CVE Daily
← All tags

Tag: Denial of Service (DoS)

All CVEs associated with "Denial of Service (DoS)". Page 27/331 • 39649 CVEs.

Subscribe CVEs: RSS for “Denial of Service (DoS)”  ·  RSS (High+Critical only)

About “Denial of Service (DoS)”

A curated feed of “Denial of Service (DoS)”-related CVEs appears below. We currently track 39649 CVEs for this tag (all time). In the last 365 days, 3220 were published. Average CVSS is 6.6 (all time; 6.6 over 365d), and 47% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-400 - Uncontrolled Resource Consumption, CWE-770 - Allocation of Resources Without Limits or Throttling, CWE-476 - NULL Pointer Dereference.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2025-07-07
Medium

CVE-2025-3263

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically in the `get_configuration_file()` function within the `transformers.…

CVSS: 5.3 CWE: CWE-1333 - Inefficient Regular Expression Complexity View on NVD
High

CVE-2025-3262

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the huggingface/transformers repository, specifically in version 4.49.0. The vulnerability is due to inefficient regular…

CVSS: 7.5 CWE: CWE-1333 - Inefficient Regular Expression Complexity View on NVD
High

CVE-2025-3225

An XML Entity Expansion vulnerability, also known as a 'billion laughs' attack, exists in the sitemap parser of the run-llama/llama_index repository, specifically affecting version v0.12.21. This vul…

CVSS: 7.5 CWE: CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') View on NVD
2025-07-05
Medium

CVE-2025-53604

The web-push crate before 0.10.3 for Rust allows a denial of service (memory consumption) in the built-in clients via a large integer in a Content-Length header.

CVSS: 4.0 CWE: CWE-130 - Improper Handling of Length Parameter Inconsistency View on NVD
2025-07-04
High

CVE-2025-46733

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In version 4.5.0, using a specially c…

CVSS: 7.9 CWE: CWE-755 - Improper Handling of Exceptional Conditions View on NVD
Medium

CVE-2025-38188

In the Linux kernel, the following vulnerability has been resolved: drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE Calling this packet is necessary when we switch contexts because there are various piec…

CVSS: 5.5 CWE: N/A View on NVD
2025-07-03
High

CVE-2025-49826

Next.js is a React framework for building full-stack web applications. From versions 15.0.4-canary.51 to before 15.1.8, a cache poisoning bug leading to a Denial of Service (DoS) condition was found…

CVSS: 7.5 CWE: CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') View on NVD
Medium

CVE-2025-49595

n8n is a workflow automation platform. Prior to version 1.99.0, there is a denial of Service vulnerability in /rest/binary-data endpoint when processing empty filesystem URIs (filesystem:// or filesy…

CVSS: 4.9 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2025-07-02
High

CVE-2025-43025

HP Universal Print Driver is potentially vulnerable to denial of service due to buffer overflow in versions of UPD 7.4 or older (e.g., v7.3.x, v7.2.x, v7.1.x, etc.).

CVSS: 7.5 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2025-27021

The misconfiguration in the sudoers configuration of the operating system in Infinera G42 version R6.1.3 allows low privileged OS users to read/write physical memory via devmem command line tool.…

CVSS: 7.0 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
2025-07-01
High

CVE-2025-6297

It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on unt…

CVSS: 8.2 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2025-37097

A vulnerability in HPE Insight Remote Support (IRS) prior to v7.15.0.646 may allow an unauthenticated denial of service

CVSS: 7.5 CWE: CWE-749 - Exposed Dangerous Method or Function View on NVD
2025-06-30
High

CVE-2025-45143

string-math v1.2.2 was discovered to contain a Regex Denial of Service (ReDoS) which is exploited via a crafted input.

CVSS: 7.0 CWE: CWE-1333 - Inefficient Regular Expression Complexity View on NVD
High

CVE-2024-53621

A buffer overflow in the formSetCfm() function of Tenda AC1206 1200M 11ac US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVSS: 7.5 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
2025-06-28
High

CVE-2025-1991

IBM Informix Dynamic Server 12.10,14.10, and15.0 could allow a remote attacker to cause a denial of service due to an integer underflow when processing packets.

CVSS: 7.5 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
2025-06-27
Medium

CVE-2025-44559

An issue in the Bluetooth Low Energy (BLE) stack of Realtek RTL8762E BLE SDK v1.4.0 allows attackers within Bluetooth range to cause a Denial of Service (DoS) via sending a specific sequence of craft…

CVSS: 6.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2025-45851

An issue in Hikvision DS-2CD1321-I V5.7.21 build 230819 allows attackers to cause a Denial of Service (DoS) via sending a crafted POST request to the endpoint /ISAPI/Security/challenge. The vendor ha…

CVSS: 7.5 CWE: N/A View on NVD
2025-06-26
High

CVE-2025-6710

MongoDB Server may be susceptible to stack overflow due to JSON parsing mechanism, where specifically crafted JSON inputs may induce unwarranted levels of recursion, resulting in excessive stack spac…

CVSS: 7.5 CWE: CWE-674 - Uncontrolled Recursion View on NVD
High

CVE-2025-6709

The MongoDB Server is susceptible to a denial of service vulnerability due to improper handling of specific date values in JSON input when using OIDC authentication. This can be reproduced using the…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2025-3279

An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated attackers to create a Do…

CVSS: 6.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2025-06-25
High

CVE-2025-52894

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 allowed an attacker to perform unauthent…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
Low

CVE-2025-4656

Vault Community and Vault Enterprise rekey and recovery key operations can lead to a denial of service due to uncontrolled cancellation by a Vault operator. This vulnerability (CVE-2025-4656) has bee…

CVSS: 3.1 CWE: CWE-1088 - Synchronous Access of Remote Resource without Timeout View on NVD
Medium

CVE-2024-57708

An issue in OneTrust SDK v.6.33.0 allows a local attacker to cause a denial of service via the Object.setPrototypeOf, __proto__, and Object.assign components. NOTE: this is disputed by the Supplier w…

CVSS: 5.7 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Critical

CVE-2025-6543

Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Prox…

CVSS: 9.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2025-43880

Inefficient regular expression complexity issue exists in GROWI prior to v7.1.6. If exploited, a logged-in user may cause a denial of service (DoS) condition.

CVSS: 4.3 CWE: CWE-1333 - Inefficient Regular Expression Complexity View on NVD
2025-06-24
High

CVE-2025-44531

An issue in Realtek RTL8762EKF-EVB RTL8762E SDK v1.4.0 allows attackers to cause a Denial of Service (DoS) via sending a crafted before a pairing public key is received during a Bluetooth connection…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2025-32978

Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) allows unau…

CVSS: 7.5 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
Medium

CVE-2025-39203

A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from IED or remote system can cause a denial of service resulting in disconnection l…

CVSS: 6.5 CWE: CWE-354 - Improper Validation of Integrity Check Value View on NVD
High

CVE-2025-3090

An unauthenticated remote attacker can obtain limited sensitive information and/or DoS the device due to missing authentication for critical function.

CVSS: 8.2 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
High

CVE-2025-52568

NeKernal is a free and open-source operating system stack. Prior to version 0.0.3, there are several memory safety issues that can lead to memory corruption, disk image corruption, denial of service,…

CVSS: 8.8 CWE: CWE-20 - Improper Input Validation View on NVD
2025-06-23
Medium

CVE-2025-6530

A vulnerability was found in 70mai M300 up to 20250611. It has been classified as problematic. This affects an unknown part of the file demo.sh of the component Telnet Service. The manipulation leads…

CVSS: 4.8 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
High

CVE-2025-44528

An issue in Texas Instruments LP-CC2652RB SimpleLink CC13XX CC26XX SDK 7.41.00.17 allows attackers to cause a Denial of Service (DoS) via sending a crafted LL_Pause_Enc_Req packet during the authenti…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2025-06-21
High

CVE-2025-3221

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a remote attacker to cause a denial of service due to insufficient validation of incoming request resources.

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Low

CVE-2025-6401

A vulnerability was found in TOTOLINK N300RH 6.1c.1390_B20191101. It has been classified as problematic. This affects an unknown part of the file /boafrm/formFilter of the component HTTP POST Message…

CVSS: 3.5 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
2025-06-20
Medium

CVE-2024-4025

A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions from 7.10 prior before 16.11.5, version 17.0 before 17.0.3, and 17.1 before 17.1.1. It is possible for a…

CVSS: 6.5 CWE: CWE-1333 - Inefficient Regular Expression Complexity View on NVD
Medium

CVE-2025-46158

An issue in redoxOS kernel before commit 5d41cd7c allows a local attacker to cause a denial of service via the `setitimer` syscall

CVSS: 6.2 CWE: CWE-369 - Divide By Zero View on NVD
Low

CVE-2025-48059

PowSyBl (Power System Blocks) is a framework to build power system oriented software. In com.powsybl:powsybl-iidm-criteria versions 6.3.0 to before 6.7.2 and com.powsybl:powsybl-contingency-api versi…

