Total
1578 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-54151 | 1 Qnap | 1 Qsync Central | 2026-02-12 | N/A | 5.5 MEDIUM |
| An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later | |||||
| CVE-2021-47895 | 1 Nsasoft | 1 Nsauditor | 2026-02-11 | N/A | 7.5 HIGH |
| Nsauditor 3.2.2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Event Description field with a large buffer. Attackers can generate a 10,000-character 'U' buffer and paste it into the Event Description field to trigger an application crash. | |||||
| CVE-2025-25207 | 2026-02-11 | N/A | 5.7 MEDIUM | ||
| The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. Authorino allows the users with developer persona to add callbacks to be executed to HTTP endpoints once the authorization process is completed. It was found that an attacker with developer persona access can add a large number of those callbacks to be executed by Authorino and as the authentication policy is enforced by a single instance of the service, this leada to a Denial of Service in Authorino while processing the post-authorization callbacks. | |||||
| CVE-2021-26381 | 2026-02-10 | N/A | N/A | ||
| Improper system call parameter validation in the Trusted OS may allow a malicious driver to perform mapping or unmapping operations on a large number of pages, potentially resulting in kernel memory corruption. | |||||
| CVE-2026-25224 | 1 Fastify | 1 Fastify | 2026-02-10 | N/A | 3.7 LOW |
| Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.3, a denial-of-service vulnerability in Fastify’s Web Streams response handling can allow a remote client to exhaust server memory. Applications that return a ReadableStream (or Response with a Web Stream body) via reply.send() are impacted. A slow or non-reading client can trigger unbounded buffering when backpressure is ignored, leading to process crashes or severe degradation. This issue has been patched in version 5.7.3. | |||||
| CVE-2025-26466 | 3 Canonical, Debian, Openbsd | 3 Ubuntu Linux, Debian Linux, Openssh | 2026-02-10 | N/A | 5.9 MEDIUM |
| A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack. | |||||
| CVE-2025-21605 | 3 Debian, Lfprojects, Redis | 3 Debian Linux, Valkey, Redis | 2026-02-10 | N/A | 7.5 HIGH |
| Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthenticated client can cause unlimited growth of output buffers, until the server runs out of memory or is killed. By default, the Redis configuration does not limit the output buffer of normal clients (see client-output-buffer-limit). Therefore, the output buffer can grow unlimitedly over time. As a result, the service is exhausted and the memory is unavailable. When password authentication is enabled on the Redis server, but no password is provided, the client can still cause the output buffer to grow from "NOAUTH" responses until the system will run out of memory. This issue has been patched in version 7.4.3. An additional workaround to mitigate this problem without patching the redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. This can be done in different ways. Either using network access control tools like firewalls, iptables, security groups, etc, or enabling TLS and requiring users to authenticate using client side certificates. | |||||
| CVE-2025-58348 | 1 Samsung | 22 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 19 more | 2026-02-09 | N/A | 5.5 MEDIUM |
| An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/confg_tspec write operation, leading to kernel memory exhaustion. | |||||
| CVE-2025-58347 | 1 Samsung | 22 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 19 more | 2026-02-09 | N/A | 5.5 MEDIUM |
| An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/p2p_certif write operation, leading to kernel memory exhaustion. | |||||
| CVE-2025-58346 | 1 Samsung | 22 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 19 more | 2026-02-09 | N/A | 5.5 MEDIUM |
| An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/send_addts write operation, leading to kernel memory exhaustion. | |||||
| CVE-2025-58345 | 1 Samsung | 22 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 19 more | 2026-02-09 | N/A | 5.5 MEDIUM |
| An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/ap_certif_11ax_mode write operation, leading to kernel memory exhaustion. | |||||
| CVE-2025-58343 | 1 Samsung | 22 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 19 more | 2026-02-09 | N/A | 5.5 MEDIUM |
| An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/create_tspec write operation, leading to kernel memory exhaustion. | |||||
| CVE-2026-0398 | 2026-02-09 | N/A | 5.3 MEDIUM | ||
| Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor. | |||||
| CVE-2025-31990 | 2026-02-09 | N/A | 6.8 MEDIUM | ||
| Rate limiting for certain API calls is not being enforced, making HCL Velocity vulnerable to Denial of Service (DoS) attacks. An attacker could flood the system with a large number of requests, overwhelming its resources and causing it to become unresponsive to legitimate users. This vulnerability is fixed in 5.1.7. | |||||
| CVE-2025-68138 | 1 Linuxfoundation | 1 Libocpp | 2026-02-06 | N/A | 4.7 MEDIUM |
| EVerest is an EV charging software stack, and EVerest libocpp is a C++ implementation of the Open Charge Point Protocol. In libocpp prior to version 0.30.1, pointers returned by the `strdup` calls are never freed. At each connection attempt, the newly allocated memory area will be leaked, potentially causing memory exhaustion and denial of service. Version 0.30.1 fixes the issue. | |||||
| CVE-2025-68136 | 1 Linuxfoundation | 1 Everest | 2026-02-06 | N/A | 7.4 HIGH |
| EVerest is an EV charging software stack. Prior to version 2025.10.0, once the module receives a SDP request, it creates a whole new set of objects like `Session`, `IConnection` which open new TCP socket for the ISO15118-20 communications and registers callbacks for the created file descriptor, without closing and destroying the previous ones. Previous `Session` is not saved and the usage of an `unique_ptr` is lost, destroying connection data. Latter, if the used socket and therefore file descriptor is not the last one, it will lead to a null pointer dereference. Version 2025.10.0 fixes the issue. | |||||
| CVE-2025-68133 | 1 Linuxfoundation | 1 Everest | 2026-02-06 | N/A | 7.4 HIGH |
| EVerest is an EV charging software stack. In versions 2025.9.0 and below, an attacker can exhaust the operating system's memory and cause the module to terminate by initiating an unlimited number of TCP connections that never proceed to ISO 15118-2 communication. This is possible because a new thread is started for each incoming plain TCP or TLS socket connection before any verification occurs, and the verification performed is too permissive. The EVerest processes and all its modules shut down, affecting all EVSE functionality. This issue is fixed in version 2025.10.0. | |||||
| CVE-2025-58185 | 1 Golang | 1 Go | 2026-02-06 | N/A | 5.3 MEDIUM |
| Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion. | |||||
| CVE-2025-61726 | 1 Golang | 1 Go | 2026-02-06 | N/A | 7.5 HIGH |
| The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption. | |||||
| CVE-2025-61728 | 1 Golang | 1 Go | 2026-02-06 | N/A | 6.5 MEDIUM |
| archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive. | |||||