Vulnerabilities (CVE)

Filtered by CWE-404
Total 488 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-49489 2025-07-03 N/A 5.4 MEDIUM
Improper Resource Shutdown or Release vulnerability in ASR Falcon_Linux、Kestrel、Lapwing_Linux on Linux (con_mgr components) allows Resource Leak Exposure. This vulnerability is associated with program files con_mgr/dialer_task.C. This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.
CVE-2024-12661 1 Iobit 1 Advanced Systemcare Ultimate 2025-07-02 4.6 MEDIUM 5.5 MEDIUM
A vulnerability was found in IObit Advanced SystemCare Utimate up to 17.0.0. It has been rated as problematic. Affected by this issue is the function 0x8001E024 in the library AscRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-6140 1 Gabime 1 Spdlog 2025-07-02 1.7 LOW 3.3 LOW
A vulnerability, which was classified as problematic, was found in spdlog up to 1.15.1. This affects the function scoped_padder in the library include/spdlog/pattern_formatter-inl.h. The manipulation leads to resource consumption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 1.15.2 is able to address this issue. The identifier of the patch is 10320184df1eb4638e253a34b1eb44ce78954094. It is recommended to upgrade the affected component.
CVE-2025-6274 1 Webassembly 1 Wabt 2025-07-02 1.7 LOW 3.3 LOW
A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been classified as problematic. Affected is the function OnDataCount of the file src/interp/binary-reader-interp.cc. The manipulation leads to resource consumption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. A similar issue reported during the same timeframe was disputed by the code maintainer because it might not affect "real world wasm programs". Therefore, this entry might get disputed as well in the future.
CVE-2025-6817 1 Hdfgroup 1 Hdf5 2025-07-01 1.7 LOW 3.3 LOW
A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5C__load_entry of the file /src/H5Centry.c. The manipulation leads to resource consumption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
CVE-2024-23930 1 Pioneer 2 Dmh-wt7600nex, Dmh-wt7600nex Firmware 2025-06-30 N/A 4.3 MEDIUM
This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Media service, which listens on TCP port 42000 by default. The issue results from improper handling of error conditions. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.
CVE-2025-6530 2025-06-26 4.3 MEDIUM 4.8 MEDIUM
A vulnerability was found in 70mai M300 up to 20250611. It has been classified as problematic. This affects an unknown part of the file demo.sh of the component Telnet Service. The manipulation leads to denial of service. Access to the local network is required for this attack. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-6401 1 Totolink 2 N300rh, N300rh Firmware 2025-06-25 2.3 LOW 3.5 LOW
A vulnerability was found in TOTOLINK N300RH 6.1c.1390_B20191101. It has been classified as problematic. This affects an unknown part of the file /boafrm/formFilter of the component HTTP POST Message Handler. The manipulation of the argument url leads to denial of service. The exploit has been disclosed to the public and may be used.
CVE-2024-57493 1 Redox-os 1 Redox 2025-06-25 N/A 5.5 MEDIUM
An issue in redoxOS relibc before commit 98aa4ea5 allows a local attacker to cause a denial of service via the setsockopt function.
CVE-2024-27527 1 Wasm3 Project 1 Wasm3 2025-06-24 N/A 7.5 HIGH
wasm3 139076a is vulnerable to Denial of Service (DoS).
CVE-2025-4867 1 Tenda 2 A15, A15 Firmware 2025-06-24 6.8 MEDIUM 6.5 MEDIUM
A vulnerability was found in Tenda A15 15.13.07.13. It has been declared as problematic. Affected by this vulnerability is the function formArpNerworkSet of the file /goform/ArpNerworkSet. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-6365 2025-06-23 5.2 MEDIUM 5.7 MEDIUM
A vulnerability was found in HobbesOSR Kitten up to c4f8b7c3158983d1020af432be1b417b28686736 and classified as critical. Affected by this issue is the function set_pte_at in the library /include/arch-arm64/pgtable.h. The manipulation leads to resource consumption. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
CVE-2025-6375 2025-06-23 1.7 LOW 3.3 LOW
A vulnerability was found in poco up to 1.14.1. It has been rated as problematic. Affected by this issue is the function MultipartInputStream of the file Net/src/MultipartReader.cpp. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.14.2 is able to address this issue. The patch is identified as 6f2f85913c191ab9ddfb8fae781f5d66afccf3bf. It is recommended to upgrade the affected component.
CVE-2025-6498 2025-06-23 1.7 LOW 3.3 LOW
A vulnerability classified as problematic has been found in HTACG tidy-html5 5.8.0. Affected is the function defaultAlloc of the file src/alloc.c. The manipulation leads to memory leak. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
CVE-2025-6496 2025-06-23 1.7 LOW 3.3 LOW
A vulnerability was found in HTACG tidy-html5 5.8.0. It has been declared as problematic. This vulnerability affects the function InsertNodeAsParent of the file src/parser.c. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
CVE-2025-1925 1 Open5gs 1 Open5gs 2025-06-23 5.0 MEDIUM 5.3 MEDIUM
A vulnerability classified as problematic was found in Open5GS up to 2.7.2. Affected by this vulnerability is the function amf_nsmf_pdusession_handle_update_sm_context of the file src/amf/nsmf-handler.c of the component AMF. The manipulation leads to denial of service. The attack can be launched remotely. This vulnerability allows a single UE to crash the AMF, resulting in the complete loss of mobility and session management services and causing a network-wide outage. All registered UEs will lose connectivity, and new registrations will be blocked until the AMF is restarted, leading to a high availability impact. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
CVE-2025-25899 1 Tp-link 2 Tl-wr841nd V11, Tl-wr841nd V11 Firmware 2025-06-20 N/A 3.5 LOW
A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the 'gw' parameter at /userRpm/WanDynamicIpV6CfgRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.
CVE-2024-3652 1 Libreswan 1 Libreswan 2025-06-17 N/A 6.5 MEDIUM
The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected.
CVE-2025-5935 2025-06-12 5.0 MEDIUM 5.3 MEDIUM
A vulnerability was found in Open5GS up to 2.7.3. It has been declared as problematic. Affected by this vulnerability is the function common_register_state of the file src/mme/emm-sm.c of the component AMF/MME. The manipulation of the argument ran_ue_id leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 62cb99755243c9c38e4c060c5d8d0e158fe8cdd5. It is recommended to apply a patch to fix this issue.
CVE-2018-8639 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1703 and 10 more 2025-06-09 7.2 HIGH 7.8 HIGH
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8641.