CVE Daily
← All tags

Tag: Denial of Service (DoS)

All CVEs associated with "Denial of Service (DoS)". Page 1/6 • 612 CVEs.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2025-08-18
High

CVE-2025-55588

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the fw_ip parameter at /boafrm/formPortFw. This vulnerability allows attackers to cause a Denial of Service (DoS)…

CVSS: 7.5 CWE: CWE-400
Read more
High

CVE-2025-55587

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the hostname parameter at /boafrm/formMapDelDevice. This vulnerability allows attackers to cause a Denial of Servi…

CVSS: 7.5 CWE: CWE-400
Read more
High

CVE-2025-55586

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the url parameter at /boafrm/formFilter. This vulnerability allows attackers to cause a Denial of Service (DoS) vi…

CVSS: 7.5 CWE: CWE-400
Read more
High

CVE-2025-33090

IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to cause a denial of service using a specially crafted regular expression that would cause excessive resource consumption.

CVSS: 7.5 CWE: CWE-1333
Read more
High

CVE-2025-5296

CWE-59: Improper Link Resolution Before File Access ('Link Following') vulnerability exists that could cause arbitrary data to be written to protected locations, potentially leading to escalation of…

CVSS: 7.3 CWE: CWE-59
Read more
High

CVE-2025-6625

CWE-20: Improper Input Validation vulnerability exists that could cause a Denial Of Service when specific crafted FTP command is sent to the device.

CVSS: 7.5 CWE: CWE-20
Read more
2025-08-16
Low

CVE-2025-38531

In the Linux kernel, the following vulnerability has been resolved: iio: common: st_sensors: Fix use of uninitialize device structs Throughout the various probe functions &indio_dev->dev is used be…

CVSS: N/A CWE: N/A
Read more
2025-08-15
Medium

CVE-2025-54989

Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, and 5.0.3, there is an XDR message parsing NULL pointer dereference denial-of-service vulnerability in Firebird. This specific flaw…

CVSS: 5.3 CWE: CWE-476
Read more
2025-08-14
Medium

CVE-2025-31987

HCL Connections Docs may mishandle validation of certain uploaded documents leading to denial of service due to resource exhaustion.

CVSS: 4.8 CWE: CWE-405
Read more
Medium

CVE-2025-50861

The Lotus Cars Android app (com.lotus.carsdomestic.intl) 1.2.8 contains an exported component, PushDeepLinkActivity, which is accessible without authentication via ADB or malicious apps. This poses a…

CVSS: 6.5 CWE: CWE-284
Read more
Medium

CVE-2025-21110

Dell Data Lakehouse, versions prior to 1.5.0.0, contains an Execution with Unnecessary Privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerabil…

CVSS: 6.7 CWE: CWE-250
Read more
High

CVE-2025-20263

A vulnerability in the web services interface of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticate…

CVSS: 8.6 CWE: CWE-680
Read more
Medium

CVE-2025-20254

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow…

CVSS: 5.8 CWE: CWE-401
Read more
High

CVE-2025-20253

A vulnerability in the IKEv2 feature of Cisco IOS Software, IOS XE Software, Secure Firewall ASA Software, and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device…

CVSS: 8.6 CWE: CWE-835
Read more
Medium

CVE-2025-20252

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow…

CVSS: 5.8 CWE: CWE-401
Read more
High

CVE-2025-20251

A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authen…

CVSS: 8.5 CWE: CWE-1287
Read more
High

CVE-2025-20244

A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow a remote…

CVSS: 7.7 CWE: CWE-1287
Read more
High

CVE-2025-20243

A vulnerability in the management and VPN web servers of Cisco Secure Firewall ASA Software and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device to reload unexp…

CVSS: 8.6 CWE: CWE-835
Read more
High

CVE-2025-20239

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco IOS Software, IOS XE Software, Secure Firewall Adaptive Security Appliance (ASA) Software, and Secure Firewall Threat D…

CVSS: 8.6 CWE: CWE-401
Read more
Medium

CVE-2025-20225

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco IOS Software, IOS XE Software, Secure Firewall Adaptive Security Appliance (ASA) Software, and Secure Firewall Threat D…

CVSS: 5.8 CWE: CWE-401
Read more
Medium

CVE-2025-20224

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow…

CVSS: 5.8 CWE: CWE-401
Read more
High

CVE-2025-20222

A vulnerability in the RADIUS proxy feature for the IPsec VPN feature of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could…

CVSS: 8.6 CWE: CWE-120
Read more
High

CVE-2025-20217

A vulnerability in the packet inspection functionality of the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause…

