Total
1556 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-64508 | 1 Bugsink | 1 Bugsink | 2025-11-12 | 7.5 High |
| Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.5, brotli "bombs" (highly compressed brotli streams, such as many zeros) can be sent to the server. Since the server will attempt to decompress these streams before applying various maximums, this can lead to exhaustion of the available memory and thus a Denial of Service. This can be done if the `DSN` is known, which it is in many common setups (JavaScript, Mobile Apps). The issue is patched in Bugsink version `2.0.5`. The vulnerability is similar to, but distinct from, another brotli-related problem in Bugsink, GHSA-rrx3-2x4g-mq2h/CVE-2025-64509. | ||||
| CVE-2025-64509 | 1 Bugsink | 1 Bugsink | 2025-11-12 | 7.5 High |
| Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.6, a specially crafted Brotli-compressed envelope can cause Bugsink to spend excessive CPU time in decompression, leading to denial of service. This can be done if the DSN is known, which it is in many common setups (JavaScript, Mobile Apps). The issue is patched in Bugsink 2.0.6. The vulnerability is similar to, but distinct from, another brotli-related problem in Bugsink, GHSA-fc2v-vcwj-269v/CVE-2025-64508. | ||||
| CVE-2023-53051 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-11-12 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: dm crypt: add cond_resched() to dmcrypt_write() The loop in dmcrypt_write may be running for unbounded amount of time, thus we need cond_resched() in it. This commit fixes the following warning: [ 3391.153255][ C12] watchdog: BUG: soft lockup - CPU#12 stuck for 23s! [dmcrypt_write/2:2897] ... [ 3391.387210][ C12] Call trace: [ 3391.390338][ C12] blk_attempt_bio_merge.part.6+0x38/0x158 [ 3391.395970][ C12] blk_attempt_plug_merge+0xc0/0x1b0 [ 3391.401085][ C12] blk_mq_submit_bio+0x398/0x550 [ 3391.405856][ C12] submit_bio_noacct+0x308/0x380 [ 3391.410630][ C12] dmcrypt_write+0x1e4/0x208 [dm_crypt] [ 3391.416005][ C12] kthread+0x130/0x138 [ 3391.419911][ C12] ret_from_fork+0x10/0x18 | ||||
| CVE-2025-24312 | 1 F5 | 4 Big-ip, Big-ip Advanced Firewall Manager, Big-ip Afm and 1 more | 2025-11-12 | 7.5 High |
| When BIG-IP AFM is provisioned with IPS module enabled and protocol inspection profile is configured on a virtual server or firewall rule or policy, undisclosed traffic can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2023-6563 | 1 Redhat | 9 Build Keycloak, Enterprise Linux, Keycloak and 6 more | 2025-11-11 | 7.7 High |
| An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of offline tokens (> 500,000 users with each having at least 2 saved sessions). If an attacker creates two or more user sessions and then open the "consents" tab of the admin User Interface, the UI attempts to load a huge number of offline client sessions leading to excessive memory and CPU consumption which could potentially crash the entire system. | ||||
| CVE-2025-50172 | 1 Microsoft | 16 Server, Windows, Windows 10 and 13 more | 2025-11-10 | 6.5 Medium |
| Allocation of resources without limits or throttling in Windows DirectX allows an authorized attacker to deny service over a network. | ||||
| CVE-2025-46556 | 1 Mantisbt | 1 Mantisbt | 2025-11-07 | 6.5 Medium |
| Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.27.1 and below allow attackers to permanently corrupt issue activity logs by submitting extremely long notes (tested with 4,788,761 characters) due to a lack of server-side validation of note length. Once such a note is added, the activity stream UI fails to render; therefore, new notes cannot be displayed, effectively breaking all future collaboration on the issue. This issue is fixed in version 2.27.2. | ||||
| CVE-2025-11832 | 2 Azure-access, Azure Access Technology | 6 Blu-ic2, Blu-ic2 Firmware, Blu-ic4 and 3 more | 2025-11-07 | 9.8 Critical |
| Allocation of Resources Without Limits or Throttling vulnerability in Azure Access Technology BLU-IC2, Azure Access Technology BLU-IC4 allows Flooding.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | ||||
| CVE-2023-5379 | 1 Redhat | 11 Jboss Data Grid, Jboss Enterprise Application Platform, Jboss Enterprise Application Platform Eus and 8 more | 2025-11-07 | 7.5 High |
| A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS). | ||||
| CVE-2025-26466 | 4 Canonical, Debian, Openbsd and 1 more | 5 Ubuntu Linux, Debian Linux, Openssh and 2 more | 2025-11-06 | 5.9 Medium |
| A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack. | ||||
| CVE-2025-4821 | 1 Cloudflare | 1 Quiche | 2025-11-06 | 7.5 High |
| Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating a congestion-controlled data transfer towards itself. Then, it could manipulate the victim's congestion control state by sending ACK frames covering a large range of packet numbers (including packet numbers that had never been sent); see RFC 9000 Section 19.3. The victim could grow the congestion window beyond typical expectations and allow more bytes in flight than the path might really support. In extreme cases, the window might grow beyond the limit of the internal variable's type, leading to an overflow panic. Patches quiche 0.24.4 is the earliest version containing the fix for this issue. | ||||
| CVE-2025-4820 | 1 Cloudflare | 1 Quiche | 2025-11-06 | 5.3 Medium |
| Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating a congestion-controlled data transfer towards itself. Then, it could manipulate the victim's congestion control state by sending ACK frames exercising an opportunistic ACK attack; see RFC 9000 Section 21.4. The victim could grow the congestion window beyond typical expectations and allow more bytes in flight than the path might really support. Patches quiche 0.24.4 is the earliest version containing the fix for this issue. | ||||
| CVE-2025-61723 | 1 Golang | 1 Encoding | 2025-11-04 | 7.5 High |
| The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs. | ||||
| CVE-2025-59375 | 1 Libexpat Project | 1 Libexpat | 2025-11-04 | 7.5 High |
| libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing. | ||||
| CVE-2025-58185 | 1 Golang | 1 Encoding | 2025-11-04 | 5.3 Medium |
| Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion. | ||||
| CVE-2025-58183 | 1 Golang | 1 Archive | 2025-11-04 | 4.3 Medium |
| tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations. | ||||
| CVE-2025-55163 | 1 Netty | 1 Netty | 2025-11-04 | 7.5 High |
| Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit - which results in resource exhaustion and distributed denial of service. This issue has been patched in versions 4.1.124.Final and 4.2.4.Final. | ||||
| CVE-2025-43211 | 1 Apple | 9 Ios, Ipados, Iphone Os and 6 more | 2025-11-04 | 6.2 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, macOS Sequoia 15.6, iPadOS 17.7.9, iOS 18.6 and iPadOS 18.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing web content may lead to a denial-of-service. | ||||
| CVE-2024-27316 | 4 Apache, Fedoraproject, Netapp and 1 more | 7 Http Server, Fedora, Ontap and 4 more | 2025-11-04 | 7.5 High |
| HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion. | ||||
| CVE-2023-27958 | 1 Apple | 1 Macos | 2025-11-04 | 9.1 Critical |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A remote user may be able to cause unexpected system termination or corrupt kernel memory. | ||||