CVSS: 8.8EPSS: %CPEs: 1EXPL: 0CVE-2025-58423 – Advantech DeviceOn/iEdge Path Traversal
https://notcve.org/view.php?id=CVE-2025-58423
06 Nov 2025 — Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to cause a denial-of-service condition, traverse directories, or read/write files, within the context of the local system account. • https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-310-01.json • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 83EXPL: 0CVE-2025-10259 – Denial-of-Service(DoS) Vulnerability in TCP Communication Function on MELSEC iQ-F Series CPU module
https://notcve.org/view.php?id=CVE-2025-10259
06 Nov 2025 — Improper Validation of Specified Quantity in Input vulnerability in TCP Communication Function on Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote attacker to disconnect the connection by sending specially crafted TCP packets to cause a denial-of-service (DoS) condition on the products. • https://jvn.jp/vu/JVNVU92088475 • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-27917
https://notcve.org/view.php?id=CVE-2025-27917
06 Nov 2025 — Remote Denial of Service can occur because of incorrect deserialization that results in failed memory allocation and a NULL pointer dereference. • https://anydesk.com/en/changelog/windows •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-63560
https://notcve.org/view.php?id=CVE-2025-63560
06 Nov 2025 — An issue in KiloView Dual Channel 4k HDMI & 3G-SDI HEVC Video Encoder Firmware v.1.20.0006 allows a remote attacker to cause a denial of service via the systemctrl API System/reFactory component. • http://kiloview.com •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-62596 – youki container escape and denial of service due to arbitrary write gadgets and procfs write redirects
https://notcve.org/view.php?id=CVE-2025-62596
05 Nov 2025 — Youki is a container runtime written in Rust. In versions 0.5.6 and below, youki’s apparmor handling performs insufficiently strict write-target validation, and when combined with path substitution during pathname resolution, can allow writes to unintended procfs locations. While resolving a path component-by-component, a shared-mount race can substitute intermediate components and redirect the final target. This issue is fixed in version 0.5.7. • https://github.com/youki-dev/youki/commit/5886c91073b9be748bd8d5aed49c4a820548030a • CWE-61: UNIX Symbolic Link (Symlink) Following CWE-363: Race Condition Enabling Link Following •
CVSS: 7.7EPSS: 0%CPEs: 28EXPL: 0CVE-2025-10713 – XML External Entity (XXE) Vulnerability in Multiple WSO2 Products Due to Improper XML Parser Configuration
https://notcve.org/view.php?id=CVE-2025-10713
05 Nov 2025 — A successful attack could enable a remote, unauthenticated attacker to read sensitive files from the server's filesystem or perform denial-of-service (DoS) attacks that render affected services unavailable. • https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4505 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46424
https://notcve.org/view.php?id=CVE-2025-46424
05 Nov 2025 — A high privileged attacker could potentially exploit this vulnerability leading to Denial of service. • https://www.dell.com/support/kbdoc/en-us/000384363/dsa-2025-374-security-update-for-dell-cloudlink-multiple-security-vulnerabilities • CWE-1240: Use of a Cryptographic Primitive with a Risky Implementation •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20343 – Cisco Identity Services Engine Radius Suppression Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2025-20343
05 Nov 2025 — A successful exploit could allow the attacker to cause a denial of service (DoS) condition when Cisco ISE restarts. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-radsupress-dos-8YF3JThh • CWE-697: Incorrect Comparison •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-64458 – Potential denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows
https://notcve.org/view.php?id=CVE-2025-64458
05 Nov 2025 — As a consequence, `django.http.HttpResponseRedirect`, `django.http.HttpResponsePermanentRedirect`, and the shortcut `django.shortcuts.redirect` were subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. As a consequence, `django.http.HttpResponseRedirect`, `django.http.HttpResponsePermanentRedirect`, and the shortcut `django.shortcuts.redirect` were subject to a potential denial-of-service attack via certa... • https://docs.djangoproject.com/en/dev/releases/security • CWE-407: Inefficient Algorithmic Complexity •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46404
https://notcve.org/view.php?id=CVE-2025-46404
05 Nov 2025 — A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. • https://talosintelligence.com/vulnerability_reports/TALOS-2025-2194 • CWE-476: NULL Pointer Dereference •