CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2259 – Eclipse ThreadX NetX Duo component HTTP server single PUT request integer underflow
https://notcve.org/view.php?id=CVE-2025-2259
06 Apr 2025 — In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length in one packet smaller than the data request size of the other packet. • https://github.com/eclipse-threadx/netxduo/commit/fb3195bbb6d0d6fe71a7a19585c008623c217f9e • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2260 – Eclipse ThreadX NetX Duo HTTP component server denial of service
https://notcve.org/view.php?id=CVE-2025-2260
06 Apr 2025 — In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause a denial of service by specially crafted packets. • https://github.com/eclipse-threadx/netxduo/commit/fb3195bbb6d0d6fe71a7a19585c008623c217f9e • CWE-459: Incomplete Cleanup •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2258 – Eclipse ThreadX NetX Duo HTTP server single PUT request integer underflow
https://notcve.org/view.php?id=CVE-2025-2258
06 Apr 2025 — In NetX Duo component HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smaller than the data request size. • https://github.com/eclipse-threadx/netxduo/commit/6c8e9d1c95d71bd4b313e1cc37d8f8841543b248 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32364 – Ubuntu Security Notice USN-7426-1
https://notcve.org/view.php?id=CVE-2025-32364
05 Apr 2025 — An attacker could possibly use this issue to cause poppler to crash, resulting in a denial of service. • https://gitlab.freedesktop.org/poppler/poppler/-/commit/d87bc726c7cc98f8c26b60ece5f20236e9de1bc3 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13776 – ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.91 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update and Settings Manipulation
https://notcve.org/view.php?id=CVE-2024-13776
04 Apr 2025 — The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'dzsap_delete_notice' AJAX action in all versions up to, and including, 6.91. • https://codecanyon.net/item/zoomsounds-wordpress-wave-audio-player-with-playlist/6181433 • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3086 – User in anonymous role could create and delete views
https://notcve.org/view.php?id=CVE-2025-3086
04 Apr 2025 — Improper isolation of users in M-Files Server version before 25.3.14549 allows anonymous user to affect other anonymous users views and possibly cause a denial of service El aislamiento inadecuado de usuarios en la versión de M-Files Server anterior a la 25.3.14549 permite que usuarios anónimos afecten las vistas de otros usuarios anónimos y posiblemente provoquen una denegación de servicio. • https://product.m-files.com/security-advisories/cve-2025-3086 • CWE-653: Improper Isolation or Compartmentalization •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-24317
https://notcve.org/view.php?id=CVE-2025-24317
04 Apr 2025 — Allocation of resources without limits or throttling issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to cause a denial-of-service (DoS) condition. Existen problemas de asignación de recursos sin límites o limitación en las series HMI ViewJet C-more y HMI GC-A2, lo que puede permitir que un atacante remoto no autenticado provoque una condición de denegación de servicio (DoS). • https://jvn.jp/en/jp/JVN17260367 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-29477
https://notcve.org/view.php?id=CVE-2025-29477
04 Apr 2025 — An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event. • https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31115 – XZ has a heap-use-after-free bug in threaded .xz decoder
https://notcve.org/view.php?id=CVE-2025-31115
03 Apr 2025 — If a user or automated system were tricked into processing an xz file, a remote attacker could use this issue to cause XZ Utils to crash, resulting in a denial of service, or possibly execute arbitrary code. • https://github.com/tukaani-project/xz/commit/d5a2ffe41bb77b918a8c96084885d4dbe4bf6480 • CWE-366: Race Condition within a Thread CWE-416: Use After Free CWE-476: NULL Pointer Dereference CWE-826: Premature Release of Resource During Expected Lifetime •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3167 – Tenda AC23 API Interface VerAPIMant denial of service
https://notcve.org/view.php?id=CVE-2025-3167
03 Apr 2025 — The manipulation of the argument getuid leads to denial of service. ... Durch Manipulieren des Arguments getuid mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. • https://github.com/LZY0522/CVE/blob/main/CVE_1.md • CWE-404: Improper Resource Shutdown or Release •