CVSS: 8.6 CWE: CWE-835
Read more
High

CVE-2025-20136

A vulnerability in the function that performs IPv4 and IPv6 Network Address Translation (NAT) DNS inspection for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Fire…

CVSS: 8.6 CWE: CWE-835
Read more
Medium

CVE-2025-20135

A vulnerability in the DHCP client functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthentic…

CVSS: 4.3 CWE: CWE-401
Read more
High

CVE-2025-20134

A vulnerability in the certificate processing of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticate…

CVSS: 8.6 CWE: CWE-415
Read more
High

CVE-2025-20133

A vulnerability in the management and VPN web servers of the Remote Access SSL VPN feature of Cisco Secure Firewall ASA Software and Secure FTD Software could allow an unauthenticated, remote attacke…

CVSS: 8.6 CWE: CWE-401
Read more
High

CVE-2025-20127

A vulnerability in the TLS 1.3 implementation for a specific cipher for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software for Ci…

CVSS: 7.7 CWE: CWE-404
Read more
Medium

CVE-2025-54409

AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability in AIDE. An attacker can crash the program during report printing…

CVSS: 6.2 CWE: CWE-476
Read more
Medium

CVE-2025-36047

IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerabil…

CVSS: 5.3 CWE: CWE-770
Read more
Medium

CVE-2023-43694

An issue was discovered in Malwarebytes 4.6.14.326 and before and 5.1.5.116 and before (and Nebula 2020-10-21 and later). An Out of bounds read in several disassembling utilities causes stability iss…

CVSS: 5.2 CWE: CWE-125
Read more
Medium

CVE-2025-26484

Dell CloudLink, versions 8.0 through 8.1.1, contains an Improper Restriction of XML External Entity Reference vulnerability. A high privileged attacker with remote access could potentially exploit th…

CVSS: 5.5 CWE: CWE-611
Read more
2025-08-13
Medium

CVE-2025-55194

Part-DB is an open source inventory management system for electronic components. Prior to version 1.17.3, any authenticated user can upload a profile picture with a misleading file extension (e.g., .…

CVSS: 5.7 CWE: CWE-248
Read more
High

CVE-2025-50617

A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_0046ed68 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value…

CVSS: 7.5 CWE: CWE-122
Read more
High

CVE-2025-50616

A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_0046f984 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value…

CVSS: 7.5 CWE: CWE-120
Read more
High

CVE-2025-50615

A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00470c50 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value…

CVSS: 7.5 CWE: CWE-400
Read more
Medium

CVE-2025-2937

An issue has been discovered in GitLab CE/EE affecting all versions from 13.2 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to create a denial…

CVSS: 6.5 CWE: CWE-1333
Read more
Medium

CVE-2025-2614

An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an authenticated user to cause a denial…

CVSS: 6.5 CWE: CWE-770
Read more
High

CVE-2025-23294

NVIDIA WebDataset for all platforms contains a vulnerability where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalat…

CVSS: 7.8 CWE: CWE-78
Read more
Medium

CVE-2025-1477

An issue has been discovered in GitLab CE/EE affecting all versions from 8.14 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an unauthenticated user to create a den…

CVSS: 6.5 CWE: CWE-770
Read more
High

CVE-2024-5477

A potential security vulnerability has been identified in the System BIOS for some HP PC products which may allow escalation of privilege, arbitrary code execution, denial of service, or information…

CVSS: 7.3 CWE: CWE-1256
Read more
High

CVE-2025-50614

A buffer overflow vulnerability has been discovered in the Netis WF2880 v2.1.40207 in the FUN_0047151c function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the va…

CVSS: 7.5 CWE: CWE-120
Read more
High

CVE-2025-50613

A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00475e1c function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value…

CVSS: 7.5 CWE: CWE-120
Read more
High

CVE-2025-50612

A buffer overflow vulnerability has been discovered in the Netis WF2880 v2.1.40207 in the FUN_004743f8 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the va…

CVSS: 7.5 CWE: CWE-120
Read more
High

CVE-2025-50611

A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00473154 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value…

CVSS: 7.5 CWE: CWE-120
Read more
High

CVE-2025-50610

A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00476598 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value…

CVSS: 7.5 CWE: CWE-120
Read more
High

CVE-2025-50609

A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the Function_00465620 of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of s…

CVSS: 7.5 CWE: CWE-120
Read more
High

CVE-2025-50608

A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00471994 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value…

