CVE Daily
← All tags

Tag: Denial of Service (DoS)

All CVEs associated with "Denial of Service (DoS)". Page 30/331 • 39649 CVEs.

Subscribe CVEs: RSS for “Denial of Service (DoS)”  ·  RSS (High+Critical only)

About “Denial of Service (DoS)”

A curated feed of “Denial of Service (DoS)”-related CVEs appears below. We currently track 39649 CVEs for this tag (all time). In the last 365 days, 3220 were published. Average CVSS is 6.6 (all time; 6.6 over 365d), and 47% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-400 - Uncontrolled Resource Consumption, CWE-770 - Allocation of Resources Without Limits or Throttling, CWE-476 - NULL Pointer Dereference.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2025-04-09
High

CVE-2025-30658

A Missing Release of Memory after Effective Lifetime vulnerability in the Anti-Virus processing of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause…

CVSS: 7.5 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
Medium

CVE-2025-30657

An Improper Encoding or Escaping of Output vulnerability in the Sampling Route Record Daemon (SRRD) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial-of…

CVSS: 5.3 CWE: CWE-116 - Improper Encoding or Escaping of Output View on NVD
High

CVE-2025-30656

An Improper Handling of Additional Special Element vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series with MS-MPC, MS-MIC and SPC3, and SRX Series, allows a…

CVSS: 7.5 CWE: CWE-167 - Improper Handling of Additional Special Element View on NVD
Medium

CVE-2025-30655

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to…

CVSS: 5.5 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
Medium

CVE-2025-30653

An Expired Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service…

CVSS: 6.5 CWE: CWE-825 - Expired Pointer Dereference View on NVD
Medium

CVE-2025-30652

An Improper Handling of Exceptional Conditions vulnerability in routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker executing a CLI…

CVSS: 5.5 CWE: CWE-755 - Improper Handling of Exceptional Conditions View on NVD
High

CVE-2025-30651

A Buffer Access with Incorrect Length Value vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to c…

CVSS: 7.5 CWE: CWE-805 - Buffer Access with Incorrect Length Value View on NVD
High

CVE-2025-30649

An Improper Input Validation vulnerability in the syslog stream TCP transport of Juniper Networks Junos OS on MX240, MX480 and MX960 devices with MX-SPC3 Security Services Card allows an unauthentica…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2025-30648

An Improper Input Validation vulnerability in the Juniper DHCP Daemon (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause the jdhcpd proce…

CVSS: 7.4 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2025-30647

A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause…

CVSS: 6.5 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
Medium

CVE-2025-30646

A Signed to Unsigned Conversion Error vulnerability in the Layer 2 Control Protocol daemon (l2cpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated adjacen…

CVSS: 6.5 CWE: CWE-195 - Signed to Unsigned Conversion Error View on NVD
High

CVE-2025-30645

A NULL Pointer Dereference vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker causing specific, valid control traffic to be sent out of a Dual-Stac…

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2025-30644

A Heap-based Buffer Overflow vulnerability in the flexible PIC concentrator (FPC) of Juniper Networks Junos OS on EX2300, EX3400, EX4100, EX4300, EX4300MP, EX4400, EX4600, EX4650-48Y, and QFX5k Serie…

CVSS: 7.5 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2025-21601

An Improper Following of Specification by Caller vulnerability in web management (J-Web, Captive Portal, 802.1X, Juniper Secure Connect (JSC) of Juniper Networks Junos OS on SRX Series, EX Series, MX…

CVSS: 7.5 CWE: CWE-573 - Improper Following of Specification by Caller View on NVD
Medium

CVE-2025-21597

An Improper Check for Unusual or Exceptional Conditions vulnerability in routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent…

CVSS: 5.3 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
Medium

CVE-2025-21595

A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker…

CVSS: 6.5 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
High

CVE-2025-21594

An Improper Check for Unusual or Exceptional Conditions vulnerability in the pfe (packet forwarding engine) of Juniper Networks Junos OS on MX Series causes a port within a pool to be blocked leading…

CVSS: 7.5 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
High

CVE-2025-21591

A Buffer Access with Incorrect Length Value vulnerability in the jdhcpd daemon of Juniper Networks Junos OS, when DHCP snooping is enabled, allows an unauthenticated, adjacent, attacker to send a DHC…

CVSS: 7.4 CWE: CWE-805 - Buffer Access with Incorrect Length Value View on NVD
Medium

CVE-2025-32381

XGrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to 0.1.18, Xgrammar includes a cache for compiled grammars to increase performance with repeated…

CVSS: 6.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2025-32380

The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. A vulnerability in Apollo Router's usage of Apollo…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2025-32374

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Possible denial of service with specially crafted information in the public registration…

CVSS: 5.9 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2025-04-08
Medium

CVE-2025-30300

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vul…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2025-30671

Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.

