CWE-770 · Allocation of Resources Without Limits or Throttling
1928 CVEs classified under CWE-770 (Allocation of Resources Without Limits or Throttling). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-40498 | Critical | 9.8 | 2026-04-21 | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can access diagnostic and system tools that… |
CVE-2026-31283 | Critical | 9.8 | 2026-04-13 | In Totara LMS v19.1.5 and before, the forgot password API does not implement rate limiting for the target email address. which can be used for an Email Bombing… |
CVE-2020-37067 | Critical | 9.8 | 2026-02-03 | Filetto 1.0 FTP server contains a denial of service vulnerability in the FEAT command processing that allows attackers to crash the service. Attackers can send… |
CVE-2021-47875 | Critical | 9.8 | 2026-01-21 | GeoGebra CAS Calculator 6.0.631.0 contains a denial of service vulnerability that allows attackers to crash the application by generating a large buffer overfl… |
CVE-2025-11832 | Critical | 9.8 | 2025-10-15 | Allocation of Resources Without Limits or Throttling vulnerability in Azure Access Technology BLU-IC2, Azure Access Technology BLU-IC4 allows Flooding.This iss… |
CVE-2024-44241 | Critical | 9.8 | 2024-12-12 | The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1. An attacker may be able to cause unex… |
CVE-2021-42142 | Critical | 9.8 | 2024-01-23 | An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers mishandle the early use of a large epoch number. This vulnerability… |
CVE-2021-46760 | Critical | 9.8 | 2023-05-09 | A malicious or compromised UApp or ABL can send a malformed system call to the bootloader, which may result in an out-of-bounds memory access that may potentia… |
CVE-2022-3439 | Critical | 9.8 | 2022-10-14 | Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0. |
CVE-2022-3456 | Critical | 9.8 | 2022-10-13 | Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0. |
CVE-2022-3273 | Critical | 9.8 | 2022-10-06 | Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a4. |
CVE-2022-29503 | Critical | 9.8 | 2022-09-29 | A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng 1.0.40. Thread allocation can lead to me… |
CVE-2019-17067 | Critical | 9.8 | 2019-10-01 | PuTTY before 0.73 on Windows improperly opens port-forwarding listening sockets, which allows attackers to listen on the same port to steal an incoming connect… |
CVE-2018-20033 | Critical | 9.8 | 2019-02-25 | A Remote Code Execution vulnerability in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier could allow a remote attacker to… |
CVE-2017-6713 | Critical | 9.8 | 2017-07-06 | A vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to gain full access to the aff… |
CVE-2017-6640 | Critical | 9.8 | 2017-06-08 | A vulnerability in Cisco Prime Data Center Network Manager (DCNM) Software could allow an unauthenticated, remote attacker to log in to the administrative cons… |
CVE-2021-41592 | Critical | 9.4 | 2021-10-04 | Blockstream c-lightning through 0.10.1 allows loss of funds because of dust HTLC exposure. |
CVE-2021-41591 | Critical | 9.4 | 2021-10-04 | ACINQ Eclair before 0.6.3 allows loss of funds because of dust HTLC exposure. |
CVE-2026-25804 | Critical | 9.1 | 2026-02-06 | Antrea is a Kubernetes networking solution intended to be Kubernetes native. Prior to versions 2.3.2 and 2.4.3, Antrea's network policy priority assignment sys… |
CVE-2025-68456 | Critical | 9.1 | 2026-01-05 | Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 3.0.0 through 4.16.16, unauthenticated users can trigger databa… |