Total
672 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-53015 | 2025-07-15 | N/A | 7.5 HIGH | ||
| ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0, infinite lines occur when writing during a specific XMP file conversion command. Version 7.1.2-0 fixes the issue. | |||||
| CVE-2025-53628 | 2025-07-15 | N/A | N/A | ||
| cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.20.1, cpp-httplib does not have a limit for a unique line, permitting an attacker to explore this to allocate memory arbitrarily. This vulnerability is fixed in 0.20.1. NOTE: This vulnerability is related to CVE-2025-53629. | |||||
| CVE-2024-9340 | 1 Zenml | 1 Zenml | 2025-07-15 | N/A | 7.5 HIGH |
| A Denial of Service (DoS) vulnerability in zenml-io/zenml version 0.66.0 allows unauthenticated attackers to cause excessive resource consumption by sending malformed multipart requests with arbitrary characters appended to the end of multipart boundaries. This flaw in the multipart request boundary processing mechanism leads to an infinite loop, resulting in a complete denial of service for all users. Affected endpoints include `/api/v1/login` and `/api/v1/device_authorization`. | |||||
| CVE-2023-52726 | 1 Linuxfoundation | 1 Onos-ric-sdk-go | 2025-07-14 | N/A | 6.5 MEDIUM |
| Open Networking Foundation SD-RAN ONOS onos-ric-sdk-go 0.8.12 allows infinite repetition of the processing of an error (in the Subscribe function implementation for the subscribed indication stream). | |||||
| CVE-2020-18442 | 3 Debian, Fedoraproject, Gdraheim | 3 Debian Linux, Fedora, Zziplib | 2025-07-10 | 2.1 LOW | 3.3 LOW |
| Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzip_file_read" in the function "unzzip_cat_file". | |||||
| CVE-2025-42954 | 2025-07-08 | N/A | 2.7 LOW | ||
| SAP NetWeaver Business Warehouse CCAW application allows a privileged attacker to cause a high CPU load by executing a RFC enabled function modules without any input parameters, which results in reduced performance or interrupted operation of the affected resource. This leads to low impact on availability of the application, there is no impact on confidentiality and integrity. | |||||
| CVE-2020-28095 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-07-07 | 7.8 HIGH | 7.5 HIGH |
| On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, a large HTTP POST request sent to the change password API will trigger the router to crash and enter an infinite boot loop. | |||||
| CVE-2020-15598 | 2 Debian, Owasp | 2 Debian Linux, Modsecurity | 2025-07-03 | 5.0 MEDIUM | 7.5 HIGH |
| Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request. NOTE: The discoverer reports "Trustwave has signaled they are disputing our claims." The CVE suggests that there is a security issue with how ModSecurity handles regular expressions that can result in a Denial of Service condition. The vendor does not consider this as a security issue because1) there is no default configuration issue here. An attacker would need to know that a rule using a potentially problematic regular expression was in place, 2) the attacker would need to know the basic nature of the regular expression itself to exploit any resource issues. It's well known that regular expression usage can be taxing on system resources regardless of the use case. It is up to the administrator to decide on when it is appropriate to trade resources for potential security benefit | |||||
| CVE-2024-28836 | 1 Arm | 1 Mbed Tls | 2025-06-27 | N/A | 5.4 MEDIUM |
| An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When negotiating the TLS version on the server side, it can fall back to the TLS 1.2 implementation of the protocol if it is disabled. If the TLS 1.2 implementation was disabled at build time, a TLS 1.2 client could put a TLS 1.3-only server into an infinite loop processing a TLS 1.2 ClientHello, resulting in a denial of service. If the TLS 1.2 implementation was disabled at runtime, a TLS 1.2 client can successfully establish a TLS 1.2 connection with the server. | |||||
| CVE-2025-2962 | 2025-06-26 | N/A | 7.5 HIGH | ||
| A denial-of-service issue in the dns implemenation could cause an infinite loop. | |||||
| CVE-2022-24763 | 2 Debian, Pjsip | 2 Debian Linux, Pjsip | 2025-06-25 | 5.0 MEDIUM | 7.5 HIGH |
| PJSIP is a free and open source multimedia communication library written in the C language. Versions 2.12 and prior contain a denial-of-service vulnerability that affects PJSIP users that consume PJSIP's XML parsing in their apps. Users are advised to update. There are no known workarounds. | |||||
| CVE-2024-22654 | 1 Broadcom | 1 Tcpreplay | 2025-06-23 | N/A | 7.5 HIGH |
| tcpreplay v4.4.4 was discovered to contain an infinite loop via the tcprewrite function at get.c. | |||||
| CVE-2021-42143 | 1 Contiki-ng | 1 Tinydtls | 2025-06-20 | N/A | 9.1 CRITICAL |
| An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. An infinite loop bug exists during the handling of a ClientHello handshake message. This bug allows remote attackers to cause a denial of service by sending a malformed ClientHello handshake message with an odd length of cipher suites, which triggers an infinite loop (consuming all resources) and a buffer over-read that can disclose sensitive information. | |||||
| CVE-2024-36288 | 1 Linux | 1 Linux Kernel | 2025-06-19 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix loop termination condition in gss_free_in_token_pages() The in_token->pages[] array is not NULL terminated. This results in the following KASAN splat: KASAN: maybe wild-memory-access in range [0x04a2013400000008-0x04a201340000000f] | |||||
| CVE-2024-24746 | 1 Apache | 1 Nimble | 2025-06-17 | N/A | 7.5 HIGH |
| Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache NimBLE. Specially crafted GATT operation can cause infinite loop in GATT server leading to denial of service in Bluetooth stack or device. This issue affects Apache NimBLE: through 1.6.0. Users are recommended to upgrade to version 1.7.0, which fixes the issue. | |||||
| CVE-2023-51890 | 1 Ctan | 1 Mathtex | 2025-06-17 | N/A | 7.5 HIGH |
| An infinite loop issue discovered in Mathtex 1.05 and before allows a remote attackers to consume CPU resources via crafted string in the application URL. | |||||
| CVE-2023-50120 | 1 Gpac | 1 Gpac | 2025-06-17 | N/A | 5.5 MEDIUM |
| MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master was discovered to contain an infinite loop in the function av1_uvlc at media_tools/av_parsers.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file. | |||||
| CVE-2025-48879 | 2025-06-12 | N/A | 6.5 MEDIUM | ||
| OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through that make the web server component become unresponsive. The issue can be triggered by a broken multipart/form-data request lacking an end boundary to any of OctoPrint's endpoints implemented through the octoprint.server.util.tornado.UploadStorageFallbackHandler request handler. The request handler will get stuck in an endless busy loop, looking for a part of the request that will never come. As Tornado is single-threaded, that will effectively block the whole web server. The vulnerability has been patched in version 1.11.2. | |||||
| CVE-2025-30145 | 2025-06-12 | N/A | 7.5 HIGH | ||
| GeoServer is an open source server that allows users to share and edit geospatial data. Malicious Jiffle scripts can be executed by GeoServer, either as a rendering transformation in WMS dynamic styles or as a WPS process, that can enter an infinite loop to trigger denial of service. This vulnerability is fixed in 2.27.0, 2.26.3, and 2.25.7. This vulnerability can be mitigated by disabling WMS dynamic styling and the Jiffle process. | |||||
| CVE-2025-0673 | 2025-06-12 | N/A | 7.5 HIGH | ||
| An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2, allow an attacker to trigger an infinite redirect loop, potentially leading to a denial of service condition. | |||||