Total
1503 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-39944 | 1 Dahuasecurity | 121 Ipc-hf8xxx Firmware, Ipc-hfs8449g-z7-led, Ipc-hfs8449g-z7-led Firmware and 118 more | 2025-09-30 | 7.5 High |
| A vulnerability has been found in Dahua products.Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash. | ||||
| CVE-2024-37358 | 1 Apache | 1 James Server | 2025-09-29 | 8.6 High |
| Similarly to CVE-2024-34055, Apache James is vulnerable to denial of service through the abuse of IMAP literals from both authenticated and unauthenticated users, which could be used to cause unbounded memory allocation and very long computations Version 3.7.6 and 3.8.2 restrict such illegitimate use of IMAP literals. | ||||
| CVE-2025-35965 | 1 Mattermost | 2 Mattermost, Mattermost Server | 2025-09-29 | 6.5 Medium |
| Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.10 fail to validate the uniqueness and quantity of task actions within the UpdateRunTaskActions GraphQL operation, which allows an attacker to create task items containing an excessive number of actions triggered by specific posts, overloading the server and leading to a denial-of-service (DoS) condition. | ||||
| CVE-2024-53647 | 3 Apple, Google, Trendmicro | 4 Iphone Os, Android, Id Security and 1 more | 2025-09-29 | 6.5 Medium |
| Trend Micro ID Security, version 3.0 and below contains a vulnerability that could allow an attacker to send an unlimited number of email verification requests without any restriction, potentially leading to abuse or denial of service. | ||||
| CVE-2024-47401 | 1 Mattermost | 2 Mattermost, Mattermost Server | 2025-09-29 | 4.3 Medium |
| Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1 and 9.5.x <= 9.5.9 fail to prevent detailed error messages from being displayed in Playbooks which allows an attacker to generate a large response and cause an amplified GraphQL response which in turn could cause the application to crash by sending a specially crafted request to Playbooks. | ||||
| CVE-2025-11042 | 1 Gitlab | 1 Gitlab | 2025-09-29 | 4.3 Medium |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 17.2 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1, that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of Service (DoS) condition while using specific GraphQL queries. | ||||
| CVE-2025-10867 | 1 Gitlab | 1 Gitlab | 2025-09-29 | 3.5 Low |
| An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could have allowed an authenticated user to create a denial-of-service condition by exploiting an unprotected GraphQL API through repeated requests. | ||||
| CVE-2025-10858 | 1 Gitlab | 1 Gitlab | 2025-09-29 | 7.5 High |
| An issue was discovered in GitLab CE/EE affecting all versions before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that allows unauthenticated users to cause a Denial of Service (DoS) condition while uploading specifically crafted large JSON files. | ||||
| CVE-2025-48053 | 1 Discourse | 1 Discourse | 2025-09-25 | 7.5 High |
| Discourse is an open-source discussion platform. Prior to version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch, sending a malicious URL in a PM to a bot user can cause a reduced the availability of a Discourse instance. This issue is patched in version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch. No known workarounds are available. | ||||
| CVE-2025-4437 | 1 Redhat | 1 Openshift | 2025-09-25 | 5.7 Medium |
| There's a vulnerability in the CRI-O application where when container is launched with securityContext.runAsUser specifying a non-existent user, CRI-O attempts to create the user, reading the container's entire /etc/passwd file into memory. If this file is excessively large, it can cause the a high memory consumption leading applications to be killed due to out-of-memory. As a result a denial-of-service can be achieved, possibly disrupting other pods and services running in the same host. | ||||
| CVE-2025-59418 | 1 Bunnypad | 1 Bunnypad | 2025-09-23 | 5.5 Medium |
| BunnyPad is a note taking software. Prior to version 11.0.27000.0915, opening files greater than or equal to 20MB causes buffer overflow to occur. This issue has been patched in version 11.0.27000.0915. Users who wish not to upgrade should refrain from opening files larger than 10MB. | ||||
| CVE-2024-21994 | 1 Netapp | 1 Storagegrid | 2025-09-23 | 4.3 Medium |
| StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9 are susceptible to a Denial of Service (DoS) vulnerability. Successful exploit by an authenticated attacker could lead to a service crash. | ||||
| CVE-2025-29907 | 1 Parall | 1 Jspdf | 2025-09-22 | 7.5 High |
| jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.1, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitised image urls to the addImage method, a user can provide a harmful data-url that results in high CPU utilization and denial of service. Other affected methods are html and addSvgAsImage. The vulnerability was fixed in jsPDF 3.0.1. | ||||
| CVE-2025-1250 | 1 Gitlab | 1 Gitlab | 2025-09-20 | 6.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed an authenticated user to stall background job processing by sending specially crafted commit messages, merge request descriptions, or notes. | ||||
| CVE-2025-7337 | 1 Gitlab | 1 Gitlab | 2025-09-20 | 6.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 7.8 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed an authenticated user with Developer-level access to cause a persistent denial of service affecting all users on a GitLab instance by uploading large files. | ||||
| CVE-2023-40542 | 1 F5 | 19 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 16 more | 2025-09-19 | 7.5 High |
| When TCP Verified Accept is enabled on a TCP profile that is configured on a Virtual Server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||
| CVE-2023-5072 | 2 Redhat, Stleary | 8 Amq Broker, Amq Streams, Camel K and 5 more | 2025-09-19 | 7.5 High |
| Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. | ||||
| CVE-2025-29898 | 1 Qnap | 1 Qsync Central | 2025-09-19 | 6.5 Medium |
| An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later | ||||
| CVE-2025-29890 | 1 Qnap | 1 File Station | 2025-09-19 | 6.5 Medium |
| An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4907 and later | ||||
| CVE-2025-30261 | 1 Qnap | 1 Qsync Central | 2025-09-19 | 6.5 Medium |
| An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.0 ( 2025/06/13 ) and later | ||||