Total
2200 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-7070 | 1 Iroad | 2 Q9, Q9 Firmware | 2025-10-01 | 3.3 LOW | 4.3 MEDIUM |
| A vulnerability has been found in IROAD Dashcam Q9 up to 20250624 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component MFA Pairing Request Handler. The manipulation leads to allocation of resources. The attack needs to be done within the local network. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-7074 | 1 Vercel | 1 Hyper | 2025-10-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as problematic has been found in vercel hyper up to 3.4.1. This affects the function expand/braceExpand/ignoreMap of the file hyper/bin/rimraf-standalone.js. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-11835 | 1 Plextrac | 1 Plextrac | 2025-10-01 | N/A | 7.5 HIGH |
| Uncontrolled Resource Consumption vulnerability in PlexTrac allows WebSocket DoS.This issue affects PlexTrac: from 1.61.3 before 2.8.1. | |||||
| CVE-2024-52974 | 1 Elastic | 1 Kibana | 2025-09-30 | N/A | 6.5 MEDIUM |
| An issue has been identified where a specially crafted request sent to an Observability API could cause the kibana server to crash. A successful attack requires a malicious user to have read permissions for Observability assigned to them. | |||||
| CVE-2024-52980 | 1 Elastic | 1 Elasticsearch | 2025-09-30 | N/A | 6.5 MEDIUM |
| A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash. A successful attack requires a malicious user to have read_pipeline Elasticsearch cluster privilege assigned to them. | |||||
| CVE-2025-6365 | 1 Hobbesosr | 1 Kitten | 2025-09-30 | 5.2 MEDIUM | 5.7 MEDIUM |
| A vulnerability was found in HobbesOSR Kitten up to c4f8b7c3158983d1020af432be1b417b28686736 and classified as critical. Affected by this issue is the function set_pte_at in the library /include/arch-arm64/pgtable.h. The manipulation leads to resource consumption. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | |||||
| CVE-2025-21614 | 1 Go-git Project | 1 Go-git | 2025-09-30 | N/A | 7.5 HIGH |
| go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Users running versions of go-git from v4 and above are recommended to upgrade to v5.13 in order to mitigate this vulnerability. | |||||
| CVE-2025-58767 | 1 Ruby-lang | 1 Rexml | 2025-09-30 | N/A | 5.3 MEDIUM |
| REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches to fix these vulnerabilities. | |||||
| CVE-2024-53647 | 3 Apple, Google, Trendmicro | 3 Iphone Os, Android, Id Security | 2025-09-29 | N/A | 6.5 MEDIUM |
| Trend Micro ID Security, version 3.0 and below contains a vulnerability that could allow an attacker to send an unlimited number of email verification requests without any restriction, potentially leading to abuse or denial of service. | |||||
| CVE-2025-6493 | 2025-09-29 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown Mode. This manipulation causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. Upgrading to version 6.0 is able to address this issue. You should upgrade the affected component. Not all code samples mentioned in the GitHub issue can be found. The repository mentions, that "CodeMirror 6 exists, and is [...] much more actively maintained." | |||||
| CVE-2024-37281 | 1 Elastic | 1 Kibana | 2025-09-29 | N/A | 6.5 MEDIUM |
| An issue was discovered in Kibana where a user with Viewer role could cause a Kibana instance to crash by sending a large number of maliciously crafted requests to a specific endpoint. | |||||
| CVE-2025-57446 | 2025-09-26 | N/A | 7.5 HIGH | ||
| An issue in O-RAN Near Realtime RIC ric-plt-submgr in the J-Release environment, allows remote attackers to cause a denial of service (DoS) via a crafted request to the Subscription Manager API component. | |||||
| CVE-2025-55560 | 2025-09-26 | N/A | 7.5 HIGH | ||
| An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor. | |||||
| CVE-2025-46593 | 1 Huawei | 1 Harmonyos | 2025-09-26 | N/A | 5.1 MEDIUM |
| Process residence vulnerability in abnormal scenarios in the print module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2024-7254 | 2 Google, Netapp | 8 Protobuf, Protobuf-java, Protobuf-javalite and 5 more | 2025-09-26 | N/A | 7.5 HIGH |
| Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker. | |||||
| CVE-2025-59830 | 2025-09-26 | N/A | 7.5 HIGH | ||
| Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforces its params_limit only for parameters separated by &, while still splitting on both & and ;. As a result, attackers could use ; separators to bypass the parameter count limit and submit more parameters than intended. Applications or middleware that directly invoke Rack::QueryParser with its default configuration (no explicit delimiter) could be exposed to increased CPU and memory consumption. This can be abused as a limited denial-of-service vector. This issue has been patched in version 2.2.18. | |||||
| CVE-2025-57317 | 2025-09-26 | N/A | 7.5 HIGH | ||
| apidoc-core is the core parser library to generate apidoc result following the apidoc-spec. A Prototype Pollution vulnerability in the preProcess function of apidoc-core versions thru 0.15.0 allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence. | |||||
| CVE-2025-25293 | 2 Omniauth, Onelogin | 2 Omniauth Saml, Ruby-saml | 2025-09-26 | N/A | 7.5 HIGH |
| ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote Denial of Service (DoS) with compressed SAML responses. ruby-saml uses zlib to decompress SAML responses in case they're compressed. It is possible to bypass the message size check with a compressed assertion since the message size is checked before inflation and not after. This issue may lead to remote Denial of Service (DoS). Versions 1.12.4 and 1.18.0 fix the issue. | |||||
| CVE-2024-53851 | 1 Discourse | 1 Discourse | 2025-09-26 | N/A | 4.3 MEDIUM |
| Discourse is an open source platform for community discussion. In affected versions the endpoint for generating inline oneboxes for URLs wasn't enforcing limits on the number of URLs that it accepted, allowing a malicious user to inflict denial of service on some parts of the app. This vulnerability is only exploitable by authenticated users. This issue has been patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. Users unable to upgrade should turn off the `enable inline onebox on all domains` site setting and remove all entries from the `allowed inline onebox domains` site setting. | |||||
| CVE-2025-48053 | 1 Discourse | 1 Discourse | 2025-09-25 | N/A | 7.5 HIGH |
| Discourse is an open-source discussion platform. Prior to version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch, sending a malicious URL in a PM to a bot user can cause a reduced the availability of a Discourse instance. This issue is patched in version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch. No known workarounds are available. | |||||