CVE Daily
← All tags

Tag: Denial of Service (DoS)

All CVEs associated with "Denial of Service (DoS)". Page 21/331 • 39648 CVEs.

Subscribe CVEs: RSS for “Denial of Service (DoS)”  ·  RSS (High+Critical only)

About “Denial of Service (DoS)”

A curated feed of “Denial of Service (DoS)”-related CVEs appears below. We currently track 39648 CVEs for this tag (all time). In the last 365 days, 3219 were published. Average CVSS is 6.6 (all time; 6.6 over 365d), and 47% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-400 - Uncontrolled Resource Consumption, CWE-770 - Allocation of Resources Without Limits or Throttling, CWE-476 - NULL Pointer Dereference.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2025-10-22
High

CVE-2025-60338

Tenda AC6 V2.0 15.03.06.50 was discovered to contain a stack overflow in the page parameter in the DhcpListClient function. This vulnerability allows attackers to cause a Denial of Service (DoS) via…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2025-60335

A NULL pointer dereference in the main function of TOTOLINK N600R v4.3.0cu.7866_B20220506 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2025-60334

TOTOLINK N600R v4.3.0cu.7866_B20220506 was discovered to contain a stack overflow in the ssid parameter in the setWiFiBasicConfig function. This vulnerability allows attackers to cause a Denial of Se…

CVSS: 7.5 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2025-60333

TOTOLINK N600R v4.3.0cu.7866_B20220506 was discovered to contain a stack overflow in the wepkey2 parameter in the setWiFiMultipleConfig function. This vulnerability allows attackers to cause a Denial…

CVSS: 7.5 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2025-60332

A NULL pointer dereference in the SetWLanRadioSettings function of D-Link DIR-823G A1 v1.0.2B05 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2025-60331

D-Link DIR-823G A1 v1.0.2B05 was discovered to contain a buffer overflow in the FillMacCloneMac parameter in the /EXCU_SHELL endpoint. This vulnerability allows attackers to cause a Denial of Service…

CVSS: 7.5 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2025-61035

The seffaflik thru 0.0.9 is vulnerable to symlink attacks due to incorrect default permissions given to the .kimlik file and .seffaflik file, which is created with mode 0777 and 0775 respectively, ex…

CVSS: 7.7 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2025-10-21
High

CVE-2025-61756

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: System Configuration). Supported versions that are…

CVSS: 7.5 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
Low

CVE-2025-62480

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Naming Subsystem). The supported version that is affected is 8.8. Easily exploitable vulnerability allows…

CVSS: 2.7 CWE: CWE-267 - Privilege Defined With Unsafe Actions View on NVD
Low

CVE-2025-62479

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Block Storage). The supported version that is affected is 8.8. Easily exploitable vulnerability allows hi…

CVSS: 2.7 CWE: CWE-267 - Privilege Defined With Unsafe Actions View on NVD
Medium

CVE-2025-62478

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Object Store). The supported version that is affected is 8.8. Easily exploitable vulnerability allows hig…

CVSS: 4.9 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2025-62477

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Remote Replication). The supported version that is affected is 8.8. Easily exploitable vulnerability allo…

CVSS: 4.9 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2025-62476

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Remote Replication). The supported version that is affected is 8.8. Easily exploitable vulnerability allo…

CVSS: 4.9 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2025-62475

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privil…

CVSS: 4.9 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2025-62289

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Filesystems). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high…

CVSS: 4.9 CWE: CWE-267 - Privilege Defined With Unsafe Actions View on NVD
Medium

CVE-2025-61762

Vulnerability in the PeopleSoft Enterprise FIN Payables product of Oracle PeopleSoft (component: Payables). The supported version that is affected is 9.2. Easily exploitable vulnerability allows lo…

CVSS: 6.3 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2025-61752

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerabili…

CVSS: 7.5 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
Medium

CVE-2025-53070

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker…

CVSS: 5.5 CWE: CWE-267 - Privilege Defined With Unsafe Actions View on NVD
Medium

