CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32025 – bep/imagemeta allows a potentially large memory allocation in PNG and WebP parsing
https://notcve.org/view.php?id=CVE-2025-32025
08 Apr 2025 — Before v0.11.0, If you didn't trust the input images, this could be abused to construct denial-of-service attacks. v0.11.0 added a 10 MB upper limit. • https://github.com/bep/imagemeta/commit/ee0de9b029f4e82106729f69559f27c9a404229d • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32024 – bep/imagemeta allows excessively large EXIF data structures
https://notcve.org/view.php?id=CVE-2025-32024
08 Apr 2025 — Before v0.10.0, If you didn't trust the input images, this could be abused to construct denial-of-service attacks. v0.10.0 added LimitNumTags (default 5000) and LimitTagSize (default 10000) options. • https://github.com/bep/imagemeta/commit/4fd89616d8bf7f9bb892360d3fb19080ec2b4602 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22464
https://notcve.org/view.php?id=CVE-2025-22464
08 Apr 2025 — An untrusted pointer dereference vulnerability in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an attacker with local access to write arbitrary data into memory causing a denial-of-service condition. • https://forums.ivanti.com/s/article/Security-Advisory-EPM-April-2025-for-EPM-2024-and-EPM-2022-SU6 • CWE-822: Untrusted Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-30151 – Shopware allows Denial Of Service via password length
https://notcve.org/view.php?id=CVE-2025-30151
08 Apr 2025 — It's possible to pass long passwords that leads to Denial Of Service via forms in Storefront forms or Store-API. • https://github.com/shopware/shopware/security/advisories/GHSA-cgfj-hj93-rmh2 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2025-22015 – mm/migrate: fix shmem xarray update during migration
https://notcve.org/view.php?id=CVE-2025-22015
08 Apr 2025 — Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. • https://git.kernel.org/stable/c/be72d197b2281e2ee3f28017fc9be1ab17e26d16 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-22014 – soc: qcom: pdr: Fix the potential deadlock
https://notcve.org/view.php?id=CVE-2025-22014
08 Apr 2025 — • https://git.kernel.org/stable/c/fbe639b44a82755d639df1c5d147c93f02ac5a0f •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-22010 – RDMA/hns: Fix soft lockup during bt pages loop
https://notcve.org/view.php?id=CVE-2025-22010
08 Apr 2025 — Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. • https://git.kernel.org/stable/c/38389eaa4db192648916464b60f6086d6bbaa6de •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-22009 – regulator: dummy: force synchronous probing
https://notcve.org/view.php?id=CVE-2025-22009
08 Apr 2025 — No he investigado más si esto se puede cambiar o si hay otras posibilidades de forzar la sincronización entre estas dos rutinas de sondeo. • https://git.kernel.org/stable/c/259b93b21a9ffe5117af4dfb5505437e463c6a5a •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-22008 – regulator: check that dummy regulator has been probed before using it
https://notcve.org/view.php?id=CVE-2025-22008
08 Apr 2025 — Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. • https://git.kernel.org/stable/c/3a9c46af5654783f99015727ac65bc2a23e2735a •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-32034 – Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion
https://notcve.org/view.php?id=CVE-2025-32034
07 Apr 2025 — This could lead to excessive resource consumption and denial of service. • https://github.com/apollographql/router/commit/ab6675a63174715ea6ff50881fc957831d4e9564 • CWE-770: Allocation of Resources Without Limits or Throttling •