CVSS: 6.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2025-30670

Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.

CVSS: 6.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2025-30151

Shopware is an open commerce platform. It's possible to pass long passwords that leads to Denial Of Service via forms in Storefront forms or Store-API. This vulnerability is fixed in 6.6.10.3 or 6.5.…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
2025-04-07
High

CVE-2025-32034

The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Prior to 1.61.2 and 2.1.1, a vulnerability in Apol…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2025-32032

The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. A vulnerability in Apollo Router allowed queries w…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2025-32031

Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a vulnerability in Apollo Gateway allowed queries with deeply nested an…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2025-32030

Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a vulnerability in Apollo Gateway allowed queries with deeply nested an…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2025-31496

apollo-compiler is a query-based compiler for the GraphQL query language. Prior to 1.27.0, a vulnerability in Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohi…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2025-29480

Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service via the OGRSpatialReference::Release function. NOTE: the Supplier indicates that the report is invali…

CVSS: 5.5 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2025-29478

An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.

CVSS: 5.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2025-30195

An attacker can publish a zone containing specific Resource Record Sets. Processing and caching results for these sets can lead to an illegal memory accesses and crash of the Recursor, causing a deni…

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2025-21448

Transient DOS may occur while parsing SSID in action frames.

CVSS: 7.5 CWE: CWE-126 - Buffer Over-read View on NVD
High

CVE-2025-21435

Transient DOS may occur while parsing extended IE in beacon.

CVSS: 7.5 CWE: CWE-126 - Buffer Over-read View on NVD
High

CVE-2025-21434

Transient DOS may occur while parsing EHT operation IE or EHT capability IE.

CVSS: 7.5 CWE: CWE-126 - Buffer Over-read View on NVD
High

CVE-2025-21430

Transient DOS while connecting STA to AP and initiating ADD TS request from AP to establish TSpec session.

CVSS: 7.5 CWE: CWE-126 - Buffer Over-read View on NVD
Medium

CVE-2025-20659

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, wit…

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Low

CVE-2025-27534

in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory.

CVSS: 3.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
Low

CVE-2025-25057

in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory.

CVSS: 3.3 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
Low

CVE-2025-24304

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds write.

CVSS: 3.3 CWE: CWE-787 - Out-of-bounds Write View on NVD
Low

CVE-2025-22842

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

CVSS: 3.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
Low

CVE-2025-22452

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

CVSS: 3.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
Low

CVE-2025-20102

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

CVSS: 3.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
2025-04-06
High

CVE-2025-2260

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause a denial of service by specially crafted packets. The core issue is missing closing of a fi…

CVSS: 7.5 CWE: CWE-459 - Incomplete Cleanup View on NVD
High

CVE-2025-2259

In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by sp…

CVSS: 7.5 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
High

CVE-2025-2258

In NetX Duo component HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very lar…

CVSS: 7.5 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
2025-04-05
High

CVE-2024-13776

The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability che…

CVSS: 8.1 CWE: CWE-862 - Missing Authorization View on NVD
2025-04-04
Medium

CVE-2025-29477

An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.

CVSS: 5.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2025-3086

Improper isolation of users in M-Files Server version before 25.3.14549 allows anonymous user to affect other anonymous users views and possibly cause a denial of service

CVSS: 7.1 CWE: CWE-653 - Improper Isolation or Compartmentalization View on NVD
Medium

CVE-2025-24317

Allocation of resources without limits or throttling issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to cause a denial-of-service (Do…

CVSS: 5.3 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2025-04-03
Medium

CVE-2025-3167

A vulnerability, which was classified as problematic, has been found in Tenda AC23 16.03.07.52. This issue affects some unknown processing of the file /goform/VerAPIMant of the component API Interfac…

CVSS: 6.5 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
Medium

CVE-2025-32051

A flaw was found in libsoup. The libsoup soup_uri_decode_data_uri() function may crash when processing malformed data URI. This flaw allows an attacker to cause a denial of service (DoS).

