CWE-770 · Allocation of Resources Without Limits or Throttling

1928 CVEs classified under CWE-770 (Allocation of Resources Without Limits or Throttling). Browse by severity and year.

Top CVEs for CWE-770
CVESeverityScorePublishedSummary
CVE-2026-40498Critical9.82026-04-21FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can access diagnostic and system tools that…
CVE-2026-31283Critical9.82026-04-13In Totara LMS v19.1.5 and before, the forgot password API does not implement rate limiting for the target email address. which can be used for an Email Bombing…
CVE-2020-37067Critical9.82026-02-03Filetto 1.0 FTP server contains a denial of service vulnerability in the FEAT command processing that allows attackers to crash the service. Attackers can send…
CVE-2021-47875Critical9.82026-01-21GeoGebra CAS Calculator 6.0.631.0 contains a denial of service vulnerability that allows attackers to crash the application by generating a large buffer overfl…
CVE-2025-11832Critical9.82025-10-15Allocation of Resources Without Limits or Throttling vulnerability in Azure Access Technology BLU-IC2, Azure Access Technology BLU-IC4 allows Flooding.This iss…
CVE-2024-44241Critical9.82024-12-12The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1. An attacker may be able to cause unex…
CVE-2021-42142Critical9.82024-01-23An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers mishandle the early use of a large epoch number. This vulnerability…
CVE-2021-46760Critical9.82023-05-09A malicious or compromised UApp or ABL can send a malformed system call to the bootloader, which may result in an out-of-bounds memory access that may potentia…
CVE-2022-3439Critical9.82022-10-14Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0.
CVE-2022-3456Critical9.82022-10-13Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0.
CVE-2022-3273Critical9.82022-10-06Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a4.
CVE-2022-29503Critical9.82022-09-29A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng 1.0.40. Thread allocation can lead to me…
CVE-2019-17067Critical9.82019-10-01PuTTY before 0.73 on Windows improperly opens port-forwarding listening sockets, which allows attackers to listen on the same port to steal an incoming connect…
CVE-2018-20033Critical9.82019-02-25A Remote Code Execution vulnerability in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier could allow a remote attacker to…
CVE-2017-6713Critical9.82017-07-06A vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to gain full access to the aff…
CVE-2017-6640Critical9.82017-06-08A vulnerability in Cisco Prime Data Center Network Manager (DCNM) Software could allow an unauthenticated, remote attacker to log in to the administrative cons…
CVE-2021-41592Critical9.42021-10-04Blockstream c-lightning through 0.10.1 allows loss of funds because of dust HTLC exposure.
CVE-2021-41591Critical9.42021-10-04ACINQ Eclair before 0.6.3 allows loss of funds because of dust HTLC exposure.
CVE-2026-25804Critical9.12026-02-06Antrea is a Kubernetes networking solution intended to be Kubernetes native. Prior to versions 2.3.2 and 2.4.3, Antrea's network policy priority assignment sys…
CVE-2025-68456Critical9.12026-01-05Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 3.0.0 through 4.16.16, unauthenticated users can trigger databa…