Total
2001 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-20977 | 2 Netapp, Oracle | 2 Oncommand Insight, Mysql | 2025-05-15 | N/A | 6.5 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2025-31245 | 2025-05-14 | N/A | 5.5 MEDIUM | ||
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. An app may be able to cause unexpected system termination. | |||||
| CVE-2025-31210 | 2025-05-14 | N/A | 6.5 MEDIUM | ||
| The issue was addressed with improved UI. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5. Processing web content may lead to a denial-of-service. | |||||
| CVE-2025-31251 | 2025-05-14 | N/A | 5.5 MEDIUM | ||
| The issue was addressed with improved input sanitization. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory. | |||||
| CVE-2025-31226 | 2025-05-14 | N/A | 5.5 MEDIUM | ||
| A logic issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5. Processing a maliciously crafted image may lead to a denial-of-service. | |||||
| CVE-2025-46392 | 2025-05-13 | N/A | 6.5 MEDIUM | ||
| Uncontrolled Resource Consumption vulnerability in Apache Commons Configuration 1.x. There are a number of issues in Apache Commons Configuration 1.x that allow excessive resource consumption when loading untrusted configurations or using unexpected usage patterns. The Apache Commons Configuration team does not intend to fix these issues in 1.x. Apache Commons Configuration 1.x is still safe to use in scenario's where you only load trusted configurations. Users that load untrusted configurations or give attackers control over usage patterns are recommended to upgrade to the 2.x version line, which fixes these issues. Apache Commons Configuration 2.x is not a drop-in replacement, but as it uses a separate Maven groupId and Java package namespace they can be loaded side-by-side, making it possible to do a gradual migration. | |||||
| CVE-2022-2455 | 1 Gitlab | 1 Gitlab | 2025-05-13 | N/A | 6.5 MEDIUM |
| A business logic issue in the handling of large repositories in all versions of GitLab CE/EE from 10.0 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2 allowed an authenticated and authorized user to exhaust server resources by importing a malicious project. | |||||
| CVE-2022-2931 | 1 Gitlab | 1 Gitlab | 2025-05-13 | N/A | 7.5 HIGH |
| A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Malformed content added to the issue description could have been used to trigger high CPU usage. | |||||
| CVE-2022-3283 | 1 Gitlab | 1 Gitlab | 2025-05-13 | N/A | 7.5 HIGH |
| A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 While cloning an issue with special crafted content added to the description could have been used to trigger high CPU usage. | |||||
| CVE-2025-30158 | 1 Namelessmc | 1 Nameless | 2025-05-13 | N/A | 7.1 HIGH |
| NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the forum allows users to post iframe elements inside forum topics/comments/feed with no restriction on the iframe's width and height attributes. This allows an authenticated attacker to perform a UI-based denial of service (DoS) by injecting oversized iframes that block the forum UI and disrupt normal user interactions. This issue has been patched in version 2.2.0. | |||||
| CVE-2025-31118 | 1 Namelessmc | 1 Nameless | 2025-05-13 | N/A | 7.1 HIGH |
| NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, forum quick reply feature (view_topic.php) does not implement any spam prevention mechanism. This allows authenticated users to continuously post replies without any time restriction, resulting in an uncontrolled surge of posts that can disrupt normal operations. This issue has been patched in version 2.2.0. | |||||
| CVE-2024-8418 | 1 Containers | 1 Aardvark-dns | 2025-05-13 | N/A | 7.5 HIGH |
| A flaw was found in Aardvark-dns, which is vulnerable to a Denial of Service attack due to the serial processing of TCP DNS queries. An attacker can exploit this flaw by keeping a TCP connection open indefinitely, causing the server to become unresponsive and resulting in other DNS queries timing out. This issue prevents legitimate users from accessing DNS services, thereby disrupting normal operations and causing service downtime. | |||||
| CVE-2025-43857 | 1 Ruby-lang | 1 Net\ | 2025-05-12 | N/A | 7.5 HIGH |
| Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibility for denial of service by memory exhaustion when net-imap reads server responses. At any time while the client is connected, a malicious server can send can send a "literal" byte count, which is automatically read by the client's receiver thread. The response reader immediately allocates memory for the number of bytes indicated by the server response. This should not be an issue when securely connecting to trusted IMAP servers that are well-behaved. It can affect insecure connections and buggy, untrusted, or compromised servers (for example, connecting to a user supplied hostname). This issue has been patched in versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5. | |||||
| CVE-2025-46580 | 1 Zte | 1 Zxcloud Goldendb | 2025-05-12 | N/A | 7.7 HIGH |
| There is a code-related vulnerability in the GoldenDB database product. Attackers can access system tables to disrupt the normal operation of business SQL. | |||||
| CVE-2025-1752 | 2025-05-12 | N/A | 7.5 HIGH | ||
| A Denial of Service (DoS) vulnerability has been identified in the KnowledgeBaseWebReader class of the run-llama/llama_index project, affecting version ~ latest(v0.12.15). The vulnerability arises due to inappropriate secure coding measures, specifically the lack of proper implementation of the max_depth parameter in the get_article_urls function. This allows an attacker to exhaust Python's recursion limit through repeated function calls, leading to resource consumption and ultimately crashing the Python process. | |||||
| CVE-2025-1948 | 2025-05-12 | N/A | 7.5 HIGH | ||
| In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGS_MAX_HEADER_LIST_SIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified capacity to encode HTTP responses, likely resulting in OutOfMemoryError being thrown, or even the JVM process exiting. | |||||
| CVE-2025-4533 | 2025-05-12 | 3.3 LOW | 2.7 LOW | ||
| A vulnerability classified as problematic was found in JeecgBoot up to 3.8.0. This vulnerability affects the function unzipFile of the file /jeecg-boot/airag/knowledge/doc/import/zip of the component Document Library Upload. The manipulation of the argument File leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-47270 | 2025-05-12 | N/A | 7.5 HIGH | ||
| nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. The `nimiq-network-libp2p` subcrate of nimiq/core-rs-albatross is vulnerable to a Denial of Service (DoS) attack due to uncontrolled memory allocation. Specifically, the implementation of the `Discovery` network message handling allocates a buffer based on a length value provided by the peer, without enforcing an upper bound. Since this length is a `u32`, a peer can trigger allocations of up to 4 GB, potentially leading to memory exhaustion and node crashes. As Discovery messages are regularly exchanged for peer discovery, this vulnerability can be exploited repeatedly. The patch for this vulnerability is formally released as part of v1.1.0. The patch implements a limit to the discovery message size of 1 MB and also resizes the message buffer size incrementally as the data is read. No known workarounds are available. | |||||
| CVE-2023-22512 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2025-05-12 | N/A | 7.5 HIGH |
| This High severity DoS (Denial of Service) vulnerability was introduced in version 5.6.0 of Confluence Data Center and Server. With a CVSS Score of 7.5, this vulnerability allows an unauthenticated attacker to cause a resource to be unavailable for its intended users by temporarily or indefinitely disrupting services of a vulnerable host (Confluence instance) connected to a network, which has no impact to confidentiality, no impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Confluence Data Center and Server 7.19: Upgrade to a release greater than or equal to 7.19.14 Confluence Data Center and Server 8.5: Upgrade to a release greater than or equal to 8.5.1 Confluence Data Center and Server 8.6 or above: No need to upgrade, you're already on a patched version See the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html ). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives ]). This vulnerability was reported via our Bug Bounty program. | |||||
| CVE-2023-50868 | 2025-05-12 | N/A | 7.5 HIGH | ||
| The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations. | |||||