Fallos del tipo CWE-400
2402 resultadosCVE-2026-31247HIGHDocling's JATS XML backend is vulnerable to XML Entity Expansion (XXE) attacks thru 2.61.0. The backend uses etree.parse() to parse XML fileEPSS 0.4%CVE-2025-62260HIGHLiferay Portal 7.4.0 through 7.4.3.99, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and EPSS 0.4%CVE-2025-61025HIGHAn issue in the sslr_qst_get component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via craftEPSS 0.4%CVE-2026-7493MEDIUMAppointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.11.5 - Unauthenticated Denial of ServiceEPSS 0.4%CVE-2026-49851HIGHMistune: Potential DoS via quadratic-time parsing in parse_link_textEPSS 0.4%CVE-2025-0426MEDIUMA security issue was discovered in Kubernetes where a large number of container checkpoint requests made to the unauthenticated kubelet readEPSS 0.3%CVE-2026-33123MEDIUMpypdf has inefficient decoding of array-based streamsEPSS 0.3%CVE-2025-50861MEDIUMThe Lotus Cars Android app (com.lotus.carsdomestic.intl) 1.2.8 contains an exported component, PushDeepLinkActivity, which is accessible witEPSS 0.3%CVE-2026-27888MEDIUMpypdf: Manipulated FlateDecode XFA streams can exhaust RAMEPSS 0.3%CVE-2026-22228MEDIUMImproper Input Validation Leading to DoS on TP-Link Archer BE230EPSS 0.3%CVE-2025-53893HIGHFile Browser Vulnerable to Uncontrolled Memory Consumption Due to Oversized File ProcessingEPSS 0.3%CVE-2025-6297HIGHdpkg-deb: Fix cleanup for control member with restricted directoriesEPSS 0.3%CVE-2025-5890MEDIUMactions toolkit glob internal-pattern.ts globEscape redosEPSS 0.3%CVE-2014-2343—Triangle MicroWorks SCADA Data Gateway Resource ExhaustionEPSS 0.3%CVE-2025-70047HIGHAn issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in Nexusoft NexusInterface v3.2.0-beta.2.EPSS 0.3%CVE-2025-67731HIGHServify Express does not enforce rate limiting when parsing JSONEPSS 0.3%CVE-2026-9496HIGHVersions of the package pacote from 11.2.7 and before 21.5.1 are vulnerable to Denial of Service (DoS) via the addGitSha function. An attackEPSS 0.3%CVE-2025-67835MEDIUMPaessler PRTG Network Monitor before 25.4.114 allows Denial-of-Service (DoS) by an authenticated attacker via the Notification Contacts funcEPSS 0.3%CVE-2025-55128MEDIUMHackerOne community member Dang Hung Vi (vidang04) has reported an uncontrolled resource consumption vulnerability in the “userlog-index.phpEPSS 0.3%CVE-2025-54884HIGHVision UI security-kit.js: Potential Uncontrolled Resource Allocation VulnerabilityEPSS 0.3%