CVE Daily
← All tags

Tag: Denial of Service (DoS)

All CVEs associated with "Denial of Service (DoS)". Page 3/6 • 612 CVEs.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2025-07-15
Low

CVE-2025-50065

Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Native Image). The supported version that is affected is Oracle GraalVM for JDK: 24.0.1. Difficult to exploit vulne…

CVSS: 3.7 CWE: CWE-269
Read more
Medium

CVE-2025-30753

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable…

CVSS: 6.5 CWE: CWE-400
Read more
Low

CVE-2025-30752

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler). The supported version that is affected is Oracle Java SE: 24.0.1; Oracle GraalVM for JDK…

CVSS: 3.7 CWE: CWE-400
Read more
Medium

CVE-2025-53893

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename, and edit files. In version 2.38.0, a Denial of Service (DoS) vulner…

CVSS: 6.5 CWE: CWE-400
Read more
High

CVE-2024-42650

NanoMQ 0.17.5 was discovered to contain a segmentation fault via the component /nanomq/pub_handler.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PUBLISH mess…

CVSS: 7.5 CWE: N/A
Read more
Medium

CVE-2025-48795

Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the entire temporary file is read into memory and then logged. An attac…

CVSS: 5.6 CWE: CWE-400
Read more
Medium

CVE-2025-53891

The timelineofficial/Time-Line- repository contains the source code for the TIME LINE website. A vulnerability was found in the TIME LINE website where uploaded files (instruction/message media) are…

CVSS: 4.3 CWE: CWE-434
Read more
2025-07-14
Medium

CVE-2024-42649

NanoMQ v0.22.10 was discovered to contain a memory leak which allows attackers to cause a Denial of Service (DoS) via a crafted PUBLISH message.

CVSS: 6.5 CWE: CWE-401
Read more
Medium

CVE-2024-42648

NanoMQ v0.22.10 was discovered to contain a heap overflow which allows attackers to cause a Denial of Service (DoS) via a crafted CONNECT message.

CVSS: 6.5 CWE: CWE-787
Read more
High

CVE-2024-42646

A segmentation fault in NanoMQ v0.21.10 allows attackers to cause a Denial of Service (DoS) via crafted messages.

CVSS: 7.5 CWE: CWE-125
Read more
Medium

CVE-2025-29606

py-libp2p before 0.2.3 allows a peer to cause a denial of service (resource consumption) via a large RSA key.

CVSS: 4.3 CWE: CWE-770
Read more
2025-07-12
High

CVE-2025-24294

The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craf…

CVSS: 7.5 CWE: CWE-400
Read more
2025-07-11
Medium

CVE-2025-53636

Open OnDemand is an open-source HPC portal. Users can flood logs by interacting with the shell app and generating many errors. Users who flood logs can create very large log files causing a Denial of…

CVSS: 5.4 CWE: CWE-400
Read more
Low

CVE-2024-47065

Meshtastic is an open source mesh networking solution. Prior to 2.5.1, traceroute responses from the remote node are not rate limited. Given that there are SNR measurements attributed to each receive…

CVSS: 2.7 CWE: CWE-799
Read more
Medium

CVE-2025-52982

An Improper Resource Shutdown or Release vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series with MS-MPC allows an unauthenticated, network-based attacker to cause a Denial-of-Serv…

CVSS: 5.9 CWE: CWE-404
Read more
High

CVE-2025-52981

An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX1600, SRX2300, SRX 4000 Series, and SRX5000 Ser…

CVSS: 7.5 CWE: CWE-754
Read more
High

CVE-2025-52980

A Use of Incorrect Byte Ordering vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS on SRX300 Series allows an unauthenticated, network-based attacker to cause a Deni…

CVSS: 7.5 CWE: CWE-198
Read more
Medium

CVE-2025-52964

A Reachable Assertion vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Servi…

CVSS: 6.5 CWE: CWE-617
Read more
Medium

CVE-2025-52958

A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (D…

CVSS: 5.3 CWE: CWE-617
Read more
Medium

CVE-2025-52955

An Incorrect Calculation of Buffer Size vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause a mem…

