Total
2064 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-41226 | 2025-05-21 | N/A | 6.8 MEDIUM | ||
| VMware ESXi contains a denial-of-service vulnerability that occurs when performing a guest operation. A malicious actor with guest operation privileges on a VM, who is already authenticated through vCenter Server or ESXi may trigger this issue to create a denial-of-service condition of guest VMs with VMware Tools running and guest operations enabled. | |||||
| CVE-2025-41227 | 2025-05-21 | N/A | 5.5 MEDIUM | ||
| VMware ESXi, Workstation, and Fusion contain a denial-of-service vulnerability due to certain guest options. A malicious actor with non-administrative privileges within a guest operating system may be able to exploit this issue by exhausting memory of the host process leading to a denial-of-service condition. | |||||
| CVE-2025-5031 | 2025-05-21 | 2.6 LOW | 3.1 LOW | ||
| A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing of the component wxapkg File Decompression Handler. The manipulation leads to resource consumption. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-34326 | 1 Realtek | 2 Rtl8195am, Rtl8195am Firmware | 2025-05-21 | N/A | 7.5 HIGH |
| In ambiot amb1_sdk (aka SDK for Ameba1) before 2022-06-20 on Realtek RTL8195AM devices before 284241d70308ff2519e40afd7b284ba892c730a3, the timer task and RX task would be locked when there are frequent and continuous Wi-Fi connection (with four-way handshake) failures in Soft AP mode. | |||||
| CVE-2024-33774 | 1 Dlink | 2 Dir-619l, Dir-619l Firmware | 2025-05-21 | N/A | 6.5 MEDIUM |
| A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formWlanSetup_Wizard allows remote authenticated users to trigger a denial of service (DoS) through the parameter "webpage." | |||||
| CVE-2025-29954 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-05-19 | N/A | 5.9 MEDIUM |
| Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network. | |||||
| CVE-2025-29957 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-05-19 | N/A | 6.2 MEDIUM |
| Uncontrolled resource consumption in Windows Deployment Services allows an unauthorized attacker to deny service locally. | |||||
| CVE-2025-26677 | 1 Microsoft | 5 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 2 more | 2025-05-19 | N/A | 7.5 HIGH |
| Uncontrolled resource consumption in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network. | |||||
| CVE-2023-49550 | 1 Cesanta | 1 Mjs | 2025-05-16 | N/A | 7.5 HIGH |
| An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs+0x4ec508 component. | |||||
| CVE-2025-20084 | 2025-05-16 | N/A | 3.5 LOW | ||
| Uncontrolled resource consumption for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2025-20057 | 2025-05-16 | N/A | 3.5 LOW | ||
| Uncontrolled resource consumption for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2025-22892 | 2025-05-16 | N/A | 6.5 MEDIUM | ||
| Uncontrolled resource consumption for some OpenVINO™ model server software maintained by Intel(R) before version 2024.4 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2025-20616 | 2025-05-16 | N/A | 5.5 MEDIUM | ||
| Uncontrolled resource consumption for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via adjacent access. | |||||
| CVE-2025-26481 | 2025-05-16 | N/A | 7.5 HIGH | ||
| Dell PowerScale OneFS, versions 9.4.0.0 through 9.9.0.0, contains an uncontrolled resource consumption vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to denial of service. | |||||
| CVE-2025-30476 | 2025-05-16 | N/A | 5.3 MEDIUM | ||
| Dell PowerScale InsightIQ, version 5.2, contains an uncontrolled resource consumption vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service. | |||||
| CVE-2024-20977 | 2 Netapp, Oracle | 2 Oncommand Insight, Mysql | 2025-05-15 | N/A | 6.5 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2025-46392 | 2025-05-13 | N/A | 6.5 MEDIUM | ||
| Uncontrolled Resource Consumption vulnerability in Apache Commons Configuration 1.x. There are a number of issues in Apache Commons Configuration 1.x that allow excessive resource consumption when loading untrusted configurations or using unexpected usage patterns. The Apache Commons Configuration team does not intend to fix these issues in 1.x. Apache Commons Configuration 1.x is still safe to use in scenario's where you only load trusted configurations. Users that load untrusted configurations or give attackers control over usage patterns are recommended to upgrade to the 2.x version line, which fixes these issues. Apache Commons Configuration 2.x is not a drop-in replacement, but as it uses a separate Maven groupId and Java package namespace they can be loaded side-by-side, making it possible to do a gradual migration. | |||||
| CVE-2022-2455 | 1 Gitlab | 1 Gitlab | 2025-05-13 | N/A | 6.5 MEDIUM |
| A business logic issue in the handling of large repositories in all versions of GitLab CE/EE from 10.0 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2 allowed an authenticated and authorized user to exhaust server resources by importing a malicious project. | |||||
| CVE-2022-2931 | 1 Gitlab | 1 Gitlab | 2025-05-13 | N/A | 7.5 HIGH |
| A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Malformed content added to the issue description could have been used to trigger high CPU usage. | |||||
| CVE-2022-3283 | 1 Gitlab | 1 Gitlab | 2025-05-13 | N/A | 7.5 HIGH |
| A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 While cloning an issue with special crafted content added to the description could have been used to trigger high CPU usage. | |||||