Total
3487 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-66019 | 2025-11-26 | N/A | ||
| pypdf is a free and open-source pure-python PDF library. Prior to version 6.4.0, an attacker who uses this vulnerability can craft a PDF which leads to a memory usage of up to 1 GB per stream. This requires parsing the content stream of a page using the LZWDecode filter. This issue has been patched in version 6.4.0. | ||||
| CVE-2025-51741 | 2025-11-25 | 7.5 High | ||
| An issue was discovered in Veal98 Echo Open-Source Community System 2.2 thru 2.3 allowing an unauthenticated attacker to cause the server to send email verification messages to arbitrary users via the /sendEmailCodeForResetPwd endpoint potentially causing a denial of service to the server or the downstream users. | ||||
| CVE-2025-60638 | 2025-11-24 | 7.5 High | ||
| An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the Nnssf_NSSAIAvailability API. | ||||
| CVE-2025-13466 | 2025-11-24 | N/A | ||
| body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and memory usage. This can lead to service slowdown or partial outages under sustained malicious traffic. This issue is addressed in version 2.2.1. | ||||
| CVE-2025-65947 | 1 Thread-amount Project | 1 Thread-amount | 2025-11-24 | N/A |
| thread-amount is a tool that gets the amount of threads in the current process. Prior to version 0.2.2, there are resource leaks when querying thread counts on Windows and Apple platforms. In Windows platforms, the thread_amount function calls CreateToolhelp32Snapshot but fails to close the returned HANDLE using CloseHandle. Repeated calls to this function will cause the handle count of the process to grow indefinitely, eventually leading to system instability or process termination when the handle limit is reached. In Apple platforms, the thread_amount function calls task_threads (via Mach kernel APIs) which allocates memory for the thread list. The function fails to deallocate this memory using vm_deallocate. Repeated calls will result in a steady memory leak, eventually causing the process to be killed by the OOM (Out of Memory) killer. This issue has been patched in version 0.2.2. | ||||
| CVE-2025-55796 | 1 Openml | 1 Openml.org | 2025-11-24 | 7.5 High |
| The openml/openml.org web application version v2.0.20241110 uses predictable MD5-based tokens for critical user workflows such as signup confirmation, password resets, email confirmation resends, and email change confirmation. These tokens are generated by hashing the current timestamp formatted as "%d %H:%M:%S" without incorporating any user-specific data or cryptographic randomness. This predictability allows remote attackers to brute-force valid tokens within a small time window, enabling unauthorized account confirmation, password resets, and email change approvals, potentially leading to account takeover. | ||||
| CVE-2025-59502 | 1 Microsoft | 21 Remote, Windows, Windows 10 and 18 more | 2025-11-22 | 7.5 High |
| Uncontrolled resource consumption in Windows Remote Procedure Call allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2019-9674 | 3 Canonical, Netapp, Python | 3 Ubuntu Linux, Active Iq Unified Manager, Python | 2025-11-21 | 7.5 High |
| Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb. | ||||
| CVE-2023-29479 | 2 Redhat, Ribose | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2025-11-21 | 5.3 Medium |
| Ribose RNP before 0.16.3 may hang when the input is malformed. | ||||
| CVE-2025-43857 | 1 Ruby-lang | 1 Net\ | 2025-11-21 | 6.5 Medium |
| Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibility for denial of service by memory exhaustion when net-imap reads server responses. At any time while the client is connected, a malicious server can send can send a "literal" byte count, which is automatically read by the client's receiver thread. The response reader immediately allocates memory for the number of bytes indicated by the server response. This should not be an issue when securely connecting to trusted IMAP servers that are well-behaved. It can affect insecure connections and buggy, untrusted, or compromised servers (for example, connecting to a user supplied hostname). This issue has been patched in versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5. | ||||
| CVE-2023-30798 | 1 Encode | 1 Starlette | 2025-11-21 | 7.5 High |
| There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service. | ||||
| CVE-2025-37161 | 1 Hpe | 1 Aruba Networking 100 Series Cellular Bridge | 2025-11-21 | 7.5 High |
| A vulnerability in the web-based management interface of affected products could allow an unauthenticated remote attacker to cause a denial of service. Successful exploitation could allow an attacker to crash the system, preventing it from rebooting without manual intervention and disrupting network operations. | ||||
| CVE-2024-6501 | 1 Redhat | 2 Enterprise Linux, Openshift | 2025-11-21 | 3.1 Low |
| A flaw was found in NetworkManager. When a system running NetworkManager with DEBUG logs enabled and an interface eth1 configured with LLDP enabled, a malicious user could inject a malformed LLDP packet. NetworkManager would crash, leading to a denial of service. | ||||
| CVE-2024-6126 | 1 Redhat | 1 Enterprise Linux | 2025-11-21 | 3.2 Low |
| A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which leads to a denial of service (DoS) attack. | ||||
| CVE-2023-39327 | 2 Redhat, Uclouvain | 2 Enterprise Linux, Openjpeg | 2025-11-21 | 4.3 Medium |
| A flaw was found in OpenJPEG. Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on the terminal. | ||||
| CVE-2025-5024 | 1 Redhat | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2025-11-20 | 7.4 High |
| A flaw was found in gnome-remote-desktop. Once gnome-remote-desktop listens for RDP connections, an unauthenticated attacker can exhaust system resources and repeatedly crash the process. There may be a resource leak after many attacks, which will also result in gnome-remote-desktop no longer being able to open files even after it is restarted via systemd. | ||||
| CVE-2025-25208 | 1 Redhat | 1 Connectivity Link | 2025-11-20 | 5.7 Medium |
| A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster | ||||
| CVE-2025-25207 | 1 Redhat | 1 Connectivity Link | 2025-11-20 | 5.7 Medium |
| The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. Authorino allows the users with developer persona to add callbacks to be executed to HTTP endpoints once the authorization process is completed. It was found that an attacker with developer persona access can add a large number of those callbacks to be executed by Authorino and as the authentication policy is enforced by a single instance of the service, this leada to a Denial of Service in Authorino while processing the post-authorization callbacks. | ||||
| CVE-2024-8939 | 1 Redhat | 1 Enterprise Linux Ai | 2025-11-20 | 6.2 Medium |
| A vulnerability was found in the ilab model serve component, where improper handling of the best_of parameter in the vllm JSON web API can lead to a Denial of Service (DoS). The API used for LLM-based sentence or chat completion accepts a best_of parameter to return the best completion from several options. When this parameter is set to a large value, the API does not handle timeouts or resource exhaustion properly, allowing an attacker to cause a DoS by consuming excessive system resources. This leads to the API becoming unresponsive, preventing legitimate users from accessing the service. | ||||
| CVE-2024-8418 | 2 Containers, Redhat | 3 Aardvark-dns, Enterprise Linux, Openshift | 2025-11-20 | 7.5 High |
| A flaw was found in Aardvark-dns, which is vulnerable to a Denial of Service attack due to the serial processing of TCP DNS queries. An attacker can exploit this flaw by keeping a TCP connection open indefinitely, causing the server to become unresponsive and resulting in other DNS queries timing out. This issue prevents legitimate users from accessing DNS services, thereby disrupting normal operations and causing service downtime. | ||||