CVSS: 4.1 CWE: CWE-131
Read more
Medium

CVE-2025-52953

An Expected Behavior Violation vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending a valid BGP UPD…

CVSS: 6.5 CWE: CWE-440
Read more
Medium

CVE-2025-52952

An Out-of-bounds Write vulnerability in the connectivity fault management (CFM) daemon of Juniper Networks Junos OS on MX Series with MPC-BUILTIN, MPC1 through MPC9 line cards allows an unauthenticat…

CVSS: 6.5 CWE: CWE-787
Read more
Medium

CVE-2025-52949

An Improper Handling of Length Parameter Inconsistency vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a logically adjacent BGP peer sendin…

CVSS: 6.5 CWE: CWE-130
Read more
Medium

CVE-2025-52947

An Improper Handling of Exceptional Conditions vulnerability in route processing of Juniper Networks Junos OS on specific end-of-life (EOL) ACX Series platforms allows an attacker to crash the Forwar…

CVSS: 6.5 CWE: CWE-755
Read more
High

CVE-2025-52946

A Use After Free vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an attacker sending a BGP update with a specifically malf…

CVSS: 7.5 CWE: CWE-416
Read more
Medium

CVE-2025-3933

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically within the DonutProcessor class's `token2json()` method. This vulner…

CVSS: 5.3 CWE: CWE-1333
Read more
Low

CVE-2025-5992

When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing a specifically crafted ICC profile to QC…

CVSS: 2.3 CWE: CWE-20
Read more
Medium

CVE-2025-53864

Connect2id Nimbus JOSE + JWT before 10.0.2 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE:…

CVSS: 5.8 CWE: CWE-674
Read more
2025-07-10
High

CVE-2025-3947

The Honeywell Experion PKS contains an Integer Underflow vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to Input Dat…

CVSS: 8.2 CWE: CWE-191
Read more
High

CVE-2025-53634

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. The HTTP Gateway processes headers, but with no timeout set. With a slow loris attack, an attacker could ca…

CVSS: 7.5 CWE: CWE-770
Read more
High

CVE-2025-2520

The Honeywell Experion PKS contains an Uninitialized Variable in the common Epic Platform Analyzer (EPA) communications. An attacker could potentially exploit this vulnerability, leading to a Communi…

CVSS: 7.5 CWE: CWE-457
Read more
High

CVE-2025-52520

For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits. This issue affects Apache Tomcat: from 11.0…

CVSS: 7.5 CWE: CWE-190
Read more
Critical

CVE-2025-53371

DiscordNotifications is an extension for MediaWiki that sends notifications of actions in your Wiki to a Discord channel. DiscordNotifications allows sending requests via curl and file_get_contents t…

CVSS: 9.1 CWE: CWE-400
Read more
High

CVE-2025-49630

In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients causing an assertion in mod_proxy_http2.…

CVSS: 7.5 CWE: CWE-617
Read more
Medium

CVE-2025-49464

Classic buffer overflow in certain Zoom Clients for Windows may allow an authorised user to conduct a denial of service via network access.

CVSS: 6.5 CWE: CWE-120
Read more
Medium

CVE-2025-46789

Classic buffer overflow in certain Zoom Clients for Windows may allow an authorized user to conduct a denial of service via network access.

CVSS: 6.5 CWE: CWE-120
Read more
High

CVE-2025-7424

A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allow…

CVSS: 7.8 CWE: CWE-843
Read more
Medium

CVE-2025-32990

A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an…

CVSS: 6.5 CWE: CWE-122
Read more
High

CVE-2025-5023

Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Corporation photovoltaic system monitor “EcoGuideTAB” PV-DR004J all versions and PV-DR004JA all versions allows an attacker within t…

