CWE-405 · Asymmetric Resource Consumption (Amplification)
40 CVEs classified under CWE-405 (Asymmetric Resource Consumption (Amplification)). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-56200 | High | 8.6 | 2024-12-19 | Altair is a fork of Misskey v12. Affected versions lack of request validation and lack of authentication in the image proxy for compressing and resizing remote… |
CVE-2021-38447 | High | 8.6 | 2022-05-05 | OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic, which may… |
CVE-2025-42874 | High | 7.9 | 2025-12-09 | SAP NetWeaver remote service for Xcelsius allows an attacker with network access and high privileges to execute arbitrary code on the affected system due to in… |
CVE-2026-44296 | High | 7.5 | 2026-05-12 | Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.167, a remote, unauthenticated denial of service (DoS) vulnerability affects Deskflow servers run… |
CVE-2026-25611 | High | 7.5 | 2026-02-10 | A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server. |
CVE-2026-0485 | High | 7.5 | 2026-02-10 | SAP BusinessObjects BI Platform allows an unauthenticated attacker to send specially crafted requests that could cause the Content Management Server (CMS) to c… |
CVE-2026-22775 | High | 7.5 | 2026-01-15 | Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.1.0 to 5.6.1, certain input… |
CVE-2026-22774 | High | 7.5 | 2026-01-15 | Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.3.0 to 5.6.1, certain input… |
CVE-2025-66564 | High | 7.5 | 2025-12-04 | Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits (via a call to string… |
CVE-2025-66506 | High | 7.5 | 2025-12-04 | Fulcio is a free-to-use certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. Prior to 1.8.3, function identity.ex… |
CVE-2025-8677 | High | 7.5 | 2025-10-22 | Querying for records within a specially crafted zone containing certain malformed DNSKEY records can lead to CPU exhaustion. This issue affects BIND 9 versions… |
CVE-2025-30204 | High | 7.5 | 2025-03-21 | golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified split… |
CVE-2024-11187 | High | 7.5 | 2025-01-29 | It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker send… |
CVE-2024-55628 | High | 7.5 | 2025-01-06 | Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.8, DNS resource name… |
CVE-2024-45590 | High | 7.5 | 2024-09-10 | body-parser is Node.js body parsing middleware. body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a… |
CVE-2024-34703 | High | 7.5 | 2024-06-30 | Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parame… |
CVE-2023-2992 | High | 7.5 | 2023-06-26 | An unauthenticated denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions… |
CVE-2024-49363 | High | 7.4 | 2024-12-18 | Misskey is an open source, federated social media platform. In affected versions FileServerService (media proxy) in github.com/misskey-dev/misskey 2024.10.1 or… |
CVE-2025-42876 | High | 7.1 | 2025-12-09 | Due to a Missing Authorization Check vulnerability in SAP S/4 HANA Private Cloud (Financials General Ledger), an authenticated attacker with authorization limi… |
CVE-2026-24324 | Medium | 6.5 | 2026-02-10 | SAP BusinessObjects Business Intelligence Platform (AdminTools) allows an authenticated attacker with user privileges to execute a specific query in AdminTools… |