Total
103 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-8870 | 2025-11-14 | N/A | 4.9 MEDIUM | ||
| On affected platforms running Arista EOS, certain serial console input might result in an unexpected reload of the device.153 | |||||
| CVE-2025-12423 | 1 Azure-access | 4 Blu-ic2, Blu-ic2 Firmware, Blu-ic4 and 1 more | 2025-11-07 | N/A | 7.5 HIGH |
| Protocol manipulation might lead to denial of service.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 . | |||||
| CVE-2024-28835 | 2025-11-04 | N/A | 5.0 MEDIUM | ||
| A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command. | |||||
| CVE-2025-20054 | 2025-11-03 | N/A | 6.5 MEDIUM | ||
| Uncaught exception in the core management mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2025-59462 | 1 Sick | 2 Tloc100-100, Tloc100-100 Firmware | 2025-11-03 | N/A | 6.5 MEDIUM |
| An attacker who tampers with the C++ CLI client may crash the UpdateService during file transfers, disrupting updates and availability. | |||||
| CVE-2025-59229 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2025-10-28 | N/A | 5.5 MEDIUM |
| Uncaught exception in Microsoft Office allows an unauthorized attacker to deny service locally. | |||||
| CVE-2024-49705 | 1 Softcom.wroc | 1 Iksoris | 2025-10-28 | N/A | 6.5 MEDIUM |
| Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to client-side Denial of Servise (DoS) attacks. An attacker might trick a user into using an URL with a d parameter set to an unhandled value. All the subsequent requests will not be accepted as the server returns an error message. Since this parameter is sent as part of a session cookie, the issue persists until the session expires or the user deletes cookies manually. Similar effect might be achieved when a user tries to change platform language to an unimplemented one. This vulnerability has been patched in version 79.0 | |||||
| CVE-2025-48430 | 2025-10-27 | N/A | 5.5 MEDIUM | ||
| Uncaught Exception (CWE-248) in the Command Centre Server allows an Authorized and Privileged Operator to crash the Command Centre Server at will. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 (MR2), 9.20 prior to vEL9.20.2819 (MR4), 9.10 prior to vEL9.10.3672 (MR7), 9.00 prior to vEL9.00.3831 (MR8), all versions of 8.90 and prior. | |||||
| CVE-2025-32944 | 1 Framasoft | 1 Peertube | 2025-10-21 | N/A | 6.5 MEDIUM |
| The vulnerability allows any authenticated user to cause the PeerTube server to stop functioning in a persistent manner. If user import is enabled (which is the default setting), any registered user can upload an archive for importing. The code uses the yauzl library for reading the archive. If the yauzl library encounters a filename that is considered illegal, it raises an exception that is uncaught by PeerTube, leading to a crash which repeats infinitely on startup. | |||||
| CVE-2025-62370 | 2025-10-16 | N/A | 7.5 HIGH | ||
| Alloy Core libraries at the root of the Rust Ethereum ecosystem. Prior to 0.8.26 and 1.4.1, an uncaught panic triggered by malformed input to alloy_dyn_abi::TypedData could lead to a denial-of-service (DoS) via eip712_signing_hash(). Software with high availability requirements such as network services may be particularly impacted. If in use, external auto-restarting mechanisms can partially mitigate the availability issues unless repeated attacks are possible. The vulnerability was patched by adding a check to ensure the element is not empty before accessing its first element; an error is returned if it is empty. The fix is included in version v1.4.1 and backported to v0.8.26. | |||||
| CVE-2024-8020 | 1 Lightningai | 1 Pytorch Lightning | 2025-10-15 | N/A | 7.5 HIGH |
| A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the `/api/v1/state` endpoint of `LightningApp`. This issue occurs due to improper handling of unexpected state values, which results in the server shutting down. | |||||
| CVE-2024-11172 | 1 Librechat | 1 Librechat | 2025-10-15 | N/A | 7.5 HIGH |
| A vulnerability in danny-avila/librechat version git a1647d7 allows an unauthenticated attacker to cause a denial of service by sending a crafted payload to the server. The middleware `checkBan` is not surrounded by a try-catch block, and an unhandled exception will cause the server to crash. This issue is fixed in version 0.7.6. | |||||
| CVE-2025-9124 | 2025-10-14 | N/A | N/A | ||
| A denial-of-service security issue in the affected product. The security issue stems from a fault occurring when a crafted CIP unconnected explicit message is sent. This can result in a major non-recoverable fault. | |||||
| CVE-2025-59538 | 1 Argoproj | 1 Argo Cd | 2025-10-07 | N/A | 7.5 HIGH |
| Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. For versions 2.9.0-rc1 through 2.14.19, 3.0.0-rc1 through 3.2.0-rc1, 3.1.6 and 3.0.17, when the webhook.azuredevops.username and webhook.azuredevops.password are not set in the default configuration, the /api/webhook endpoint crashes the entire argocd-server process when it receives an Azure DevOps Push event whose JSON array resource.refUpdates is empty. The slice index [0] is accessed without a length check, causing an index-out-of-range panic. A single unauthenticated HTTP POST is enough to kill the process. This issue is resolved in versions 2.14.20, 3.2.0-rc2, 3.1.8 and 3.0.19. | |||||
| CVE-2025-55553 | 1 Linuxfoundation | 1 Pytorch | 2025-10-03 | N/A | 7.5 HIGH |
| A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS). | |||||
| CVE-2025-55557 | 1 Linuxfoundation | 1 Pytorch | 2025-10-03 | N/A | 7.5 HIGH |
| A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS). | |||||
| CVE-2025-0648 | 1 M-files | 1 M-files Server | 2025-10-03 | N/A | 4.9 MEDIUM |
| Unexpected server crash in database driver in M-Files Server before 25.1.14445.5 and before 24.8 LTS SR3 allows a highly privileged attacker to cause denial of service via configuration change. | |||||
| CVE-2013-10065 | 1 Sysax | 1 Multi Server | 2025-10-02 | N/A | 7.5 HIGH |
| A denial-of-service vulnerability exists in Sysax Multi-Server version 6.10 via its SSH daemon. A specially crafted SSH key exchange packet can trigger a crash in the service, resulting in loss of availability. The flaw is triggered during the handling of malformed key exchange data, including a non-standard byte (\x28) in place of the expected SSH protocol delimiter. | |||||
| CVE-2024-52903 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2025-09-29 | N/A | 5.3 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows 12.1.0 and 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | |||||
| CVE-2025-3083 | 1 Mongodb | 1 Mongodb | 2025-09-22 | N/A | 7.5 HIGH |
| Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31, MongoDB v6.0 versions prior to 6.0.20 and MongoDB v7.0 versions prior to 7.0.16 | |||||