CVE Daily
← All tags

Tag: Denial of Service (DoS)

All CVEs associated with "Denial of Service (DoS)". Page 29/331 • 39649 CVEs.

Subscribe CVEs: RSS for “Denial of Service (DoS)”  ·  RSS (High+Critical only)

About “Denial of Service (DoS)”

A curated feed of “Denial of Service (DoS)”-related CVEs appears below. We currently track 39649 CVEs for this tag (all time). In the last 365 days, 3220 were published. Average CVSS is 6.6 (all time; 6.6 over 365d), and 47% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-400 - Uncontrolled Resource Consumption, CWE-770 - Allocation of Resources Without Limits or Throttling, CWE-476 - NULL Pointer Dereference.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2025-05-05
Medium

CVE-2025-1000

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when connecting to a…

CVSS: 5.3 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2025-0915

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 under specific configurations could allow an authenticated user to cause a denial…

CVSS: 5.3 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Low

CVE-2025-4287

A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function torch.cuda.nccl.reduce of the file torch/cuda/nccl.py. The manipulation lead…

CVSS: 3.3 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
Medium

CVE-2025-46730

MobSF is a mobile application security testing tool used. Typically, MobSF is deployed on centralized internal or cloud-based servers that also host other security tools and web applications. Access…

CVSS: 6.8 CWE: CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification) View on NVD
Critical

CVE-2025-46726

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.53.4, a LLM application leveraging `XMLToolMessage` class may be exposed to untrusted XML input that…

CVSS: 9.1 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
Medium

CVE-2025-1992

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user in federation environment, to cause a denial of ser…

CVSS: 5.3 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
Medium

CVE-2025-47268

ping in iputils before 20250602 allows a denial of service (application error or incorrect data collection) via a crafted ICMP Echo Reply packet, because of a signed 64-bit integer overflow in timest…

CVSS: 6.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Critical

CVE-2025-2905

Due to the improper configuration of XML parser, user-supplied XML is parsed without applying sufficient restrictions, enabling XML External Entity (XXE) resolution in multiple WSO2 Products. A succ…

CVSS: 9.1 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
High

CVE-2025-20666

In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no…

CVSS: 7.5 CWE: CWE-617 - Reachable Assertion View on NVD
2025-05-03
High

CVE-2025-47244

Inedo ProGet through 2024.22 allows remote attackers to reach restricted functionality through the C# reflection layer, as demonstrated by causing a denial of service (when an attacker executes a loo…

CVSS: 7.3 CWE: CWE-288 - Authentication Bypass Using an Alternate Path or Channel View on NVD
Medium

CVE-2025-1838

IBM Cloud Pak for Business Automation 24.0.0 and 24.0.1 through 24.0.1 IF001 Authoring allows an authenticated user to bypass client-side data validation in an authoring user interface which coul…

CVSS: 6.5 CWE: CWE-602 - Client-Side Enforcement of Server-Side Security View on NVD
Low

CVE-2025-47229

libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a denial of service (var_set_leave_quiet assertion failure and application exit) via crafted input data, such as data that triggers…

CVSS: 2.9 CWE: CWE-617 - Reachable Assertion View on NVD
2025-05-02
Medium

CVE-2023-53114

In the Linux kernel, the following vulnerability has been resolved: i40e: Fix kernel crash during reboot when adapter is in recovery mode If the driver detects during probe that firmware is in reco…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2024-55909

IBM Concert Software 1.0.0 through 1.0.5 could allow an authenticated user to cause a denial of service due to the expansion of archive files without controlling resource consumption.

