CVSS: 10.0EPSS: %CPEs: 1EXPL: 0CVE-2025-64184 – Dosage vulnerable to Directory Traversal through crafted HTTP responses
https://notcve.org/view.php?id=CVE-2025-64184
07 Nov 2025 — Dosage is a comic strip downloader and archiver. When downloading comic images in versions 3.1 and below, Dosage constructs target file names from different aspects of the remote comic (page URL, image URL, page content, etc.). While the basename is properly stripped of directory-traversing characters, the file extension is taken from the HTTP Content-Type header. This allows a remote attacker (or a Man-in-the-Middle, if the comic is served over HTTP) to write arbitrary files outside the target directory (i... • https://github.com/webcomics/dosage/commit/336a9684191604bc49eed7296b74bd582151181e • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: %CPEs: 1EXPL: 0CVE-2025-58423 – Advantech DeviceOn/iEdge Path Traversal
https://notcve.org/view.php?id=CVE-2025-58423
06 Nov 2025 — Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to cause a denial-of-service condition, traverse directories, or read/write files, within the context of the local system account. • https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-310-01.json • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 83EXPL: 0CVE-2025-10259 – Denial-of-Service(DoS) Vulnerability in TCP Communication Function on MELSEC iQ-F Series CPU module
https://notcve.org/view.php?id=CVE-2025-10259
06 Nov 2025 — Improper Validation of Specified Quantity in Input vulnerability in TCP Communication Function on Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote attacker to disconnect the connection by sending specially crafted TCP packets to cause a denial-of-service (DoS) condition on the products. • https://jvn.jp/vu/JVNVU92088475 • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-27917
https://notcve.org/view.php?id=CVE-2025-27917
06 Nov 2025 — Remote Denial of Service can occur because of incorrect deserialization that results in failed memory allocation and a NULL pointer dereference. • https://anydesk.com/en/changelog/windows •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-63560
https://notcve.org/view.php?id=CVE-2025-63560
06 Nov 2025 — An issue in KiloView Dual Channel 4k HDMI & 3G-SDI HEVC Video Encoder Firmware v.1.20.0006 allows a remote attacker to cause a denial of service via the systemctrl API System/reFactory component. • http://kiloview.com •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-62596 – youki container escape and denial of service due to arbitrary write gadgets and procfs write redirects
https://notcve.org/view.php?id=CVE-2025-62596
05 Nov 2025 — Youki is a container runtime written in Rust. In versions 0.5.6 and below, youki’s apparmor handling performs insufficiently strict write-target validation, and when combined with path substitution during pathname resolution, can allow writes to unintended procfs locations. While resolving a path component-by-component, a shared-mount race can substitute intermediate components and redirect the final target. This issue is fixed in version 0.5.7. • https://github.com/youki-dev/youki/commit/5886c91073b9be748bd8d5aed49c4a820548030a • CWE-61: UNIX Symbolic Link (Symlink) Following CWE-363: Race Condition Enabling Link Following •
CVSS: 7.7EPSS: 0%CPEs: 28EXPL: 0CVE-2025-10713 – XML External Entity (XXE) Vulnerability in Multiple WSO2 Products Due to Improper XML Parser Configuration
https://notcve.org/view.php?id=CVE-2025-10713
05 Nov 2025 — A successful attack could enable a remote, unauthenticated attacker to read sensitive files from the server's filesystem or perform denial-of-service (DoS) attacks that render affected services unavailable. • https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4505 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46424
https://notcve.org/view.php?id=CVE-2025-46424
05 Nov 2025 — A high privileged attacker could potentially exploit this vulnerability leading to Denial of service. • https://www.dell.com/support/kbdoc/en-us/000384363/dsa-2025-374-security-update-for-dell-cloudlink-multiple-security-vulnerabilities • CWE-1240: Use of a Cryptographic Primitive with a Risky Implementation •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20343 – Cisco Identity Services Engine Radius Suppression Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2025-20343
05 Nov 2025 — A successful exploit could allow the attacker to cause a denial of service (DoS) condition when Cisco ISE restarts. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-radsupress-dos-8YF3JThh • CWE-697: Incorrect Comparison •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-64458 – Potential denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows
https://notcve.org/view.php?id=CVE-2025-64458
05 Nov 2025 — As a consequence, `django.http.HttpResponseRedirect`, `django.http.HttpResponsePermanentRedirect`, and the shortcut `django.shortcuts.redirect` were subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. As a consequence, `django.http.HttpResponseRedirect`, `django.http.HttpResponsePermanentRedirect`, and the shortcut `django.shortcuts.redirect` were subject to a potential denial-of-service attack via certain inputs with a very large ... • https://docs.djangoproject.com/en/dev/releases/security • CWE-407: Inefficient Algorithmic Complexity •