Search Results (4084 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-65781 1 Wekan Project 1 Wekan 2025-12-18 8.2 High
An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Attachment upload API treats the Authorization bearer value as a userId and enters a non-terminating body-handling branch for any non-empty bearer token, enabling trivial application-layer DoS and latent identity-spoofing.
CVE-2021-3737 6 Canonical, Fedoraproject, Netapp and 3 more 18 Ubuntu Linux, Fedora, Hci and 15 more 2025-12-17 7.5 High
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.
CVE-2025-48603 1 Google 1 Android 2025-12-17 5.5 Medium
In InputMethodInfo of InputMethodInfo.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-48590 1 Google 1 Android 2025-12-17 5.5 Medium
In verifyAndGetBypass of AppOpsService.java, there is a possible method for a malicious app to prevent dialing emergency services under limited circumstances due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-48584 1 Google 1 Android 2025-12-17 5.5 Medium
In multiple functions of NotificationManagerService.java, there is a possible way to bypass the per-package channel limits causing resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-48576 1 Google 1 Android 2025-12-17 5.5 Medium
In updateNotificationChannelGroupFromPrivilegedListener of NotificationManagerService.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-49000 2 Inventree, Inventree Project 2 Inventree, Inventree 2025-12-17 3.5 Low
InvenTree is an Open Source Inventory Management System. Prior to version 0.17.13, the skip field in the built-in `label-sheet` plugin lacks an upper bound, so a large value forces the server to allocate an enormous Python list. This lets any authenticated label-printing user trigger a denial-of-service via memory exhaustion. the issue is fixed in versions 0.17.13 and higher. No workaround is available aside from upgrading to the patched version.
CVE-2025-6599 1 Zyxel 132 Ax7501-b0, Ax7501-b0 Firmware, Ax7501-b1 and 129 more 2025-12-16 5.3 Medium
An uncontrolled resource consumption vulnerability in the web server of Zyxel DX3301-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an attacker to perform Slowloris‑style denial‑of‑service (DoS) attacks. Such attacks may temporarily block legitimate HTTP requests and partially disrupt access to the web management interface, while other networking services remain unaffected.
CVE-2025-3526 1 Liferay 4 Digital Experience Platform, Dxp, Liferay Portal and 1 more 2025-12-16 7.5 High
SessionClicks in Liferay Portal 7.0.0 through 7.4.3.21, and Liferay DXP 7.4 GA through update 9, 7.3 GA through update 25, and older unsupported versions does not restrict the saving of request parameters in the HTTP session, which allows remote attackers to consume system memory leading to denial-of-service (DoS) conditions via crafted HTTP requests.
CVE-2024-28863 3 Isaacs, Node-tar Project, Redhat 6 Tar, Node-tar, Enterprise Linux and 3 more 2025-12-16 6.5 Medium
node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few seconds of running it using a path with too many sub-folders inside. Version 6.2.1 fixes this issue by preventing extraction in excessively deep sub-folders.
CVE-2025-3602 1 Liferay 4 Digital Experience Platform, Dxp, Liferay Portal and 1 more 2025-12-16 7.5 High
Liferay Portal 7.4.0 through 7.4.3.97, and Liferay DXP 2023.Q3.1 through 2023.Q3.2, 7.4 GA through update 92, 7.3 GA through update 35, and 7.2 fix pack 8 through fix pack 20 does not limit the depth of a GraphQL queries, which allows remote attackers to perform denial-of-service (DoS) attacks on the application by executing complex queries.
CVE-2025-43796 1 Liferay 4 Digital Experience Platform, Dxp, Liferay Portal and 1 more 2025-12-16 7.5 High
Liferay Portal 7.4.0 through 7.4.3.101, and Liferay DXP 2023.Q3.0 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA though update 35 does not limit the number of objects returned from a GraphQL queries, which allows remote attackers to perform denial-of-service (DoS) attacks on the application by executing queries that return a large number of objects.
CVE-2025-23184 2 Apache, Redhat 2 Cxf, Jboss Enterprise Application Platform 2025-12-15 5.9 Medium
A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients).
CVE-2025-67779 2 Facebook, Vercel 5 React, React-server-dom-parcel, React-server-dom-turbopack and 2 more 2025-12-12 7.5 High
It was found that the fix addressing CVE-2025-55184 in React Server Components was incomplete and does not prevent a denial of service attack in a specific case. React Server Components versions 19.0.2, 19.1.3 and 19.2.2 are affected, allowing unsafe deserialization of payloads from HTTP requests to Server Function endpoints. This can cause an infinite loop that hangs the server process and may prevent future HTTP requests from being served.
CVE-2025-63288 1 Open5gs 1 Open5gs 2025-12-11 7.5 High
In Open5GS 2.7.6, AMF crashes when receiving an abnormal NGSetupRequest message, resulting in denial of service.
CVE-2024-30105 2 Microsoft, Redhat 5 .net, Powershell, Visual Studio and 2 more 2025-12-09 7.5 High
.NET and Visual Studio Denial of Service Vulnerability
CVE-2025-48569 1 Google 1 Android 2025-12-08 5.5 Medium
In multiple locations, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-29478 1 Treasuredata 1 Fluent Bit 2025-12-08 5.5 Medium
An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.
CVE-2025-29477 1 Treasuredata 1 Fluent Bit 2025-12-08 5.5 Medium
An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.
CVE-2022-27600 1 Qnap 3 Qts, Quts Hero, Qutscloud 2025-12-08 6.8 Medium
An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2277 and later QTS 4.5.4.2280 build 20230112 and later QuTS hero h5.0.1.2277 build 20230112 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later