Total
1362 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-46666 | 1 Fortinet | 1 Fortios | 2025-07-22 | N/A | 5.3 MEDIUM |
| An allocation of resources without limits or throttling [CWE-770] vulnerability in FortiOS versions 7.6.0, versions 7.4.4 through 7.4.0, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow a remote unauthenticated attacker to prevent access to the GUI via specially crafted requests directed at specific endpoints. | |||||
| CVE-2025-54121 | 2025-07-22 | N/A | 5.3 MEDIUM | ||
| Starlette is a lightweight ASGI (Asynchronous Server Gateway Interface) framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files (greater than the default max spool size) starlette will block the main thread to roll the file over to disk. This blocks the event thread which means the application can't accept new connections. The UploadFile code has a minor bug where instead of just checking for self._in_memory, the logic should also check if the additional bytes will cause a rollover. The vulnerability is fixed in version 0.47.2. | |||||
| CVE-2024-46667 | 1 Fortinet | 1 Fortisiem | 2025-07-16 | N/A | 7.5 HIGH |
| A allocation of resources without limits or throttling in Fortinet FortiSIEM 5.3 all versions, 5.4 all versions, 6.x all versions, 7.0 all versions, and 7.1.0 through 7.1.5 may allow an attacker to deny valid TLS traffic via consuming all allotted connections. | |||||
| CVE-2024-41743 | 2 Ibm, Linux | 2 Txseries For Multiplatforms, Linux Kernel | 2025-07-16 | N/A | 7.5 HIGH |
| IBM TXSeries for Multiplatforms 10.1 could allow a remote attacker to cause a denial of service using persistent connections due to improper allocation of resources. | |||||
| CVE-2024-41742 | 2 Ibm, Linux | 2 Txseries For Multiplatforms, Linux Kernel | 2025-07-16 | N/A | 7.5 HIGH |
| IBM TXSeries for Multiplatforms 10.1 is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting a slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service. | |||||
| CVE-2024-45100 | 2 Ibm, Linux | 2 Security Qradar Edr, Linux Kernel | 2025-07-16 | N/A | 4.9 MEDIUM |
| IBM Security ReaQta 3.12 could allow a privileged user to cause a denial of service by sending multiple administration requests due to improper allocation of resources. | |||||
| CVE-2025-48976 | 1 Apache | 1 Commons Fileupload | 2025-07-15 | N/A | 7.5 HIGH |
| Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue. | |||||
| CVE-2025-29606 | 2025-07-15 | N/A | 4.3 MEDIUM | ||
| py-libp2p before 0.2.3 allows a peer to cause a denial of service (resource consumption) via a large RSA key. | |||||
| CVE-2024-9367 | 1 Gitlab | 1 Gitlab | 2025-07-11 | N/A | 4.3 MEDIUM |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2, that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of Service (DoS) condition while parsing templates to generate changelogs. | |||||
| CVE-2025-26480 | 1 Dell | 1 Powerscale Onefs | 2025-07-11 | N/A | 5.3 MEDIUM |
| Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.0, contains an uncontrolled resource consumption vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service. | |||||
| CVE-2024-58114 | 1 Huawei | 1 Harmonyos | 2025-07-11 | N/A | 4.0 MEDIUM |
| Resource allocation control failure vulnerability in the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-53530 | 1 Wegia | 1 Wegia | 2025-07-10 | N/A | 7.5 HIGH |
| WeGIA is a web manager for charitable institutions. The Wegia server has a vulnerability that allows excessively long HTTP GET requests to a specific URL. This issue arises from the lack of validation for the length of the errorstr parameter. Tests confirmed that the server processes URLs up to 8,142 characters, resulting in high resource consumption, elevated latency, timeouts, and read errors. This makes the server susceptible to Denial of Service (DoS) attacks. This vulnerability is fixed in 3.3.0. | |||||
| CVE-2025-53531 | 1 Wegia | 1 Wegia | 2025-07-10 | N/A | 7.5 HIGH |
| WeGIA is a web manager for charitable institutions. The Wegia server has a vulnerability that allows excessively long HTTP GET requests to a specific URL. This issue arises from the lack of validation for the length of the fid parameter. Tests confirmed that the server processes URLs up to 8,142 characters, resulting in high resource consumption, elevated latency, timeouts, and read errors. This makes the server susceptible to Denial of Service (DoS) attacks. This vulnerability is fixed in 3.3.0. | |||||
| CVE-2025-52917 | 2025-07-10 | N/A | 4.3 MEDIUM | ||
| The Yealink RPS API before 2025-05-26 lacks rate limiting, potentially enabling information disclosure via excessive requests. | |||||
| CVE-2018-6869 | 3 Canonical, Debian, Gdraheim | 3 Ubuntu Linux, Debian Linux, Zziplib | 2025-07-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash in the __zzip_parse_root_directory function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. | |||||
| CVE-2024-45797 | 1 Oisf | 1 Libhtp | 2025-07-09 | N/A | 7.5 HIGH |
| LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme slowdowns. This issue is addressed in 0.5.49. | |||||
| CVE-2025-26682 | 1 Microsoft | 2 Asp.net Core, Visual Studio 2022 | 2025-07-09 | N/A | 7.5 HIGH |
| Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network. | |||||
| CVE-2025-48467 | 1 Advantech | 6 Wise-4010lan, Wise-4010lan Firmware, Wise-4050lan and 3 more | 2025-07-09 | N/A | 6.5 MEDIUM |
| Successful exploitation of the vulnerability could allow an attacker to cause repeated reboots, potentially leading to remote denial-of-service and system unavailability. | |||||
| CVE-2025-48462 | 1 Advantech | 6 Wise-4010lan, Wise-4010lan Firmware, Wise-4050lan and 3 more | 2025-07-09 | N/A | 4.2 MEDIUM |
| Successful exploitation of the vulnerability could allow an attacker to consume all available session slots and block other users from logging in, thereby preventing legitimate users from gaining access to the product. | |||||
| CVE-2025-3221 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-07-08 | N/A | 7.5 HIGH |
| IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a remote attacker to cause a denial of service due to insufficient validation of incoming request resources. | |||||