CVSS: 6.5 CWE: CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification) View on NVD
2025-05-01
Medium

CVE-2024-52903

IBM Db2 for Linux, UNIX and Windows 12.1.0 and 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

CVSS: 5.3 CWE: CWE-248 - Uncaught Exception View on NVD
High

CVE-2025-46569

Open Policy Agent (OPA) is an open source, general-purpose policy engine. Prior to version 1.4.0, when run as a server, OPA exposes an HTTP Data API for reading and writing documents. Requesting a vi…

CVSS: 7.4 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Medium

CVE-2025-23246

NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows a guest to consume uncontrolled resources. A successful exploit of this v…

CVSS: 5.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2025-23245

NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows a guest to access global resources. A successful exploit of this vulnerab…

CVSS: 5.5 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
High

CVE-2025-23244

NVIDIA GPU Display Driver for Linux contains a vulnerability which could allow an unprivileged attacker to escalate permissions. A successful exploit of this vulnerability might lead to code executio…

CVSS: 7.8 CWE: CWE-863 - Incorrect Authorization View on NVD
Medium

CVE-2024-52979

Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial of Service by causing the Elasticsearch node to cr…

CVSS: 6.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2025-3952

The Projectopia – WordPress Project Management plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'p…

CVSS: 8.1 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-2816

The Page View Count plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the yellow_message_dontshow() fun…

CVSS: 8.1 CWE: CWE-862 - Missing Authorization View on NVD
2025-04-30
High

CVE-2025-32777

Volcano is a Kubernetes-native batch scheduling system. Prior to versions 1.11.2, 1.10.2, 1.9.1, 1.11.0-network-topology-preview.3, and 1.12.0-alpha.2, attacker compromise of either the Elastic servi…

CVSS: 8.2 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2025-24341

A vulnerability in the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to induce a Denial-of-Service (DoS) condition on the device via multiple crafted HTTP reques…

CVSS: 6.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2025-30202

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.5.2 and prior to 0.8.5 are vulnerable to denial of service and data exposure via ZeroMQ…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2025-04-29
High

CVE-2025-3891

A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPres…

CVSS: 7.5 CWE: CWE-248 - Uncaught Exception View on NVD
High

CVE-2025-30194

When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access (double-free) and crash…

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2025-1194

A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file `tokenization_gpt_neox_japanese.py` of the GPT-NeoX-Japan…

CVSS: 6.5 CWE: CWE-1333 - Inefficient Regular Expression Complexity View on NVD
2025-04-28
High

CVE-2025-31650

Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory…

CVSS: 7.5 CWE: CWE-459 - Incomplete Cleanup View on NVD
Medium

CVE-2025-43857

Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibility for denial of service by memory ex…

CVSS: 6.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2025-32472

The multiScan and picoScan are vulnerable to a denial-of-service (DoS) attack. A remote attacker can exploit this vulnerability by conducting a Slowloris-type attack, causing the web page to become u…

CVSS: 5.3 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2025-04-25
Low

CVE-2024-57375

Andamiro Pump It Up 20th Anniversary (aka Double X or XX/2019) 1.00.0-2.08.3 allows a physically proximate attacker to cause a denial of service (application crash) via certain deselect actions.

CVSS: 2.4 CWE: N/A View on NVD
High

CVE-2025-3511

Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric Corporation CC-Link IE TSN Remote I/O module, CC-Link IE TSN Analog-Digital Converter module, CC-Link IE TSN Di…

CVSS: 7.5 CWE: CWE-1284 - Improper Validation of Specified Quantity in Input View on NVD
2025-04-24
Medium

CVE-2025-30409

Denial of service due to allocation of resources without limits. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39904, Acronis Cyber Protect 17 (Windows…

CVSS: 5.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2021-47662

Due to missing authorization an unauthenticated remote attacker can cause a DoS attack by connecting via HTTPS and triggering the shutdown button.

CVSS: 7.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-41395

Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.10 fail to properly validate the props used by the RetrospectivePost custom post type in the Playbooks plugin, which allows an a…

CVSS: 6.5 CWE: CWE-1287 - Improper Validation of Specified Type of Input View on NVD
Medium

CVE-2025-35965

Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.10 fail to validate the uniqueness and quantity of task actions within the UpdateRunTaskActions GraphQL operation, which allows…

CVSS: 6.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2025-04-23
High

CVE-2025-32818

A Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual office interface allows a remote, unauthenticated attacker to crash the firewall, potentially leading to a Denial-of-Service (Do…

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Low

CVE-2024-58251

In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) wh…

CVSS: 2.5 CWE: CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences View on NVD
Medium

CVE-2025-0618

A malicious third party could invoke a persistent denial of service vulnerability in FireEye EDR agent by sending a specially-crafted tamper protection event to the HX service to trigger an exception…

CVSS: 6.5 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2025-04-22
Medium

CVE-2025-27087

A vulnerability in the kernel of the Cray Operating System (COS) could allow an attacker to perform a local Denial of Service (DoS) attack.

