Skip to main content

CWE-1050

Excessive Platform Resource Consumption within a Loop

10 CVEs Avg CVSS 6.7 MITRE
0
CRITICAL
7
HIGH
2
MEDIUM
1
LOW
4
POC
0
KEV

Monthly

CVE-2026-4634 Maven HIGH PATCH GHSA This Week

Denial of Service in Red Hat Build of Keycloak allows unauthenticated remote attackers to exhaust server resources by submitting specially crafted POST requests with excessively long scope parameters to the OpenID Connect token endpoint. No public exploit identified at time of analysis, but CVSS 7.5 (High) with network attack vector and low complexity indicates straightforward exploitation. Authentication requirements: unauthenticated (CVSS PR:N). The vulnerability stems from improper resource management (CWE-1050), enabling attackers to cause prolonged processing times and service disruption without any authentication or user interaction.

Denial Of Service Red Hat Build Of Keycloak
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-22263 MEDIUM PATCH This Month

Suricata versions up to 8.0.3 contains a vulnerability that allows attackers to slowdown over multiple packets (CVSS 5.3).

Information Disclosure Suricata Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-22261 LOW PATCH Monitor

Suricata versions up to 8.0.3 contains a vulnerability that allows attackers to severe slowdowns (CVSS 3.7).

Information Disclosure Suricata
NVD GitHub
CVSS 3.1
3.7
EPSS
0.1%
CVE-2025-67419 npm HIGH This Week

Evershop contains a vulnerability that allows attackers to exhaust the application server's resources via the "GET /images" API (CVSS 7.5).

Denial Of Service Evershop
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-48866 HIGH POC PATCH This Week

ModSecurity versions prior to 2.9.10 contain a denial of service vulnerability in the `sanitiseArg` and `sanitizeArg` actions that allows unauthenticated remote attackers to cause service disruption by submitting requests with an excessive number of arguments. This is a network-accessible DoS vulnerability with high impact on availability that affects widely-deployed WAF deployments across Apache, IIS, and Nginx platforms.

Apache Denial Of Service Nginx Modsecurity Red Hat +1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-47947 HIGH POC PATCH This Month

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Nginx Apache Denial Of Service Modsecurity Red Hat +1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-32907 MEDIUM PATCH This Month

A flaw was found in libsoup. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2024-4068 npm HIGH POC PATCH This Week

The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Denial Of Service Braces
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-1390 HIGH PATCH This Week

A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.1
7.5
EPSS
5.1%
CVE-2021-41039 HIGH POC This Week

In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mosquitto
NVD
CVSS 3.1
7.5
EPSS
1.3%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of Service in Red Hat Build of Keycloak allows unauthenticated remote attackers to exhaust server resources by submitting specially crafted POST requests with excessively long scope parameters to the OpenID Connect token endpoint. No public exploit identified at time of analysis, but CVSS 7.5 (High) with network attack vector and low complexity indicates straightforward exploitation. Authentication requirements: unauthenticated (CVSS PR:N). The vulnerability stems from improper resource management (CWE-1050), enabling attackers to cause prolonged processing times and service disruption without any authentication or user interaction.

Denial Of Service Red Hat Build Of Keycloak
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Suricata versions up to 8.0.3 contains a vulnerability that allows attackers to slowdown over multiple packets (CVSS 5.3).

Information Disclosure Suricata Red Hat +1
NVD GitHub
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Suricata versions up to 8.0.3 contains a vulnerability that allows attackers to severe slowdowns (CVSS 3.7).

Information Disclosure Suricata
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Evershop contains a vulnerability that allows attackers to exhaust the application server's resources via the "GET /images" API (CVSS 7.5).

Denial Of Service Evershop
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

ModSecurity versions prior to 2.9.10 contain a denial of service vulnerability in the `sanitiseArg` and `sanitizeArg` actions that allows unauthenticated remote attackers to cause service disruption by submitting requests with an excessive number of arguments. This is a network-accessible DoS vulnerability with high impact on availability that affects widely-deployed WAF deployments across Apache, IIS, and Nginx platforms.

Apache Denial Of Service Nginx +3
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Month

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Nginx Apache Denial Of Service +3
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

A flaw was found in libsoup. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Denial Of Service Braces
NVD GitHub
EPSS 5% CVSS 7.5
HIGH PATCH This Week

A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mosquitto
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy