CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-14591 – PII Leak Due to Change in EOR Handling
https://notcve.org/view.php?id=CVE-2025-14591
20 Dec 2025 — In Delphix Continuous Compliance version 2025.3.0 and later, following a recent bug fix to correctly handle CR+LF (Windows and DOS) End-of-Record (EOR) characters in delimited files, an issue was identified: using an incorrect EOR configuration can cause inaccurate parsing and leave personally identifiable information (PII) unmasked. In Delphix Continuous Compliance version 2025.3.0 and later, following a recent bug fix to correctly handle CR+LF (Windows and DOS) End-of... • https://portal.perforce.com/s/article/TB137 •
CVSS: 8.7EPSS: 0%CPEs: -EXPL: 0CVE-2025-14300 – Unauthenticated Access to connectAP API Endpoint on Tapo C200
https://notcve.org/view.php?id=CVE-2025-14300
20 Dec 2025 — The HTTPS service on Tapo C200 V3 exposes a connectAP interface without proper authentication. An unauthenticated attacker on the same local network segment can exploit this to modify the device’s Wi-Fi configuration, resulting in loss of connectivity and denial-of-service (DoS). • https://www.tp-link.com/us/support/download/tapo-c200/v3/#Firmware-Release-Notes • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-14299 – Improper Content-Length Validation in HTTPS Requests on Tapo C200
https://notcve.org/view.php?id=CVE-2025-14299
20 Dec 2025 — An unauthenticated attacker on the same local network segment can send crafted HTTPS requests to trigger excessive memory allocation, causing the device to crash and resulting in denial-of-service (DoS). • https://www.tp-link.com/us/support/download/tapo-c200/v3/#Firmware-Release-Notes • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-8065 – Buffer Overflow in ONVIF XML Parser on Tapo C200
https://notcve.org/view.php?id=CVE-2025-8065
20 Dec 2025 — An unauthenticated attacker on the same local network segment can send specially crafted SOAP XML requests, causing memory overflow and device crash, resulting in denial-of-service (DoS). • https://www.tp-link.com/us/support/download/tapo-c200/v3/#Firmware-Release-Notes • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-11774 – Malicious Code Execution Vulnerability in the Software Keyboard Function of GENESIS64, ICONICS Suite, Mobile HMI, and MC Works64
https://notcve.org/view.php?id=CVE-2025-11774
19 Dec 2025 — This could allow the attacker to disclose, tamper with, delete, or destroy information stored on the PC where the affected product is installed, or cause a denial-of-service (DoS) condition on the system, through the execution of the EXE. • https://jvn.jp/vu/JVNVU97729686 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-50681
https://notcve.org/view.php?id=CVE-2025-50681
19 Dec 2025 — igmpproxy 0.4 before commit 2b30c36 allows remote attackers to cause a denial of service (application crash) via a crafted IGMPv3 membership report packet with a malicious source address. ... Affected devices that rely on unpatched versions of igmpproxy may be vulnerable to remote denial-of-service attacks across a LAN . • https://gist.github.com/miora-sora/dac1612d16c45c2aedb8605478adc28f • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-66909
https://notcve.org/view.php?id=CVE-2025-66909
19 Dec 2025 — Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image decompression bomb denial of service vulnerability. ... This causes immediate memory exhaustion, OutOfMemoryError, and service crash. No authentication is required if the OCR service is publicly accessible. Multiple requests can completely deny service availability. • https://github.com/Xzzz111/public_cve_report/blob/main/CVE-2025-66909_report.md • CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-68390 – Elasticsearch Allocation of Resources Without Limits or Throttling
https://notcve.org/view.php?id=CVE-2025-68390
18 Dec 2025 — Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow an authenticated user with snapshot restore privileges to cause Excessive Allocation (CAPEC-130) of memory and a denial of service (DoS) via crafted HTTP request. • https://discuss.elastic.co/t/elasticsearch-8-19-8-9-1-8-and-9-2-2-security-update-esa-2025-37/384185 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-68389 – Kibana Allocation of Resources Without Limits or Throttling
https://notcve.org/view.php?id=CVE-2025-68389
18 Dec 2025 — Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana can allow a low-privileged authenticated user to cause Excessive Allocation (CAPEC-130) of computing resources and a denial of service (DoS) of the Kibana process via a crafted HTTP request. • https://discuss.elastic.co/t/kibana-8-19-9-9-1-9-and-9-2-3-security-update-esa-2025-36/384184 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-68384 – Elasticsearch Allocation of Resources Without Limits or Throttling
https://notcve.org/view.php?id=CVE-2025-68384
18 Dec 2025 — Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow a low-privileged authenticated user to cause Excessive Allocation (CAPEC-130) causing a persistent denial of service (OOM crash) via submission of oversized user settings data. • https://discuss.elastic.co/t/elasticsearch-8-19-9-9-1-9-and-9-2-3-security-update-esa-2025-33/384181 • CWE-770: Allocation of Resources Without Limits or Throttling •