Total
1507 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-52972 | 1 Elastic | 1 Kibana | 2025-09-30 | 6.5 Medium |
| An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted request to /api/metrics/snapshot. This can be carried out by users with read access to the Observability Metrics or Logs features in Kibana. | ||||
| CVE-2024-43708 | 1 Elastic | 1 Kibana | 2025-09-30 | 6.5 Medium |
| An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted payload to a number of inputs in Kibana UI. This can be carried out by users with read access to any feature in Kibana. | ||||
| CVE-2025-26819 | 1 Getmonero | 1 Monero | 2025-09-30 | 8.6 High |
| Monero through 0.18.3.4 before ec74ff4 does not have response limits on HTTP server connections. | ||||
| CVE-2025-21614 | 2 Go-git Project, Redhat | 8 Go-git, Advanced Cluster Security, Enterprise Linux and 5 more | 2025-09-30 | 7.5 High |
| go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Users running versions of go-git from v4 and above are recommended to upgrade to v5.13 in order to mitigate this vulnerability. | ||||
| CVE-2024-39944 | 1 Dahuasecurity | 121 Ipc-hf8xxx Firmware, Ipc-hfs8449g-z7-led, Ipc-hfs8449g-z7-led Firmware and 118 more | 2025-09-30 | 7.5 High |
| A vulnerability has been found in Dahua products.Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash. | ||||
| CVE-2024-37358 | 1 Apache | 1 James Server | 2025-09-29 | 8.6 High |
| Similarly to CVE-2024-34055, Apache James is vulnerable to denial of service through the abuse of IMAP literals from both authenticated and unauthenticated users, which could be used to cause unbounded memory allocation and very long computations Version 3.7.6 and 3.8.2 restrict such illegitimate use of IMAP literals. | ||||
| CVE-2025-35965 | 1 Mattermost | 2 Mattermost, Mattermost Server | 2025-09-29 | 6.5 Medium |
| Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.10 fail to validate the uniqueness and quantity of task actions within the UpdateRunTaskActions GraphQL operation, which allows an attacker to create task items containing an excessive number of actions triggered by specific posts, overloading the server and leading to a denial-of-service (DoS) condition. | ||||
| CVE-2024-53647 | 3 Apple, Google, Trendmicro | 4 Iphone Os, Android, Id Security and 1 more | 2025-09-29 | 6.5 Medium |
| Trend Micro ID Security, version 3.0 and below contains a vulnerability that could allow an attacker to send an unlimited number of email verification requests without any restriction, potentially leading to abuse or denial of service. | ||||
| CVE-2024-47401 | 1 Mattermost | 2 Mattermost, Mattermost Server | 2025-09-29 | 4.3 Medium |
| Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1 and 9.5.x <= 9.5.9 fail to prevent detailed error messages from being displayed in Playbooks which allows an attacker to generate a large response and cause an amplified GraphQL response which in turn could cause the application to crash by sending a specially crafted request to Playbooks. | ||||
| CVE-2025-11042 | 1 Gitlab | 1 Gitlab | 2025-09-29 | 4.3 Medium |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 17.2 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1, that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of Service (DoS) condition while using specific GraphQL queries. | ||||
| CVE-2025-10867 | 1 Gitlab | 1 Gitlab | 2025-09-29 | 3.5 Low |
| An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could have allowed an authenticated user to create a denial-of-service condition by exploiting an unprotected GraphQL API through repeated requests. | ||||
| CVE-2025-10858 | 1 Gitlab | 1 Gitlab | 2025-09-29 | 7.5 High |
| An issue was discovered in GitLab CE/EE affecting all versions before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that allows unauthenticated users to cause a Denial of Service (DoS) condition while uploading specifically crafted large JSON files. | ||||
| CVE-2025-48053 | 1 Discourse | 1 Discourse | 2025-09-25 | 7.5 High |
| Discourse is an open-source discussion platform. Prior to version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch, sending a malicious URL in a PM to a bot user can cause a reduced the availability of a Discourse instance. This issue is patched in version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch. No known workarounds are available. | ||||
| CVE-2025-4437 | 1 Redhat | 1 Openshift | 2025-09-25 | 5.7 Medium |
| There's a vulnerability in the CRI-O application where when container is launched with securityContext.runAsUser specifying a non-existent user, CRI-O attempts to create the user, reading the container's entire /etc/passwd file into memory. If this file is excessively large, it can cause the a high memory consumption leading applications to be killed due to out-of-memory. As a result a denial-of-service can be achieved, possibly disrupting other pods and services running in the same host. | ||||
| CVE-2025-59418 | 1 Bunnypad | 1 Bunnypad | 2025-09-23 | 5.5 Medium |
| BunnyPad is a note taking software. Prior to version 11.0.27000.0915, opening files greater than or equal to 20MB causes buffer overflow to occur. This issue has been patched in version 11.0.27000.0915. Users who wish not to upgrade should refrain from opening files larger than 10MB. | ||||
| CVE-2024-21994 | 1 Netapp | 1 Storagegrid | 2025-09-23 | 4.3 Medium |
| StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9 are susceptible to a Denial of Service (DoS) vulnerability. Successful exploit by an authenticated attacker could lead to a service crash. | ||||
| CVE-2025-29907 | 1 Parall | 1 Jspdf | 2025-09-22 | 7.5 High |
| jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.1, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitised image urls to the addImage method, a user can provide a harmful data-url that results in high CPU utilization and denial of service. Other affected methods are html and addSvgAsImage. The vulnerability was fixed in jsPDF 3.0.1. | ||||
| CVE-2025-1250 | 1 Gitlab | 1 Gitlab | 2025-09-20 | 6.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed an authenticated user to stall background job processing by sending specially crafted commit messages, merge request descriptions, or notes. | ||||
| CVE-2025-7337 | 1 Gitlab | 1 Gitlab | 2025-09-20 | 6.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 7.8 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed an authenticated user with Developer-level access to cause a persistent denial of service affecting all users on a GitLab instance by uploading large files. | ||||
| CVE-2023-40542 | 1 F5 | 19 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 16 more | 2025-09-19 | 7.5 High |
| When TCP Verified Accept is enabled on a TCP profile that is configured on a Virtual Server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||