CVSS: 2.7 CWE: CWE-1333 - Inefficient Regular Expression Complexity View on NVD
High

CVE-2025-44203

In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose SQL error messages on creadb.php before the 'create database' button is pressed. By sending malformed POST requests to this endpoi…

CVSS: 7.5 CWE: CWE-209 - Generation of Error Message Containing Sensitive Information View on NVD
Medium

CVE-2025-32753

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains an improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability. A low privileged attacker wit…

CVSS: 5.3 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
Medium

CVE-2025-48058

PowSyBl (Power System Blocks) is a framework to build power system oriented software. Prior to version 6.7.2, there is a potential polynomial Regular Expression Denial of Service (ReDoS) vulnerabilit…

CVSS: 6.3 CWE: CWE-1333 - Inefficient Regular Expression Complexity View on NVD
2025-06-18
High

CVE-2025-29646

An issue in upf in open5gs 2.7.2 and earlier allows a remote attacker to cause a Denial of Service via a crafted PFCP SessionEstablishmentRequest packet with restoration indication = true and (teid =…

CVSS: 7.1 CWE: CWE-20 - Improper Input Validation View on NVD
Critical

CVE-2025-20260

A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arb…

CVSS: 9.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2025-20271

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service…

CVSS: 8.6 CWE: CWE-457 - Use of Uninitialized Variable View on NVD
Medium

CVE-2025-20234

A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnera…

CVSS: 5.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
2025-06-17
Medium

CVE-2025-30642

A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to create a denial of service (DoS) situation on affected installations. Please note: an attack…

CVSS: 5.5 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Low

CVE-2025-45526

A denial of service (DoS) vulnerability has been identified in the JavaScript library microlight version 0.0.7. This library, used for syntax highlighting, does not limit the size of textual content…

CVSS: 2.9 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2025-6196

A flaw was found in libgepub, a library used to read EPUB files. The software mishandles file size calculations when opening specially crafted EPUB files, leading to incorrect memory allocations. Thi…

CVSS: 5.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2025-49178

A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial…

CVSS: 5.5 CWE: CWE-667 - Improper Locking View on NVD
Medium

CVE-2025-34508

A path traversal vulnerability exists in the file dropoff functionality of ZendTo versions 6.15-7 and prior. This could allow a remote, authenticated attacker to retrieve the files of other ZendTo u…

CVSS: 6.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2025-06-16
Critical

CVE-2025-49796

A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input f…

CVSS: 9.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2025-49795

A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of ser…

CVSS: 7.5 CWE: CWE-825 - Expired Pointer Dereference View on NVD
Medium

CVE-2025-4565

Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be co…

CVSS: 5.3 CWE: CWE-674 - Uncontrolled Recursion View on NVD
High

CVE-2025-48976

Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; fr…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2025-3526

SessionClicks in Liferay Portal 7.0.0 through 7.4.3.21, and Liferay DXP 7.4 GA through update 9, 7.3 GA through update 25, and older unsupported versions does not restrict the saving of request param…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2025-3602

Liferay Portal 7.4.0 through 7.4.3.97, and Liferay DXP 2023.Q3.1 through 2023.Q3.2, 7.4 GA through update 92, 7.3 GA through update 35, and 7.2 fix pack 8 through fix pack 20 does not limit the depth…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2025-06-13
Medium

CVE-2025-6035

A flaw was found in GIMP. An integer overflow vulnerability exists in the GIMP "Despeckle" plug-in. The issue occurs due to unchecked multiplication of image dimensions, such as width, height, and b…

CVSS: 6.1 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2025-22242

Worker process denial of service through file read operation. .A vulnerability exists in the Master's “pub_ret” method which is exposed to all minions. The un-sanitized input value “jid” is used to c…

CVSS: 5.6 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2025-06-12
High

CVE-2025-44019

AVEVA PI Data Archive products are vulnerable to an uncaught exception that, if exploited, could allow an authenticated user to shut down certain necessary PI Data Archive subsystems, resulting in…

CVSS: 7.1 CWE: CWE-248 - Uncaught Exception View on NVD
Medium

CVE-2025-36539

AVEVA PI Data Archive products are vulnerable to an uncaught exception that, if exploited, could allow an authenticated user to shut down certain necessary PI Data Archive subsystems, resulting in…

CVSS: 6.5 CWE: CWE-248 - Uncaught Exception View on NVD
High

CVE-2025-49080

There is a memory management vulnerability in Absolute Secure Access server versions 9.0 to 13.54. Attackers with network access to the server can cause a Denial of Service by sending a specially cra…

CVSS: 7.5 CWE: CWE-762 - Mismatched Memory Management Routines View on NVD
High

CVE-2025-46035

Buffer Overflow vulnerability in Tenda AC6 v.15.03.05.16 allows a remote attacker to cause a denial of service via the oversized schedStartTime and schedEndTime parameters in an unauthenticated HTTP…

CVSS: 7.5 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
High

CVE-2025-49181

Due to missing authorization of an API endpoint, unauthorized users can send HTTP GET requests to gather sensitive information. An attacker could also send HTTP POST requests to modify the log files’…

CVSS: 8.6 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-6021

A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a de…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2025-0673

An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2, allow an attacker to trigger an infinite redirect loop, pot…

CVSS: 7.5 CWE: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop') View on NVD
Medium

CVE-2025-5996

An issue has been discovered in GitLab CE/EE affecting all versions from 2.1.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. A lack of input validation in HTTP responses could allow a…

CVSS: 6.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2025-1516

An issue has been discovered in GitLab CE/EE affecting all versions from 8.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper input validation in Tokens Names could be used to t…

CVSS: 6.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2025-1478

An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in Board Names could be used to…

CVSS: 6.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2025-06-11
High

CVE-2025-25032

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 could allow an authenticated user to cause a denial of service by sending a specially crafted r…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Low

CVE-2025-1698

Null pointer exception vulnerabilities were reported in the fingerprint sensor service that could allow a local attacker to cause a denial of service.

CVSS: 2.8 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2025-4605

A maliciously crafted .usdc file, when loaded through Autodesk Maya, can force an uncontrolled memory allocation vulnerability. A malicious actor may leverage this vulnerability to cause a denial-of-…

CVSS: 6.6 CWE: CWE-789 - Memory Allocation with Excessive Size Value View on NVD
Medium

CVE-2025-1055

A vulnerability in the K7RKScan.sys driver, part of the K7 Security Anti-Malware suite, allows a local low-privilege user to send crafted IOCTL requests to terminate a wide range of processes running…

CVSS: 5.6 CWE: CWE-862 - Missing Authorization View on NVD
2025-06-10
High

CVE-2025-47849

A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can get the API key and secret key of user-a…

CVSS: 8.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2025-47713

A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can reset the password of user-accounts of A…

CVSS: 8.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2025-0052

Improper input validation performed during the authentication process of FlashBlade could lead to a system Denial of Service.

CVSS: 8.3 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2025-0051

Improper input validation performed during the authentication process of FlashArray could lead to a system Denial of Service.

CVSS: 8.7 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2025-30145

GeoServer is an open source server that allows users to share and edit geospatial data. Malicious Jiffle scripts can be executed by GeoServer, either as a rendering transformation in WMS dynamic styl…

CVSS: 7.5 CWE: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop') View on NVD
Medium

CVE-2025-3898

CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends HTTPS request containing invalid data type to the webserver.

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2025-3116

CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends special malformed HTTPS request containing improper formatted body…

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2025-3112

CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause Denial of Service when an authenticated malicious user sends manipulated HTTPS Content-Length header to the webserver.

CVSS: 6.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2025-27819

In CVE-2023-25194, we announced the RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration in Kafka Connect API. But not only Kafka Connect API is vulnerable to this attack, the Apa…

CVSS: 7.5 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
Medium

CVE-2025-5935

A vulnerability was found in Open5GS up to 2.7.3. It has been declared as problematic. Affected by this vulnerability is the function common_register_state of the file src/mme/emm-sm.c of the compone…

CVSS: 5.3 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
2025-06-09
Medium

CVE-2025-5915

A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZ…

CVSS: 6.6 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
Medium

CVE-2025-47712

A flaw exists in the nbdkit "blocksize" filter that can be triggered by a specific type of client request. When a client requests block status information for a very large data range, exceeding a cer…

CVSS: 6.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2025-25207

The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. Authorino allows the users with developer persona to add callbacks to be executed to H…

CVSS: 5.7 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2025-06-08
Low

CVE-2025-27242

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input.

CVSS: 3.3 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2025-27131

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input.

CVSS: 6.1 CWE: CWE-20 - Improper Input Validation View on NVD
Low

CVE-2025-25217

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.

CVSS: 3.3 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Low

CVE-2025-23235

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through out-of-bounds read.

