Total
1491 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-51428 | 1 Espressif | 1 Esp-idf | 2026-01-14 | N/A | 7.5 HIGH |
| An issue in Espressif Esp idf v5.3.0 allows attackers to cause a Denial of Service (DoS) via a crafted data channel packet. | |||||
| CVE-2025-50334 | 1 Technitium | 1 Dnsserver | 2026-01-12 | N/A | 7.5 HIGH |
| An issue in Technitium DNS Server v.13.5 allows a remote attacker to cause a denial of service via the rate-limiting component | |||||
| CVE-2025-68456 | 1 Craftcms | 1 Craft Cms | 2026-01-12 | N/A | 9.1 CRITICAL |
| Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 3.0.0 through 4.16.16, unauthenticated users can trigger database backup operations via specific admin actions, potentially leading to resource exhaustion or information disclosure. Users should update to the patched versions (5.8.21 and 4.16.17) to mitigate the issue. Craft 3 users should update to the latest Craft 4 and 5 releases, which include the fixes. | |||||
| CVE-2025-64422 | 1 Coollabs | 1 Coolify | 2026-01-12 | N/A | 4.3 MEDIUM |
| Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify vstarting with version 4.0.0-beta.434, the /login endpoint advertises a rate limit of 5 requests but can be trivially bypassed by rotating the X-Forwarded-For header. This enables unlimited credential stuffing and brute-force attempts against user and admin accounts. As of time of publication, it is unclear if a patch is available. | |||||
| CVE-2025-9784 | 1 Redhat | 8 Build Of Apache Camel For Spring Boot, Enterprise Linux, Fuse and 5 more | 2026-01-08 | N/A | 7.5 HIGH |
| A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS). | |||||
| CVE-2025-14299 | 1 Tp-link | 2 Tapo C200, Tapo C200 Firmware | 2026-01-08 | N/A | 6.5 MEDIUM |
| The HTTPS server on Tapo C200 V3 does not properly validate the Content-Length header, which can lead to an integer overflow. An unauthenticated attacker on the same local network segment can send crafted HTTPS requests to trigger excessive memory allocation, causing the device to crash and resulting in denial-of-service (DoS). | |||||
| CVE-2020-36907 | 2026-01-08 | N/A | 7.5 HIGH | ||
| Aerohive HiveOS contains a denial of service vulnerability in the NetConfig UI that allows unauthenticated attackers to render the web interface unusable. Attackers can send a crafted HTTP request to the action.php5 script with specific parameters to trigger a 5-minute service disruption. | |||||
| CVE-2025-15474 | 2026-01-08 | N/A | N/A | ||
| AuntyFey Smart Combination Lock firmware versions as of 2025-12-24 contain a vulnerability that allows an unauthenticated attacker within Bluetooth Low Energy (BLE) range to cause a denial of service by repeatedly initiating BLE connections. Sustained connection attempts interrupt keypad authentication input and repeatedly force the device into lockout states, preventing legitimate users from unlocking the device. | |||||
| CVE-2025-68272 | 1 Signalk | 1 Signal K Server | 2026-01-06 | N/A | 7.5 HIGH |
| Signal K Server is a server application that runs on a central hub in a boat. A Denial of Service (DoS) vulnerability in versions prior to 2.19.0 allows an unauthenticated attacker to crash the SignalK Server by flooding the access request endpoint (`/signalk/v1/access/requests`). This causes a "JavaScript heap out of memory" error due to unbounded in-memory storage of request objects. Version 2.19.0 fixes the issue. | |||||
| CVE-2025-47208 | 1 Qnap | 2 Qts, Quts Hero | 2026-01-05 | N/A | 6.5 MEDIUM |
| An allocation of resources without limits or throttling vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later | |||||
| CVE-2025-57705 | 1 Qnap | 2 Qts, Quts Hero | 2026-01-05 | N/A | 4.9 MEDIUM |
| An allocation of resources without limits or throttling vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later | |||||
| CVE-2025-44652 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2026-01-02 | N/A | 7.5 HIGH |
| In Netgear RAX30 V1.0.10.94_3, the USERLIMIT_GLOBAL option is set to 0 in multiple bftpd-related configuration files. This can cause DoS attacks when unlimited users are connected. | |||||
| CVE-2025-68148 | 1 Freshrss | 1 Freshrss | 2025-12-31 | N/A | 4.3 MEDIUM |
| FreshRSS is a free, self-hostable RSS aggregator. From version 1.27.0 to before 1.28.0, An attacker could globally deny access to feeds via proxy modifying to 429 Retry-After for a large list of feeds on given instance, making it unusable for majority of users. This issue has been patched in version 1.28.0. | |||||
| CVE-2022-50799 | 2025-12-31 | N/A | 7.5 HIGH | ||
| Fetch FTP Client 5.8.2 contains a denial of service vulnerability that allows attackers to trigger 100% CPU consumption by sending long server responses. Attackers can send specially crafted FTP server responses exceeding 2K bytes to cause excessive resource utilization and potentially crash the application. | |||||
| CVE-2025-32952 | 1 Haulmont | 4 Cuba Platform, Cuba Rest Api, Jmix Framework and 1 more | 2025-12-31 | N/A | 6.5 MEDIUM |
| Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files, potentially causing the server to run out of space and return HTTP 500 error, resulting in a denial of service. This issue has been patched in versions 1.6.2 and 2.4.0. A workaround is provided on the Jmix documentation website. | |||||
| CVE-2024-48809 | 1 Opennetworking | 2 Onos-a1t, Sdran-in-a-box | 2025-12-31 | N/A | 7.5 HIGH |
| An issue in Open Networking Foundations sdran-in-a-box v.1.4.3 and onos-a1t v.0.2.3 allows a remote attacker to cause a denial of service via the onos-a1t component of the sdran-in-a-box, specifically the DeleteWatcher function. | |||||
| CVE-2025-11419 | 2025-12-29 | N/A | 7.5 HIGH | ||
| A flaw was found in Keycloak. This vulnerability allows an unauthenticated remote attacker to cause a denial of service (DoS) by repeatedly initiating TLS 1.2 client-initiated renegotiation requests to exhaust server CPU resources, making the service unavailable. | |||||
| CVE-2021-47713 | 1 Hasura | 1 Graphql Engine | 2025-12-26 | N/A | 7.5 HIGH |
| Hasura GraphQL 1.3.3 contains a denial of service vulnerability that allows attackers to overwhelm the service by crafting malicious GraphQL queries with excessive nested fields. Attackers can send repeated requests with extremely long query strings and multiple threads to consume server resources and potentially crash the GraphQL endpoint. | |||||
| CVE-2025-14157 | 1 Gitlab | 1 Gitlab | 2025-12-23 | N/A | 6.5 MEDIUM |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 6.3 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to cause a Denial of Service condition by sending crafted API calls with large content parameters. | |||||
| CVE-2025-4097 | 1 Gitlab | 1 Gitlab | 2025-12-23 | N/A | 6.5 MEDIUM |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to cause a denial of service condition by uploading specially crafted images. | |||||