Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVEs (3,097)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-25205 1Audiobookshelf 1Audiobookshelf Jul 3, 2025 Feb 12, 2025 N/A· v4 8.2 HIGH· v3 N/A· v2 Audiobookshelf is a self-hosted audiobook and podcast server. Starting in version 2.17.0 and prior to version 2.19.1, a flaw in the authentication bypass logic allows unauthenticated requests to match certain unanchored...Show more Audiobookshelf is a self-hosted audiobook and podcast server. Starting in version 2.17.0 and prior to version 2.19.1, a flaw in the authentication bypass logic allows unauthenticated requests to match certain unanchored regex patterns in the URL. Attackers can craft URLs containing substrings like "/api/items/1/cover" in a query parameter (?r=/api/items/1/cover) to partially bypass authentication or trigger server crashes under certain routes. This could lead to information disclosure of otherwise protected data and, in some cases, a complete denial of service (server crash) if downstream code expects an authenticated user object. Version 2.19.1 contains a patch for the issue.Show less
CVE-2025-21352 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Feb 28, 2025 Feb 11, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Internet Connection Sharing (ICS) Denial of Service Vulnerability
CVE-2025-21351 1Microsoft 12Windows 10 1607 Windows 10 1809Windows 10 21h2+9 more Feb 28, 2025 Feb 11, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Windows Active Directory Domain Services API Denial of Service Vulnerability
CVE-2025-21181 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Mar 4, 2025 Feb 11, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2024-23814 - - Apr 8, 2025 Feb 11, 2025 6.9 MEDIUM· v4 5.3 MEDIUM· v3 N/A· v2 The integrated ICMP service of the network stack of affected devices can be forced to exhaust its available memory resources when receiving specially crafted messages targeting IP fragment re-assembly. This could allow...Show more The integrated ICMP service of the network stack of affected devices can be forced to exhaust its available memory resources when receiving specially crafted messages targeting IP fragment re-assembly. This could allow an unauthenticated remote attacker to cause a temporary denial of service condition of the ICMP service, other communication services are not affected. Affected devices will resume normal operation after the attack terminates.Show less
CVE-2025-25193 1Netty 1Netty Jun 11, 2025 Feb 10, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4.1.118.Final. An unsafe reading of environment file could potentially cause a denial of service in...Show more Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4.1.118.Final. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crash. A similar issue was previously reported as CVE-2024-47535. This issue was fixed, but the fix was incomplete in that null-bytes were not counted against the input limit. Commit d1fbda62d3a47835d3fb35db8bd42ecc205a5386 contains an updated fix.Show less
CVE-2024-54658 1Apple 7Ipados Iphone OsMacos+4 more Apr 2, 2026 Feb 10, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The issue was addressed with improved memory handling. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing web content may lead to a denial-o...Show more The issue was addressed with improved memory handling. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing web content may lead to a denial-of-service.Show less
CVE-2025-25186 - - Feb 10, 2025 Feb 10, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory...Show more Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in `net-imap`'s response parser. At any time while the client is connected, a malicious server can send can send highly compressed `uid-set` data which is automatically read by the client's receiver thread. The response parser uses `Range#to_a` to convert the `uid-set` data into arrays of integers, with no limitation on the expanded size of the ranges. Versions 0.3.8, 0.4.19, 0.5.6, and higher fix this issue. Additional details for proper configuration of fixed versions and backward compatibility are available in the GitHub Security Advisory.Show less
CVE-2024-57673 1Projectfloodlight 1Floodlight Apr 23, 2025 Feb 6, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An issue in floodlight v1.2 allows a local attacker to cause a denial of service via the Topology Manager module and Linkdiscovery module
CVE-2024-57672 1Projectfloodlight 1Floodlight Apr 23, 2025 Feb 6, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An issue in floodlight v1.2 allows a local attacker to cause a denial of service via the Topology Manager module, Topologylnstance module, Routing module.
CVE-2024-45626 1Apache 1James Server Feb 11, 2025 Feb 6, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Apache James server JMAP HTML to text plain implementation in versions below 3.8.2 and 3.7.6 is subject to unbounded memory consumption that can result in a denial of service. Users are recommended to upgrade to version...Show more Apache James server JMAP HTML to text plain implementation in versions below 3.8.2 and 3.7.6 is subject to unbounded memory consumption that can result in a denial of service. Users are recommended to upgrade to version 3.7.6 and 3.8.2, which fix this issue.Show less
CVE-2024-57085 - - Mar 13, 2025 Feb 5, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 A prototype pollution in the function deepMerge of @stryker-mutator/util v8.6.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
CVE-2024-57082 - - Feb 18, 2025 Feb 5, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A prototype pollution in the lib.createUploader function of @rpldy/uploader v1.8.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
CVE-2024-57081 - - Mar 19, 2025 Feb 5, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 A prototype pollution in the lib.fromQuery function of underscore-contrib v0.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
CVE-2024-57079 - - Mar 18, 2025 Feb 5, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 A prototype pollution in the lib.deepMerge function of @zag-js/core v0.50.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
CVE-2024-57076 - - Mar 18, 2025 Feb 5, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 A prototype pollution in the lib.post function of ajax-request v1.2.3 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
CVE-2024-57075 - - Mar 13, 2025 Feb 5, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 A prototype pollution in the lib.Logger function of eazy-logger v4.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
CVE-2024-57074 - - Mar 13, 2025 Feb 5, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 A prototype pollution in the lib.merge function of xe-utils v3.5.31 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
CVE-2025-21087 1F5 21Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Advanced Web Application Firewall+18 more Oct 21, 2025 Feb 5, 2025 8.9 HIGH· v4 7.5 HIGH· v3 N/A· v2 When Client or Server SSL profiles are configured on a Virtual Server, or DNSSEC signing operations are in use, undisclosed traffic can cause an increase in memory and CPU resource utilization. Note: Software versio...Show more When Client or Server SSL profiles are configured on a Virtual Server, or DNSSEC signing operations are in use, undisclosed traffic can cause an increase in memory and CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluatedShow less
CVE-2025-20058 1F5 21Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Advanced Web Application Firewall+18 more Oct 21, 2025 Feb 5, 2025 8.9 HIGH· v4 7.5 HIGH· v3 N/A· v2 When a BIG-IP message routing profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS...Show more When a BIG-IP message routing profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluatedShow less

Previous 1...424344...155 Next