CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-45851
https://notcve.org/view.php?id=CVE-2025-45851
27 Jun 2025 — An issue in Hikvision DS-2CD1321-I V5.7.21 build 230819 allows attackers to cause a Denial of Service (DoS) via sending a crafted POST request to the endpoint /ISAPI/Security/challenge. An issue in Hikvision DS-2CD1321-I V5.7.21 build 230819 allows attackers to cause a Denial of Service (DoS) via sending a crafted POST request to the endpoint /ISAPI/Security/challenge. • https://crashpark.weebly.com/blog/hikvision-ip-camera-unauthenticated-denial-of-service-dos •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-6710 – Pre-authentication Denial of Service Stack Overflow Vulnerability in JSON Parsing via Excessive Recursion in MongoDB
https://notcve.org/view.php?id=CVE-2025-6710
26 Jun 2025 — MongoDB Server may be susceptible to stack overflow due to JSON parsing mechanism, where specifically crafted JSON inputs may induce unwarranted levels of recursion, resulting in excessive stack space consumption. ... The same issue affects MongoDB Server v6.0 versions prior to 6.0.21, but an attacker can only induce denial of service after authenticating. • https://jira.mongodb.org/browse/SERVER-106749 • CWE-674: Uncontrolled Recursion •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-6709 – Pre-Authentication Denial of Service Vulnerability in MongoDB Server's OIDC Authentication
https://notcve.org/view.php?id=CVE-2025-6709
26 Jun 2025 — The MongoDB Server is susceptible to a denial of service vulnerability due to improper handling of specific date values in JSON input when using OIDC authentication. ... The same issue affects MongoDB Server v6.0 versions prior to 6.0.21, but an attacker can only induce denial of service after authenticating. • https://jira.mongodb.org/browse/SERVER-106748 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2025-3279 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2025-3279
26 Jun 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated attackers to create a DoS condition by sending crafted GraphQL requests. • https://gitlab.com/gitlab-org/gitlab/-/issues/534424 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-52894 – OpenBao Vulnerable to Unauthenticated Rekey Operation Cancellation
https://notcve.org/view.php?id=CVE-2025-52894
25 Jun 2025 — OpenBao before v2.3.0 allowed an attacker to perform unauthenticated, unaudited cancellation of root rekey and recovery rekey operations, effecting a denial of service. ... As a workaround, if an active proxy or load balancer sits in front of OpenBao, an operator can deny requests to these endpoints from unauthorized IP ranges. These are all security issues fixed in the openbao-2.3.1-1.1 package on the GA media of openSUSE Tumbleweed. • https://github.com/openbao/openbao/commit/fe75468822a22a88318c6079425357a02ae5b77b • CWE-20: Improper Input Validation •
CVSS: 3.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-52889 – Incus vulnerable to DoS through antispoofing nftables firewall rule bypass on bridge networks with ACLs
https://notcve.org/view.php?id=CVE-2025-52889
25 Jun 2025 — These are all security issues fixed in the incus-6.14-1.1 package on the GA media of openSUSE Tumbleweed. • https://github.com/lxc/incus/commit/2516fb19ad8428454cb4edfe70c0a5f0dc1da214 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 3.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-4656 – Vault Vulnerable to Recovery Key Cancellation Denial of Service
https://notcve.org/view.php?id=CVE-2025-4656
25 Jun 2025 — Vault Community and Vault Enterprise rekey and recovery key operations can lead to a denial of service due to uncontrolled cancellation by a Vault operator. ... These are all security issues fixed in the openbao-2.3.1-1.1 package on the GA media of openSUSE Tumbleweed. • https://discuss.hashicorp.com/t/hcsec-2025-11-vault-vulnerable-to-recovery-key-cancellation-denial-of-service/75570 • CWE-1088: Synchronous Access of Remote Resource without Timeout •
CVSS: 9.2EPSS: 16%CPEs: 4EXPL: 3CVE-2025-6543 – Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2025-6543
25 Jun 2025 — Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server Citrix NetScaler ADC a... • https://github.com/grupooruss/Citrix-cve-2025-6543 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 666EXPL: 1CVE-2024-51983 – Unauthenticated Denial of Service (DoS) via malformed WS-Scan request affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, Toshiba Tec, and Konica Minolta, Inc.
https://notcve.org/view.php?id=CVE-2024-51983
25 Jun 2025 — An unauthenticated attacker who can connect to the Web Services feature (HTTP TCP port 80) can issue a WS-Scan SOAP request containing an unexpected JobToken value which will crash the target device. The device will reboot, after which the attacker can reissue the command to repeatedly crash the device. • https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf • CWE-1286: Improper Validation of Syntactic Correctness of Input •
CVSS: 7.8EPSS: 0%CPEs: 208EXPL: 1CVE-2024-51982 – Unauthenticated Denial of Service (DoS) via malformed PJL request affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, and Ricoh.
https://notcve.org/view.php?id=CVE-2024-51982
25 Jun 2025 — An unauthenticated attacker who can connect to TCP port 9100 can issue a Printer Job Language (PJL) command that will crash the target device. The device will reboot, after which the attacker can reissue the command to repeatedly crash the device. A malformed PJL variable FORMLINES is set to a non number value causing the target to crash. • https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf • CWE-1286: Improper Validation of Syntactic Correctness of Input •