Total
3487 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-60790 | 1 Processwire | 1 Processwire | 2025-11-07 | 6.5 Medium |
| ProcessWire CMS 3.0.246 allows a low-privileged user with lang-edit to upload a crafted ZIP to Language Support that is auto-extracted without limits prior to validation, enabling resource-exhaustion Denial of Service. | ||||
| CVE-2023-44487 | 32 Akka, Amazon, Apache and 29 more | 367 Http Server, Opensearch Data Prepper, Apisix and 364 more | 2025-11-07 | 7.5 High |
| The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | ||||
| CVE-2025-24269 | 1 Apple | 1 Macos | 2025-11-07 | 9.8 Critical |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4. An app may be able to cause unexpected system termination. | ||||
| CVE-2025-54604 | 2 Bitcoin, Bitcoincore | 3 Bitcoin, Bitcoin Core, Bitcoin Core | 2025-11-07 | 7.5 High |
| Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 1 of 2). | ||||
| CVE-2025-54605 | 2 Bitcoin, Bitcoincore | 3 Bitcoin, Bitcoin Core, Bitcoin Core | 2025-11-07 | 7.5 High |
| Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 2 of 2). | ||||
| CVE-2025-49494 | 1 Samsung | 20 Exynos 1280, Exynos 1280 Firmware, Exynos 1330 and 17 more | 2025-11-07 | 7.5 High |
| An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 2100, 1280, 2200, 1330, 1380, 1480, 9110, Modem 5123. Mishandling of an 5G NRMM packet leads to a Denial of Service. | ||||
| CVE-2025-58369 | 1 Typelevel | 1 Fs2 | 2025-11-07 | 5.3 Medium |
| fs2 is a compositional, streaming I/O library for Scala. Versions up to and including 2.5.12, 3.0.0-M1 through 3.12.2, and 3.13.0-M1 through 3.13.0-M6 are vulnerable to denial of service attacks though TLS sessions using fs2-io on the JVM using the fs2.io.net.tls package. When establishing a TLS session, if one side of the connection shuts down `write` while the peer side is awaiting more data to progress the TLS handshake, the peer side will spin loop on the socket read, fully utilizing a CPU. The CPU is consumed until the overall connection is closed, potentially shutting down a fs2-io powered server. This issue is fixed in versions 2.5.13, 3.12.1, and 3.13.0-M7. | ||||
| CVE-2023-5379 | 1 Redhat | 11 Jboss Data Grid, Jboss Enterprise Application Platform, Jboss Enterprise Application Platform Eus and 8 more | 2025-11-07 | 7.5 High |
| A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS). | ||||
| CVE-2025-5342 | 1 Zohocorp | 1 Manageengine Exchange Reporter Plus | 2025-11-07 | 4.3 Medium |
| Zohocorp ManageEngine Exchange Reporter Plus through 5721 are vulnerable to ReDOS vulnerability in the search module. | ||||
| CVE-2023-43786 | 3 Fedoraproject, Redhat, X.org | 3 Fedora, Enterprise Linux, Libx11 | 2025-11-06 | 5.5 Medium |
| A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition. | ||||
| CVE-2025-53012 | 1 Linuxfoundation | 1 Materialx | 2025-11-06 | 7.5 High |
| MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In version 1.39.2, nested imports of MaterialX files can lead to a crash via stack memory exhaustion, due to the lack of a limit on the "import chain" depth. When parsing file imports, recursion is used to process nested files; however, there is no limit imposed to the depth of files that can be parsed by the library. By building a sufficiently deep chain of MaterialX files one referencing the next, it is possible to crash the process using the MaterialX library via stack exhaustion. This is fixed in version 1.39.3. | ||||
| CVE-2025-60753 | 1 Libarchive | 1 Libarchive | 2025-11-06 | 5.5 Medium |
| An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash). | ||||
| CVE-2025-41676 | 3 Helmholz, Mb Connect Line, Mbconnectline | 4 Rex 100, Mbnet.mini, Mbnet.mini and 1 more | 2025-11-06 | 4.9 Medium |
| A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-sms action in fast succession. | ||||
| CVE-2025-41677 | 3 Helmholz, Mb Connect Line, Mbconnectline | 4 Rex 100, Mbnet.mini, Mbnet.mini and 1 more | 2025-11-06 | 4.9 Medium |
| A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-mail action in fast succession. | ||||
| CVE-2025-3986 | 1 Apereo | 2 Cas, Central Authentication Service | 2025-11-05 | 4.3 Medium |
| A vulnerability was found in Apereo CAS 5.2.6. It has been declared as problematic. This vulnerability affects unknown code of the file cas-5.2.6\core\cas-server-core-configuration-metadata-repository\src\main\java\org\apereo\cas\metadata\rest\CasConfigurationMetadataServerController.java. The manipulation of the argument Name leads to inefficient regular expression complexity. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-3985 | 1 Apereo | 2 Cas, Central Authentication Service | 2025-11-05 | 2.7 Low |
| A vulnerability was found in Apereo CAS 5.2.6. It has been classified as problematic. This affects the function ResponseEntity of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\ManageRegisteredServicesMultiActionController.java. The manipulation of the argument Query leads to inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-63561 | 1 Summerpearlgroup | 1 Vacation Rental Management Platform | 2025-11-05 | 7.5 High |
| Summer Pearl Group Vacation Rental Management Platform prior to 1.0.2 is susceptible to a Slowloris-style Denial-of-Service (DoS) condition in the HTTP connection handling layer, where an attacker that opens and maintains many slow or partially-completed HTTP connections can exhaust the server’s connection pool and worker capacity, preventing legitimate users and APIs from accessing the service. | ||||
| CVE-2025-43462 | 1 Apple | 6 Ios, Ipados, Iphone Os and 3 more | 2025-11-05 | 7.5 High |
| The issue was addressed with improved memory handling. This issue is fixed in watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1, visionOS 26.1. An app may be able to cause unexpected system termination or corrupt kernel memory. | ||||
| CVE-2014-5418 | 1 Ge | 14 Multilink Ml1200, Multilink Ml1200 Firmware, Multilink Ml1600 and 11 more | 2025-11-05 | N/A |
| GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier allow remote attackers to cause a denial of service (resource consumption or reboot) via crafted packets. | ||||
| CVE-2025-8677 | 1 Isc | 1 Bind 9 | 2025-11-04 | 7.5 High |
| Querying for records within a specially crafted zone containing certain malformed DNSKEY records can lead to CPU exhaustion. This issue affects BIND 9 versions 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1. | ||||