Total
2693 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43789 | 1 Discourse | 1 Discourse | 2025-09-25 | N/A | 7.5 HIGH |
| Discourse is an open source platform for community discussion. A user can create a post with many replies, and then attempt to fetch them all at once. This can potentially reduce the availability of a Discourse instance. This problem has been patched in the latest version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2025-58157 | 1 Consensys | 1 Gnark | 2025-09-24 | N/A | 7.5 HIGH |
| gnark is a zero-knowledge proof system framework. In version 0.12.0, there is a potential denial of service vulnerability when computing scalar multiplication is using the fake-GLV algorithm. This is because the algorithm didn't converge quickly enough for some of the inputs. This issue has been patched in version 0.13.0. | |||||
| CVE-2024-53458 | 1 Sysax | 1 Multi Server | 2025-09-23 | N/A | 7.5 HIGH |
| Sysax Multi Server 6.99 is vulnerable to a denial of service (DoS) condition when processing specially crafted SSH packets. | |||||
| CVE-2025-56264 | 1 Zhyd | 1 Oneblog | 2025-09-23 | N/A | 7.5 HIGH |
| The /api/comment endpoint in zhangyd-c OneBlog 2.3.9 contains a denial-of-service vulnerability. | |||||
| CVE-2025-35432 | 1 Cisa | 1 Thorium | 2025-09-23 | N/A | 5.3 MEDIUM |
| CISA Thorium does not rate limit requests to send account verification email messages. A remote unauthenticated attacker can send unlimited messages to a user who is pending verification. Fixed in 1.1.1 by adding a rate limit set by default to 10 minutes. | |||||
| CVE-2024-50354 | 1 Consensys | 1 Gnark | 2025-09-23 | N/A | 5.5 MEDIUM |
| gnark is a fast zk-SNARK library that offers a high-level API to design circuits. In gnark 0.11.0 and earlier, deserialization of Groth16 verification keys allocate excessive memory, consuming a lot of resources and triggering a crash with the error fatal error: runtime: out of memory. | |||||
| CVE-2025-29907 | 1 Parall | 1 Jspdf | 2025-09-22 | N/A | 7.5 HIGH |
| jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.1, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitised image urls to the addImage method, a user can provide a harmful data-url that results in high CPU utilization and denial of service. Other affected methods are html and addSvgAsImage. The vulnerability was fixed in jsPDF 3.0.1. | |||||
| CVE-2024-33259 | 1 Jerryscript | 1 Jerryscript | 2025-09-22 | N/A | 5.5 MEDIUM |
| Jerryscript commit cefd391 was discovered to contain a segmentation violation via the component scanner_seek at jerry-core/parser/js/js-scanner-util.c. | |||||
| CVE-2024-53693 | 1 Qnap | 2 Qts, Quts Hero | 2025-09-20 | N/A | 7.1 HIGH |
| An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.2.3.3006 build 20250108 and later | |||||
| CVE-2025-29898 | 1 Qnap | 1 Qsync Central | 2025-09-19 | N/A | 6.5 MEDIUM |
| An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later | |||||
| CVE-2024-21914 | 1 Rockwellautomation | 1 Factorytalk View | 2025-09-19 | N/A | 5.3 MEDIUM |
| A vulnerability exists in the affected product that allows a malicious user to restart the Rockwell Automation PanelView™ Plus 7 terminal remotely without security protections. If the vulnerability is exploited, it could lead to the loss of view or control of the PanelView™ product. | |||||
| CVE-2024-35799 | 1 Linux | 1 Linux Kernel | 2025-09-19 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Prevent crash when disable stream [Why] Disabling stream encoder invokes a function that no longer exists. [How] Check if the function declaration is NULL in disable stream encoder. | |||||
| CVE-2024-25398 | 1 Srelay Project | 1 Srelay | 2025-09-18 | N/A | 7.5 HIGH |
| In Srelay (the SOCKS proxy and Relay) v.0.4.8p3, a specially crafted network payload can trigger a denial of service condition and disrupt the service. | |||||
| CVE-2024-54113 | 1 Huawei | 1 Harmonyos | 2025-09-18 | N/A | 6.5 MEDIUM |
| Process residence vulnerability in abnormal scenarios in the print module Impact: Successful exploitation of this vulnerability may affect power consumption. | |||||
| CVE-2024-51513 | 1 Huawei | 1 Harmonyos | 2025-09-18 | N/A | 5.5 MEDIUM |
| Vulnerability of processes not being fully terminated in the VPN module Impact: Successful exploitation of this vulnerability will affect power consumption. | |||||
| CVE-2025-59139 | 1 Hono | 1 Hono | 2025-09-17 | N/A | 5.3 MEDIUM |
| Hono is a Web application framework that provides support for any JavaScript runtime. In versions prior to 4.9.7, a flaw in the `bodyLimit` middleware could allow bypassing the configured request body size limit when conflicting HTTP headers were present. The middleware previously prioritized the `Content-Length` header even when a `Transfer-Encoding: chunked` header was also included. According to the HTTP specification, `Content-Length` must be ignored in such cases. This discrepancy could allow oversized request bodies to bypass the configured limit. Most standards-compliant runtimes and reverse proxies may reject such malformed requests with `400 Bad Request`, so the practical impact depends on the runtime and deployment environment. If body size limits are used as a safeguard against large or malicious requests, this flaw could allow attackers to send oversized request bodies. The primary risk is denial of service (DoS) due to excessive memory or CPU consumption when handling very large requests. The implementation has been updated to align with the HTTP specification, ensuring that `Transfer-Encoding` takes precedence over `Content-Length`. The issue is fixed in Hono v4.9.7, and all users should upgrade immediately. | |||||
| CVE-2024-27354 | 2 Debian, Phpseclib | 2 Debian Linux, Phpseclib | 2025-09-15 | N/A | 7.5 HIGH |
| An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can construct a malformed certificate containing an extremely large prime to cause a denial of service (CPU consumption for an isPrime primality check). NOTE: this issue was introduced when attempting to fix CVE-2023-27560. | |||||
| CVE-2024-27355 | 2 Debian, Phpseclib | 2 Debian Linux, Phpseclib | 2025-09-15 | N/A | 7.5 HIGH |
| An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service (CPU consumption for decodeOID). | |||||
| CVE-2025-54796 | 1 9001 | 1 Copyparty | 2025-09-12 | N/A | 7.5 HIGH |
| Copyparty is a portable file server. Versions prior to 1.18.9, the filter parameter for the "Recent Uploads" page allows arbitrary RegExes. If this feature is enabled (which is the default), an attacker can craft a filter which deadlocks the server. This is fixed in version 1.18.9. | |||||
| CVE-2025-9308 | 1 Yarnpkg | 1 Yarn | 2025-09-12 | 1.7 LOW | 3.3 LOW |
| A vulnerability has been found in yarnpkg Yarn up to 1.22.22. This impacts the function setOptions of the file src/util/request-manager.js. Such manipulation leads to inefficient regular expression complexity. Local access is required to approach this attack. This vulnerability only affects products that are no longer supported by the maintainer. | |||||