Total
2601 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-2343 | 1 Trianglemicroworks | 1 Scada Data Gateway | 2025-10-02 | 1.2 LOW | N/A |
| Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows physically proximate attackers to cause a denial of service (excessive data processing) via a crafted DNP request over a serial line. | |||||
| CVE-2014-2342 | 1 Trianglemicroworks | 1 Scada Data Gateway | 2025-10-02 | 4.3 MEDIUM | N/A |
| Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows remote attackers to cause a denial of service (excessive data processing) via a crafted DNP3 packet. | |||||
| CVE-2025-11149 | 2025-10-02 | N/A | 7.5 HIGH | ||
| This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server. | |||||
| CVE-2025-4533 | 1 Guojusoft | 1 Jeecgboot | 2025-10-02 | 3.3 LOW | 2.7 LOW |
| A vulnerability classified as problematic was found in JeecgBoot up to 3.8.0. This vulnerability affects the function unzipFile of the file /jeecg-boot/airag/knowledge/doc/import/zip of the component Document Library Upload. The manipulation of the argument File leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-52979 | 1 Elastic | 1 Elasticsearch | 2025-10-02 | N/A | 6.5 MEDIUM |
| Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial of Service by causing the Elasticsearch node to crash. | |||||
| CVE-2024-52981 | 1 Elastic | 1 Elasticsearch | 2025-10-02 | N/A | 4.9 MEDIUM |
| An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow. | |||||
| CVE-2025-7070 | 1 Iroad | 2 Q9, Q9 Firmware | 2025-10-01 | 3.3 LOW | 4.3 MEDIUM |
| A vulnerability has been found in IROAD Dashcam Q9 up to 20250624 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component MFA Pairing Request Handler. The manipulation leads to allocation of resources. The attack needs to be done within the local network. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-7074 | 1 Vercel | 1 Hyper | 2025-10-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as problematic has been found in vercel hyper up to 3.4.1. This affects the function expand/braceExpand/ignoreMap of the file hyper/bin/rimraf-standalone.js. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-11835 | 1 Plextrac | 1 Plextrac | 2025-10-01 | N/A | 7.5 HIGH |
| Uncontrolled Resource Consumption vulnerability in PlexTrac allows WebSocket DoS.This issue affects PlexTrac: from 1.61.3 before 2.8.1. | |||||
| CVE-2023-5157 | 3 Fedoraproject, Mariadb, Redhat | 12 Fedora, Mariadb, Enterprise Linux and 9 more | 2025-10-01 | N/A | 7.5 HIGH |
| A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service. | |||||
| CVE-2024-52974 | 1 Elastic | 1 Kibana | 2025-09-30 | N/A | 6.5 MEDIUM |
| An issue has been identified where a specially crafted request sent to an Observability API could cause the kibana server to crash. A successful attack requires a malicious user to have read permissions for Observability assigned to them. | |||||
| CVE-2024-52980 | 1 Elastic | 1 Elasticsearch | 2025-09-30 | N/A | 6.5 MEDIUM |
| A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash. A successful attack requires a malicious user to have read_pipeline Elasticsearch cluster privilege assigned to them. | |||||
| CVE-2025-6365 | 1 Hobbesosr | 1 Kitten | 2025-09-30 | 5.2 MEDIUM | 5.7 MEDIUM |
| A vulnerability was found in HobbesOSR Kitten up to c4f8b7c3158983d1020af432be1b417b28686736 and classified as critical. Affected by this issue is the function set_pte_at in the library /include/arch-arm64/pgtable.h. The manipulation leads to resource consumption. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | |||||
| CVE-2025-21614 | 1 Go-git Project | 1 Go-git | 2025-09-30 | N/A | 7.5 HIGH |
| go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Users running versions of go-git from v4 and above are recommended to upgrade to v5.13 in order to mitigate this vulnerability. | |||||
| CVE-2025-58767 | 1 Ruby-lang | 1 Rexml | 2025-09-30 | N/A | 5.3 MEDIUM |
| REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches to fix these vulnerabilities. | |||||
| CVE-2024-53647 | 3 Apple, Google, Trendmicro | 3 Iphone Os, Android, Id Security | 2025-09-29 | N/A | 6.5 MEDIUM |
| Trend Micro ID Security, version 3.0 and below contains a vulnerability that could allow an attacker to send an unlimited number of email verification requests without any restriction, potentially leading to abuse or denial of service. | |||||
| CVE-2025-6493 | 2025-09-29 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown Mode. This manipulation causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. Upgrading to version 6.0 is able to address this issue. You should upgrade the affected component. Not all code samples mentioned in the GitHub issue can be found. The repository mentions, that "CodeMirror 6 exists, and is [...] much more actively maintained." | |||||
| CVE-2024-37281 | 1 Elastic | 1 Kibana | 2025-09-29 | N/A | 6.5 MEDIUM |
| An issue was discovered in Kibana where a user with Viewer role could cause a Kibana instance to crash by sending a large number of maliciously crafted requests to a specific endpoint. | |||||
| CVE-2025-57446 | 2025-09-26 | N/A | 7.5 HIGH | ||
| An issue in O-RAN Near Realtime RIC ric-plt-submgr in the J-Release environment, allows remote attackers to cause a denial of service (DoS) via a crafted request to the Subscription Manager API component. | |||||
| CVE-2025-46593 | 1 Huawei | 1 Harmonyos | 2025-09-26 | N/A | 5.1 MEDIUM |
| Process residence vulnerability in abnormal scenarios in the print module Impact: Successful exploitation of this vulnerability may affect availability. | |||||