CVSS: 5.5EPSS: %CPEs: 1EXPL: 0CVE-2025-27701
https://notcve.org/view.php?id=CVE-2025-27701
27 May 2025 — In the function process_crypto_cmd, the values of ptrs[i] can be potentially equal to NULL which is valid value after calling slice_map_array(). Later this values will be derefenced without prior NULL check, which can lead to local Temporary DoS or OOB Read, leading to information disclosure. • https://source.android.com/security/bulletin/pixel/2025-05-01 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 1%CPEs: 13EXPL: 0CVE-2025-41653 – Weidmueller: Denial-of-Service Vulnerability in the web server functionality of Industrial Ethernet Switches
https://notcve.org/view.php?id=CVE-2025-41653
27 May 2025 — An unauthenticated remote attacker can exploit a denial-of-service vulnerability in the device's web server functionality by sending a specially crafted HTTP request with a malicious header, potentially causing the server to crash or become unresponsive. • https://certvde.com/en/advisories/VDE-2025-044 • CWE-410: Insufficient Resource Pool •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2025-41650 – Weidmueller: Denial-of-Service Vulnerability in Industrial Ethernet Switches
https://notcve.org/view.php?id=CVE-2025-41650
27 May 2025 — An unauthenticated remote attacker can exploit input validation in cmd services of the devices, allowing them to disrupt system operations and potentially cause a denial-of-service. • https://certvde.com/en/advisories/VDE-2025-044 • CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2025-41649 – Weidmueller: Out-of-Bounds Write Vulnerability in Industrial Ethernet Switches
https://notcve.org/view.php?id=CVE-2025-41649
27 May 2025 — An unauthenticated remote attacker can exploit insufficient input validation to write data beyond the bounds of a buffer, potentially leading to a denial-of-service condition for the devices. • https://certvde.com/en/advisories/VDE-2025-044 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48054 – Radashi Vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
https://notcve.org/view.php?id=CVE-2025-48054
27 May 2025 — If an attacker can control parts of the path argument to the set function, they could potentially modify the prototype of all objects in the JavaScript runtime, leading to unexpected behavior, denial of service, or even remote code execution in some specific scenarios. ... A workaround for this issue involves sanitizing the path argument provided to the set function to ensure that no part of the path string is __proto__, prototype, or constructor. • https://github.com/radashi-org/radashi/commit/8147abc8cfc3cfe9b9a17cd389076a5d97235a66 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-49196
https://notcve.org/view.php?id=CVE-2024-49196
27 May 2025 — Type confusion leads to a Denial of Service. • https://semiconductor.samsung.com/support/quality-support/product-security-updates •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-35003 – Apache NuttX RTOS: NuttX Bluetooth Stack HCI and UART DoS/RCE Vulnerabilities.
https://notcve.org/view.php?id=CVE-2025-35003
26 May 2025 — Improper Restriction of Operations within the Bounds of a Memory Buffer and Stack-based Buffer Overflow vulnerabilities were discovered in Apache NuttX RTOS Bluetooth Stack (HCI and UART components) that may result in system crash, denial of service, or arbitrary code execution, after receiving maliciously crafted packets. • https://github.com/apache/nuttx/pull/16179 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-40672 – Privilege Escalation in Panloader.exe
https://notcve.org/view.php?id=CVE-2025-40672
26 May 2025 — This would allow an attacker to obtain administrator permissions to perform whatever activities he/she wants, shuch as accessing sensitive information, executing code remotely, and even causing a denial of service (DoS). This would allow an attacker to obtain administrator permissions to perform whatever activities he/she wants, shuch as accessing sensitive information, executing code remotely, and even causing a denial of service (DoS). ... Esto permi... • https://www.incibe.es/en/incibe-cert/notices/aviso/privilege-escalation-proactivanet-espiral-ms-group • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-41655 – PEPPERL+FUCHS: Attacker can cause a DoS via URL
https://notcve.org/view.php?id=CVE-2025-41655
26 May 2025 — An unauthenticated remote attacker can access a URL which causes the device to reboot. Un atacante remoto no autenticado puede acceder a una URL que provoca que el dispositivo se reinicie. • https://certvde.com/en/advisories/VDE-2025-011 • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2024-7803 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2024-7803
23 May 2025 — A Discord webhook integration may cause DoS. • https://gitlab.com/gitlab-org/gitlab/-/issues/479168 • CWE-770: Allocation of Resources Without Limits or Throttling •