CVE-2025-53069

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploi…

CVSS: 4.9 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2025-53068

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with…

CVSS: 6.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2025-53067

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.4.0. Easily exploitable vulnerability allows high privilege…

CVSS: 4.9 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2025-53062

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability a…

CVSS: 4.9 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2025-53054

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability a…

CVSS: 5.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2025-53053

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerabil…

CVSS: 5.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2025-53050

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Performance Monitor). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitabl…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2025-53046

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Analytics). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high p…

CVSS: 4.9 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2025-53045

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability a…

CVSS: 4.9 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2025-53044

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability a…

CVSS: 4.9 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2025-53042

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vuln…

CVSS: 4.9 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2025-53040

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vuln…

CVSS: 4.9 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2025-60790

ProcessWire CMS 3.0.246 allows a low-privileged user with lang-edit to upload a crafted ZIP to Language Support that is auto-extracted without limits prior to validation, enabling resource-exhaustion…

CVSS: 6.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2025-22166

This High severity DoS (Denial of Service) vulnerability was introduced in version 2.0 of Confluence Data Center. This DoS (Denial of Service) vulnerability, with a CVSS Score of 8.3, allows an at…

CVSS: 7.5 CWE: CWE-405 - Asymmetric Resource Consumption (Amplification) View on NVD
2025-10-20
High

CVE-2025-26782

An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 9110, W920, W930, Modem 5123, and Modem 5300.…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2025-26781

An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 9110, W920, W930, Modem 5123, and Modem 5300.…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2024-55568

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 530…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2025-11677

Use After Free in WebSocket server implementation in lws_handshake_server in warmcat libwebsockets may allow an attacker, in specific configurations where the user provides a callback function that h…

CVSS: 6.3 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-56223

A lack of rate limiting in the component /Home/UploadStreamDocument of SigningHub v8.6.8 allows attackers to cause a Denial of Service (DoS) via uploading an excessive number of files.

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2025-56219

Incorrect access control in SigningHub v8.6.8 allows attackers to arbitrarily add user accounts without any rate limiting. This can lead to a resource exhaustion and a Denial of Service (DoS) when an…

CVSS: 7.1 CWE: CWE-284 - Improper Access Control View on NVD
2025-10-19
Medium

CVE-2025-62672

rplay through 3.3.2 allows attackers to cause a denial of service (SIGSEGV and daemon crash) or possibly have unspecified other impact. This occurs in memcpy in the RPLAY_DATA case in rplay_unpack in…

CVSS: 5.3 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2025-10-18
Medium

CVE-2025-62666

Allocation of Resources Without Limits or Throttling vulnerability in The Wikimedia Foundation Mediawiki - CirrusSearch Extension allows HTTP DoS.This issue affects Mediawiki - CirrusSearch Extension…

CVSS: 6.9 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2025-10-17
High

CVE-2025-59043

OpenBao is an open source identity-based secrets management system. In OpenBao versions prior to 2.4.1, JSON objects after decoding may use significantly more memory than their serialized version. It…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2025-10-16
Medium

CVE-2025-62504

Envoy is an open source edge and service proxy. Envoy versions earlier than 1.36.2, 1.35.6, 1.34.10, and 1.33.12 contain a use-after-free vulnerability in the Lua filter. When a Lua script executing…

CVSS: 6.5 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2025-61554

A divide-by-zero in VirtIO network device emulation in BitVisor from commit 108df6 (2020-05-20) to commit 480907 (2025-07-06) allows local attackers to cause a denial of service (host hypervisor cras…

CVSS: 5.5 CWE: CWE-369 - Divide By Zero View on NVD
High

CVE-2025-61553

An out-of-bounds write in VirtIO network device emulation in BitVisor from commit 108df6 (2020-05-20) to commit 480907 (2025-07-06) allows local attackers to cause a denial of service (host hyperviso…

