Total
159 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-66305 | 1 Getgrav | 1 Grav | 2025-12-03 | N/A | 4.9 MEDIUM |
| Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a Denial of Service (DoS) vulnerability was identified in the "Languages" submenu of the Grav admin configuration panel (/admin/config/system). Specifically, the Supported parameter fails to properly validate user input. If a malformed value is inserted—such as a single forward slash (/) or an XSS test string—it causes a fatal regular expression parsing error on the server. This leads to application-wide failure due to the use of the preg_match() function with an improperly constructed regular expression, resulting in an error. Once triggered, the site becomes completely unavailable to all users. This vulnerability is fixed in 1.8.0-beta.27. | |||||
| CVE-2024-23449 | 1 Elastic | 1 Elasticsearch | 2025-12-03 | N/A | 4.3 MEDIUM |
| An uncaught exception in Elasticsearch >= 8.4.0 and < 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypted PDF files. | |||||
| CVE-2016-10363 | 1 Elastic | 1 Logstash | 2025-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX packets could perform a denial of service attack on the Logstash instance. The errors resulting from these crafted inputs are not handled by the codec and can cause the Logstash process to exit. | |||||
| CVE-2025-20753 | 2025-12-02 | N/A | 5.3 MEDIUM | ||
| In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689252; Issue ID: MSV-4841. | |||||
| CVE-2025-20758 | 2025-12-02 | N/A | 4.9 MEDIUM | ||
| In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673755; Issue ID: MSV-4647. | |||||
| CVE-2025-20754 | 2025-12-02 | N/A | 5.3 MEDIUM | ||
| In Modem, there is a possible system crash due to an incorrect bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689251; Issue ID: MSV-4840. | |||||
| CVE-2025-0657 | 2025-12-01 | N/A | N/A | ||
| A weakness in Automated Logic and Carrier i-Vu Gen5 router on driver version drv_gen5_106-01-2380, allows malformed packets to be sent through BACnet MS/TP network causing the devices to enter a fault state. This fault state requires a manual power cycle to return the device to network visibility. | |||||
| CVE-2025-8870 | 2025-11-14 | N/A | 4.9 MEDIUM | ||
| On affected platforms running Arista EOS, certain serial console input might result in an unexpected reload of the device.153 | |||||
| CVE-2025-12423 | 1 Azure-access | 4 Blu-ic2, Blu-ic2 Firmware, Blu-ic4 and 1 more | 2025-11-07 | N/A | 7.5 HIGH |
| Protocol manipulation might lead to denial of service.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 . | |||||
| CVE-2024-28835 | 2025-11-04 | N/A | 5.0 MEDIUM | ||
| A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command. | |||||
| CVE-2025-20054 | 2025-11-03 | N/A | 6.5 MEDIUM | ||
| Uncaught exception in the core management mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2025-59462 | 1 Sick | 2 Tloc100-100, Tloc100-100 Firmware | 2025-11-03 | N/A | 6.5 MEDIUM |
| An attacker who tampers with the C++ CLI client may crash the UpdateService during file transfers, disrupting updates and availability. | |||||
| CVE-2025-59229 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2025-10-28 | N/A | 5.5 MEDIUM |
| Uncaught exception in Microsoft Office allows an unauthorized attacker to deny service locally. | |||||
| CVE-2024-49705 | 1 Softcom.wroc | 1 Iksoris | 2025-10-28 | N/A | 6.5 MEDIUM |
| Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to client-side Denial of Servise (DoS) attacks. An attacker might trick a user into using an URL with a d parameter set to an unhandled value. All the subsequent requests will not be accepted as the server returns an error message. Since this parameter is sent as part of a session cookie, the issue persists until the session expires or the user deletes cookies manually. Similar effect might be achieved when a user tries to change platform language to an unimplemented one. This vulnerability has been patched in version 79.0 | |||||
| CVE-2025-48430 | 2025-10-27 | N/A | 5.5 MEDIUM | ||
| Uncaught Exception (CWE-248) in the Command Centre Server allows an Authorized and Privileged Operator to crash the Command Centre Server at will. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 (MR2), 9.20 prior to vEL9.20.2819 (MR4), 9.10 prior to vEL9.10.3672 (MR7), 9.00 prior to vEL9.00.3831 (MR8), all versions of 8.90 and prior. | |||||
| CVE-2025-32944 | 1 Framasoft | 1 Peertube | 2025-10-21 | N/A | 6.5 MEDIUM |
| The vulnerability allows any authenticated user to cause the PeerTube server to stop functioning in a persistent manner. If user import is enabled (which is the default setting), any registered user can upload an archive for importing. The code uses the yauzl library for reading the archive. If the yauzl library encounters a filename that is considered illegal, it raises an exception that is uncaught by PeerTube, leading to a crash which repeats infinitely on startup. | |||||
| CVE-2025-62370 | 2025-10-16 | N/A | 7.5 HIGH | ||
| Alloy Core libraries at the root of the Rust Ethereum ecosystem. Prior to 0.8.26 and 1.4.1, an uncaught panic triggered by malformed input to alloy_dyn_abi::TypedData could lead to a denial-of-service (DoS) via eip712_signing_hash(). Software with high availability requirements such as network services may be particularly impacted. If in use, external auto-restarting mechanisms can partially mitigate the availability issues unless repeated attacks are possible. The vulnerability was patched by adding a check to ensure the element is not empty before accessing its first element; an error is returned if it is empty. The fix is included in version v1.4.1 and backported to v0.8.26. | |||||
| CVE-2024-8020 | 1 Lightningai | 1 Pytorch Lightning | 2025-10-15 | N/A | 7.5 HIGH |
| A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the `/api/v1/state` endpoint of `LightningApp`. This issue occurs due to improper handling of unexpected state values, which results in the server shutting down. | |||||
| CVE-2024-11172 | 1 Librechat | 1 Librechat | 2025-10-15 | N/A | 7.5 HIGH |
| A vulnerability in danny-avila/librechat version git a1647d7 allows an unauthenticated attacker to cause a denial of service by sending a crafted payload to the server. The middleware `checkBan` is not surrounded by a try-catch block, and an unhandled exception will cause the server to crash. This issue is fixed in version 0.7.6. | |||||
| CVE-2025-9124 | 2025-10-14 | N/A | N/A | ||
| A denial-of-service security issue in the affected product. The security issue stems from a fault occurring when a crafted CIP unconnected explicit message is sent. This can result in a major non-recoverable fault. | |||||