CVSS: 7.5 CWE: CWE-120
Read more
High

CVE-2025-55163

Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the…

CVSS: 8.2 CWE: CWE-770
Read more
Medium

CVE-2025-54500

An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HTTP/2 MadeYouReset Attack).  Note: Softw…

CVSS: 5.3 CWE: CWE-770
Read more
High

CVE-2025-50635

A null pointer dereference vulnerability was discovered in Netis WF2780 v2.2.35445. The vulnerability exists in the FUN_0048a728 function of the cgitest.cgi file. Attackers can trigger this vulnerabi…

CVSS: 7.5 CWE: CWE-476
Read more
Medium

CVE-2025-55160

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, there is undefined behavior (function-type-mismatch) in splay t…

CVSS: 6.1 CWE: CWE-758
Read more
High

CVE-2025-8671

A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may result in excessive server resource con…

CVSS: 7.5 CWE: CWE-404
Read more
High

CVE-2025-8761

A vulnerability has been found in INSTAR 2K+ and 4K 3.11.1 Build 1124. This vulnerability affects unknown code of the component Backend IPC Server. The manipulation leads to denial of service. The at…

CVSS: 7.5 CWE: CWE-404
Read more
Critical

CVE-2025-7384

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization of untrusted input…

CVSS: 9.8 CWE: CWE-502
Read more
2025-08-12
Low

CVE-2025-27707

Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potential…

CVSS: 2.6 CWE: CWE-200
Read more
Low

CVE-2025-27576

Uncontrolled resource consumption for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an unauthenticated user to potentially enable denial of ser…

CVSS: 2.9 CWE: CWE-400
Read more
Low

CVE-2025-27250

Uncontrolled resource consumption for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable denial of servi…

CVSS: 3.5 CWE: CWE-400
Read more
Low

CVE-2025-26863

Uncontrolled resource consumption in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable denial of service.

CVSS: 3.8 CWE: CWE-400
Read more
Low

CVE-2025-26697

Uncontrolled resource consumption in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable denial of service.

CVSS: 3.3 CWE: CWE-400
Read more
Medium

CVE-2025-26472

Uncontrolled resource consumption for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable denial of servi…

CVSS: 5.7 CWE: CWE-400
Read more
Medium

CVE-2025-24835

Protection mechanism failure in the Intel(R) Graphics Driver for the Intel(R) Arc(TM) B-Series graphics before version 32.0.101.6737 may allow an authenticated user to potentially enable denial of se…

CVSS: 6.5 CWE: CWE-693
Read more
Low

CVE-2025-24523

Protection mechanism failure for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable denial of service vi…

CVSS: 3.5 CWE: CWE-693
Read more
Medium

CVE-2025-24515

NULL pointer dereference for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable denial of service via local access.

CVSS: 6.5 CWE: CWE-476
Read more
Medium

CVE-2025-24313

Improper access control for some Device Plugins for Kubernetes software maintained by Intel before version 0.32.0 may allow a privileged user to potentially enable denial of service via local access.

CVSS: 4.4 CWE: CWE-284
Read more
Medium

CVE-2025-24296

Improper input validation in some firmware for the Intel(R) E810 Ethernet before version 4.6 may allow a privileged user to enable denial of service via local access.

CVSS: 6.0 CWE: CWE-20
Read more
High

CVE-2025-23241

Integer overflow or wraparound in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable denial of service via…

CVSS: 7.3 CWE: CWE-190
Read more
Medium

CVE-2025-21090

Missing reference to active allocated resource for some Intel(R) Xeon(R) processors may allow an authenticated user to potentially enable denial of service via local access.

CVSS: 6.5 CWE: CWE-771
Read more
High

CVE-2025-20625

Improper conditions check for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.110.0.5 may allow an unauthenticated user to potentially enable denial of service via adjacent…

CVSS: 7.4 CWE: CWE-754
Read more
Medium

CVE-2025-20090

Untrusted Pointer Dereference for some Intel(R) QuickAssist Technology software before version 2.5.0 may allow an authenticated user to potentially enable denial of service via local access.

CVSS: 5.5 CWE: CWE-822
Read more
Medium

CVE-2025-20077

Missing release of memory after effective lifetime in the UEFI OobRasMmbiHandlerDriver module for some Intel(R) reference server platforms may allow a privileged user to enable denial of service via…

CVSS: 5.3 CWE: CWE-401
Read more
Medium

CVE-2025-20025

Uncontrolled recursion for some TinyCBOR libraries maintained by Intel(R) before version 0.6.1 may allow an authenticated user to potentially enable denial of service via local access.

