Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVEs (3,097)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-50953 - - Mar 24, 2025 Jan 15, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue in XINJE XL5E-16T V3.7.2a allows attackers to cause a Denial of Service (DoS) via a crafted Modbus message.
CVE-2024-54730 - - Mar 18, 2025 Jan 14, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Flatnotes <v5.3.1 is vulnerable to denial of service through the upload image function.
CVE-2025-21389 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Feb 13, 2026 Jan 14, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Uncontrolled resource consumption in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to deny service over a network.
CVE-2025-21330 1Microsoft 10Windows 10 1809 Windows 10 21h2Windows 10 22h2+7 more Jan 21, 2025 Jan 14, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Windows Remote Desktop Services Denial of Service Vulnerability
CVE-2025-21300 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Feb 13, 2026 Jan 14, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Windows Universal Plug and Play (UPnP) Device Host Denial of Service Vulnerability
CVE-2025-21290 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Jan 24, 2025 Jan 14, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21289 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Jan 24, 2025 Jan 14, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21270 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Jan 27, 2025 Jan 14, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21251 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Jan 24, 2025 Jan 14, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21231 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Jan 27, 2025 Jan 14, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 IP Helper Denial of Service Vulnerability
CVE-2025-21230 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Jan 27, 2025 Jan 14, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
CVE-2025-21218 1Microsoft 6Windows Server 2012 Windows Server 2016Windows Server 2019+3 more Jan 27, 2025 Jan 14, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Windows Kerberos Denial of Service Vulnerability
CVE-2025-21207 1Microsoft 10Windows 10 1809 Windows 10 21h2Windows 10 22h2+7 more Jan 27, 2025 Jan 14, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability
CVE-2024-57655 1Openlinksw 1Virtuoso Apr 17, 2025 Jan 14, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue in the dfe_n_in_order component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
CVE-2024-47239 1Dell 1Powerscale Onefs Feb 20, 2026 Jan 8, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Dell PowerScale OneFS versions 8.2.2.x through 9.9.0.0 contain an uncontrolled resource consumption vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to denial of servi...Show more Dell PowerScale OneFS versions 8.2.2.x through 9.9.0.0 contain an uncontrolled resource consumption vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to denial of service.Show less
CVE-2025-21614 1Go Git Project 1Go Git Sep 30, 2025 Jan 6, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform deni...Show more go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Users running versions of go-git from v4 and above are recommended to upgrade to v5.13 in order to mitigate this vulnerability.Show less
CVE-2024-55605 1Oisf 1Suricata Mar 31, 2025 Jan 6, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large input buffer to the to_lowercase, to_uppercase, strip_whitespace, compress_whi...Show more Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large input buffer to the to_lowercase, to_uppercase, strip_whitespace, compress_whitespace, dotprefix, header_lowercase, strip_pseudo_headers, url_decode, or xor transform can lead to a stack overflow causing Suricata to crash. The issue has been addressed in Suricata 7.0.8.Show less
CVE-2024-53647 1Trendmicro 1Id Security Sep 29, 2025 Dec 31, 2024 N/A· v4 8.2 HIGH· v3 N/A· v2 Trend Micro ID Security, version 3.0 and below contains a vulnerability that could allow an attacker to send an unlimited number of email verification requests without any restriction, potentially leading to abuse or den...Show more Trend Micro ID Security, version 3.0 and below contains a vulnerability that could allow an attacker to send an unlimited number of email verification requests without any restriction, potentially leading to abuse or denial of service.Show less
CVE-2024-13058 - - Aug 29, 2025 Dec 30, 2024 4.8 MEDIUM· v4 N/A· v3 N/A· v2 An issue exists in SoftIron HyperCloud where authenticated, but non-admin users can create data pools, which could potentially impact the performance and availability of the backend software-defined storage subsystem....Show more An issue exists in SoftIron HyperCloud where authenticated, but non-admin users can create data pools, which could potentially impact the performance and availability of the backend software-defined storage subsystem. This issue only impacts SoftIron HyperCloud and related software products (such as VM Squared) software versions 2.3.0 to before 2.5.0.Show less
CVE-2024-56200 - - Dec 19, 2024 Dec 19, 2024 N/A· v4 8.6 HIGH· v3 N/A· v2 Altair is a fork of Misskey v12. Affected versions lack of request validation and lack of authentication in the image proxy for compressing and resizing remote files could allow attacks that could affect availability, su...Show more Altair is a fork of Misskey v12. Affected versions lack of request validation and lack of authentication in the image proxy for compressing and resizing remote files could allow attacks that could affect availability, such as by abnormally increasing the CPU usage of the server on which this software is running or placing a heavy load on the network it is using. This issue has been fixed in v12.24Q4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.Show less

Previous 1...444546...155 Next