Total
1503 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-3734 | 1 Stage File Proxy Project | 1 Stage File Proxy | 2025-09-02 | 5.9 Medium |
| Allocation of Resources Without Limits or Throttling vulnerability in Drupal Stage File Proxy allows Flooding.This issue affects Stage File Proxy: from 0.0.0 before 3.1.5. | ||||
| CVE-2025-3601 | 1 Gitlab | 1 Gitlab | 2025-09-02 | 6.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 8.15 before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have could have allowed an authenticated user to cause a Denial of Service (DoS) condition by submitting URLs that generate excessively large responses. | ||||
| CVE-2025-4225 | 1 Gitlab | 1 Gitlab | 2025-09-02 | 5.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 14.1 before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that that under certain conditions could have allowed an unauthenticated attacker to cause a denial-of-service condition affecting all users by sending specially crafted GraphQL requests. | ||||
| CVE-2024-51461 | 1 Ibm | 1 Qradar Wincollect | 2025-09-01 | 4.3 Medium |
| IBM QRadar WinCollect Agent 10.0 through 10.1.13 could allow a remote attacker to cause a denial of service by interrupting an HTTP request that could consume memory resources. | ||||
| CVE-2025-2559 | 1 Redhat | 2 Build Keycloak, Red Hat Single Sign On | 2025-08-30 | 4.9 Medium |
| A flaw was found in Keycloak. When the configuration uses JWT tokens for authentication, the tokens are cached until expiration. If a client uses JWT tokens with an excessively long expiration time, for example, 24 or 48 hours, the cache can grow indefinitely, leading to an OutOfMemoryError. This issue could result in a denial of service condition, preventing legitimate users from accessing the system. | ||||
| CVE-2025-58058 | 2025-08-29 | 5.3 Medium | ||
| xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current implementation allocates the full decoding buffer directly after reading the header. The LZMA header doesn't include a magic number or has a checksum to detect such an issue according to the specification. Note that the code recognizes the issue later while reading the stream, but at this time the memory allocation has already been done. This issue has been patched in version 0.5.14. | ||||
| CVE-2025-3632 | 1 Ibm | 2 4769 Developers Toolkit, Common Cryptographic Architecture | 2025-08-28 | 7.5 High |
| IBM 4769 Developers Toolkit 7.0.0 through 7.5.52 could allow a remote attacker to cause a denial of service in the Hardware Security Module (HSM) due to improper memory allocation of an excessive size. | ||||
| CVE-2024-39876 | 1 Siemens | 1 Sinema Remote Connect Server | 2025-08-27 | 4 Medium |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected applications do not properly handle log rotation. This could allow an unauthenticated remote attacker to cause a denial of service condition through resource exhaustion on the device. | ||||
| CVE-2025-54939 | 1 Litespeedtech | 4 Litespeed Web Adc, Litespeed Web Server, Lsquic and 1 more | 2025-08-27 | 5.3 Medium |
| LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak. | ||||
| CVE-2024-22436 | 2025-08-26 | 6.5 Medium | ||
| A security vulnerability in HPE IceWall Agent products could be exploited remotely to cause a denial of service. | ||||
| CVE-2024-22255 | 2 Apple, Vmware | 5 Macos, Cloud Foundation, Esxi and 2 more | 2025-08-26 | 7.1 High |
| VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process. | ||||
| CVE-2022-3423 | 1 Nocodb | 1 Nocodb | 2025-08-26 | 7.3 High |
| Allocation of Resources Without Limits or Throttling in GitHub repository nocodb/nocodb prior to 0.92.0. | ||||
| CVE-2024-31208 | 3 Element-hq, Fedoraproject, Matrix | 3 Synapse, Fedora, Synapse | 2025-08-26 | 6.5 Medium |
| Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakness in the V2 state resolution algorithm. This can induce high CPU consumption and accumulate excessive data in the database of such instances, resulting in a denial of service. Servers in private federations, or those that do not federate, are not affected. Server administrators should upgrade to 1.105.1 or later. Some workarounds are available. One can ban the malicious users or ACL block servers from the rooms and/or leave the room and purge the room using the admin API. | ||||
| CVE-2024-4140 | 2 Fedoraproject, Rjbs | 2 Fedora, Email-mime | 2025-08-26 | 7.5 High |
| An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth and the total number of parts. | ||||
| CVE-2024-37302 | 2 Element-hq, Matrix | 2 Synapse, Synapse | 2025-08-26 | 7.5 High |
| Synapse is an open-source Matrix homeserver. Synapse versions before 1.106 are vulnerable to a disk fill attack, where an unauthenticated adversary can induce Synapse to download and cache large amounts of remote media. The default rate limit strategy is insufficient to mitigate this. This can lead to a denial of service, ranging from further media uploads/downloads failing to completely unavailability of the Synapse process, depending on how Synapse was deployed. Synapse 1.106 introduces a new "leaky bucket" rate limit on remote media downloads to reduce the amount of data a user can request at a time. This does not fully address the issue, but does limit an unauthenticated user's ability to request large amounts of data to be cached. | ||||
| CVE-2024-52805 | 2 Element-hq, Matrix | 2 Synapse, Synapse | 2025-08-26 | 7.5 High |
| Synapse is an open-source Matrix homeserver. In Synapse before 1.120.1, multipart/form-data requests can in certain configurations transiently increase memory consumption beyond expected levels while processing the request, which can be used to amplify denial of service attacks. Synapse 1.120.1 resolves the issue by denying requests with unsupported multipart/form-data content type. | ||||
| CVE-2025-3050 | 1 Ibm | 1 Db2 | 2025-08-26 | 5.3 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when using Q replication due to the improper allocation of CPU resources. | ||||
| CVE-2025-54879 | 1 Joinmastodon | 1 Mastodon | 2025-08-26 | 5.3 Medium |
| Mastodon is a free, open-source social network server based on ActivityPub Mastodon which facilitates LDAP configuration for authentication. In versions 3.1.5 through 4.2.24, 4.3.0 through 4.3.11 and 4.4.0 through 4.4.3, Mastodon's rate-limiting system has a critical configuration error where the email-based throttle for confirmation emails incorrectly checks the password reset path instead of the confirmation path, effectively disabling per-email limits for confirmation requests. This allows attackers to bypass rate limits by rotating IP addresses and send unlimited confirmation emails to any email address, as only a weak IP-based throttle (25 requests per 5 minutes) remains active. The vulnerability enables denial-of-service attacks that can overwhelm mail queues and facilitate user harassment through confirmation email spam. This is fixed in versions 4.2.24, 4.3.11 and 4.4.3. | ||||
| CVE-2025-32374 | 1 Dnnsoftware | 1 Dotnetnuke | 2025-08-26 | 5.9 Medium |
| DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Possible denial of service with specially crafted information in the public registration form. This vulnerability is fixed in 9.13.8. | ||||
| CVE-2025-43762 | 1 Liferay | 2 Dxp, Portal | 2025-08-25 | N/A |
| Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allow users to upload an unlimited amount of files through the forms, the files are stored in the document_library allowing an attacker to cause a potential DDoS. | ||||