CVSS: 5.9 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
High

CVE-2025-32049

A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2025-04-02
High

CVE-2025-30080

Signalling in Pexip Infinity 29 through 36.2 before 37.0 has improper input validation that allows remote attackers to trigger a temporary denial of service (software abort).

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2025-2704

OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase

CVSS: 7.5 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
High

CVE-2024-37917

Pexip Infinity before 35.0 has improper input validation that allows remote attackers to trigger a denial of service (software abort) via a crafted signalling message.

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2025-20212

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series devices could allow an authenticated, remote attacker to cause a denial of service (DoS) condition in t…

CVSS: 7.7 CWE: CWE-457 - Use of Uninitialized Variable View on NVD
High

CVE-2025-20139

A vulnerability in chat messaging features of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability…

CVSS: 7.5 CWE: CWE-185 - Incorrect Regular Expression View on NVD
Medium

CVE-2024-50597

An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service.…

CVSS: 4.3 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
Medium

CVE-2024-50596

An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service.…

CVSS: 4.3 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
Medium

CVE-2024-50595

An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted series of network requests can lead to denial…

CVSS: 4.3 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
Medium

CVE-2024-50594

An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted series of network requests can lead to denial…

CVSS: 4.3 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
Medium

CVE-2024-50385

A denial of service vulnerability exists in the NetX Component HTTP server functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service…

CVSS: 6.5 CWE: CWE-459 - Incomplete Cleanup View on NVD
Medium

CVE-2024-50384

A denial of service vulnerability exists in the NetX Component HTTP server functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service…

CVSS: 6.5 CWE: CWE-459 - Incomplete Cleanup View on NVD
Medium

CVE-2024-45700

Zabbix server is vulnerable to a DoS vulnerability due to uncontrolled resource exhaustion. An attacker can send specially crafted requests to the server, which will cause the server to allocate an e…

CVSS: 6.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2025-27694

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insufficient Resource Pool vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerabili…

CVSS: 5.3 CWE: CWE-410 - Insufficient Resource Pool View on NVD
Medium

CVE-2025-27692

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially explo…

CVSS: 4.7 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
2025-04-01
Medium

CVE-2023-46988

Path Traversal vulnerability in ONLYOFFICE Document Server before v8.0.1 allows a remote attacker to copy arbitrary files by manipulating the fileExt parameter in the /example/editor endpoint, leadin…

CVSS: 6.7 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2025-29070

A heap buffer overflow vulnerability has been identified in thesmooth2() in cmsgamma.c in lcms2-2.16 which allows a remote attacker to cause a denial of service. NOTE: the Supplier disputes this beca…

CVSS: 7.5 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
Medium

CVE-2025-25041

A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM (root). A successful exploit could all…

CVSS: 5.5 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2025-03-31
Medium

CVE-2025-29908

Netty QUIC codec is a QUIC codec for netty which makes use of quiche. An issue was discovered in the codec. A hash collision vulnerability (in the hash map used to manage connections) allows remote a…

CVSS: 5.3 CWE: CWE-407 - Inefficient Algorithmic Complexity View on NVD
2025-03-30
Medium

CVE-2025-2958

A vulnerability was found in TRENDnet TEW-818DRU 1.0.14.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /usr/sbin/httpd of the component…

CVSS: 6.5 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
Low

CVE-2025-2953

A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnn_max_pool2d. The manipulation leads to denial of servic…

CVSS: 3.3 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
2025-03-28
High

CVE-2024-57083

A prototype pollution in the component Module.mergeObjects (redoc/bundles/redoc.lib.js:2) of redoc <= 2.2.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

CVSS: 7.5 CWE: CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') View on NVD
Critical

CVE-2024-38988

alizeait unflatto <= 1.0.2 was discovered to contain a prototype pollution via the method exports.unflatto at /dist/index.js. This vulnerability allows attackers to execute arbitrary code or cause a…

CVSS: 9.8 CWE: CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') View on NVD
Critical

CVE-2024-38985

janryWang products depath v1.0.6 and cool-path v1.1.2 were discovered to contain a prototype pollution via the set() method at setIn (lib/index.js:90). This vulnerability allows attackers to execute…

CVSS: 9.8 CWE: CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') View on NVD
High

CVE-2025-27932

Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file deletion process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and e…

CVSS: 8.1 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2025-03-27
Medium

CVE-2025-26265

A segmentation fault in openairinterface5g v2.1.0 allows attackers to cause a Denial of Service (DoS) via a crafted UE Context Modification response.

CVSS: 6.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2025-30358

Mesop is a Python-based UI framework that allows users to build web applications. A class pollution vulnerability in Mesop prior to version 0.14.1 allows attackers to overwrite global variables and c…

CVSS: 8.1 CWE: CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes View on NVD
Medium

CVE-2025-29496

libming v0.4.8 was discovered to contain a segmentation fault via the decompileDUPLICATECLIP function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SWF file.

CVSS: 6.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2025-29494

libming v0.4.8 was discovered to contain a segmentation fault via the decompileGETMEMBER function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SWF file.

CVSS: 6.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2025-29493

libming v0.4.8 was discovered to contain a segmentation fault via the decompileGETPROPERTY function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SWF file.

CVSS: 6.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2025-29491

An allocation-size-too-big error in the parseSWF_DEFINEBINARYDATA function of libming v0.48 allows attackers to cause a Denial of Service (DoS) via supplying a crafted SWF file.

CVSS: 6.5 CWE: CWE-789 - Memory Allocation with Excessive Size Value View on NVD
Medium

CVE-2025-29490

libming v0.4.8 was discovered to contain a segmentation fault via the decompileCALLMETHOD function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SWF file.

CVSS: 6.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2025-29487

An out-of-memory error in the parseABC_STRING_INFO function of libming v0.4.8 allows attackers to cause a Denial of Service (DoS) due to allocator exhaustion.

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2025-29485

libming v0.4.8 was discovered to contain a segmentation fault via the decompileRETURN function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SWF file.

CVSS: 6.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2025-29484

An out-of-memory error in the parseABC_NS_SET_INFO function of libming v0.4.8 allows attackers to cause a Denial of Service (DoS) due to allocator exhaustion.

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2025-03-26
Low

CVE-2025-31160

atop through 2.11.0 allows local users to cause a denial of service (e.g., assertion failure and application exit) or possibly have unspecified other impact by running certain types of unprivileged p…

CVSS: 2.9 CWE: CWE-617 - Reachable Assertion View on NVD
Medium

CVE-2024-55963

An issue was discovered in Appsmith before 1.51. A user on Appsmith that doesn't have admin permissions can trigger the restart API on Appsmith, causing a server restart. This is still within the App…

CVSS: 6.5 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2024-13801

The BWL Advanced FAQ Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'baf_set_notice_stat…

CVSS: 8.1 CWE: CWE-862 - Missing Authorization View on NVD
2025-03-25
High

CVE-2025-25374

In NASA cFS (Core Flight System) Aquila, it is possible to put the onboard software in a state that will prevent the launch of any external application, causing a platform denial of service.

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2025-30118

An issue was discovered on the Audi Universal Traffic Recorder 2.88. It has Susceptibility to denial of service. It uses the same default credentials for all devices and does not implement proper mul…

CVSS: 7.5 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
Medium

CVE-2024-10037

A vulnerability exists in the RTU500 web server component that can cause a denial of service to the RTU500 CMU application if a specially crafted message sequence is executed on a WebSocket connectio…

CVSS: 4.4 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2025-2559

A flaw was found in Keycloak. When the configuration uses JWT tokens for authentication, the tokens are cached until expiration. If a client uses JWT tokens with an excessively long expiration time,…

CVSS: 4.9 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2024-45484

An Allocation of Resources Without Limits or Throttling vulnerability in the operating system network configuration used in B&R APROL <4.4-00P5 may allow an unauthenticated adjacent attacker to per-f…

CVSS: 7.2 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2025-24513

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller featur…

CVSS: 4.8 CWE: CWE-20 - Improper Input Validation View on NVD
2025-03-24
High

CVE-2025-29313

Use of incorrectly resolved name or reference in OpenDaylight Service Function Chaining (SFC) Subproject SFC Sodium-SR4 and below allows attackers to cause a Denial of Service (DoS).