CVSS: 8.2 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
Medium

CVE-2025-60641

The file mexcel.php in the Vfront 0.99.52 codebase contains a vulnerable call to unserialize(base64_decode($_POST['mexcel'])), where $_POST['mexcel'] is user-controlled input. This input is decoded f…

CVSS: 6.5 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
High

CVE-2025-36128

IBM MQ 9.1, 9.2, 9.3, 9.4 LTS and 9.3, 9.4 CD is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting slowloris-type attacks,…

CVSS: 7.5 CWE: CWE-772 - Missing Release of Resource after Effective Lifetime View on NVD
Critical

CVE-2025-6338

There is an incomplete cleanup vulnerability in Qt Network's Schannel support on Windows which can lead to a Denial of Service over a long period.This issue affects Qt from 5.15.0 through 6.8.3, from…

CVSS: 9.2 CWE: CWE-459 - Incomplete Cleanup View on NVD
High

CVE-2025-58778

Multiple versions of RG-EST300 provided by Ruijie Networks provide SSH server functionality. It is not documented in the manual, and enabled in the initial configuration. Anyone with the knowledge of…

CVSS: 7.2 CWE: CWE-912 - Hidden Functionality View on NVD
2025-10-15
High

CVE-2025-62381

sveltekit-superforms makes SvelteKit forms a pleasure to use. sveltekit-superforms v2.27.3 and prior are susceptible to a prototype pollution vulnerability within the parseFormData function of formDa…

CVSS: 8.3 CWE: CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') View on NVD
Medium

CVE-2025-20360

Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart. This vuln…

CVSS: 5.8 CWE: CWE-805 - Buffer Access with Incorrect Length Value View on NVD
Medium

CVE-2025-20359

Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow an unauthenticated, remote attacker to cause the disclosure of possible sensitive data or cause th…

CVSS: 6.5 CWE: CWE-127 - Buffer Under-read View on NVD
High

CVE-2025-20350

A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attack…

CVSS: 7.5 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2025-62370

Alloy Core libraries at the root of the Rust Ethereum ecosystem. Prior to 0.8.26 and 1.4.1, an uncaught panic triggered by malformed input to alloy_dyn_abi::TypedData could lead to a denial-of-servic…

CVSS: 7.5 CWE: CWE-248 - Uncaught Exception View on NVD
High

CVE-2025-59478

When a BIG-IP AFM denial-of-service (DoS) protection profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) process to terminate.  Note: So…

CVSS: 7.5 CWE: CWE-824 - Access of Uninitialized Pointer View on NVD
Medium

CVE-2025-55079

In Eclipse ThreadX before version 6.4.3, the thread module has a setting of maximum priority. In some cases the check of that maximum priority wasn't performed, allowing, as a result, to obtain a thr…

CVSS: 5.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2025-10-14
Medium

CVE-2025-33177

NVIDIA Jetson Linux and IGX OS contain a vulnerability in NvMap, where improper tracking of memory allocations could allow a local attacker to cause memory overallocation. A successful exploitation o…

CVSS: 5.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2025-33182

NVIDIA Jetson Linux contains a vulnerability in UEFI, where improper authentication may allow a privileged user to cause corruption of the Linux Device Tree. A successful exploitation of this vulnera…

CVSS: 7.6 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-60536

An issue in the Configure New Cluster interface of kafka-ui v0.6.0 to v0.7.2 allows attackers to cause a Denial of Service (DoS) via uploading a crafted configuration file.

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2025-23356

NVIDIA Isaac Lab contains a vulnerability in SB3 configuration parsing. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, informati…

CVSS: 8.4 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
Medium

CVE-2025-37148

A vulnerability in the parsing of ethernet frames in AOS-8 Instant and AOS 10 could allow an unauthenticated remote attacker to conduct a denial of service attack. Successful exploitation could allow…

CVSS: 6.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2025-37139

A vulnerability in an AOS firmware binary allows an authenticated malicious actor to permanently delete necessary boot information. Successful exploitation may render the system unbootable, resulting…

CVSS: 6.0 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2025-53845

An improper authentication vulnerability [CWE-287] in Fortinet FortiAnalyzer version 7.6.0 through 7.6.3 and before 7.4.6 allows an unauthenticated attacker to obtain information pertaining to the de…

CVSS: 6.5 CWE: CWE-287 - Improper Authentication View on NVD
High

CVE-2011-20001

A vulnerability has been identified in SIMATIC S7-1200 CPU V1 family (incl. SIPLUS variants) (All versions < V2.0.3), SIMATIC S7-1200 CPU V2 family (incl. SIPLUS variants) (All versions < V2.0.3). Th…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2025-55078

In Eclipse ThreadX before version 6.4.3, an attacker can cause a denial of service (crash) by providing a pointer to a reserved or unmapped memory region. Vulnerable system calls had a check of point…

CVSS: 5.5 CWE: CWE-233 - Improper Handling of Parameters View on NVD
Medium

CVE-2025-41707

The websocket handler is vulnerable to a denial of service condition. An unauthenticated remote attacker can send a crafted websocket message to trigger the issue without affecting the core functiona…

CVSS: 5.3 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2025-41706

The webserver is vulnerable to a denial of service condition. An unauthenticated remote attacker can craft a special GET request with an over-long content-length to trigger the issue without affectin…

CVSS: 5.3 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2025-41704

An unauthanticated remote attacker can perform a DoS of the Modbus service by sending a specific function and sub-function code without affecting the core functionality.

CVSS: 5.3 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2025-41703

An unauthenticated remote attacker can cause a Denial of Service by turning off the output of the UPS via Modbus command.

CVSS: 7.5 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
Low

CVE-2025-11731

A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT <func:result> elements during stylesheet parsing. Due to improper type handling, the function may treat an XML d…

CVSS: 3.1 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
2025-10-13
Medium

CVE-2025-59836

Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to 1.1.5 and 1.0.2, there is a nil pointer dereference vulnerability in the Omni Resource Service allows unauthenticated…

CVSS: 5.3 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2025-62170

rAthena is an open-source cross-platform MMORPG server. A use-after-free vulnerability exists in the RODEX functionality of rAthena's map-server in versions prior to commit af2f3ba. An unauthenticate…

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-7707

The llama_index library version 0.12.33 sets the NLTK data directory to a subdirectory of the codebase by default, which is world-writable in multi-user environments. This configuration allows local…

CVSS: 7.8 CWE: CWE-377 - Insecure Temporary File View on NVD
2025-10-12
Medium

CVE-2025-11642

A vulnerability was identified in Tomofun Furbo 360 and Furbo Mini. Affected is an unknown function of the component Registration Handler. Such manipulation leads to denial of service. The attack can…

CVSS: 4.0 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
Medium

CVE-2025-11638

A flaw has been found in Tomofun Furbo 360 and Furbo Mini. The affected element is an unknown function of the component Bluetooth Handler. Executing manipulation can lead to denial of service. The at…

CVSS: 4.3 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
Medium

CVE-2025-33096

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user to cause a denial of service by uploading specially crafted files using uncontrolled recursi…

CVSS: 6.5 CWE: CWE-674 - Uncontrolled Recursion View on NVD
Low

CVE-2025-31998

HCL Unica Centralized Offer Management is vulnerable to poor unhandled exceptions which exposes sensitive information. An attacker can exploit use this information to exploit known vulnerabilities l…

CVSS: 3.5 CWE: CWE-209 - Generation of Error Message Containing Sensitive Information View on NVD
2025-10-11
Low

CVE-2025-58292

Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability.

CVSS: 3.3 CWE: CWE-27 - Path Traversal: 'dir/../../filename' View on NVD
Low

CVE-2025-58291

Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability.

CVSS: 3.3 CWE: CWE-29 - Path Traversal: '..filename' View on NVD
Low

CVE-2025-58290

Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability.

CVSS: 3.3 CWE: CWE-41 - Improper Resolution of Path Equivalence View on NVD
Medium

CVE-2025-58288

Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability.

