CVSS: 7.5EPSS: %CPEs: 1EXPL: 0CVE-2025-47947 – ModSecurity Has Possible DoS Vulnerability
https://notcve.org/view.php?id=CVE-2025-47947
21 May 2025 — Versions up to and including 2.9.8 are vulnerable to denial of service in one special case (in stable released versions): when the payload's content type is `application/json`, and there is at least one rule which does a `sanitiseMatchedBytes` action. A patch is available at pull request 3389 and expected to be part of version 2.9.9. • https://github.com/owasp-modsecurity/ModSecurity/pull/3389 • CWE-1050: Excessive Platform Resource Consumption within a Loop •
CVSS: 7.5EPSS: %CPEs: 1EXPL: 0CVE-2025-47291 – containerd CRI plugin: Incorrect cgroup hierarchy assignment for containers running in usernamespaced Kubernetes pods.
https://notcve.org/view.php?id=CVE-2025-47291
21 May 2025 — This may cause a denial of service of the Kubernetes node. • https://github.com/containerd/containerd/security/advisories/GHSA-cxfp-7pvr-95ff • CWE-266: Incorrect Privilege Assignment •
CVSS: 7.8EPSS: %CPEs: 2EXPL: 0CVE-2025-4416 – Events Log Track - Moderately critical - Denial of Service - SA-CONTRIB-2025-059
https://notcve.org/view.php?id=CVE-2025-4416
21 May 2025 — Allocation of Resources Without Limits or Throttling vulnerability in Drupal Events Log Track allows Excessive Allocation.This issue affects Events Log Track: from 0.0.0 before 3.1.11, from 4.0.0 before 4.0.2. • https://www.drupal.org/sa-contrib-2025-059 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.6EPSS: %CPEs: 1EXPL: 0CVE-2025-20152 – ISE restart
https://notcve.org/view.php?id=CVE-2025-20152
21 May 2025 — A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain RADIUS requests. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-restart-ss-uf986G2Q • CWE-125: Out-of-bounds Read •
CVSS: 5.0EPSS: %CPEs: 1EXPL: 0CVE-2024-23337 – jq has signed integer overflow in jv.c:jvp_array_write
https://notcve.org/view.php?id=CVE-2024-23337
21 May 2025 — In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. • https://github.com/jqlang/jq/security/advisories/GHSA-2q6r-344g-cx46 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.2EPSS: 0%CPEs: -EXPL: 0CVE-2019-16536 – Stack overflow leading to DoS can be triggered by a malicious authenticated client.
https://notcve.org/view.php?id=CVE-2019-16536
21 May 2025 — Stack overflow leading to DoS can be triggered by a malicious authenticated client in Clickhouse before 19.14.3.3. • https://clickhouse.com/docs/whats-new/security-changelog • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.3EPSS: 0%CPEs: -EXPL: 0CVE-2021-25255 – Yandex Browser Lite for Android prior to version 21.1.0 allows remote attackers to cause a denial of service.
https://notcve.org/view.php?id=CVE-2021-25255
21 May 2025 — Yandex Browser Lite for Android prior to version 21.1.0 allows remote attackers to cause a denial of service. • https://yandex.com/bugbounty/i/hall-of-fame-browser • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-4949 – XXE vulnerability in Eclipse JGit
https://notcve.org/view.php?id=CVE-2025-4949
21 May 2025 — This vulnerability can lead to information disclosure, denial of service, and other security issues. • https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1 • CWE-611: Improper Restriction of XML External Entity Reference CWE-827: Improper Control of Document Type Definition •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-4998 – H3C Magic R200G HTTP POST Request aspForm EditWlanMacList denial of service
https://notcve.org/view.php?id=CVE-2025-4998
20 May 2025 — Affected by this vulnerability is the function Edit_BasicSSID/Edit_BasicSSID_5G/SetAPWifiorLedInfoById/SetMobileAPInfoById/Asp_SetTimingtimeWifiAndLed/AddMacList/EditMacList/AddWlanMacList/EditWlanMacList of the file /goform/aspForm of the component HTTP POST Request Handler. The manipulation of the argument param leads to denial of service. ... Durch Beeinflussen des Arguments param mit unbekannten Daten kann eine denial of service-Schwachstell... • https://github.com/CH13hh/tmp_store_cc/blob/main/H3C%20Magic%20R200G/1.md • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.1EPSS: 0%CPEs: -EXPL: 1CVE-2025-4997 – H3C R2+ProG HTTP POST Request aspForm SetAPInfoById denial of service
https://notcve.org/view.php?id=CVE-2025-4997
20 May 2025 — Affected is the function UpdateWanParams/AddMacList/EditMacList/AddWlanMacList/EditWlanMacList/Edit_BasicSSID/Edit_GuestSSIDFor2P4G/Edit_BasicSSID_5G/SetAPInfoById of the file /goform/aspForm of the component HTTP POST Request Handler. The manipulation of the argument param leads to denial of service. ... Durch das Beeinflussen des Arguments param mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. • https://vuldb.com/?id.309648 • CWE-404: Improper Resource Shutdown or Release •