Total
2200 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43789 | 1 Discourse | 1 Discourse | 2025-09-25 | N/A | 7.5 HIGH |
| Discourse is an open source platform for community discussion. A user can create a post with many replies, and then attempt to fetch them all at once. This can potentially reduce the availability of a Discourse instance. This problem has been patched in the latest version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2025-48392 | 1 Apache | 1 Iotdb | 2025-09-25 | N/A | 7.5 HIGH |
| A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.3.3 through 1.3.4, from 2.0.1-beta through 2.0.4. Users are recommended to upgrade to version 2.0.5, which fixes the issue. | |||||
| CVE-2025-58157 | 1 Consensys | 1 Gnark | 2025-09-24 | N/A | 7.5 HIGH |
| gnark is a zero-knowledge proof system framework. In version 0.12.0, there is a potential denial of service vulnerability when computing scalar multiplication is using the fake-GLV algorithm. This is because the algorithm didn't converge quickly enough for some of the inputs. This issue has been patched in version 0.13.0. | |||||
| CVE-2025-6921 | 2025-09-24 | N/A | 5.3 MEDIUM | ||
| The huggingface/transformers library, versions prior to 4.53.0, is vulnerable to Regular Expression Denial of Service (ReDoS) in the AdamWeightDecay optimizer. The vulnerability arises from the _do_use_weight_decay method, which processes user-controlled regular expressions in the include_in_weight_decay and exclude_from_weight_decay lists. Malicious regular expressions can cause catastrophic backtracking during the re.search call, leading to 100% CPU utilization and a denial of service. This issue can be exploited by attackers who can control the patterns in these lists, potentially causing the machine learning task to hang and rendering services unresponsive. | |||||
| CVE-2024-53458 | 1 Sysax | 1 Multi Server | 2025-09-23 | N/A | 7.5 HIGH |
| Sysax Multi Server 6.99 is vulnerable to a denial of service (DoS) condition when processing specially crafted SSH packets. | |||||
| CVE-2025-56264 | 1 Zhyd | 1 Oneblog | 2025-09-23 | N/A | 7.5 HIGH |
| The /api/comment endpoint in zhangyd-c OneBlog 2.3.9 contains a denial-of-service vulnerability. | |||||
| CVE-2025-35432 | 1 Cisa | 1 Thorium | 2025-09-23 | N/A | 5.3 MEDIUM |
| CISA Thorium does not rate limit requests to send account verification email messages. A remote unauthenticated attacker can send unlimited messages to a user who is pending verification. Fixed in 1.1.1 by adding a rate limit set by default to 10 minutes. | |||||
| CVE-2024-50354 | 1 Consensys | 1 Gnark | 2025-09-23 | N/A | 5.5 MEDIUM |
| gnark is a fast zk-SNARK library that offers a high-level API to design circuits. In gnark 0.11.0 and earlier, deserialization of Groth16 verification keys allocate excessive memory, consuming a lot of resources and triggering a crash with the error fatal error: runtime: out of memory. | |||||
| CVE-2025-29907 | 1 Parall | 1 Jspdf | 2025-09-22 | N/A | 7.5 HIGH |
| jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.1, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitised image urls to the addImage method, a user can provide a harmful data-url that results in high CPU utilization and denial of service. Other affected methods are html and addSvgAsImage. The vulnerability was fixed in jsPDF 3.0.1. | |||||
| CVE-2024-33259 | 1 Jerryscript | 1 Jerryscript | 2025-09-22 | N/A | 5.5 MEDIUM |
| Jerryscript commit cefd391 was discovered to contain a segmentation violation via the component scanner_seek at jerry-core/parser/js/js-scanner-util.c. | |||||
| CVE-2024-53693 | 1 Qnap | 2 Qts, Quts Hero | 2025-09-20 | N/A | 7.1 HIGH |
| An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.2.3.3006 build 20250108 and later | |||||
| CVE-2025-29898 | 1 Qnap | 1 Qsync Central | 2025-09-19 | N/A | 6.5 MEDIUM |
| An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later | |||||
| CVE-2025-4444 | 2025-09-19 | 2.6 LOW | 3.7 LOW | ||
| A security flaw has been discovered in Tor up to 0.4.7.16/0.4.8.17. Impacted is an unknown function of the component Onion Service Descriptor Handler. Performing manipulation results in resource consumption. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is considered difficult. Upgrading to version 0.4.8.18 and 0.4.9.3-alpha is recommended to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2024-39908 | 2 Netapp, Ruby-lang | 3 Bootstrap Os, Hci Compute Node, Rexml | 2025-09-19 | N/A | 4.3 MEDIUM |
| REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as `<`, `0` and `%>`. If you need to parse untrusted XMLs, you many be impacted to these vulnerabilities. The REXML gem 3.3.2 or later include the patches to fix these vulnerabilities. Users are advised to upgrade. Users unable to upgrade should avoid parsing untrusted XML strings. | |||||
| CVE-2024-35176 | 1 Ruby-lang | 1 Rexml | 2025-09-19 | N/A | 5.3 MEDIUM |
| REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many `<`s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later include the patch to fix this vulnerability. As a workaround, don't parse untrusted XMLs. | |||||
| CVE-2024-21914 | 1 Rockwellautomation | 1 Factorytalk View | 2025-09-19 | N/A | 5.3 MEDIUM |
| A vulnerability exists in the affected product that allows a malicious user to restart the Rockwell Automation PanelView™ Plus 7 terminal remotely without security protections. If the vulnerability is exploited, it could lead to the loss of view or control of the PanelView™ product. | |||||
| CVE-2024-35799 | 1 Linux | 1 Linux Kernel | 2025-09-19 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Prevent crash when disable stream [Why] Disabling stream encoder invokes a function that no longer exists. [How] Check if the function declaration is NULL in disable stream encoder. | |||||
| CVE-2024-25398 | 1 Srelay Project | 1 Srelay | 2025-09-18 | N/A | 7.5 HIGH |
| In Srelay (the SOCKS proxy and Relay) v.0.4.8p3, a specially crafted network payload can trigger a denial of service condition and disrupt the service. | |||||
| CVE-2024-54113 | 1 Huawei | 1 Harmonyos | 2025-09-18 | N/A | 6.5 MEDIUM |
| Process residence vulnerability in abnormal scenarios in the print module Impact: Successful exploitation of this vulnerability may affect power consumption. | |||||
| CVE-2024-51513 | 1 Huawei | 1 Harmonyos | 2025-09-18 | N/A | 5.5 MEDIUM |
| Vulnerability of processes not being fully terminated in the VPN module Impact: Successful exploitation of this vulnerability will affect power consumption. | |||||