CVSS: 7.6EPSS: %CPEs: 1EXPL: 0CVE-2025-9557 – Bluetooth: Mesh: Out-of-Bound Write in gen_prov_cont
https://notcve.org/view.php?id=CVE-2025-9557
26 Nov 2025 — Even on devices with some form of memory protection, this can still lead to a crash and a resultant denial of service. • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-r3j3-c5v7-2ppf • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: %CPEs: 1EXPL: 0CVE-2025-66020 – Valibot has a ReDoS vulnerability in `EMOJI_REGEX`
https://notcve.org/view.php?id=CVE-2025-66020
26 Nov 2025 — In versions from 0.31.0 to 1.1.0, the EMOJI_REGEX used in the emoji action is vulnerable to a Regular Expression Denial of Service (ReDoS) attack. A short, maliciously crafted string (e.g., <100 characters) can cause the regex engine to consume excessive CPU time (minutes), leading to a Denial of Service (DoS) for the application. • https://github.com/open-circle/valibot/commit/cfb799db301a953a0950d5c05a34a3ab121262dc • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 8.4EPSS: %CPEs: 6EXPL: 1CVE-2025-66252 – Infinite Loop Denial of Service via Failed File Deletion
https://notcve.org/view.php?id=CVE-2025-66252
26 Nov 2025 — Infinite Loop Denial of Service via Failed File Deletion in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Infinite loop when unlink() fails in status_contents.php causing DoS. Due to the fact that the unlink operation is done in a while loop; if an immutable file is specified or otherwise a file in which the process has no permissions to delete; it would ... • https://www.abdulmhsblog.com/posts/webfmvulns • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 3.3EPSS: %CPEs: 3EXPL: 0CVE-2025-65942 – VictoriaMetrics Snappy Decoder DoS Vulnerability is Causing OOM
https://notcve.org/view.php?id=CVE-2025-65942
25 Nov 2025 — In versions from 1.0.0 to before 1.110.23, from 1.111.0 to before 1.122.8, and from 1.123.0 to before 1.129.1, affected versions are vulnerable to DoS attacks because the snappy decoder ignored VictoriaMetrics request size limits allowing malformed blocks to trigger excessive memory use. This could lead to OOM errors and service instability. • https://github.com/VictoriaMetrics/VictoriaMetrics/commit/51b44afd34d2c9a392d4ebedeeb5b4a7f5beca24 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.3EPSS: %CPEs: 1EXPL: 0CVE-2025-9624 – OpenSearch 3.2.0 - Nested Boolean/Disjunction asymmetric DoS
https://notcve.org/view.php?id=CVE-2025-9624
25 Nov 2025 — A vulnerability in OpenSearch allows attackers to cause Denial of Service (DoS) by submitting complex query_string inputs. • https://fluidattacks.com/advisories/chick • CWE-674: Uncontrolled Recursion •
CVSS: 8.0EPSS: %CPEs: 1EXPL: 0CVE-2025-33203
https://notcve.org/view.php?id=CVE-2025-33203
25 Nov 2025 — A successful exploit of this vulnerability may lead to information disclosure and denial of service. • https://nvd.nist.gov/vuln/detail/CVE-2025-33203 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.3EPSS: %CPEs: -EXPL: 0CVE-2025-33197
https://notcve.org/view.php?id=CVE-2025-33197
25 Nov 2025 — A successful exploit of this vulnerability might lead to denial of service. • https://nvd.nist.gov/vuln/detail/CVE-2025-33197 • CWE-476: NULL Pointer Dereference •
CVSS: 4.4EPSS: %CPEs: -EXPL: 0CVE-2025-33195
https://notcve.org/view.php?id=CVE-2025-33195
25 Nov 2025 — A successful exploit of this vulnerability might lead to data tampering, denial of service, or escalation of privileges. • https://nvd.nist.gov/vuln/detail/CVE-2025-33195 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.7EPSS: %CPEs: -EXPL: 0CVE-2025-33194
https://notcve.org/view.php?id=CVE-2025-33194
25 Nov 2025 — A successful exploit of this vulnerability might lead to information disclosure or denial of service. • https://nvd.nist.gov/vuln/detail/CVE-2025-33194 • CWE-180: Incorrect Behavior Order: Validate Before Canonicalize •
CVSS: 5.7EPSS: %CPEs: -EXPL: 0CVE-2025-33192
https://notcve.org/view.php?id=CVE-2025-33192
25 Nov 2025 — A successful exploit of this vulnerability might lead to denial of service. • https://nvd.nist.gov/vuln/detail/CVE-2025-33192 • CWE-690: Unchecked Return Value to NULL Pointer Dereference •