Total
3473 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-11274 | 1 Assimp | 1 Assimp | 2025-10-08 | 3.3 Low |
| A vulnerability was determined in Open Asset Import Library Assimp 6.0.2. Affected is the function Q3DImporter::InternReadFile of the file assimp/code/AssetLib/Q3D/Q3DLoader.cpp. This manipulation causes allocation of resources. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-56572 | 2 Ebradyjobory, Financejs | 2 Finance.js, Finance.js | 2025-10-08 | 7.5 High |
| An issue in finance.js v.4.1.0 allows a remote attacker to cause a denial of service via the seekZero() parameter. | ||||
| CVE-2025-61620 | 2025-10-08 | 6.5 Medium | ||
| A flaw was found in the server implementation of vLLM, where the handling of Jinja templates does not properly validate user-supplied input through the chat_template and chat_template_kwargs parameters. When a specially crafted template is processed, it can trigger excessive looping or recursion inside the Jinja engine, consuming large amounts of CPU and memory. This can cause the server to become unresponsive or crash, resulting in a denial-of-service (DoS) condition for applications using vLLM. | ||||
| CVE-2025-53538 | 1 Oisf | 1 Suricata | 2025-10-06 | 7.5 High |
| Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions 7.0.10 and below and 8.0.0-beta1 through 8.0.0-rc1, mishandling of data on HTTP2 stream 0 can lead to uncontrolled memory usage, leading to loss of visibility. Workarounds include disabling the HTTP/2 parser, and using a signature like drop http2 any any -> any any (frame:http2.hdr; byte_test:1,=,0,3; byte_test:4,=,0,5; sid: 1;) where the first byte test tests the HTTP2 frame type DATA and the second tests the stream id 0. This is fixed in versions 7.0.11 and 8.0.0. | ||||
| CVE-2025-61600 | 1 Stalwartlabs | 1 Stalwart | 2025-10-06 | 7.5 High |
| Stalwart is a mail and collaboration server. Versions 0.13.3 and below contain an unbounded memory allocation vulnerability in the IMAP protocol parser which allows remote attackers to exhaust server memory, potentially triggering the system's out-of-memory (OOM) killer and causing a denial of service. The CommandParser implementation enforces size limits on its dynamic buffer in most parsing states, but several state handlers omit these validation checks. This issue is fixed in version 0.13.4. A workaround for this issue is to implement rate limiting and connection monitoring at the network level, however this does not provide complete protection. | ||||
| CVE-2025-61595 | 1 Mantra | 1 Mantrachain | 2025-10-06 | N/A |
| MANTRA is a purpose-built RWA Layer 1 Blockchain, capable of adherence to real world regulatory requirements. Versions 4.0.1 and below do not enforce the tx gas limit in its send hooks. Send hooks can spend more gas than what remains in tx, combined with recursive calls in the wasm contract, potentially amplifying the gas consumption exponentially. This is fixed in version 4.0.2. | ||||
| CVE-2025-6714 | 1 Mongodb | 1 Mongodb | 2025-10-03 | 7.5 High |
| MongoDB Server's mongos component can become unresponsive to new connections due to incorrect handling of incomplete data. This affects MongoDB when configured with load balancer support. This issue affects MongoDB Server v6.0 prior to 6.0.23, MongoDB Server v7.0 prior to 7.0.20 and MongoDB Server v8.0 prior to 8.0.9 Required Configuration: This affects MongoDB sharded clusters when configured with load balancer support for mongos using HAProxy on specified ports. | ||||
| CVE-2025-6712 | 1 Mongodb | 1 Mongodb | 2025-10-03 | 6.5 Medium |
| MongoDB Server may be susceptible to disruption caused by high memory usage, potentially leading to server crash. This condition is linked to inefficiencies in memory management related to internal operations. In scenarios where certain internal processes persist longer than anticipated, memory consumption can increase, potentially impacting server stability and availability. This issue affects MongoDB Server v8.0 versions prior to 8.0.10 | ||||
| CVE-2025-40802 | 1 Siemens | 2 Ruggedcom Rst2428p, Ruggedcom Rst2428p Firmware | 2025-10-03 | 3.1 Low |
| A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions). The affected device may be susceptible to resource exhaustion when subjected to high volumes of query requests. This could allow an attacker to cause a temporary denial of service, with the system recovering once the activity stops. | ||||
| CVE-2025-55558 | 2 Linuxfoundation, Pytorch | 2 Pytorch, Pytorch | 2025-10-03 | 7.5 High |
| A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a Denial of Service (DoS). | ||||
| CVE-2025-55559 | 1 Google | 1 Tensorflow | 2025-10-03 | 7.5 High |
| An issue was discovered TensorFlow v2.18.0. A Denial of Service (DoS) occurs when padding is set to 'valid' in tf.keras.layers.Conv2D. | ||||
| CVE-2025-55551 | 2 Linuxfoundation, Pytorch | 2 Pytorch, Pytorch | 2025-10-03 | 7.5 High |
| An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation. | ||||
| CVE-2025-26699 | 3 Debian, Djangoproject, Redhat | 4 Debian Linux, Django, Ansible Automation Platform and 1 more | 2025-10-03 | 5 Medium |
| An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings. | ||||
| CVE-2014-2343 | 1 Trianglemicroworks | 1 Scada Data Gateway | 2025-10-02 | N/A |
| Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows physically proximate attackers to cause a denial of service (excessive data processing) via a crafted DNP request over a serial line. | ||||
| CVE-2014-2342 | 1 Trianglemicroworks | 1 Scada Data Gateway | 2025-10-02 | N/A |
| Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows remote attackers to cause a denial of service (excessive data processing) via a crafted DNP3 packet. | ||||
| CVE-2025-11149 | 2 @nubosoftware/node-static Project, Node-static Project | 2 @nubosoftware/node-static, Node-static | 2025-10-02 | 7.5 High |
| This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server. | ||||
| CVE-2025-4533 | 1 Guojusoft | 1 Jeecgboot | 2025-10-02 | 2.7 Low |
| A vulnerability classified as problematic was found in JeecgBoot up to 3.8.0. This vulnerability affects the function unzipFile of the file /jeecg-boot/airag/knowledge/doc/import/zip of the component Document Library Upload. The manipulation of the argument File leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-52979 | 1 Elastic | 1 Elasticsearch | 2025-10-02 | 6.5 Medium |
| Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial of Service by causing the Elasticsearch node to crash. | ||||
| CVE-2024-52981 | 1 Elastic | 1 Elasticsearch | 2025-10-02 | 4.9 Medium |
| An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow. | ||||
| CVE-2024-50094 | 1 Linux | 1 Linux Kernel | 2025-10-01 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: sfc: Don't invoke xdp_do_flush() from netpoll. Yury reported a crash in the sfc driver originated from netpoll_send_udp(). The netconsole sends a message and then netpoll invokes the driver's NAPI function with a budget of zero. It is dedicated to allow driver to free TX resources, that it may have used while sending the packet. In the netpoll case the driver invokes xdp_do_flush() unconditionally, leading to crash because bpf_net_context was never assigned. Invoke xdp_do_flush() only if budget is not zero. | ||||