Search Results (4069 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-26500 2026-04-15 4.6 Medium
: Uncontrolled Resource Consumption vulnerability in Wind River Systems VxWorks 7 on VxWorks allows Excessive Allocation.   Specifically crafted USB packets may lead to the system becoming unavailable This issue affects VxWorks 7: from 22.06 through 24.03.
CVE-2025-53645 1 Zimbra 1 Zimbra Collaboration Suite 2026-04-15 7.5 High
Zimbra Collaboration (ZCS) before 9.0.0 Patch 46, 10.0.x before 10.0.15, and 10.1.x before 10.1.9 is vulnerable to a denial of service condition due to improper handling of excessive, comma-separated path segments in the Admin Console. An unauthenticated remote attacker can send specially crafted GET requests that trigger redundant processing and inflated responses. This leads to uncontrolled resource consumption, resulting in denial of service.
CVE-2024-47210 1 Gladysassistant 1 Gladys Assistant 2026-04-15 8.8 High
Gladys Assistant before 4.45.1 allows Privilege Escalation (a user changing their own role) because req.body.role can be used in updateMySelf in server/api/controllers/user.controller.js.
CVE-2024-4599 1 Lan Messenger 1 Lan Messenger 2026-04-15 7.5 High
Remote denial of service vulnerability in LAN Messenger affecting version 3.4.0. This vulnerability allows an attacker to crash the LAN Messenger service by sending a long string directly and continuously over the UDP protocol.
CVE-2025-6493 1 Codemirror 1 Codemirror 2026-04-15 5.3 Medium
A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown Mode. This manipulation causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. Upgrading to version 6.0 is able to address this issue. You should upgrade the affected component. Not all code samples mentioned in the GitHub issue can be found. The repository mentions, that "CodeMirror 6 exists, and is [...] much more actively maintained."
CVE-2024-57708 2026-04-15 5.7 Medium
An issue in OneTrust SDK v.6.33.0 allows a local attacker to cause a denial of service via the Object.setPrototypeOf, __proto__, and Object.assign components. NOTE: this is disputed by the Supplier who does not agree it is a prototype pollution vulnerability.
CVE-2024-37890 2 Redhat, Websockets 3 Openshift Data Foundation, Rhdh, Ws 2026-04-15 7.5 High
ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] (e55e510) and backported to [email protected] (22c2876), [email protected] (eeb76d3), and [email protected] (4abd8f6). In vulnerable versions of ws, the issue can be mitigated in the following ways: 1. Reduce the maximum allowed length of the request headers using the --max-http-header-size=size and/or the maxHeaderSize options so that no more headers than the server.maxHeadersCount limit can be sent. 2. Set server.maxHeadersCount to 0 so that no limit is applied.
CVE-2019-25401 1 Bematech 1 Mp-4200 2026-04-15 7.5 High
Bematech (formerly Logic Controls, now Elgin) MP-4200 TH printer contains a denial of service vulnerability in the admin configuration page. Remote attackers can send crafted POST requests with malformed 'admin' and 'person' parameters to crash the printer's web service, causing a denial of service condition.
CVE-2024-1737 2 Isc, Redhat 8 Bind, Enterprise Linux, Openshift and 5 more 2026-04-15 7.5 High
Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.
CVE-2025-70347 1 Bellard 1 Mquickjs 2026-04-15 5.5 Medium
An issue in mquickjs before commit 74b7e (2026-01-15) allows a local attacker to cause a denial of service via a crafted file to the get_mblock_size function at mquickjs.c.
CVE-2025-23085 1 Redhat 1 Enterprise Linux 2026-04-15 5.3 Medium
A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions. This vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.
CVE-2024-22588 1 Ptrd 1 Kwik 2026-04-15 6.5 Medium
Kwik commit 745fd4e2 does not discard unused encryption keys.
CVE-2025-6176 1 Scrapy 1 Scrapy 2026-04-15 7.5 High
Scrapy versions up to 2.13.2 are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occurs because brotli can achieve extremely high compression ratios for zero-filled data, leading to excessive memory consumption during decompression.
CVE-2025-41361 2026-04-15 N/A
Uncontrolled resource consumption vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. The devices improperly handle TLS requests associated with PROCOME sockets, so TLS requests sent to those PROCOME ports could cause the device to reboot and result in a denial of service. To exploit this vulnerability, PROCOME ports must be configured and active, with communications encryption active.
CVE-2023-5685 1 Redhat 12 Apache-camel-spring-boot, Apache Camel Hawtio, Build Keycloak and 9 more 2026-04-15 7.5 High
A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).
CVE-2024-58306 1 Hans Alshoff 1 Minalic 2026-04-15 N/A
minaliC 2.0.0 contains a denial of service vulnerability that allows remote attackers to crash the web server by sending oversized GET requests. Attackers can send crafted HTTP requests with excessive data to overwhelm the server and cause service interruption.
CVE-2024-34045 2026-04-15 7.5 High
The O-RAN E2T I-Release Prometheus metric Increment function can crash in sctpThread.cpp for message.peerInfo->counters[IN_INITI][MSG_COUNTER][ProcedureCode_id_E2setup]->Increment().
CVE-2025-54575 1 Sixlabors 1 Imagesharp 2026-04-15 5.3 Medium
ImageSharp is a 2D graphics library. In versions below 2.1.11 and 3.0.0 through 3.1.10, a specially crafted GIF file containing a malformed comment extension block (with a missing block terminator) can cause the ImageSharp GIF decoder to enter an infinite loop while attempting to skip the block. This leads to a denial of service. Applications processing untrusted GIF input should upgrade to a patched version. This issue is fixed in versions 2.1.11 and 3.1.11.
CVE-2023-46103 1 Redhat 1 Enterprise Linux 2026-04-15 4.7 Medium
Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local access.
CVE-2025-61301 1 Cape 1 Cape 2026-04-15 7.5 High
Denial-of-analysis in reporting/mongodb.py and reporting/jsondump.py in CAPEv2 (commit 52e4b43, on 2025-05-17) allows attackers who can submit samples to cause incomplete or missing behavioral analysis reports by generating deeply nested or oversized behavior data that trigger MongoDB BSON limits or orjson recursion errors when the sample executes in the sandbox.