Total
1663 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-58343 | 1 Samsung | 22 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 19 more | 2026-02-09 | N/A | 5.5 MEDIUM |
| An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/create_tspec write operation, leading to kernel memory exhaustion. | |||||
| CVE-2025-68138 | 1 Linuxfoundation | 1 Libocpp | 2026-02-06 | N/A | 4.7 MEDIUM |
| EVerest is an EV charging software stack, and EVerest libocpp is a C++ implementation of the Open Charge Point Protocol. In libocpp prior to version 0.30.1, pointers returned by the `strdup` calls are never freed. At each connection attempt, the newly allocated memory area will be leaked, potentially causing memory exhaustion and denial of service. Version 0.30.1 fixes the issue. | |||||
| CVE-2025-68136 | 1 Linuxfoundation | 1 Everest | 2026-02-06 | N/A | 7.4 HIGH |
| EVerest is an EV charging software stack. Prior to version 2025.10.0, once the module receives a SDP request, it creates a whole new set of objects like `Session`, `IConnection` which open new TCP socket for the ISO15118-20 communications and registers callbacks for the created file descriptor, without closing and destroying the previous ones. Previous `Session` is not saved and the usage of an `unique_ptr` is lost, destroying connection data. Latter, if the used socket and therefore file descriptor is not the last one, it will lead to a null pointer dereference. Version 2025.10.0 fixes the issue. | |||||
| CVE-2025-68133 | 1 Linuxfoundation | 1 Everest | 2026-02-06 | N/A | 7.4 HIGH |
| EVerest is an EV charging software stack. In versions 2025.9.0 and below, an attacker can exhaust the operating system's memory and cause the module to terminate by initiating an unlimited number of TCP connections that never proceed to ISO 15118-2 communication. This is possible because a new thread is started for each incoming plain TCP or TLS socket connection before any verification occurs, and the verification performed is too permissive. The EVerest processes and all its modules shut down, affecting all EVSE functionality. This issue is fixed in version 2025.10.0. | |||||
| CVE-2025-58185 | 1 Golang | 1 Go | 2026-02-06 | N/A | 5.3 MEDIUM |
| Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion. | |||||
| CVE-2025-61726 | 1 Golang | 1 Go | 2026-02-06 | N/A | 7.5 HIGH |
| The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption. | |||||
| CVE-2025-61728 | 1 Golang | 1 Go | 2026-02-06 | N/A | 6.5 MEDIUM |
| archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive. | |||||
| CVE-2025-36123 | 1 Ibm | 1 Db2 | 2026-02-05 | N/A | 6.2 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial of service when copying large table containing XML data due to improper allocation of system resources. | |||||
| CVE-2025-36098 | 1 Ibm | 1 Db2 | 2026-02-05 | N/A | 6.5 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service due to improper allocation of resources. | |||||
| CVE-2025-36070 | 1 Ibm | 1 Db2 | 2026-02-05 | N/A | 6.5 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of service as a trap may occur when selecting from certain types of tables. | |||||
| CVE-2025-2668 | 1 Ibm | 1 Db2 | 2026-02-05 | N/A | 6.5 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 is vulnerable to a denial of service as the server may crash when an authenticated user creates a specially crafted query. | |||||
| CVE-2025-36387 | 1 Ibm | 1 Db2 | 2026-02-05 | N/A | 6.5 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.9 could allow an authenticated user to cause a denial of service when given specially crafted query. | |||||
| CVE-2025-58340 | 1 Samsung | 22 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 19 more | 2026-02-05 | N/A | 6.2 MEDIUM |
| An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/send_delts write operation, leading to kernel memory exhaustion. | |||||
| CVE-2025-58341 | 1 Samsung | 22 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 19 more | 2026-02-05 | N/A | 6.2 MEDIUM |
| An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/ap_cert_disable_ht_vht write operation, leading to kernel memory exhaustion. | |||||
| CVE-2025-58342 | 1 Samsung | 22 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 19 more | 2026-02-05 | N/A | 6.2 MEDIUM |
| An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/uapsd write operation, leading to kernel memory exhaustion. | |||||
| CVE-2025-58344 | 1 Samsung | 22 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 19 more | 2026-02-05 | N/A | 6.2 MEDIUM |
| An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation in a /proc/driver/unifi0/conn_log_event_burst_to_us write operation, leading to kernel memory exhaustion. | |||||
| CVE-2025-54500 | 1 F5 | 26 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 23 more | 2026-02-04 | N/A | 5.3 MEDIUM |
| An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HTTP/2 MadeYouReset Attack). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2025-66560 | 1 Quarkus | 1 Quarkus | 2026-02-03 | N/A | 5.9 MEDIUM |
| Quarkus is a Cloud Native, (Linux) Container First framework for writing Java applications. Prior to versions 3.31.0, 3.27.2, and 3.20.5, a vulnerability exists in the HTTP layer of Quarkus REST related to response handling. When a response is being written, the framework waits for previously written response chunks to be fully transmitted before proceeding. If the client connection is dropped during this waiting period, the associated worker thread is never released and becomes permanently blocked. Under sustained or repeated occurrences, this can exhaust the available worker threads, leading to degraded performance, or complete unavailability of the application. This issue has been patched in versions 3.31.0, 3.27.2, and 3.20.5. A workaround involves implementing a health check that monitors the status and saturation of the worker thread pool to detect abnormal thread retention early. | |||||
| CVE-2025-69199 | 1 Pterodactyl | 1 Wings | 2026-02-02 | N/A | 6.5 MEDIUM |
| Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.0, websockets within wings lack proper rate limiting and throttling. As a result a malicious user can open a large number of connections and then request data through these sockets, causing an excessive volume of data over the network and overloading the host system memory and cpu. Additionally, there is not a limit applied to the total size of messages being sent or received, allowing a malicious user to open thousands of websocket connections and then send massive volumes of information over the socket, overloading the host network, and causing increased CPU and memory load within Wings. Version 1.12.0 patches the issue. | |||||
| CVE-2026-21696 | 1 Pterodactyl | 1 Wings | 2026-02-02 | N/A | 6.5 MEDIUM |
| Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Starting in version 1.7.0 and prior to version 1.12.0, Wings does not consider SQLite max parameter limit when processing activity log entries allowing for low privileged user to trigger a condition that floods the panel with activity records. After Wings sends activity logs to the panel it deletes the processed activity entries from the wings SQLite database. However, it does not consider the max parameter limit of SQLite, 32766 as of SQLite 3.32.0. If wings attempts to delete more than 32766 entries from the SQLite database in one query, it triggers an error (SQL logic error: too many SQL variables (1)) and does not remove any entries from the database. These entries are then indefinitely re-processed and resent to the panel each time the cron runs. By successfully exploiting this vulnerability, an attacker can trigger a situation where wings will keep uploading the same activity data to the panel repeatedly (growing each time to include new activity) until the panels' database server runs out of disk space. Version 1.12.0 fixes the issue. | |||||