CVSS: 5.5 CWE: CWE-275 View on NVD
Low

CVE-2025-58286

Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability.

CVSS: 3.3 CWE: CWE-25 - Path Traversal: '/../filedir' View on NVD
High

CVE-2025-31717

In modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.

CVSS: 7.5 CWE: N/A View on NVD
2025-10-10
High

CVE-2025-62162

cel-rust is a Common Expression Language interpreter written in Rust. Starting in version 0.10.0 and prior to version 0.11.4, parsing certain malformed CEL expressions can cause the parser to panic,…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2025-11626

MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to 4.2.13 allows denial of service

CVSS: 5.5 CWE: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop') View on NVD
Medium

CVE-2025-61912

python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, ldap.dn.escape_dn_chars() escapes \x00 incorrectly by emitting a backslash followed by…

CVSS: 5.3 CWE: CWE-116 - Improper Encoding or Escaping of Output View on NVD
High

CVE-2025-61921

Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there is a denial of service vulnerability in the `If-Match` and `If-None-Match` header parsin…

CVSS: 7.5 CWE: CWE-1333 - Inefficient Regular Expression Complexity View on NVD
High

CVE-2025-61920

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote atta…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2025-61919

Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, `Rack::Request#POST` reads the entire request body into memory for `Content-Type: application/x-www-form-urle…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2025-61505

e107 CMS thru 2.3.3 are vulnerable to insecure deserialization in the `install.php` script. The script processes user-controlled input in the `previous_steps` POST parameter using `unserialize(base64…

CVSS: 6.5 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2025-23309

NVIDIA Display Driver contains a vulnerability where an uncontrolled DLL loading path might lead to arbitrary denial of service, escalation of privileges, code execution, and data tampering.

CVSS: 8.2 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2025-23282

NVIDIA Display Driver for Linux contains a vulnerability where an attacker might be able to use a race condition to escalate privileges. A successful exploit of this vulnerability might lead to code…

CVSS: 7.0 CWE: CWE-415 - Double Free View on NVD
High

CVE-2025-23280

NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to code execution, escalation of privile…

CVSS: 7.0 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-59530

quic-go is an implementation of the QUIC protocol in Go. In versions prior to 0.49.0, 0.54.1, and 0.55.0, a misbehaving or malicious server can cause a denial-of-service (DoS) attack on the quic-go c…

CVSS: 7.5 CWE: CWE-617 - Reachable Assertion View on NVD
Medium

CVE-2025-60868

The Alt Redirect 1.6.3 addon for Statamic fails to consistently strip query string parameters when the "Query String Strip" feature is enabled. Case variations, encoded keys, and duplicates are not r…

CVSS: 6.5 CWE: CWE-290 - Authentication Bypass by Spoofing View on NVD
Medium

CVE-2025-11579

github.com/nwaples/rardecode versions <=2.1.1 fail to restrict the dictionary size when reading large RAR dictionary sizes, which allows an attacker to provide a specially crafted RAR file and cause…

CVSS: 5.3 CWE: CWE-789 - Memory Allocation with Excessive Size Value View on NVD
2025-10-09
High

CVE-2025-61602

BigBlueButton is an open-source virtual classroom. A denial-of-service (DoS) vulnerability in versions prior to 3.0.13 allows any authenticated user to crash the chat functionality for all participan…

CVSS: 7.5 CWE: CWE-703 - Improper Check or Handling of Exceptional Conditions View on NVD
High

CVE-2025-61601

BigBlueButton is an open-source virtual classroom. A Denial of Service (DoS) vulnerability in versions prior to 3.0.13 allows any authenticated user to freeze or crash the entire server by abusing th…

CVSS: 7.5 CWE: CWE-703 - Improper Check or Handling of Exceptional Conditions View on NVD
High

CVE-2025-11573

An infinite loop issue in Amazon.IonDotnet library versions <v1.3.2 may allow a threat actor to cause a denial of service through a specially crafted text input. To mitigate this issue, users should…

CVSS: 7.5 CWE: CWE-1286 - Improper Validation of Syntactic Correctness of Input View on NVD
High

