CWE-400 · Uncontrolled Resource Consumption
3161 CVEs classified under CWE-400 (Uncontrolled Resource Consumption). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-44228 | Critical | 10.0 | 2021-12-10 | Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameter… |
CVE-2026-46775 | Critical | 9.9 | 2026-05-28 | Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows… |
CVE-2025-70327 | Critical | 9.8 | 2026-02-23 | TOTOLINK X5000R v9.1.0cu_2415_B20250515 contains an argument injection vulnerability in the setDiagnosisCfg handler of the /usr/sbin/lighttpd executable. The i… |
CVE-2025-61303 | Critical | 9.8 | 2025-10-20 | Hatching Triage Sandbox Windows 10 build 2004 (2025-08-14) and Windows 10 LTSC 2021(2025-08-14) contains a vulnerability in its Windows behavioral analysis eng… |
CVE-2025-43193 | Critical | 9.8 | 2025-07-30 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able… |
CVE-2025-24269 | Critical | 9.8 | 2025-03-31 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4. An app may be able to cause unexpected system termination. |
CVE-2025-24264 | Critical | 9.8 | 2025-03-31 | The issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18… |
CVE-2025-24260 | Critical | 9.8 | 2025-03-31 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An attacker in a p… |
CVE-2025-24247 | Critical | 9.8 | 2025-03-31 | A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An attacker ma… |
CVE-2025-24211 | Critical | 9.8 | 2025-03-31 | This issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5… |
CVE-2025-24190 | Critical | 9.8 | 2025-03-31 | The issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5… |
CVE-2024-45166 | Critical | 9.8 | 2024-08-22 | An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Due to improper input validation, improper deserialization, and improper restriction… |
CVE-2024-39462 | Critical | 9.8 | 2024-06-25 | In the Linux kernel, the following vulnerability has been resolved: clk: bcm: dvp: Assign ->num before accessing ->hws Commit f316cdff8d67 ("clk: Annotate st… |
CVE-2022-48716 | Critical | 9.8 | 2024-06-20 | In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd938x: fix incorrect used of portid Mixer controls have the channel id in… |
CVE-2024-36543 | Critical | 9.8 | 2024-06-17 | Incorrect access control in the Kafka Connect REST API in the STRIMZI Project 0.41.0 and earlier allows an attacker to deny the service for Kafka Mirroring, po… |
CVE-2024-25718 | Critical | 9.8 | 2024-02-11 | In the Samly package before 1.4.0 for Elixir, Samly.State.Store.get_assertion/3 can return an expired session, which interferes with access control because Sam… |
CVE-2023-41294 | Critical | 9.8 | 2023-09-25 | The DP module has a service hijacking vulnerability.Successful exploitation of this vulnerability may affect some Super Device services. |
CVE-2023-28507 | Critical | 9.8 | 2023-03-29 | Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a memory-exhaustio… |
CVE-2021-3821 | Critical | 9.8 | 2022-12-12 | A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Denial of Service when runni… |
CVE-2013-20004 | Critical | 9.8 | 2022-02-06 | A flaw was found in StarWind iSCSI target. StarWind service does not limit client connections and allocates memory on each connection attempt. An attacker coul… |