CVSS: 7.0EPSS: %CPEs: 1EXPL: 0CVE-2025-14038
https://notcve.org/view.php?id=CVE-2025-14038
15 Dec 2025 — This could allow an attacker to read potentially sensitive data or possibly cause a denial-of-service by writing malformed data to certain gRPC endpoints. • https://www.enterprisedb.com/docs/security/advisories/cve202514038 • CWE-306: Missing Authentication for Critical Function CWE-862: Missing Authorization •
CVSS: -EPSS: %CPEs: -EXPL: 0CVE-2025-65781
https://notcve.org/view.php?id=CVE-2025-65781
15 Dec 2025 — Attachment upload API treats the Authorization bearer value as a userId and enters a non-terminating body-handling branch for any non-empty bearer token, enabling trivial application-layer DoS and latent identity-spoofing. • https://github.com/wekan/wekan •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-43482
https://notcve.org/view.php?id=CVE-2025-43482
12 Dec 2025 — An app may be able to cause a denial-of-service. • https://support.apple.com/en-us/125887 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-43494
https://notcve.org/view.php?id=CVE-2025-43494
12 Dec 2025 — An attacker may be able to cause a persistent denial-of-service. • https://support.apple.com/en-us/125632 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-43464
https://notcve.org/view.php?id=CVE-2025-43464
12 Dec 2025 — A denial-of-service issue was addressed with improved input validation. ... Visiting a website may lead to an app denial-of-service. • https://support.apple.com/en-us/125634 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-11266 – Grassroots DICOM (GDCM) Out-of-bounds Write
https://notcve.org/view.php?id=CVE-2025-11266
12 Dec 2025 — It is exploitable via file input, simply opening a crafted malicious DICOM file is sufficient to trigger the crash, resulting in a denial-of-service condition. • https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsma-25-345-01.json • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 1CVE-2025-8083 – Vuetify Prototype Pollution via Preset options
https://notcve.org/view.php?id=CVE-2025-8083
12 Dec 2025 — This can lead to a wide range of security issues, including resource exhaustion/denial of service or unauthorized access to data. ... This can lead to a wide range of security issues, including resource exhaustion/denial of service or unauthorized access to data. • https://codepen.io/herodevs/pen/RNWoaQM/f1f4ccc7e6a307c2a8c36d948ba14755 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-67731 – Servify Express does not enforce rate limiting when parsing JSON
https://notcve.org/view.php?id=CVE-2025-67731
12 Dec 2025 — This can cause excessive memory usage, degraded performance, or process crashes, resulting in a Denial of Service (DoS). • https://github.com/Aarondoran/servify-express/commit/8dff7f56504b356278d849734ef2050e5cd23b61 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-67726 – Tornado is Vulnerable to Quadratic DoS via Crafted Multipart Parameters
https://notcve.org/view.php?id=CVE-2025-67726
12 Dec 2025 — Versions 6.5.2 and below use an inefficient algorithm when parsing parameters for HTTP header values, potentially causing a DoS. • https://github.com/tornadoweb/tornado/commit/771472cfdaeebc0d89a9cc46e249f8891a6b29cd • CWE-400: Uncontrolled Resource Consumption CWE-834: Excessive Iteration •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-67725 – Tornado is Vulnerable to Quadratic DoS via Repeated Header Coalescing
https://notcve.org/view.php?id=CVE-2025-67725
12 Dec 2025 — The function accumulates values using string concatenation when the same header name is repeated, causing a Denial of Service (DoS). • https://github.com/tornadoweb/tornado/commit/771472cfdaeebc0d89a9cc46e249f8891a6b29cd • CWE-400: Uncontrolled Resource Consumption •