CVE-2025-60004

An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based a…

CVSS: 7.5 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
High

CVE-2025-61577

D-Link DIR-816A2_FWv1.10CNB05 was discovered to contain a stack overflow via the statuscheckpppoeuser parameter in the dir_setWanWifi function. This vulnerability allows attackers to cause a Denial o…

CVSS: 7.5 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2025-59975

An Uncontrolled Resource Consumption vulnerability in the HTTP daemon (httpd) of Juniper Networks Junos Space allows an unauthenticated network-based attacker flooding the device with inbound API cal…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2025-59967

A NULL Pointer Dereference vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved on ACX7024, ACX7024X, ACX7100-32C, ACX7100-48L, ACX7348, ACX7509 devices allow…

CVSS: 6.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2025-59964

A Use of Uninitialized Resource vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX4700 devices allows an unauthenticated, network-based attacker to cause a Denial…

CVSS: 7.5 CWE: CWE-908 - Use of Uninitialized Resource View on NVD
Medium

CVE-2025-59962

An Access of Uninitialized Pointer vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved with BGP sharding configured allows an attacker triggering indi…

CVSS: 5.3 CWE: CWE-824 - Access of Uninitialized Pointer View on NVD
Medium

CVE-2025-52961

An Uncontrolled Resource Consumption vulnerability in the Connectivity Fault Management (CFM) daemon and the Connectivity Fault Management Manager (cfmman) of Juniper Networks Junos OS Evolved on PTX…

CVSS: 6.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2025-52960

A Buffer Copy without Checking Size of Input vulnerability in the Session Initialization Protocol (SIP) ALG of Juniper Networks Junos OS on MX Series and SRX Series allows an unauthenticated, netwo…

CVSS: 5.9 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2025-36171

IBM Aspera Faspex 5.0.0 through 5.0.13.1 could allow a privileged user to cause a denial of service from improperly validated API input due to excessive resource consumption.

CVSS: 4.9 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2025-2934

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 5.2 prior to 18.2.8, 18.3 prior to 18.3.4, and 18.4 prior to 18.4.2 that could have allowed an authenticated attacker to cre…

CVSS: 4.3 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2025-47342

Transient DOS may occur when multi-profile concurrency arises with QHS enabled.

CVSS: 7.1 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2025-27049

Transient DOS while processing IOCTL call for image encoding.

CVSS: 5.5 CWE: CWE-126 - Buffer Over-read View on NVD
Medium

CVE-2025-27041

Transient DOS while processing video packets received from video firmware.

CVSS: 5.5 CWE: CWE-126 - Buffer Over-read View on NVD
2025-10-07
High

CVE-2025-61910

The NASA’s Interplanetary Overlay Network (ION) is an implementation of Delay/Disruption Tolerant Networking (DTN). A BPv7 bundle with a malformed extension block causes uncontrolled memory allocatio…

CVSS: 7.5 CWE: CWE-789 - Memory Allocation with Excessive Size Value View on NVD
Low

CVE-2025-43910

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 throug…

CVSS: 2.3 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
Medium

CVE-2025-45375

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 throug…

CVSS: 4.4 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
Medium

CVE-2025-43934

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 throug…

CVSS: 6.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2025-43912

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 throug…

CVSS: 5.3 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
Medium

CVE-2025-43905

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 throug…

CVSS: 4.3 CWE: CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') View on NVD
Critical

CVE-2025-3450

An Improper Resource Locking vulnerability in the SDM component of B&R Automation Runtime versions before 6.3 and before Q4.93 may allow an unauthenticated network-based attacker to delete data causi…

CVSS: 10.0 CWE: CWE-413 - Improper Resource Locking View on NVD
High

CVE-2025-61772

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, `Rack::Multipart::Parser` can accumulate unbounded data when a multipart part’s header block never termina…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2025-61771

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, ``Rack::Multipart::Parser` stores non-file form fields (parts without a `filename`) entirely in memory as…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD