Total
1237 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-26682 | 1 Microsoft | 2 Asp.net Core, Visual Studio 2022 | 2025-07-09 | N/A | 7.5 HIGH |
| Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network. | |||||
| CVE-2025-48467 | 1 Advantech | 6 Wise-4010lan, Wise-4010lan Firmware, Wise-4050lan and 3 more | 2025-07-09 | N/A | 6.5 MEDIUM |
| Successful exploitation of the vulnerability could allow an attacker to cause repeated reboots, potentially leading to remote denial-of-service and system unavailability. | |||||
| CVE-2025-48462 | 1 Advantech | 6 Wise-4010lan, Wise-4010lan Firmware, Wise-4050lan and 3 more | 2025-07-09 | N/A | 4.2 MEDIUM |
| Successful exploitation of the vulnerability could allow an attacker to consume all available session slots and block other users from logging in, thereby preventing legitimate users from gaining access to the product. | |||||
| CVE-2025-7070 | 2025-07-08 | 3.3 LOW | 4.3 MEDIUM | ||
| A vulnerability has been found in IROAD Dashcam Q9 up to 20250624 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component MFA Pairing Request Handler. The manipulation leads to allocation of resources. The attack needs to be done within the local network. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-3221 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-07-08 | N/A | 7.5 HIGH |
| IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a remote attacker to cause a denial of service due to insufficient validation of incoming request resources. | |||||
| CVE-2023-28882 | 1 Owasp | 1 Modsecurity | 2025-07-03 | N/A | 7.5 HIGH |
| Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations. | |||||
| CVE-2024-31669 | 1 Rizin | 1 Rizin | 2025-07-02 | N/A | 7.5 HIGH |
| rizin before Release v0.6.3 is vulnerable to Uncontrolled Resource Consumption via bin_pe_parse_imports, Pe_r_bin_pe_parse_var, and estimate_slide. | |||||
| CVE-2025-52568 | 2025-06-26 | N/A | N/A | ||
| NeKernal is a free and open-source operating system stack. Prior to version 0.0.3, there are several memory safety issues that can lead to memory corruption, disk image corruption, denial of service, and potential code execution. These issues stem from unchecked memory operations, unsafe typecasting, and improper input validation. This issue has been patched in version 0.0.3. | |||||
| CVE-2025-52570 | 2025-06-26 | N/A | N/A | ||
| Letmein is an authenticating port knocker. Prior to version 10.2.1, The connection limiter is implemented incorrectly. It allows an arbitrary amount of simultaneously incoming connections (TCP, UDP and Unix socket) for the services letmeind and letmeinfwd. Therefore, the command line option num-connections is not effective and does not limit the number of simultaneously incoming connections. This issue has been patched in version 10.2.1. | |||||
| CVE-2025-2403 | 2025-06-26 | N/A | 7.5 HIGH | ||
| A denial-of-service vulnerability due to improper prioritization of network traffic over protection mechanism exists in Relion 670/650 and SAM600-IO series device that if exploited could potentially cause critical functions like LDCM (Line Distance Communication Module) to malfunction. | |||||
| CVE-2025-52889 | 2025-06-26 | N/A | 3.4 LOW | ||
| Incus is a system container and virtual machine manager. When using an ACL on a device connected to a bridge, Incus version 6.12 and 6.13 generates nftables rules for local services (DHCP, DNS...) that partially bypass security options `security.mac_filtering`, `security.ipv4_filtering` and `security.ipv6_filtering`. This can lead to DHCP pool exhaustion and opens the door for other attacks. A patch is available at commit 2516fb19ad8428454cb4edfe70c0a5f0dc1da214. | |||||
| CVE-2025-45526 | 2025-06-26 | N/A | 2.9 LOW | ||
| A denial of service (DoS) vulnerability has been identified in the JavaScript library microlight version 0.0.7. This library, used for syntax highlighting, does not limit the size of textual content it processes in HTML elements with the microlight class. When excessively large content (e.g., 100 million characters) is processed, the reset function in microlight.js consumes excessive memory and CPU resources, causing browser crashes or unresponsiveness. An attacker can exploit this vulnerability by tricking a user into visiting a malicious web page containing a microlight element with large content, resulting in a denial of service. NOTE: this is disputed by multiple parties because a large amount of memory and CPU resources is expected to be needed for content of that size. | |||||
| CVE-2025-4416 | 1 Events Log Track Project | 1 Events Log Track | 2025-06-25 | N/A | 7.5 HIGH |
| Allocation of Resources Without Limits or Throttling vulnerability in Drupal Events Log Track allows Excessive Allocation.This issue affects Events Log Track: from 0.0.0 before 3.1.11, from 4.0.0 before 4.0.2. | |||||
| CVE-2023-5379 | 1 Redhat | 3 Jboss Enterprise Application Platform, Single Sign-on, Undertow | 2025-06-25 | N/A | 7.5 HIGH |
| A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS). | |||||
| CVE-2025-27157 | 1 Joinmastodon | 1 Mastodon | 2025-06-24 | N/A | 5.3 MEDIUM |
| Mastodon is a self-hosted, federated microblogging platform. Starting in version 4.2.0 and prior to versions 4.2.16 and 4.3.4, the rate limits are missing on `/auth/setup`. Without those rate limits, an attacker can craft requests that will send an email to an arbitrary addresses. Versions 4.2.16 and 4.3.4 fix the issue. | |||||
| CVE-2024-53907 | 1 Djangoproject | 1 Django | 2025-06-24 | N/A | 7.5 HIGH |
| An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities. | |||||
| CVE-2025-21495 | 1 Oracle | 1 Mysql Enterprise Firewall | 2025-06-23 | N/A | 4.4 MEDIUM |
| Vulnerability in the MySQL Enterprise Firewall product of Oracle MySQL (component: Firewall). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Firewall. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Enterprise Firewall. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2022-22491 | 1 Ibm | 1 App Connect Enterprise Certified Container | 2025-06-20 | N/A | 5.5 MEDIUM |
| IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, and 12.4 operands running in Red Hat OpenShift do not restrict writing to the local filesystem, which may result in exhausting the available storage in a Pod, resulting in that Pod being restarted. | |||||
| CVE-2024-46921 | 1 Samsung | 34 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 31 more | 2025-06-20 | N/A | 6.5 MEDIUM |
| An issue was discovered in Samsung Mobile Processor and Modem Exynos 9820, 9825, 980, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W1000, Modem 5123, Modem 5300, Modem 5400. UE does not limit the number of attempts for the RRC Setup procedure in the 5G SA, leading to a denial of service (battery-drain attack). | |||||
| CVE-2025-48448 | 1 Admin Audit Trail Project | 1 Admin Audit Trail | 2025-06-20 | N/A | 6.5 MEDIUM |
| Allocation of Resources Without Limits or Throttling vulnerability in Drupal Admin Audit Trail allows Excessive Allocation.This issue affects Admin Audit Trail: from 0.0.0 before 1.0.5. | |||||