Total
1227 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5253 | 2025-07-25 | N/A | 6.5 MEDIUM | ||
| Allocation of Resources Without Limits or Throttling vulnerability in Kron Technologies Kron PAM allows HTTP DoS.This issue affects Kron PAM: before 3.7. | |||||
| CVE-2025-53032 | 1 Oracle | 1 Mysql Server | 2025-07-24 | N/A | 4.9 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2025-53538 | 2025-07-22 | N/A | 7.5 HIGH | ||
| Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions 7.0.10 and below and 8.0.0-beta1 through 8.0.0-rc1, mishandling of data on HTTP2 stream 0 can lead to uncontrolled memory usage, leading to loss of visibility. Workarounds include disabling the HTTP/2 parser, and using a signature like drop http2 any any -> any any (frame:http2.hdr; byte_test:1,=,0,3; byte_test:4,=,0,5; sid: 1;) where the first byte test tests the HTTP2 frame type DATA and the second tests the stream id 0. This is fixed in versions 7.0.11 and 8.0.0. | |||||
| CVE-2024-46666 | 1 Fortinet | 1 Fortios | 2025-07-22 | N/A | 5.3 MEDIUM |
| An allocation of resources without limits or throttling [CWE-770] vulnerability in FortiOS versions 7.6.0, versions 7.4.4 through 7.4.0, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow a remote unauthenticated attacker to prevent access to the GUI via specially crafted requests directed at specific endpoints. | |||||
| CVE-2025-44652 | 2025-07-22 | N/A | 7.5 HIGH | ||
| In Netgear RAX30 V1.0.10.94_3, the USERLIMIT_GLOBAL option is set to 0 in multiple bftpd-related configuration files. This can cause DoS attacks when unlimited users are connected. | |||||
| CVE-2024-38335 | 2025-07-22 | N/A | 4.5 MEDIUM | ||
| IBM Security QRadar Network Threat Analytics 1.0.0 through 1.3.1 could allow a privileged user to cause a denial of service due to improper allocation of resources. | |||||
| CVE-2025-54121 | 2025-07-22 | N/A | 5.3 MEDIUM | ||
| Starlette is a lightweight ASGI (Asynchronous Server Gateway Interface) framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files (greater than the default max spool size) starlette will block the main thread to roll the file over to disk. This blocks the event thread which means the application can't accept new connections. The UploadFile code has a minor bug where instead of just checking for self._in_memory, the logic should also check if the additional bytes will cause a rollover. The vulnerability is fixed in version 0.47.2. | |||||
| CVE-2024-37358 | 1 Apache | 1 James Server | 2025-07-16 | N/A | 8.6 HIGH |
| Similarly to CVE-2024-34055, Apache James is vulnerable to denial of service through the abuse of IMAP literals from both authenticated and unauthenticated users, which could be used to cause unbounded memory allocation and very long computations Version 3.7.6 and 3.8.2 restrict such illegitimate use of IMAP literals. | |||||
| CVE-2024-46667 | 1 Fortinet | 1 Fortisiem | 2025-07-16 | N/A | 7.5 HIGH |
| A allocation of resources without limits or throttling in Fortinet FortiSIEM 5.3 all versions, 5.4 all versions, 6.x all versions, 7.0 all versions, and 7.1.0 through 7.1.5 may allow an attacker to deny valid TLS traffic via consuming all allotted connections. | |||||
| CVE-2024-41743 | 2 Ibm, Linux | 2 Txseries For Multiplatforms, Linux Kernel | 2025-07-16 | N/A | 7.5 HIGH |
| IBM TXSeries for Multiplatforms 10.1 could allow a remote attacker to cause a denial of service using persistent connections due to improper allocation of resources. | |||||
| CVE-2024-41742 | 2 Ibm, Linux | 2 Txseries For Multiplatforms, Linux Kernel | 2025-07-16 | N/A | 7.5 HIGH |
| IBM TXSeries for Multiplatforms 10.1 is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting a slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service. | |||||
| CVE-2024-45100 | 2 Ibm, Linux | 2 Security Qradar Edr, Linux Kernel | 2025-07-16 | N/A | 4.9 MEDIUM |
| IBM Security ReaQta 3.12 could allow a privileged user to cause a denial of service by sending multiple administration requests due to improper allocation of resources. | |||||
| CVE-2025-48976 | 1 Apache | 1 Commons Fileupload | 2025-07-15 | N/A | 7.5 HIGH |
| Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue. | |||||
| CVE-2025-53628 | 2025-07-15 | N/A | N/A | ||
| cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.20.1, cpp-httplib does not have a limit for a unique line, permitting an attacker to explore this to allocate memory arbitrarily. This vulnerability is fixed in 0.20.1. NOTE: This vulnerability is related to CVE-2025-53629. | |||||
| CVE-2025-53634 | 2025-07-15 | N/A | N/A | ||
| Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. The HTTP Gateway processes headers, but with no timeout set. With a slow loris attack, an attacker could cause Denial of Service (DoS). Exploitation does not require authentication nor authorization, so anyone can exploit it. It should nonetheless not be exploitable as it is highly recommended to bury Chall-Manager deep within the infrastructure due to its large capabilities, so no users could reach the system. Patch has been implemented by commit 1385bd8 and shipped in v0.1.4. | |||||
| CVE-2025-53629 | 2025-07-15 | N/A | 7.5 HIGH | ||
| cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.23.0, incoming requests using Transfer-Encoding: chunked in the header can allocate memory arbitrarily in the server, potentially leading to its exhaustion. This vulnerability is fixed in 0.23.0. NOTE: This vulnerability is related to CVE-2025-53628. | |||||
| CVE-2025-29606 | 2025-07-15 | N/A | 4.3 MEDIUM | ||
| py-libp2p before 0.2.3 allows a peer to cause a denial of service (resource consumption) via a large RSA key. | |||||
| CVE-2024-9367 | 1 Gitlab | 1 Gitlab | 2025-07-11 | N/A | 4.3 MEDIUM |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2, that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of Service (DoS) condition while parsing templates to generate changelogs. | |||||
| CVE-2025-26480 | 1 Dell | 1 Powerscale Onefs | 2025-07-11 | N/A | 5.3 MEDIUM |
| Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.0, contains an uncontrolled resource consumption vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service. | |||||
| CVE-2024-58114 | 1 Huawei | 1 Harmonyos | 2025-07-11 | N/A | 4.0 MEDIUM |
| Resource allocation control failure vulnerability in the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability. | |||||