CVSS: 5.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Low

CVE-2025-23253

NVIDIA NvContainer service for Windows contains a vulnerability in its usage of OpenSSL, where an attacker could exploit a hard-coded constant issue by copying a malicious DLL in a hard-coded path. A…

CVSS: 2.5 CWE: CWE-547 - Use of Hard-coded, Security-relevant Constants View on NVD
Medium

CVE-2025-32959

CUBA Platform is a high level framework for enterprise applications development. Prior to version 7.2.23, the local file storage implementation does not restrict the size of uploaded files. An attack…

CVSS: 6.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2025-32952

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the local file storage implementation does not restri…

CVSS: 6.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2025-29547

In Rollback Rx Professional 12.8.0.0, the driver file shieldm.sys allows local users to cause a denial of service because of a null pointer dereference from IOCtl 0x96202000.

CVSS: 7.0 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2024-46546

NEXTU FLETA AX1500 WIFI6 Router v1.0.3 was discovered to contain a stack overflow via the url parameter at /boafrm/formFilter. This vulnerability allows attackers to cause a Denial of Service (DoS) v…

CVSS: 7.3 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
2025-04-21
High

CVE-2025-3857

When reading binary Ion data through Amazon.IonDotnet using the RawBinaryReader class, Amazon.IonDotnet does not check the number of bytes read from the underlying stream while deserializing the bina…

CVSS: 7.5 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2025-2298

An improper authorization vulnerability in Dremio Software allows authenticated users to delete arbitrary files that the system has access to, including system files and files stored in remote locati…

CVSS: 8.4 CWE: CWE-862 - Missing Authorization View on NVD
2025-04-19
Low

CVE-2023-26819

cJSON 1.7.15 might allow a denial of service via a crafted JSON document such as {"a": true, "b": [ null,9999999999999999999999999999999999999999999999912345678901234567]}.

CVSS: 2.9 CWE: CWE-440 - Expected Behavior Violation View on NVD
High

CVE-2024-13926

The WP-Syntax WordPress plugin through 1.2 does not properly handle input, allowing an attacker to create a post containing a large number of tags, thereby exploiting a catastrophic backtracking issu…

CVSS: 7.5 CWE: CWE-1333 - Inefficient Regular Expression Complexity View on NVD
2025-04-18
Medium

CVE-2024-57493

An issue in redoxOS relibc before commit 98aa4ea5 allows a local attacker to cause a denial of service via the setsockopt function.

CVSS: 5.5 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
High

CVE-2025-30158

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the forum allows users to post iframe elements inside forum topics/comments/feed with…

CVSS: 7.1 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2025-29784

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the s parameter in GET requests for forum search functionality lacks length validation…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2025-29625

A buffer overflow vulnerability in Astrolog v7.70 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via an overly long environment variable passed to FileOpen function.

CVSS: 7.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Critical

CVE-2025-42599

Active! mail 6 BuildInfo: 6.60.05008561 and earlier contains a stack-based buffer overflow vulnerability. Receiving a specially crafted request created and sent by a remote unauthenticated attacker m…

CVSS: 9.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
2025-04-17
Low

CVE-2025-26269

DragonflyDB Dragonfly through 1.28.2 (fixed in 1.29.0) allows authenticated users to cause a denial of service (daemon crash) via a Lua library command that references a large negative integer.

CVSS: 3.3 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
Low

CVE-2025-26268

DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. The validity of the scan cursor was not checked.

CVSS: 3.3 CWE: CWE-392 - Missing Report of Error Condition View on NVD
Low

CVE-2025-29931

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected product does not properly validate a length field in a serialized message which it uses to dete…

CVSS: 3.7 CWE: CWE-130 - Improper Handling of Length Parameter Inconsistency View on NVD
2025-04-16
High

CVE-2025-1568

Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87.0 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projec…

CVSS: 8.8 CWE: CWE-284 - Improper Access Control View on NVD
Low

CVE-2025-3730

A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctc_loss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation…

CVSS: 3.3 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
Medium

CVE-2025-32817

A Improper Link Resolution vulnerability (CWE-59) in the SonicWall Connect Tunnel Windows (32 and 64 bit) client, this results in unauthorized file overwrite, potentially leading to denial of service…

CVSS: 6.1 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2025-04-15
High

CVE-2025-30730

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Core). Supported versions that are affected are 12.2.5-12.2.14. Easily exploitable vulnerability…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2025-30729

Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security). Supported versions that are affected are 7.4.0, 7.4.1 and…

CVSS: 5.5 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2025-30725

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.6. Difficult to exploit vulnerability allows high privile…

CVSS: 6.7 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2025-30723

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Supported versions that are affected are 7.6.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability a…

CVSS: 5.4 CWE: N/A View on NVD
Medium

CVE-2025-30721

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerab…

CVSS: 4.0 CWE: N/A View on NVD
Medium

CVE-2025-30719

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.6. Easily exploitable vulnerability allows low privileged…

CVSS: 6.1 CWE: N/A View on NVD
Medium

CVE-2025-30715

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploi…

CVSS: 4.9 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2025-30712

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.6. Easily exploitable vulnerability allows high privilege…

CVSS: 8.1 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2025-30710

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: NDBCluster Plugin). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploi…

CVSS: 4.9 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2025-30705

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerabili…

CVSS: 4.9 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2025-30704

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to…

CVSS: 4.4 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2025-30699

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitab…

CVSS: 4.9 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2025-30698

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u4…

CVSS: 5.6 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2025-30696

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerabili…

CVSS: 4.9 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2025-30695

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability a…

CVSS: 5.5 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2025-30693

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability a…

CVSS: 5.5 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2025-30689

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vuln…

CVSS: 4.9 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2025-30688

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vuln…

CVSS: 6.5 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
Medium

CVE-2025-30687

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vuln…

CVSS: 6.5 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
High

CVE-2025-30686

Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: EMC). Supported versions that are affected are 19.1-19.7. Easily exploitable vulnerabili…

CVSS: 7.6 CWE: CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere View on NVD
Medium

CVE-2025-30685

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vu…

CVSS: 4.9 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
Medium

CVE-2025-30684

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vu…

CVSS: 4.9 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
Medium

CVE-2025-30683

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vu…

CVSS: 4.9 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
Medium

CVE-2025-30682

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vuln…

CVSS: 6.5 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
Low

CVE-2025-30681

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vu…

CVSS: 2.7 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2025-21588

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows hig…

CVSS: 4.9 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2025-21585

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vuln…

CVSS: 4.9 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
Medium

CVE-2025-21584

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerabil…

CVSS: 4.9 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
Medium

CVE-2025-21583

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.4.0 and 9.0.0. Easily exploitable vulnerability allows high privileged…

CVSS: 4.9 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
Medium

CVE-2025-21581

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vuln…

CVSS: 4.9 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
Medium

CVE-2025-21580

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerabil…

CVSS: 4.9 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
Medium

CVE-2025-21579

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulner…

CVSS: 4.9 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
Medium

CVE-2025-21577

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability a…

CVSS: 6.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2025-21575

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnera…

CVSS: 6.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2025-21574

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnera…

CVSS: 6.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2025-21573

Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Chatbot). Supported versions that are affected are 5.1.0.0…

CVSS: 6.0 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2024-42189

HCL BigFix Web Reports might be subject to a Denial of Service (DoS) attack, due to a potentially weak validation of an API parameter.