CVSS: 3.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
2025-06-07
High

CVE-2025-5399

Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the applica…

CVSS: 7.5 CWE: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop') View on NVD
2025-06-06
High

CVE-2025-47950

CoreDNS is a DNS server that chains plugins. In versions prior to 1.12.2, a Denial of Service (DoS) vulnerability exists in the CoreDNS DNS-over-QUIC (DoQ) server implementation. The server previousl…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2025-29877

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service…

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2025-29876

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service…

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2025-29873

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service…

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2025-22490

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service…

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2025-41361

Uncontrolled resource consumption vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. The devices improperly handle TLS requests associated with PROCOME sockets, so TLS requests sent to tho…

CVSS: 8.3 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2025-41360

Uncontrolled resource consumption vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. The device is vulnerable to a packet flooding denial of service attack.

CVSS: 8.7 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2025-06-04
Medium

CVE-2025-49007

Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.16, there is a denial of service vulnerability in the Content-Disposition parsing component of Rack. Th…

CVSS: 5.3 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2025-31482

FreshRSS is a self-hosted RSS feed aggregator. A vulnerability in versions prior to 1.26.2 causes a user to be repeatedly logged out after fetching a malicious feed entry, effectively causing that us…

CVSS: 4.3 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-30415

Denial of service due to improper handling of malformed input. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40077, Acronis Cyber Protect…

CVSS: 7.5 CWE: CWE-1286 - Improper Validation of Syntactic Correctness of Input View on NVD
High

CVE-2025-5601

Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or crafted capture file

CVSS: 7.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Critical

CVE-2025-49223

billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow attackers to execute arbitrary code or cause a Denial of Service (DoS) via inje…

CVSS: 9.8 CWE: CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') View on NVD
2025-06-03
High

CVE-2025-23100

An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. The absence of a NULL check leads to a Denial of Service.

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2025-48997

Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.1 allows an attacker to trigger a Denial of…

CVSS: 8.7 CWE: CWE-248 - Uncaught Exception View on NVD
Medium

CVE-2025-25020

IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an authenticated user to cause a denial of service due to improperly validat…

CVSS: 6.5 CWE: CWE-1287 - Improper Validation of Specified Type of Input View on NVD
Medium

CVE-2025-31712

In cplog service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed.

CVSS: 5.1 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2025-31711

In cplog service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with no additional execution privileges needed.

CVSS: 5.1 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2025-27029

Transient DOS while processing the tone measurement response buffer when the response buffer is out of range.

CVSS: 7.5 CWE: CWE-126 - Buffer Over-read View on NVD
High

CVE-2025-21463

Transient DOS while processing the EHT operation IE in the received beacon frame.

CVSS: 7.5 CWE: CWE-126 - Buffer Over-read View on NVD
2025-06-02
High

CVE-2025-48866

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-…

CVSS: 7.5 CWE: CWE-1050 - Excessive Platform Resource Consumption within a Loop View on NVD
Medium

CVE-2025-46806

A Use of Out-of-range Pointer Offset vulnerability in sslh leads to denial of service on some architectures.This issue affects sslh before 2.2.4.

CVSS: 6.9 CWE: CWE-823 - Use of Out-of-range Pointer Offset View on NVD
High

CVE-2025-5455

An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed…

CVSS: 8.4 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2025-20678

In ims service, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker…

CVSS: 6.5 CWE: CWE-674 - Uncontrolled Recursion View on NVD
Medium

CVE-2025-20677

In Bluetooth driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed fo…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2025-20676

In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2025-20675

In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2025-20673

In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2025-06-01
Medium

CVE-2025-5404

A vulnerability classified as problematic was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. This vulnerability affects unknown code of the file /search.php of the co…

CVSS: 4.3 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
2025-05-30
Medium

CVE-2025-48943

vLLM is an inference and serving engine for large language models (LLMs). Version 0.8.0 up to but excluding 0.9.0 have a Denial of Service (ReDoS) that causes the vLLM server to crash if an invalid r…

CVSS: 6.5 CWE: CWE-248 - Uncaught Exception View on NVD
Medium

CVE-2025-48887

vLLM, an inference and serving engine for large language models (LLMs), has a Regular Expression Denial of Service (ReDoS) vulnerability in the file `vllm/entrypoints/openai/tool_parsers/pythonic_too…

CVSS: 6.5 CWE: CWE-1333 - Inefficient Regular Expression Complexity View on NVD
Medium

CVE-2025-48889

Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Prior to version 5.31.0, an arbitra…

CVSS: 5.3 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD