Total
2085 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-53636 | 2025-07-15 | N/A | 5.4 MEDIUM | ||
| Open OnDemand is an open-source HPC portal. Users can flood logs by interacting with the shell app and generating many errors. Users who flood logs can create very large log files causing a Denial of Service (DoS) to the ondemand system. This vulnerability is fixed in 3.1.14 and 4.0.6. | |||||
| CVE-2025-7579 | 2025-07-15 | 4.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability was found in chinese-poetry 0.1. It has been rated as problematic. This issue affects some unknown processing of the file rank/server.js. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-9437 | 1 Superagi | 1 Superagi | 2025-07-14 | N/A | 7.5 HIGH |
| SuperAGI version v0.0.14 is vulnerable to an unauthenticated Denial of Service (DoS) attack. The vulnerability exists in the resource upload request, where appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request causes the server to continuously process each character. This leads to excessive resource consumption and renders the service unavailable. The issue is unauthenticated and does not require any user interaction, impacting all users of the service. | |||||
| CVE-2024-12070 | 1 Hliu | 1 Large Language And Vision Assistant | 2025-07-14 | N/A | 7.5 HIGH |
| A Denial of Service (DoS) vulnerability exists in the file upload feature of haotian-liu/llava, specifically in Release v1.2.0 (LLaVA-1.6). The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sending a payload with an excessively large filename, the server becomes overwhelmed and unresponsive, leading to unavailability for legitimate users. This issue can be exploited without authentication, making it highly scalable and increasing the risk of exploitation. | |||||
| CVE-2024-11033 | 1 Binary-husky | 1 Gpt Academic | 2025-07-14 | N/A | 6.5 MEDIUM |
| A Denial of Service (DoS) vulnerability exists in the file upload feature of binary-husky/gpt_academic version 3.83. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this vulnerability by sending a payload with an excessively large filename, causing the server to become overwhelmed and unavailable for legitimate users. | |||||
| CVE-2024-10549 | 1 H2o | 1 H2o | 2025-07-14 | N/A | 7.5 HIGH |
| A vulnerability in the `/3/Parse` endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service (DoS) attack. The endpoint uses a user-specified string to construct a regular expression, which is then applied to another user-specified string. By sending multiple simultaneous requests, an attacker can exhaust all available threads, leading to a complete denial of service. | |||||
| CVE-2024-10572 | 1 H2o | 1 H2o | 2025-07-14 | N/A | 7.5 HIGH |
| In h2oai/h2o-3 version 3.46.0.1, the `run_tool` command exposes classes in the `water.tools` package through the `ast` parser. This includes the `XGBoostLibExtractTool` class, which can be exploited to shut down the server and write large files to arbitrary directories, leading to a denial of service. | |||||
| CVE-2024-10650 | 1 Gaizhenbiao | 1 Chuanhuchatgpt | 2025-07-14 | N/A | 7.5 HIGH |
| An unauthenticated Denial of Service (DoS) vulnerability was identified in ChuanhuChatGPT version 20240918, which could be exploited by sending large data payloads using a multipart boundary. Although a patch was applied for CVE-2024-7807, the issue can still be exploited by sending data in groups with 10 characters in a line, with multiple lines. This can cause the system to continuously process these characters, resulting in prolonged unavailability of the service. The exploitation now requires low privilege if authentication is enabled due to a version upgrade in Gradio. | |||||
| CVE-2024-5208 | 1 Mintplexlabs | 1 Anythingllm | 2025-07-12 | N/A | 6.5 MEDIUM |
| An uncontrolled resource consumption vulnerability exists in the `upload-link` endpoint of mintplex-labs/anything-llm. This vulnerability allows attackers to cause a denial of service (DOS) by shutting down the server through sending invalid upload requests. Specifically, the server can be made to shut down by sending an empty body with a 'Content-Length: 0' header or by sending a body with arbitrary content, such as 'asdasdasd', with a 'Content-Length: 9' header. The vulnerability is reproducible by users with at least a 'Manager' role, sending a crafted request to any workspace. This issue indicates that a previous fix was not effective in mitigating the vulnerability. | |||||
| CVE-2024-10225 | 1 Hliu | 1 Llava | 2025-07-11 | N/A | 7.5 HIGH |
| A vulnerability in haotian-liu/llava v1.2.0 allows an attacker to cause a Denial of Service (DoS) by appending a large number of characters to the end of a multipart boundary in a file upload request. This causes the server to continuously process each character, rendering the application inaccessible. | |||||
| CVE-2025-26481 | 1 Dell | 1 Powerscale Onefs | 2025-07-11 | N/A | 7.5 HIGH |
| Dell PowerScale OneFS, versions 9.4.0.0 through 9.9.0.0, contains an uncontrolled resource consumption vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to denial of service. | |||||
| CVE-2025-20162 | 1 Cisco | 1 Ios Xe | 2025-07-11 | N/A | 8.6 HIGH |
| A vulnerability in the DHCP snooping security feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a full interface queue wedge, which could result in a denial of service (DoS) condition. This vulnerability is due to improper handling of DHCP request packets. An attacker could exploit this vulnerability by sending DHCP request packets to an affected device. A successful exploit could allow the attacker to cause packets to wedge in the queue, creating a DoS condition for downstream devices of the affected system and requiring that the system restart to drain the queue. Note: This vulnerability can be exploited with either unicast or broadcast DHCP packets on a VLAN that does not have DHCP snooping enabled. | |||||
| CVE-2024-47554 | 2 Apache, Netapp | 8 Commons Io, Active Iq Unified Manager, Bluexp and 5 more | 2025-07-10 | N/A | 4.3 MEDIUM |
| Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue. | |||||
| CVE-2018-9447 | 1 Google | 1 Android | 2025-07-10 | N/A | 5.5 MEDIUM |
| In onCreate of EmergencyCallbackModeExitDialog.java, there is a possible way to crash the emergency callback mode due to a missing null check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-5897 | 1 Vuejs | 1 Vue Cli | 2025-07-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markdown Code Handler. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. | |||||
| CVE-2025-5896 | 1 Taro | 1 Taro | 2025-07-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in tarojs taro up to 4.1.1. It has been declared as problematic. This vulnerability affects unknown code of the file taro/packages/css-to-react-native/src/index.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. Upgrading to version 4.1.2 is able to address this issue. The name of the patch is c2e321a8b6fc873427c466c69f41ed0b5e8814bf. It is recommended to upgrade the affected component. | |||||
| CVE-2025-5895 | 1 Metabase | 1 Metabase | 2025-07-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in Metabase 54.10. It has been classified as problematic. This affects the function parseDataUri of the file frontend/src/metabase/lib/dom.js. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The patch is named 4454ebbdc7719016bf80ca0f34859ce5cee9f6b0. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2025-5892 | 1 Rocket.chat | 1 Rocket.chat | 2025-07-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in RocketChat up to 7.6.1. This issue affects the function parseMessage of the file /apps/meteor/app/irc/server/servers/RFC2813/parseMessage.js. The manipulation of the argument line leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5891 | 1 Keymetric | 1 Pm2 | 2025-07-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as problematic was found in Unitech pm2 up to 6.0.6. This vulnerability affects unknown code of the file /lib/tools/Config.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-32724 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-10 | N/A | 7.5 HIGH |
| Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network. | |||||