Total
1776 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-30658 | 1 Juniper | 18 Junos, Srx1500, Srx1600 and 15 more | 2026-06-17 | N/A | 7.5 HIGH |
| A Missing Release of Memory after Effective Lifetime vulnerability in the Anti-Virus processing of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On all SRX platforms with Anti-Virus enabled, if a server sends specific content in the HTTP body of a response to a client request, these packets are queued by Anti-Virus processing in Juniper Buffers (jbufs) which are never released. When these jbufs are exhausted, the device stops forwarding all transit traffic. A jbuf memory leak can be noticed from the following logs: (<node>.)<fpc> Warning: jbuf pool id <#> utilization level (<current level>%) is above <threshold>%! To recover from this issue, the affected device needs to be manually rebooted to free the leaked jbufs. This issue affects Junos OS on SRX Series: * all versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S10, * 22.2 versions before 22.2R3-S6, * 22.4 versions before 22.4R3-S6, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S3, * 24.2 versions before 24.2R2. | |||||
| CVE-2025-30647 | 1 Juniper | 11 Junos, Mx10004, Mx10008 and 8 more | 2026-06-17 | N/A | 6.5 MEDIUM |
| A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS). In a subscriber management scenario, login/logout activity triggers a memory leak, and the leaked memory gradually increments and eventually results in a crash. user@host> show chassis fpc Temp CPU Utilization (%) CPU Utilization (%) Memory Utilization (%) Slot State (C) Total Interrupt 1min 5min 15min DRAM (MB) Heap Buffer 2 Online 36 10 0 9 8 9 32768 26 0 This issue affects Junos OS on MX Series: * All versions before 21.2R3-S9 * from 21.4 before 21.4R3-S10 * from 22.2 before 22.2R3-S6 * from 22.4 before 22.4R3-S5 * from 23.2 before 23.2R2-S3 * from 23.4 before 23.4R2-S3 * from 24.2 before 24.2R2. | |||||
| CVE-2025-29910 | 1 Nasa | 1 Cryptolib | 2026-06-17 | N/A | 7.5 HIGH |
| CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. A memory leak vulnerability was identified in the `crypto_handle_incrementing_nontransmitted_counter` function of CryptoLib versions 1.3.3 and prior. This vulnerability can lead to resource exhaustion and degraded system performance over time, particularly in long-running processes or systems processing large volumes of data. The vulnerability is present in the `crypto_handle_incrementing_nontransmitted_counter` function within `crypto_tc.c`. The function allocates memory using `malloc` without ensuring the allocated memory is always freed. This issue can lead to resource exhaustion, reduced system performance, and potentially a Denial of Service (DoS) in environments where CryptoLib is used in long-running processes or with large volumes of data. Any system using CryptoLib, especially those handling high-throughput or continuous data streams, could be impacted. As of time of publication, no known patched versions are available. | |||||
| CVE-2025-29828 | 1 Microsoft | 6 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 and 3 more | 2026-06-17 | N/A | 8.1 HIGH |
| Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-29483 | 1 Libming | 1 Libming | 2026-06-17 | N/A | 6.5 MEDIUM |
| libming v0.4.8 was discovered to contain a memory leak via the parseSWF_ENABLEDEBUGGER2 function. | |||||
| CVE-2025-28164 | 1 Libpng | 1 Libpng | 2026-06-17 | N/A | 5.5 MEDIUM |
| Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_create_read_struct() function. | |||||
| CVE-2025-27562 | 1 Openatom | 1 Openharmony | 2026-06-17 | N/A | 3.3 LOW |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory. | |||||
| CVE-2025-27097 | 1 The-guild | 1 Graphql Mesh | 2026-06-17 | N/A | 7.5 HIGH |
| GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. When a user transforms on the root level or single source with transforms, and the client sends the same query with different variables, the initial variables are used in all following requests until the cache evicts DocumentNode. If a token is sent via variables, the following requests will act like the same token is sent even if the following requests have different tokens. This can cause a short memory leak but it won't grow per each request but per different operation until the cache evicts DocumentNode by LRU mechanism. | |||||
| CVE-2025-26311 | 1 Libming | 1 Libming | 2026-06-17 | N/A | 6.5 MEDIUM |
| Multiple memory leaks have been identified in the clip actions parsing functions (parseSWF_CLIPACTIONS and parseSWF_CLIPACTIONRECORD) in util/parser.c of libming v0.4.8, which allow attackers to cause a denial of service via a crafted SWF file. | |||||
| CVE-2025-26308 | 1 Libming | 1 Libming | 2026-06-17 | N/A | 6.5 MEDIUM |
| A memory leak has been identified in the parseSWF_FILTERLIST function in util/parser.c of libming v0.4.8, which allows attackers to cause a denial of service via a crafted SWF file. | |||||
| CVE-2025-26307 | 1 Libming | 1 Libming | 2026-06-17 | N/A | 6.5 MEDIUM |
| A memory leak has been identified in the parseSWF_IMPORTASSETS2 function in util/parser.c of libming v0.4.8, which allows attackers to cause a denial of service via a crafted SWF file. | |||||
| CVE-2025-26306 | 1 Libming | 1 Libming | 2026-06-17 | N/A | 6.5 MEDIUM |
| A memory leak has been identified in the readSizedString function in util/read.c of libming v0.4.8, which allows attackers to cause a denial of service via a crafted file. | |||||
| CVE-2025-25566 | 1 Softether | 1 Vpn | 2026-06-17 | N/A | 5.6 MEDIUM |
| Memory Leak vulnerability in SoftEtherVPN 5.02.5187 allows an attacker to cause a denial of service via the UnixMemoryAlloc function. NOTE: the Supplier disputes this because the behavior is limited to a single allocation of a few hundred bytes with a command-line tool. | |||||
| CVE-2025-25469 | 1 Ffmpeg | 1 Ffmpeg | 2026-06-17 | N/A | 6.5 MEDIUM |
| FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/iamf.c. | |||||
| CVE-2025-25199 | 2026-06-17 | N/A | 7.5 HIGH | ||
| go-crypto-winnative Go crypto backend for Windows using Cryptography API: Next Generation (CNG). Prior to commit f49c8e1379ea4b147d5bff1b3be5b0ff45792e41, calls to `cng.TLS1PRF` don't release the key handle, producing a small memory leak every time. Commit f49c8e1379ea4b147d5bff1b3be5b0ff45792e41 contains a fix for the issue. The fix is included in versions 1.23.6-2 and 1.22.12-2 of the Microsoft build of go, as well as in the pseudoversion 0.0.0-20250211154640-f49c8e1379ea of the `github.com/microsoft/go-crypto-winnative` Go package. | |||||
| CVE-2025-25057 | 1 Openatom | 1 Openharmony | 2026-06-17 | N/A | 3.3 LOW |
| in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory. | |||||
| CVE-2025-24925 | 1 Openatom | 1 Openharmony | 2026-06-17 | N/A | 3.3 LOW |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory. | |||||
| CVE-2025-24844 | 1 Openatom | 1 Openharmony | 2026-06-17 | N/A | 3.3 LOW |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory. | |||||
| CVE-2025-23165 | 2026-06-17 | N/A | 3.7 LOW | ||
| In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a corrupted pointer in `uv_fs_s.file`: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory growth, leading to a denial of service. Impact: * This vulnerability affects APIs relying on `ReadFileUtf8` on Node.js release lines: v20 and v22. | |||||
| CVE-2025-23160 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-06-17 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization On Mediatek devices with a system companion processor (SCP) the mtk_scp structure has to be removed explicitly to avoid a resource leak. Free the structure in case the allocation of the firmware structure fails during the firmware initialization. | |||||