CVSS: 6.5 CWE: CWE-1287 - Improper Validation of Specified Type of Input View on NVD
High

CVE-2025-32948

The vulnerability allows any attacker to cause the PeerTube server to stop functioning, or in special cases send requests to arbitrary URLs (Blind SSRF). Attackers can send ActivityPub activities to…

CVSS: 7.5 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
2025-04-14
High

CVE-2025-32908

A flaw was found in libsoup. The HTTP/2 server in libsoup may not fully validate the values of pseudo-headers :scheme, :authority, and :path, which may allow a user to cause a denial of service (DoS).

CVSS: 7.5 CWE: CWE-115 - Misinterpretation of Input View on NVD
Medium

CVE-2025-32907

A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a si…

CVSS: 5.3 CWE: CWE-1050 - Excessive Platform Resource Consumption within a Loop View on NVD
Medium

CVE-2024-49705

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to client-side Denial of Servise (DoS) attacks. An attacker might trick a user into using an URL with a d parameter set to an un…

CVSS: 6.5 CWE: CWE-248 - Uncaught Exception View on NVD
2025-04-13
High

CVE-2024-56406

A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non…

CVSS: 8.4 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
Medium

CVE-2025-3535

A vulnerability has been found in shuanx BurpAPIFinder up to 2.0.2 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file BurpApiFinder.db. The manipula…

CVSS: 4.3 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
2025-04-11
Medium

CVE-2025-32079

Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments allows HTTP DoS.This issue affects Mediawiki - GrowthExperiments: from 1.39 through 1.43.

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2025-32076

Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Visual Data Extension allows HTTP DoS.This issue affects Mediawiki - Visual Data Extension: from 1.39 through 1.43.

CVSS: 6.9 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2025-23388

A Stack-based Buffer Overflow vulnerability in SUSE rancher allows for denial of service.This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3.

CVSS: 8.2 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2025-0128

A denial-of-service (DoS) vulnerability in the Simple Certificate Enrollment Protocol (SCEP) authentication feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to initi…

CVSS: 8.7 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
Medium

CVE-2025-0122

A denial-of-service (DoS) vulnerability in Palo Alto Networks Prisma® SD-WAN ION devices enables an unauthenticated attacker in a network adjacent to a Prisma SD-WAN ION device to disrupt the packet…

CVSS: 5.1 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2024-51461

IBM QRadar WinCollect Agent 10.0 through 10.1.13 could allow a remote attacker to cause a denial of service by interrupting an HTTP request that could consume memory resources.

CVSS: 4.3 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2025-04-10
Medium

CVE-2025-29916

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Datasets declared in rules have an option to specify the `hashsize` to use. This…

CVSS: 6.2 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Critical

CVE-2025-32743

In ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c can be NULL or an empty string when the TC (Truncated) bit is set in a DNS response. This allows attackers to cause a denial of s…

CVSS: 9.0 CWE: CWE-392 - Missing Report of Error Condition View on NVD
Medium

CVE-2025-29088

In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-b…

CVSS: 5.6 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2025-1677

A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all up to 17.8.7, 17.9 prior to 17.9.6 and 17.10 prior to 17.10.4 A denial of service could occur upon injecting oversize…

CVSS: 6.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2025-27081

A potential security vulnerability in HPE NonStop OSM Service Connection Suite could potentially be exploited to allow a local Denial of Service.

CVSS: 6.8 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2024-13896

The WP-GeSHi-Highlight — rock-solid syntax highlighting for 259 languages WordPress plugin through 1.4.3 processes user-supplied input as a regular expression via the wp_geshi_filter_replace_code() f…

CVSS: 6.5 CWE: CWE-1333 - Inefficient Regular Expression Complexity View on NVD
Medium

CVE-2025-26480

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.0, contains an uncontrolled resource consumption vulnerability. An unauthenticated attacker with remote access could potentially exploit this vu…

CVSS: 5.3 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2025-22471

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an integer overflow or wraparound vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulne…

CVSS: 6.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
2025-04-09
High

CVE-2025-30660

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker…

CVSS: 7.5 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
High

CVE-2025-30659

An Improper Handling of Length Parameter Inconsistency vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker…

CVSS: 7.5 CWE: CWE-130 - Improper Handling of Length Parameter Inconsistency View on NVD