CVSS: 7.5 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
2025-03-20
High

CVE-2025-30160

Redlib is an alternative private front-end to Reddit. A vulnerability has been identified in Redlib where an attacker can cause a denial-of-service (DOS) condition by submitting a specially crafted b…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2025-29218

Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow in the wifiPwd parameter at /goform/setModules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a cra…

CVSS: 6.5 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
Medium

CVE-2025-29217

Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow in the wifiSSID parameter at /goform/setModules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a cr…

CVSS: 6.5 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2025-1451

A vulnerability in parisneo/lollms-webui v13 arises from the server's handling of multipart boundaries in file uploads. The server does not limit or validate the length of the boundary or the charact…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2025-0453

In mlflow/mlflow version 2.17.2, the `/graphql` endpoint is vulnerable to a denial of service attack. An attacker can create large batches of queries that repeatedly request all runs from a given exp…

CVSS: 7.5 CWE: CWE-410 - Insufficient Resource Pool View on NVD
High

CVE-2025-0317

A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to upload and create a customized GGUF model file on the Ollama server. This can lead to a division by zero error in the ggu…

CVSS: 7.5 CWE: CWE-369 - Divide By Zero View on NVD
High

CVE-2025-0315

A vulnerability in ollama/ollama <=0.3.14 allows a malicious user to create a customized GGUF model file, upload it to the Ollama server, and create it. This can cause the server to allocate unlimite…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2025-0312

A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to create a customized GGUF model file that, when uploaded and created on the Ollama server, can cause a crash due to an unc…

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2025-0191

A Denial of Service (DoS) vulnerability exists in the file upload feature of gaizhenbiao/chuanhuchatgpt version 20240914. The vulnerability is due to improper handling of form-data with a large filen…

CVSS: 6.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2025-0190

In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of `Text` objects and then querying them simultaneously through the web API, the Aim web server…

CVSS: 7.5 CWE: CWE-1049 - Excessive Data Query Operations in a Large Data Table View on NVD
High

CVE-2025-0189

In version 3.25.0 of aimhubio/aim, the tracking server is vulnerable to a denial of service attack. The server overrides the maximum size for websocket messages, allowing very large images to be trac…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2025-0187

A Denial of Service (DoS) vulnerability was discovered in the file upload feature of gradio-app/gradio version 0.39.1. The vulnerability is due to improper handling of form-data with a large filename…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2025-0182

A vulnerability in danswer-ai/danswer version 0.9.0 allows for denial of service through memory exhaustion. The issue arises from the use of a vulnerable version of the starlette package (<=0.49) via…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2024-9437

SuperAGI version v0.0.14 is vulnerable to an unauthenticated Denial of Service (DoS) attack. The vulnerability exists in the resource upload request, where appending characters, such as dashes (-), t…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2024-9363

An unauthorized file deletion vulnerability exists in the latest version of the Polyaxon platform, which can lead to denial of service by terminating critical containers. An attacker can delete impor…

CVSS: 7.5 CWE: CWE-23 - Relative Path Traversal View on NVD
High

CVE-2024-9340

A Denial of Service (DoS) vulnerability in zenml-io/zenml version 0.66.0 allows unauthenticated attackers to cause excessive resource consumption by sending malformed multipart requests with arbitrar…

CVSS: 7.5 CWE: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop') View on NVD
High

CVE-2024-9229

A Denial of Service (DoS) vulnerability in the file upload feature of stangirard/quivr v0.0.298 allows unauthenticated attackers to cause excessive resource consumption by appending characters to the…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2024-9056

BentoML version v1.3.4post1 is vulnerable to a Denial of Service (DoS) attack. The vulnerability can be exploited by appending characters, such as dashes (-), to the end of a multipart boundary in an…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2024-8998

A Regular Expression Denial of Service (ReDoS) vulnerability exists in lunary-ai/lunary version git f07a845. The server uses the regex /{.*?}/ to match user-controlled strings. In the default JavaScr…

CVSS: 7.5 CWE: CWE-1333 - Inefficient Regular Expression Complexity View on NVD
High

CVE-2024-8984

A Denial of Service (DoS) vulnerability exists in berriai/litellm version v1.44.5. This vulnerability can be exploited by appending characters, such as dashes (-), to the end of a multipart boundary…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2024-8966

A vulnerability in the file upload process of gradio-app/gradio version @gradio/[email protected] allows for a Denial of Service (DoS) attack. An attacker can append a large number of characters to the en…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2024-8789

Lunary-ai/lunary version git 105a3f6 is vulnerable to a Regular Expression Denial of Service (ReDoS) attack. The application allows users to upload their own regular expressions, which are then execu…

CVSS: 7.5 CWE: CWE-1333 - Inefficient Regular Expression Complexity View on NVD