CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-14591 – PII Leak Due to Change in EOR Handling
https://notcve.org/view.php?id=CVE-2025-14591
20 Dec 2025 — In Delphix Continuous Compliance version 2025.3.0 and later, following a recent bug fix to correctly handle CR+LF (Windows and DOS) End-of-Record (EOR) characters in delimited files, an issue was identified: using an incorrect EOR configuration can cause inaccurate parsing and leave personally identifiable information (PII) unmasked. In Delphix Continuous Compliance version 2025.3.0 and later, following a recent bug fix to correctly handle CR+LF (Windows and DOS) End-of-Record (EOR) characters... • https://portal.perforce.com/s/article/TB137 •
CVSS: 8.7EPSS: 0%CPEs: -EXPL: 0CVE-2025-14300 – Unauthenticated Access to connectAP API Endpoint on Tapo C200
https://notcve.org/view.php?id=CVE-2025-14300
20 Dec 2025 — An unauthenticated attacker on the same local network segment can exploit this to modify the device’s Wi-Fi configuration, resulting in loss of connectivity and denial-of-service (DoS). • https://www.tp-link.com/us/support/download/tapo-c200/v3/#Firmware-Release-Notes • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-14299 – Improper Content-Length Validation in HTTPS Requests on Tapo C200
https://notcve.org/view.php?id=CVE-2025-14299
20 Dec 2025 — An unauthenticated attacker on the same local network segment can send crafted HTTPS requests to trigger excessive memory allocation, causing the device to crash and resulting in denial-of-service (DoS). • https://www.tp-link.com/us/support/download/tapo-c200/v3/#Firmware-Release-Notes • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-8065 – Buffer Overflow in ONVIF XML Parser on Tapo C200
https://notcve.org/view.php?id=CVE-2025-8065
20 Dec 2025 — An unauthenticated attacker on the same local network segment can send specially crafted SOAP XML requests, causing memory overflow and device crash, resulting in denial-of-service (DoS). • https://www.tp-link.com/us/support/download/tapo-c200/v3/#Firmware-Release-Notes • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-11774 – Malicious Code Execution Vulnerability in the Software Keyboard Function of GENESIS64, ICONICS Suite, Mobile HMI, and MC Works64
https://notcve.org/view.php?id=CVE-2025-11774
19 Dec 2025 — This could allow the attacker to disclose, tamper with, delete, or destroy information stored on the PC where the affected product is installed, or cause a denial-of-service (DoS) condition on the system, through the execution of the EXE. • https://jvn.jp/vu/JVNVU97729686 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-50681
https://notcve.org/view.php?id=CVE-2025-50681
19 Dec 2025 — igmpproxy 0.4 before commit 2b30c36 allows remote attackers to cause a denial of service (application crash) via a crafted IGMPv3 membership report packet with a malicious source address. ... Affected devices that rely on unpatched versions of igmpproxy may be vulnerable to remote denial-of-service attacks across a LAN . • https://gist.github.com/miora-sora/dac1612d16c45c2aedb8605478adc28f • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-66909
https://notcve.org/view.php?id=CVE-2025-66909
19 Dec 2025 — Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image decompression bomb denial of service vulnerability. • https://github.com/Xzzz111/public_cve_report/blob/main/CVE-2025-66909_report.md • CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-68390 – Elasticsearch Allocation of Resources Without Limits or Throttling
https://notcve.org/view.php?id=CVE-2025-68390
18 Dec 2025 — Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow an authenticated user with snapshot restore privileges to cause Excessive Allocation (CAPEC-130) of memory and a denial of service (DoS) via crafted HTTP request. • https://discuss.elastic.co/t/elasticsearch-8-19-8-9-1-8-and-9-2-2-security-update-esa-2025-37/384185 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-68389 – Kibana Allocation of Resources Without Limits or Throttling
https://notcve.org/view.php?id=CVE-2025-68389
18 Dec 2025 — Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana can allow a low-privileged authenticated user to cause Excessive Allocation (CAPEC-130) of computing resources and a denial of service (DoS) of the Kibana process via a crafted HTTP request. • https://discuss.elastic.co/t/kibana-8-19-9-9-1-9-and-9-2-3-security-update-esa-2025-36/384184 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-68384 – Elasticsearch Allocation of Resources Without Limits or Throttling
https://notcve.org/view.php?id=CVE-2025-68384
18 Dec 2025 — Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow a low-privileged authenticated user to cause Excessive Allocation (CAPEC-130) causing a persistent denial of service (OOM crash) via submission of oversized user settings data. • https://discuss.elastic.co/t/elasticsearch-8-19-9-9-1-9-and-9-2-3-security-update-esa-2025-33/384181 • CWE-770: Allocation of Resources Without Limits or Throttling •