CWE-770

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

We have discovered 2,275,819 live websites that are affected by CWE-770.

Available Reports

Website List

CVEs

Count - 61

CWE References

cwe.mitre.org

Website Distribution by Country

Number of websites using CWE-770

United States	645,401 websites

Germany	236,324 websites
Taiwan	114,589 websites
France	113,634 websites
Netherlands	89,971 websites
Russia	85,879 websites
Japan	77,066 websites
GB	76,829 websites
Italy	73,976 websites
Canada	53,565 websites

Website Distribution by TLD

Number of websites using CWE-770

.com	899,052 websites
.de	143,475 websites
.org	111,213 websites
.net	78,854 websites
.ru	73,362 websites
.nl	71,375 websites
.it	60,912 websites
.co.uk	47,270 websites
.fr	40,685 websites
.pl	36,389 websites

Newest CVEs

List of the most recent CVEs that are part of CWE-770

Discovered	CVE	Description	Websites
Apr, 2026	CVE-2026-21388	Unbounded Request Body Read in MS Teams Plugin {{/lifecycle}} Webhook Endpoint	1
Apr, 2026	CVE-2026-33034	Potential denial-of-service vulnerability in ASGI requests via memory upload limit bypass	67
Apr, 2026	CVE-2026-34513	AIOHTTP: Denial of Service (DoS) via Unbounded DNS Cache in TCPConnector	181
Apr, 2026	CVE-2026-34516	AIOHTTP: Multipart Header Size Bypass	181
Apr, 2026	CVE-2026-34517	AIOHTTP: Late size enforcement for non-file multipart fields causes memory DoS	181
Mar, 2026	CVE-2026-29772	Astro: Memory exhaustion DoS due to missing request body size limit in Server Islands	19,491
Mar, 2026	CVE-2026-24458	DoS attack via login attempts with multi-megabyte passwords	150
Mar, 2026	CVE-2026-29795	stellar-xdr: `StringM::from_str` bypasses max length validation	5
Mar, 2026	CVE-2026-27601	Underscore.js has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack	674,069
Feb, 2026	CVE-2026-25224	Fastify Vulnerable to DoS via Unbounded Memory Allocation in sendWebStream	1

The most widespread CVEs

List of the most common CVEs that are part of CWE-770

Discovered	CVE	Description	Websites
Jun, 2022	CVE-2022-29404	Denial of service in mod_lua r:parsebody	1,334,135
Apr, 2024	CVE-2024-27316	Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames	884,338
Mar, 2026	CVE-2026-27601	Underscore.js has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack	674,069
Jul, 2020	CVE-2020-8203	Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.	27,492
Mar, 2026	CVE-2026-29772	Astro: Memory exhaustion DoS due to missing request body size limit in Server Islands	19,491
Jun, 2025	CVE-2025-48988	Apache Tomcat: FileUpload large number of parts with headers DoS	7,033
Nov, 2024	CVE-2024-38286	Apache Tomcat: Denial of Service	3,524
Feb, 2026	CVE-2026-24133	jsPDF Affected by Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder	3,424
Sep, 2025	CVE-2025-58754	Axios is vulnerable to DoS attack through lack of data size check	2,347
Jan, 2026	CVE-2025-68659	Discourse has DoS vulnerability in username change endpoint	1,979

Websites affected by CWE-770

Top websites that are affected by CWE-770. Please click on the "Contact us" link to get more information.

Domain	Country	Rank
*******.com	Singapore	***
*********.de	Germany	***
*****.net	Canada	***
***********..*..**********.net	United States	***
***.*********.com	Canada	***
*****.com	United States	***
****.fr	France	***
****.com	United States	***
*****.com	United States	***
**.cn	China	***

See full domain list