Total
2601 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-6075 | 2025-11-04 | N/A | N/A | ||
| If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables. | |||||
| CVE-2025-63561 | 2025-11-04 | N/A | 7.5 HIGH | ||
| Summer Pearl Group Vacation Rental Management Platform prior to 1.0.2 is susceptible to a Slowloris-style Denial-of-Service (DoS) condition in the HTTP connection handling layer, where an attacker that opens and maintains many slow or partially-completed HTTP connections can exhaust the server’s connection pool and worker capacity, preventing legitimate users and APIs from accessing the service. | |||||
| CVE-2025-30188 | 2025-11-04 | N/A | 7.5 HIGH | ||
| Malicious or unintentional API requests can be used to add significant amount of data to caches. Caches may evict information that is required to operate the web frontend, which leads to unavailability of the component. Please deploy the provided updates and patch releases. No publicly available exploits are known | |||||
| CVE-2025-64388 | 2025-11-04 | N/A | N/A | ||
| Denial of service of the web server through specific requests to this protocol | |||||
| CVE-2024-55568 | 1 Samsung | 36 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 33 more | 2025-11-04 | N/A | 7.5 HIGH |
| An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The absence of a NULL check leads to a Denial of Service when an attacker sends malformed MM packets to the target. | |||||
| CVE-2025-43295 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-11-04 | N/A | 5.5 MEDIUM |
| A denial-of-service issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7, iOS 18.7 and iPadOS 18.7. An app may be able to cause a denial-of-service. | |||||
| CVE-2024-7592 | 1 Python | 1 Python | 2025-11-03 | N/A | 7.5 HIGH |
| There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value. | |||||
| CVE-2024-52804 | 1 Tornadoweb | 1 Tornado | 2025-11-03 | N/A | 7.5 HIGH |
| Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests. Version 6.4.2 fixes the issue. | |||||
| CVE-2025-24269 | 1 Apple | 1 Macos | 2025-11-03 | N/A | 9.8 CRITICAL |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4. An app may be able to cause unexpected system termination. | |||||
| CVE-2025-24264 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-11-03 | N/A | 9.8 CRITICAL |
| The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash. | |||||
| CVE-2025-24260 | 1 Apple | 1 Macos | 2025-11-03 | N/A | 9.8 CRITICAL |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker in a privileged position may be able to perform a denial-of-service. | |||||
| CVE-2025-24247 | 1 Apple | 1 Macos | 2025-11-03 | N/A | 9.8 CRITICAL |
| A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker may be able to cause unexpected app termination. | |||||
| CVE-2024-21232 | 1 Oracle | 1 Mysql | 2025-11-03 | N/A | 2.2 LOW |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L). | |||||
| CVE-2024-21231 | 1 Oracle | 1 Mysql | 2025-11-03 | N/A | 3.1 LOW |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L). | |||||
| CVE-2024-21230 | 1 Oracle | 1 Mysql | 2025-11-03 | N/A | 6.5 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2024-21219 | 1 Oracle | 1 Mysql | 2025-11-03 | N/A | 4.9 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2024-21218 | 1 Oracle | 1 Mysql | 2025-11-03 | N/A | 4.9 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2024-21203 | 1 Oracle | 1 Mysql | 2025-11-03 | N/A | 4.9 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2024-21196 | 1 Oracle | 1 Mysql | 2025-11-03 | N/A | 6.5 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: X Plugin). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2024-21194 | 1 Oracle | 1 Mysql | 2025-11-03 | N/A | 4.9 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||