CVSS: 4.4 CWE: CWE-674
Read more
Medium

CVE-2025-54864

Hydra is a continuous integration service for Nix based projects. Prior to commit f7bda02, /api/push-github and /api/push-gitea are called by the corresponding forge without HTTP Basic authentication…

CVSS: 6.9 CWE: CWE-306
Read more
Medium

CVE-2025-5466

XEE in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed…

CVSS: 4.9 CWE: CWE-776
Read more
High

CVE-2025-5462

A heap-based buffer overflow in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access befo…

CVSS: 7.5 CWE: CWE-122
Read more
High

CVE-2025-5456

A buffer over-read vulnerability in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access b…

CVSS: 7.5 CWE: CWE-125
Read more
Medium

CVE-2024-38805

EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service.

CVSS: 6.3 CWE: CWE-190
Read more
Medium

CVE-2025-40766

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). The affected application runs docker containers without adequate resource and security limita…

CVSS: 5.5 CWE: CWE-400
Read more
Medium

CVE-2025-30034

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.3). Affected devices do not properly validate input sent to its listening port on the local loopback interface.…

CVSS: 6.2 CWE: CWE-617
Read more
High

CVE-2024-52504

A vulnerability has been identified in SIPROTEC 4 6MD61 (All versions), SIPROTEC 4 6MD63 (All versions), SIPROTEC 4 6MD66 (All versions), SIPROTEC 4 6MD665 (All versions), SIPROTEC 4 7SA522 (All vers…

CVSS: 7.5 CWE: CWE-754
Read more
Medium

CVE-2025-43736

A Denial Of Service via File Upload (DOS) vulnerability in the Liferay Portal 7.4.3.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.8, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 20…

CVSS: 6.9 CWE: CWE-770
Read more
2025-08-11
High

CVE-2025-54878

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight Sys…

CVSS: 8.6 CWE: CWE-122
Read more
Medium

CVE-2025-8865

The YugabyteDB tablet server contains a flaw in its YCQL query handling that can trigger a null pointer dereference when processing certain malformed inputs. An authenticated attacker could exploit t…

CVSS: 4.1 CWE: CWE-476
Read more
Low

CVE-2025-27562

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.

CVSS: 3.3 CWE: CWE-401
Read more
Low

CVE-2025-27536

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through type confusion.

CVSS: 3.3 CWE: CWE-843
Read more
Low

CVE-2025-26690

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.

CVSS: 3.3 CWE: CWE-476
Read more
Low

CVE-2025-25212

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through improper input.

CVSS: 3.3 CWE: CWE-20
Read more
Low

CVE-2025-24925

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.

CVSS: 3.3 CWE: CWE-401
Read more
Low

CVE-2025-24844

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.

CVSS: 3.3 CWE: CWE-401
Read more
2025-08-10
Medium

CVE-2025-8805

A vulnerability was determined in Open5GS up to 2.7.5. Affected by this issue is the function smf_gsm_state_wait_pfcp_deletion of the file src/smf/gsm-sm.c of the component SMF. The manipulation lead…

CVSS: 5.3 CWE: CWE-404
Read more
Medium

CVE-2025-8803

A vulnerability has been found in Open5GS up to 2.7.5. Affected is the function gmm_state_de_registered/gmm_state_exception of the file src/amf/gmm-sm.c of the component AMF. The manipulation leads t…

CVSS: 5.3 CWE: CWE-404
Read more
Medium

CVE-2025-8802

A vulnerability was determined in Open5GS up to 2.7.5. This vulnerability affects the function smf_state_operational of the file src/smf/smf-sm.c of the component SMF. The manipulation of the argumen…

CVSS: 5.3 CWE: CWE-404
Read more
Medium

CVE-2025-8801

A vulnerability was found in Open5GS up to 2.7.5. This affects the function gmm_state_exception of the file src/amf/gmm-sm.c of the component AMF. The manipulation leads to denial of service. It is p…

CVSS: 5.3 CWE: CWE-404
Read more
Medium

CVE-2025-8800

A vulnerability has been found in Open5GS up to 2.7.5. Affected by this issue is the function esm_handle_pdn_connectivity_request of the file src/mme/esm-handler.c of the component AMF Component. The…

CVSS: 5.3 CWE: CWE-404
Read more
Medium

CVE-2025-8799

A vulnerability was identified in Open5GS up to 2.7.5. Affected by this vulnerability is the function amf_npcf_am_policy_control_build_create/amf_nsmf_pdusession_build_create_sm_context of the file s…

CVSS: 5.3 CWE: CWE-404
Read more
2025-08-07
High

CVE-2025-54785

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.6 and 8.8.0, user-supplied input is not validated/sanitized before it is pa…

CVSS: 8.8 CWE: CWE-20
Read more
2025-08-06
High

CVE-2025-47908

Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers (ACRH) header whose value contains many commas. T…

CVSS: 7.5 CWE: N/A
Read more
Medium

CVE-2025-23335

NVIDIA Triton Inference Server for Windows and Linux and the Tensor RT backend contain a vulnerability where an attacker could cause an underflow by a specific model configuration and a specific inpu…

CVSS: 4.4 CWE: CWE-191
Read more
High

CVE-2025-23331

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause a memory allocation with excessive size value, leading to a segmentation fault, by providing an…

CVSS: 7.5 CWE: CWE-789
Read more
High

CVE-2025-23327

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an integer overflow through specially crafted inputs. A successful exploit of this vulnerab…

CVSS: 7.5 CWE: CWE-190
Read more
High

CVE-2025-23326

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an integer overflow through a specially crafted input. A successful exploit of this vulnera…

CVSS: 7.5 CWE: CWE-680
Read more
High

CVE-2025-23325

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause uncontrolled recursion through a specially crafted input. A successful exploit of this vuln…

CVSS: 7.5 CWE: CWE-674
Read more
High

CVE-2025-23324

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause an integer overflow or wraparound, leading to a segmentation fault, by providing an invalid req…

CVSS: 7.5 CWE: CWE-190
Read more
High

CVE-2025-23323

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause an integer overflow or wraparound, leading to a segmentation fault, by providing an invalid requ…

CVSS: 7.5 CWE: CWE-190
Read more
High

CVE-2025-23322

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where multiple requests could cause a double free when a stream is cancelled before it is processed. A successful exploit…

CVSS: 7.5 CWE: CWE-415
Read more
High

CVE-2025-23321

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause a divide by zero issue by issuing an invalid request. A successful exploit of this vulnerability…

CVSS: 7.5 CWE: CWE-369
Read more
High

CVE-2025-23319

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write by sending a request. A successful exploit of…

CVSS: 8.1 CWE: CWE-805
Read more
High

CVE-2025-23318

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability m…

CVSS: 8.1 CWE: CWE-805
Read more
Critical

CVE-2025-23317

NVIDIA Triton Inference Server contains a vulnerability in the HTTP server, where an attacker could start a reverse shell by sending a specially crafted HTTP request. A successful exploit of this vul…

CVSS: 9.1 CWE: CWE-122
Read more
Critical

CVE-2025-23311

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a stack overflow through specially crafted HTTP requests. A successful exploit of this vulnerability might lead t…

CVSS: 9.8 CWE: CWE-121
Read more
Critical

CVE-2025-23310

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause stack buffer overflow by specially crafted inputs. A successful exploit of this vulnerabili…

CVSS: 9.8 CWE: CWE-121
Read more
Medium

CVE-2025-5197

A Regular Expression Denial of Service (ReDoS) vulnerability exists in the Hugging Face Transformers library, specifically in the `convert_tf_weight_name_to_pt_weight_name()` function. This function,…

CVSS: 5.3 CWE: CWE-1333
Read more
High

CVE-2025-27073

Transient DOS while creating NDP instance.

CVSS: 7.5 CWE: CWE-617
Read more
High

CVE-2025-27066

Transient DOS while processing an ANQP message.

CVSS: 7.5 CWE: CWE-617
Read more
High

CVE-2025-27065

Transient DOS while processing a frame with malformed shared-key descriptor.

CVSS: 7.5 CWE: CWE-126
Read more
High

CVE-2025-21477

Transient DOS while processing CCCH data when NW sends data with invalid length.

CVSS: 7.5 CWE: CWE-20
Read more
High

CVE-2025-21452

Transient DOS while processing a random-access response (RAR) with an invalid PDU length on LTE network.

CVSS: 7.5 CWE: CWE-617
Read more
Medium

CVE-2025-7376

Windows Shortcut Following (.LNK) vulnerability in multiple processes of Mitsubishi Electric Iconics Digital Solutions GENESIS64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS ve…

CVSS: 5.9 CWE: CWE-64
Read more
High

CVE-2025-54884

Vision UI is a collection of enterprise-grade, dependency-free modules for modern web projects. In versions 1.4.0 and below, the generateSecureId and getSecureRandomInt functions in security-kit vers…

CVSS: 8.7 CWE: CWE-400
Read more
Medium

CVE-2025-54869

FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. In versions 2.6.2 and below, any application that uses FPDI to proce…

CVSS: 6.0 CWE: CWE-770
Read more