50592 results (0.155 seconds)

CVSS: 2.3EPSS: 0%CPEs: 1EXPL: 0

28 May 2025 — Remote attackers can exploit this to exhaust connection pools, causing denial of service in applications using the library. Fix for this issue has been included in 1.24.0 release. • https://cert.pl/en/posts/2025/05/CVE-2025-3864 • CWE-772: Missing Release of Resource after Effective Lifetime •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

27 May 2025 — In the function process_crypto_cmd, the values of ptrs[i] can be potentially equal to NULL which is valid value after calling slice_map_array(). Later this values will be derefenced without prior NULL check, which can lead to local Temporary DoS or OOB Read, leading to information disclosure. • https://source.android.com/security/bulletin/pixel/2025-05-01 • CWE-476: NULL Pointer Dereference •

CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0

27 May 2025 — An unauthenticated remote attacker can exploit a denial-of-service vulnerability in the device's web server functionality by sending a specially crafted HTTP request with a malicious header, potentially causing the server to crash or become unresponsive. • https://certvde.com/en/advisories/VDE-2025-044 • CWE-410: Insufficient Resource Pool •

CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0

27 May 2025 — An unauthenticated remote attacker can exploit input validation in cmd services of the devices, allowing them to disrupt system operations and potentially cause a denial-of-service. • https://certvde.com/en/advisories/VDE-2025-044 • CWE-1287: Improper Validation of Specified Type of Input •

CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0

27 May 2025 — An unauthenticated remote attacker can exploit insufficient input validation to write data beyond the bounds of a buffer, potentially leading to a denial-of-service condition for the devices. • https://certvde.com/en/advisories/VDE-2025-044 • CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

27 May 2025 — If an attacker can control parts of the path argument to the set function, they could potentially modify the prototype of all objects in the JavaScript runtime, leading to unexpected behavior, denial of service, or even remote code execution in some specific scenarios. ... A workaround for this issue involves sanitizing the path argument provided to the set function to ensure that no part of the path string is __proto__, prototype, or constructor. • https://github.com/radashi-org/radashi/commit/8147abc8cfc3cfe9b9a17cd389076a5d97235a66 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •

CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0

27 May 2025 — Type confusion leads to a Denial of Service. • https://semiconductor.samsung.com/support/quality-support/product-security-updates •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

26 May 2025 — Improper Restriction of Operations within the Bounds of a Memory Buffer and Stack-based Buffer Overflow vulnerabilities were discovered in Apache NuttX RTOS Bluetooth Stack (HCI and UART components) that may result in system crash, denial of service, or arbitrary code execution, after receiving maliciously crafted packets. • https://github.com/apache/nuttx/pull/16179 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

26 May 2025 — This would allow an attacker to obtain administrator permissions to perform whatever activities he/she wants, shuch as accessing sensitive information, executing code remotely, and even causing a denial of service (DoS). This would allow an attacker to obtain administrator permissions to perform whatever activities he/she wants, shuch as accessing sensitive information, executing code remotely, and even causing a denial of service (DoS). ... Esto permi... • https://www.incibe.es/en/incibe-cert/notices/aviso/privilege-escalation-proactivanet-espiral-ms-group • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

26 May 2025 — An unauthenticated remote attacker can access a URL which causes the device to reboot. Un atacante remoto no autenticado puede acceder a una URL que provoca que el dispositivo se reinicie. • https://certvde.com/en/advisories/VDE-2025-011 • CWE-306: Missing Authentication for Critical Function •