CVSS: 7.1 CWE: CWE-798
Read more
2025-07-09
High

CVE-2025-53645

Zimbra Collaboration (ZCS) before 9.0.0 Patch 46, 10.0.x before 10.0.15, and 10.1.x before 10.1.9 is vulnerable to a denial of service condition due to improper handling of excessive, comma-separated…

CVSS: 7.5 CWE: CWE-400
Read more
Medium

CVE-2025-44526

Realtek RTL8762EKF-EVB RTL8762E SDK V1.4.0 was discovered to utilize insufficient permission checks on critical fields within Bluetooth Low Energy (BLE) data packets. This issue allows attackers to c…

CVSS: 6.5 CWE: CWE-20
Read more
Low

CVE-2025-38262

In the Linux kernel, the following vulnerability has been resolved: tty: serial: uartlite: register uart driver in init When two instances of uart devices are probing, a concurrency race can occur.…

CVSS: N/A CWE: N/A
Read more
2025-07-08
Medium

CVE-2025-5451

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to trigger a d…

CVSS: 4.9 CWE: CWE-121
Read more
High

CVE-2025-27057

Transient DOS while handling beacon frames with invalid IE header length.

CVSS: 7.5 CWE: CWE-126
Read more
High

CVE-2025-21454

Transient DOS while processing received beacon frame.

CVSS: 7.5 CWE: CWE-126
Read more
High

CVE-2025-21449

Transient DOS may occur while processing malformed length field in SSID IEs.

CVSS: 7.5 CWE: CWE-126
Read more
High

CVE-2025-21446

Transient DOS may occur when processing vendor-specific information elements while parsing a WLAN frame for BTM requests.

CVSS: 7.5 CWE: CWE-126
Read more
Medium

CVE-2025-21433

Transient DOS when importing a PKCS#8-encoded RSA private key with a zero-sized modulus.

CVSS: 6.2 CWE: CWE-476
Read more
Medium

CVE-2025-27127

A vulnerability has been identified in TIA Project-Server (All versions < V2.1.1), TIA Project-Server V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally…

CVSS: 4.3 CWE: CWE-434
Read more
Medium

CVE-2025-20695

In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not nee…

CVSS: 6.5 CWE: CWE-124
Read more
Medium

CVE-2025-20694

In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not nee…

CVSS: 6.5 CWE: CWE-124
Read more
Medium

CVE-2025-20687

In Bluetooth driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local denial of service with User execution privileges needed. User interaction is not…

CVSS: 5.5 CWE: CWE-125
Read more
2025-07-07
Medium

CVE-2025-20322

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, an unauthenticated attacker could send a sp…

CVSS: 4.3 CWE: CWE-352
Read more
Medium

CVE-2025-20320

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.107, 9.3.2408.117, and 9.2.2406.121, a low-privileged user that does not hold the…

CVSS: 6.3 CWE: CWE-35
Read more
High

CVE-2024-25177

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an unsinking of IR_FSTORE for NULL metatable, which leads to Denial of Service (DoS).

CVSS: 7.5 CWE: CWE-476
Read more
Medium

CVE-2025-5472

The JSONReader in run-llama/llama_index versions 0.12.28 is vulnerable to a stack overflow due to uncontrolled recursive JSON parsing. This vulnerability allows attackers to trigger a Denial of Servi…

CVSS: 6.5 CWE: CWE-674
Read more
Medium

CVE-2025-3264

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically in the `get_imports()` function within `dynamic_module_utils.py`. Th…

CVSS: 5.3 CWE: CWE-1333
Read more
Medium

CVE-2025-3263

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically in the `get_configuration_file()` function within the `transformers.…

CVSS: 5.3 CWE: CWE-1333
Read more
High

CVE-2025-3262

A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the huggingface/transformers repository, specifically in version 4.49.0. The vulnerability is due to inefficient regular…

CVSS: 7.5 CWE: CWE-1333
Read more
High

CVE-2025-3225

An XML Entity Expansion vulnerability, also known as a 'billion laughs' attack, exists in the sitemap parser of the run-llama/llama_index repository, specifically affecting version v0.12.21. This vul…

CVSS: 7.5 CWE: CWE-776
Read more
2025-07-01
High

CVE-2025-6297

It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on unt…

CVSS: 8.2 CWE: CWE-400
Read more
2025-06-28
High

CVE-2025-1991

IBM Informix Dynamic Server 12.10,14.10, and15.0 could allow a remote attacker to cause a denial of service due to an integer underflow when processing packets.

CVSS: 7.5 CWE: CWE-191
Read more
2025-06-26
Medium

CVE-2025-3279

An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated attackers to create a Do…

CVSS: 6.5 CWE: CWE-770
Read more
2025-06-25
High

CVE-2025-52894

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 allowed an attacker to perform unauthent…

CVSS: 7.5 CWE: CWE-20
Read more
Low

CVE-2025-4656

Vault Community and Vault Enterprise rekey and recovery key operations can lead to a denial of service due to uncontrolled cancellation by a Vault operator. This vulnerability (CVE-2025-4656) has bee…

CVSS: 3.1 CWE: CWE-1088
Read more
Medium

CVE-2024-57708

An issue in OneTrust SDK v.6.33.0 allows a local attacker to cause a denial of service via the Object.setPrototypeOf, __proto__, and Object.assign components. NOTE: this is disputed by the Supplier w…

CVSS: 5.7 CWE: CWE-400
Read more
2025-06-20
Medium

CVE-2024-4025

A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions from 7.10 prior before 16.11.5, version 17.0 before 17.0.3, and 17.1 before 17.1.1. It is possible for a…

CVSS: 6.5 CWE: CWE-1333
Read more
2025-06-18
Critical

CVE-2025-20260

A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arb…

CVSS: 9.8 CWE: CWE-122
Read more
Medium

CVE-2025-20234

A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnera…

CVSS: 5.3 CWE: CWE-125
Read more
2025-06-17
Medium

CVE-2025-6196

A flaw was found in libgepub, a library used to read EPUB files. The software mishandles file size calculations when opening specially crafted EPUB files, leading to incorrect memory allocations. Thi…

CVSS: 5.5 CWE: CWE-190
Read more
2025-06-16
Critical

CVE-2025-49796

A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input f…

CVSS: 9.1 CWE: CWE-125
Read more
Medium

CVE-2025-4565

Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be co…

CVSS: 5.3 CWE: CWE-674
Read more
High

CVE-2025-48976

Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; fr…

CVSS: 7.5 CWE: CWE-770
Read more
2025-06-12
High

CVE-2025-6021

A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a de…

CVSS: 7.5 CWE: CWE-121
Read more
High

CVE-2025-0673

An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2, allow an attacker to trigger an infinite redirect loop, pot…

CVSS: 7.5 CWE: CWE-835
Read more
Medium

CVE-2025-5996

An issue has been discovered in GitLab CE/EE affecting all versions from 2.1.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. A lack of input validation in HTTP responses could allow a…

CVSS: 6.5 CWE: CWE-770
Read more
Medium

CVE-2025-1516

An issue has been discovered in GitLab CE/EE affecting all versions from 8.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper input validation in Tokens Names could be used to t…

CVSS: 6.5 CWE: CWE-770
Read more
Medium

CVE-2025-1478

An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in Board Names could be used to…

CVSS: 6.5 CWE: CWE-770
Read more
2025-06-11
Medium

CVE-2025-4605

A maliciously crafted .usdc file, when loaded through Autodesk Maya, can force an uncontrolled memory allocation vulnerability. A malicious actor may leverage this vulnerability to cause a denial-of-…

CVSS: 6.6 CWE: CWE-789
Read more
2025-06-09
Low

CVE-2025-5915

A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZ…

CVSS: 3.9 CWE: CWE-122
Read more
Medium

CVE-2025-47712

A flaw exists in the nbdkit "blocksize" filter that can be triggered by a specific type of client request. When a client requests block status information for a very large data range, exceeding a cer…

CVSS: 4.3 CWE: CWE-190
Read more
2025-06-07
High

CVE-2025-5399

Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the applica…

CVSS: 7.5 CWE: CWE-835
Read more
2025-06-06
High

CVE-2025-47950

CoreDNS is a DNS server that chains plugins. In versions prior to 1.12.2, a Denial of Service (DoS) vulnerability exists in the CoreDNS DNS-over-QUIC (DoQ) server implementation. The server previousl…

CVSS: 7.5 CWE: CWE-770
Read more
2025-06-04
Medium

CVE-2025-31482

FreshRSS is a self-hosted RSS feed aggregator. A vulnerability in versions prior to 1.26.2 causes a user to be repeatedly logged out after fetching a malicious feed entry, effectively causing that us…

CVSS: 4.3 CWE: CWE-352
Read more
High

CVE-2025-5601

Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or crafted capture file

CVSS: 7.8 CWE: CWE-120
Read more
2025-06-03
Medium

CVE-2025-25020

IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an authenticated user to cause a denial of service due to improperly validat…

CVSS: 6.5 CWE: CWE-1287
Read more
2025-05-27
Medium

CVE-2025-27701

In the function process_crypto_cmd, the values of ptrs[i] can be potentially equal to NULL which is valid value after calling slice_map_array(). Later this values will be derefenced without prior NUL…

CVSS: 5.5 CWE: CWE-476
Read more
2025-05-23
High

CVE-2018-25110

Marked prior to version 0.3.17 is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to catastrophic backtracking in several regular expressions used for parsing HTML tags and ma…

CVSS: 7.5 CWE: CWE-1333
Read more
Medium

CVE-2024-7803

An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A Discord webhook integration may cause DoS.

CVSS: 6.5 CWE: CWE-770
Read more
2025-05-19
High

CVE-2025-4948

A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs w…

CVSS: 7.5 CWE: CWE-191
Read more
High

CVE-2025-26621

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.5.2, any user with the capability manage customizations can edit webhook that w…

CVSS: 7.6 CWE: CWE-94
Read more
2025-05-16
High

CVE-2025-4478

A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, re…

CVSS: 7.1 CWE: CWE-476
Read more
2025-05-15
Medium

CVE-2025-0921

Execution with Unnecessary Privileges vulnerability in multiple services of Mitsubishi Electric Iconics Digital Solutions GENESIS64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS…

CVSS: 6.5 CWE: CWE-250
Read more
2025-05-14
Medium

CVE-2025-30666

NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.

CVSS: 6.5 CWE: CWE-476
Read more
Medium

CVE-2025-30665

NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.

CVSS: 6.5 CWE: CWE-476
Read more
Medium

CVE-2025-24026

iTop is an web based IT Service Management tool. Versions prior to 3.2.1 are vulnerable to regular expression denial of service (ReDoS) that may, under some circumstances, affect iTop server. Version…

CVSS: 5.3 CWE: CWE-1333
Read more
2025-05-10
High

CVE-2025-1752

A Denial of Service (DoS) vulnerability has been identified in the KnowledgeBaseWebReader class of the run-llama/llama_index project, affecting version ~ latest(v0.12.15). The vulnerability arises du…

CVSS: 7.5 CWE: CWE-400
Read more
2025-05-09
Medium

CVE-2024-8973

An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. It was possible to cause a DoS co…

CVSS: 6.5 CWE: CWE-770
Read more
2025-05-07
High

CVE-2025-20189

A vulnerability in the Cisco Express Forwarding functionality of Cisco IOS XE Software for Cisco ASR 903 Aggregation Services Routers with Route Switch Processor 3 (RSP3C) could allow an unauthentica…

CVSS: 7.4 CWE: CWE-762
Read more
High

CVE-2025-20182

A vulnerability in the Internet Key Exchange version 2 (IKEv2) protocol processing of Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense (FTD) Software, Cisco IOS Softwa…

CVSS: 8.6 CWE: CWE-787
Read more
High

CVE-2025-20154

A vulnerability in the Two-Way Active Measurement Protocol (TWAMP) server feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected…

CVSS: 8.6 CWE: CWE-20
Read more
High

CVE-2025-20140

A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent wireless attacker to cause a denial…

CVSS: 7.4 CWE: CWE-789
Read more
High

CVE-2025-27533

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During unmarshalling of OpenWire commands the size value of buffers was not properly validated which could lead to exces…

CVSS: 7.5 CWE: CWE-789
Read more
2025-05-06
High

CVE-2025-21459

Transient DOS while parsing per STA profile in ML IE.

CVSS: 7.5 CWE: CWE-126
Read more
2025-05-05
Critical

CVE-2025-46726

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.53.4, a LLM application leveraging `XMLToolMessage` class may be exposed to untrusted XML input that…

CVSS: 9.1 CWE: CWE-611
Read more
Medium

CVE-2025-47268

ping in iputils before 20250602 allows a denial of service (application error or incorrect data collection) via a crafted ICMP Echo Reply packet, because of a signed 64-bit integer overflow in timest…

CVSS: 6.5 CWE: CWE-190
Read more
2025-05-03
Medium

CVE-2025-1838

IBM Cloud Pak for Business Automation 24.0.0 and 24.0.1 through 24.0.1 IF001 Authoring allows an authenticated user to bypass client-side data validation in an authoring user interface which coul…

CVSS: 6.5 CWE: CWE-602
Read more
Low

CVE-2025-47229

libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a denial of service (var_set_leave_quiet assertion failure and application exit) via crafted input data, such as data that triggers…

CVSS: 2.9 CWE: CWE-617
Read more
2025-05-02
Medium

CVE-2024-55909

IBM Concert Software 1.0.0 through 1.0.5 could allow an authenticated user to cause a denial of service due to the expansion of archive files without controlling resource consumption.

CVSS: 6.5 CWE: CWE-409
Read more
2025-05-01
Medium

CVE-2024-52903

IBM Db2 for Linux, UNIX and Windows 12.1.0 and 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

CVSS: 5.3 CWE: CWE-20
Read more
2025-04-29
High

CVE-2025-3891

A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPres…

CVSS: 7.5 CWE: CWE-248
Read more
Medium

CVE-2025-1194

A Regular Expression Denial of Service (ReDoS) vulnerability was identified in the huggingface/transformers library, specifically in the file `tokenization_gpt_neox_japanese.py` of the GPT-NeoX-Japan…

CVSS: 6.5 CWE: CWE-1333
Read more
2025-04-28
High

CVE-2025-31650

Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory…

CVSS: 7.5 CWE: CWE-459
Read more
2025-04-11
Medium

CVE-2024-51461

IBM QRadar WinCollect Agent 10.0 through 10.1.13 could allow a remote attacker to cause a denial of service by interrupting an HTTP request that could consume memory resources.

CVSS: 4.3 CWE: CWE-770
Read more
2025-04-10
Medium

CVE-2025-1677

A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all up to 17.8.7, 17.9 prior to 17.9.6 and 17.10 prior to 17.10.4 A denial of service could occur upon injecting oversize…

CVSS: 6.5 CWE: CWE-770
Read more
Medium

CVE-2025-22471

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an integer overflow or wraparound vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulne…

CVSS: 6.5 CWE: CWE-190
Read more
2025-04-09
High

CVE-2025-21601

An Improper Following of Specification by Caller vulnerability in web management (J-Web, Captive Portal, 802.1X, Juniper Secure Connect (JSC) of Juniper Networks Junos OS on SRX Series, EX Series, MX…

CVSS: 7.5 CWE: CWE-573
Read more
2025-04-08
Medium

CVE-2025-30671

Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.

CVSS: 6.5 CWE: CWE-476
Read more
Medium

CVE-2025-30670

Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.

CVSS: 6.5 CWE: CWE-476
Read more
2025-04-07
High

CVE-2025-32031

Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a vulnerability in Apollo Gateway allowed queries with deeply nested an…

CVSS: 7.5 CWE: CWE-770
Read more