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 lakeFS is an open-source tool that transforms your object storage into a Git-like repository. In affected versions an authenticated user can crash lakeFS by exhausting server memory. This is an authenticated denial-of-s...Show more lakeFS is an open-source tool that transforms your object storage into a Git-like repository. In affected versions an authenticated user can crash lakeFS by exhausting server memory. This is an authenticated denial-of-service issue. This problem has been patched in version 1.50.0. Users on versions 1.49.1 and below are affected. Users are advised to upgrade. Users unable to upgrade should either set the environment variable `LAKEFS_BLOCKSTORE_S3_DISABLE_PRE_SIGNED_MULTIPART` to `true` or configure the `disable_pre_signed_multipart` key to true in their config yaml.Show less
CVE-2025-27097 1The Guild 1Graphql Mesh Feb 27, 2025 Feb 20, 2025 5.1 MEDIUM· v4 7.5 HIGH· v3 N/A· v2 GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and Pos...Show more GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. When a user transforms on the root level or single source with transforms, and the client sends the same query with different variables, the initial variables are used in all following requests until the cache evicts DocumentNode. If a token is sent via variables, the following requests will act like the same token is sent even if the following requests have different tokens. This can cause a short memory leak but it won't grow per each request but per different operation until the cache evicts DocumentNode by LRU mechanism.Show less
CVE-2023-51316 1Phpjabbers 1Bus Reservation System Nov 4, 2025 Feb 20, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Bus Reservation System v1.1 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS...Show more A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Bus Reservation System v1.1 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages.Show less
CVE-2023-51314 1Phpjabbers 1Restaurant Booking System Nov 4, 2025 Feb 20, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 A lack of rate limiting in the 'Forgot Password', 'Email Settings' feature of PHPJabbers Restaurant Booking System v3.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible D...Show more A lack of rate limiting in the 'Forgot Password', 'Email Settings' feature of PHPJabbers Restaurant Booking System v3.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages.Show less
CVE-2023-51301 1Phpjabbers 1Hotel Booking System Nov 4, 2025 Feb 19, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 A lack of rate limiting in the "Login Section, Forgot Email" feature of PHPJabbers Hotel Booking System v4.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Den...Show more A lack of rate limiting in the "Login Section, Forgot Email" feature of PHPJabbers Hotel Booking System v4.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages.Show less
CVE-2023-51293 1Phpjabbers 1Event Booking Calendar May 8, 2025 Feb 19, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 A lack of rate limiting in the 'Forgot Password', 'Email Settings' feature of PHPJabbers Event Booking Calendar v4.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Deni...Show more A lack of rate limiting in the 'Forgot Password', 'Email Settings' feature of PHPJabbers Event Booking Calendar v4.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages.Show less
CVE-2024-57782 - - Mar 17, 2025 Feb 13, 2025 N/A· v4 6.8 MEDIUM· v3 N/A· v2 An issue in Docker-proxy v18.09.0 allows attackers to cause a denial of service.
CVE-2023-34397 1Mercedes Benz 1Headunit Ntg6 Mercedes Benz User Experience Jun 27, 2025 Feb 13, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Mercedes Benz head-unit NTG 6 contains functions to import or export profile settings over USB. During parsing you can trigger that the service will be crashed.
CVE-2025-0426 - - Feb 13, 2025 Feb 13, 2025 N/A· v4 6.2 MEDIUM· v3 N/A· v2 A security issue was discovered in Kubernetes where a large number of container checkpoint requests made to the unauthenticated kubelet read-only HTTP endpoint may cause a Node Denial of Service by filling the Node's dis...Show more A security issue was discovered in Kubernetes where a large number of container checkpoint requests made to the unauthenticated kubelet read-only HTTP endpoint may cause a Node Denial of Service by filling the Node's disk.Show less
CVE-2024-56940 1Learndash 1Learndash Mar 13, 2025 Feb 12, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue in the profile image upload function of LearnDash v6.7.1 allows attackers to cause a Denial of Service (DoS) via excessive file uploads.
CVE-2024-46923 1Samsung 3Exynos 1480 Firmware Exynos 2200 FirmwareExynos 2400 Firmware Jun 20, 2025 Feb 12, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. The absence of a null check leads to a Denial of Service at amdgpu_cs_ib_fill in the Xclipse Driver.

Previous 1...414243...155 Next