Total
2717 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-45166 | 1 Uci | 1 Idol2 | 2025-09-03 | N/A | 9.8 CRITICAL |
| An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer, IDOL2 is vulnerable to Denial-of-Service (DoS) attacks and possibly remote code execution. There is an access violation and EIP overwrite after five logins. | |||||
| CVE-2024-33664 | 1 Python-jose Project | 1 Python-jose | 2025-09-02 | N/A | 5.3 MEDIUM |
| python-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) during a decode via a crafted JSON Web Encryption (JWE) token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319. | |||||
| CVE-2024-49740 | 1 Google | 1 Android | 2025-09-02 | N/A | 5.5 MEDIUM |
| In multiple locations, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-9670 | 2025-09-02 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited. | |||||
| CVE-2024-13058 | 2025-08-29 | N/A | N/A | ||
| An issue exists in SoftIron HyperCloud where authenticated, but non-admin users can create data pools, which could potentially impact the performance and availability of the backend software-defined storage subsystem. This issue only impacts SoftIron HyperCloud and related software products (such as VM Squared) software versions 2.3.0 to before 2.5.0. | |||||
| CVE-2021-28165 | 4 Eclipse, Jenkins, Netapp and 1 more | 21 Jetty, Jenkins, Cloud Manager and 18 more | 2025-08-27 | 7.8 HIGH | 7.5 HIGH |
| In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. | |||||
| CVE-1999-0159 | 1 Cisco | 1 Ios | 2025-08-27 | 5.0 MEDIUM | 3.5 LOW |
| Attackers can crash a Cisco IOS router or device, provided they can get to an interactive prompt (such as a login). This applies to some IOS 9.x, 10.x, and 11.x releases. | |||||
| CVE-2024-38360 | 1 Discourse | 1 Discourse | 2025-08-26 | N/A | 4.9 MEDIUM |
| Discourse is an open source platform for community discussion. In affected versions by creating replacement words with an almost unlimited number of characters, a moderator can reduce the availability of a Discourse instance. This issue has been addressed in stable version 3.2.3 and in current betas. Users are advised to upgrade. Users unable to upgrade may manually remove the long watched words either via SQL or Rails console. | |||||
| CVE-2024-27100 | 1 Discourse | 1 Discourse | 2025-08-26 | N/A | 6.5 MEDIUM |
| Discourse is an open source platform for community discussion. In affected versions the endpoints for suspending users, silencing users and exporting CSV files weren't enforcing limits on the sizes of the parameters that they accept. This could lead to excessive resource consumption which could render an instance inoperable. A site could be disrupted by either a malicious moderator on the same site or a malicious staff member on another site in the same multisite cluster. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-27085 | 1 Discourse | 1 Discourse | 2025-08-26 | N/A | 6.5 MEDIUM |
| Discourse is an open source platform for community discussion. In affected versions users that are allowed to invite others can inject arbitrarily large data in parameters used in the invite route. The problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable invites or restrict access to them using the `invite allowed groups` site setting. | |||||
| CVE-2024-24827 | 1 Discourse | 1 Discourse | 2025-08-26 | N/A | 5.3 MEDIUM |
| Discourse is an open source platform for community discussion. Without a rate limit on the POST /uploads endpoint, it makes it easier for an attacker to carry out a DoS attack on the server since creating an upload can be a resource intensive process. Do note that the impact varies from site to site as various site settings like `max_image_size_kb`, `max_attachment_size_kb` and `max_image_megapixels` will determine the amount of resources used when creating an upload. The issue is patched in the latest stable, beta and tests-passed version of Discourse. Users are advised to upgrade. Users unable to upgrade should reduce `max_image_size_kb`, `max_attachment_size_kb` and `max_image_megapixels` as smaller uploads require less resources to process. Alternatively, `client_max_body_size` can be reduced in Nginx to prevent large uploads from reaching the server. | |||||
| CVE-2025-57751 | 2025-08-22 | N/A | N/A | ||
| pyLoad is the free and open-source Download Manager written in pure Python. The jk parameter is received in pyLoad CNL Blueprint. Due to the lack of jk parameter verification, the jk parameter input by the user is directly determined as dykpy.evaljs(), resulting in the server CPU being fully occupied and the web-ui becoming unresponsive. This vulnerability is fixed in 0.5.0b3.dev92. | |||||
| CVE-2002-20001 | 6 Balasys, F5, Hpe and 3 more | 49 Dheater, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 46 more | 2025-08-22 | 5.0 MEDIUM | 7.5 HIGH |
| The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE. | |||||
| CVE-2025-55028 | 1 Mozilla | 1 Firefox | 2025-08-21 | N/A | 6.5 MEDIUM |
| Malicious scripts utilizing repetitive JavaScript alerts could prevent client user interaction in some scenarios and allow for denial of service attacks This vulnerability affects Firefox for iOS < 142. | |||||
| CVE-2025-55029 | 1 Mozilla | 1 Firefox | 2025-08-21 | N/A | 7.5 HIGH |
| Malicious scripts could bypass the popup blocker to spam new tabs, potentially resulting in denial of service attacks This vulnerability affects Firefox for iOS < 142. | |||||
| CVE-2021-3670 | 3 Fedoraproject, Redhat, Samba | 3 Fedora, Storage, Samba | 2025-08-21 | N/A | 6.5 MEDIUM |
| MaxQueryDuration not honoured in Samba AD DC LDAP | |||||
| CVE-2025-55588 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-08-21 | N/A | 7.5 HIGH |
| TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the fw_ip parameter at /boafrm/formPortFw. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2025-55587 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-08-21 | N/A | 7.5 HIGH |
| TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the hostname parameter at /boafrm/formMapDelDevice. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2025-55586 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-08-21 | N/A | 7.5 HIGH |
| TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the url parameter at /boafrm/formFilter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2024-46891 | 1 Siemens | 1 Sinec Ins | 2025-08-20 | N/A | 5.3 MEDIUM |
| A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly restrict the size of generated log files. This could allow an unauthenticated remote attacker to trigger a large amount of logged events to exhaust the system's resources and create a denial of service condition. | |||||