CVSS: 8.2EPSS: %CPEs: 1EXPL: 0CVE-2025-11774 – Malicious Code Execution Vulnerability in the Software Keyboard Function of GENESIS64, ICONICS Suite, Mobile HMI, and MC Works64
https://notcve.org/view.php?id=CVE-2025-11774
19 Dec 2025 — This could allow the attacker to disclose, tamper with, delete, or destroy information stored on the PC where the affected product is installed, or cause a denial-of-service (DoS) condition on the system, through the execution of the EXE. • https://jvn.jp/vu/JVNVU97729686 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: %CPEs: 4EXPL: 0CVE-2025-68390 – Elasticsearch Allocation of Resources Without Limits or Throttling
https://notcve.org/view.php?id=CVE-2025-68390
18 Dec 2025 — Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow an authenticated user with snapshot restore privileges to cause Excessive Allocation (CAPEC-130) of memory and a denial of service (DoS) via crafted HTTP request. • https://discuss.elastic.co/t/elasticsearch-8-19-8-9-1-8-and-9-2-2-security-update-esa-2025-37/384185 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: %CPEs: 4EXPL: 0CVE-2025-68389 – Kibana Allocation of Resources Without Limits or Throttling
https://notcve.org/view.php?id=CVE-2025-68389
18 Dec 2025 — Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana can allow a low-privileged authenticated user to cause Excessive Allocation (CAPEC-130) of computing resources and a denial of service (DoS) of the Kibana process via a crafted HTTP request. • https://discuss.elastic.co/t/kibana-8-19-9-9-1-9-and-9-2-3-security-update-esa-2025-36/384184 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: %CPEs: 4EXPL: 0CVE-2025-68384 – Elasticsearch Allocation of Resources Without Limits or Throttling
https://notcve.org/view.php?id=CVE-2025-68384
18 Dec 2025 — Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow a low-privileged authenticated user to cause Excessive Allocation (CAPEC-130) causing a persistent denial of service (OOM crash) via submission of oversized user settings data. • https://discuss.elastic.co/t/elasticsearch-8-19-9-9-1-9-and-9-2-3-security-update-esa-2025-33/384181 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: %CPEs: 4EXPL: 0CVE-2025-68383 – Filebeat Improper Validation of Specified Index, Position, or Offset in Input
https://notcve.org/view.php?id=CVE-2025-68383
18 Dec 2025 — Improper Validation of Specified Index, Position, or Offset in Input (CWE-1285) in Filebeat Syslog parser and the Libbeat Dissect processor can allow a user to trigger a Buffer Overflow (CAPEC-100) and cause a denial of service (panic/crash) of the Filebeat process via either a malformed Syslog message or a malicious tokenizer pattern in the Dissect configuration. • https://discuss.elastic.co/t/filebeat-8-19-9-9-1-9-and-9-2-3-security-update-esa-2025-32/384180 • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 6.5EPSS: %CPEs: 4EXPL: 0CVE-2025-68382 – Packetbeat Out-of-bounds Read
https://notcve.org/view.php?id=CVE-2025-68382
18 Dec 2025 — Out-of-bounds read (CWE-125) allows an unauthenticated remote attacker to perform a buffer overflow (CAPEC-100) via the NFS protocol dissector, leading to a denial-of-service (DoS) through a reliable process crash when handling truncated XDR-encoded RPC messages. • https://discuss.elastic.co/t/packetbeat-8-19-9-9-1-9-and-9-2-3-security-update-esa-2025-31/384179 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: %CPEs: 4EXPL: 0CVE-2025-68388 – Packetbeat Allocation of Resources Without Limits or Throttling
https://notcve.org/view.php?id=CVE-2025-68388
18 Dec 2025 — Allocation of resources without limits or throttling (CWE-770) allows an unauthenticated remote attacker to cause excessive allocation (CAPEC-130) of memory and CPU via the integration of malicious IPv4 fragments, leading to denial-of-service in Packetbeat. • https://discuss.elastic.co/t/packetbeat-8-19-9-9-1-9-and-9-2-3-security-update-esa-2025-29/384177 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.9EPSS: %CPEs: 1EXPL: 1CVE-2025-34451 – rofl0r/proxychains-ng <= 4.17 Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2025-34451
18 Dec 2025 — This vulnerability may allow denial of service and, under certain conditions, could be leveraged for further exploitation depending on the execution environment and applied mitigations. • https://github.com/httpsgithu/proxychains-ng/commit/cc005b7 • CWE-121: Stack-based Buffer Overflow •
CVSS: 6.9EPSS: %CPEs: 1EXPL: 1CVE-2025-34450 – merbanan/rtl_433 <= 25.02 Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2025-34450
18 Dec 2025 — This vulnerability can be exploited to cause a denial of service and, under certain conditions, may be leveraged for further exploitation depending on the execution environment and available mitigations. • https://github.com/dd32/rtl_433/commit/25e47f8 • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.1EPSS: %CPEs: 1EXPL: 1CVE-2025-34449 – Genymobile/scrcpy <= 3.3.3 Global Buffer Overflow
https://notcve.org/view.php?id=CVE-2025-34449
18 Dec 2025 — This vulnerability can be exploited to cause a denial of service and, under certain conditions, may be leveraged for further exploitation depending on the execution environment and available mitigations. ... This vulnerability can be exploited to cause a denial of service and, under certain conditions, may be leveraged for further exploitation depending on the execution environment and available mitigations. • https://github.com/Genymobile/scrcpy/commit/3e40b24 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •