CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20675
https://notcve.org/view.php?id=CVE-2025-20675
02 Jun 2025 — This could lead to local denial of service with User execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/June-2025 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20673
https://notcve.org/view.php?id=CVE-2025-20673
02 Jun 2025 — This could lead to local denial of service with User execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/June-2025 • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 1CVE-2025-5404 – chaitak-gorai Blogbook GET Parameter search.php denial of service
https://notcve.org/view.php?id=CVE-2025-5404
01 Jun 2025 — This vulnerability affects unknown code of the file /search.php of the component GET Parameter Handler. The manipulation of the argument Search leads to denial of service. ... Mittels dem Manipulieren des Arguments Search mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. • https://github.com/rllvusgnzm98/Report/blob/main/blogbook/BlogBook%20search.php%20search%20Parameter%20SQL%20Injection.md • CWE-404: Improper Resource Shutdown or Release •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48944 – vLLM Tool Schema allows DoS via Malformed pattern and type Fields
https://notcve.org/view.php?id=CVE-2025-48944
30 May 2025 — These inputs are not validated before being compiled or parsed, causing a crash of the inference worker with a single request. • https://github.com/vllm-project/vllm/pull/17623 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48943 – vLLM allows clients to crash the openai server with invalid regex
https://notcve.org/view.php?id=CVE-2025-48943
30 May 2025 — Version 0.8.0 up to but excluding 0.9.0 have a Denial of Service (ReDoS) that causes the vLLM server to crash if an invalid regex was provided while using structured output. This vulnerability is similar to GHSA-6qc9-v4r8-22xg/CVE-2025-48942, but for regex instead of a JSON schema. • https://github.com/vllm-project/vllm/commit/08bf7840780980c7568c573c70a6a8db94fd45ff • CWE-248: Uncaught Exception •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48942 – vLLM DOS: Remotely kill vllm over http with invalid JSON schema
https://notcve.org/view.php?id=CVE-2025-48942
30 May 2025 — This vulnerability is similar GHSA-9hcf-v7m4-6m2j/CVE-2025-48943, but for regex instead of a JSON schema. • https://github.com/vllm-project/vllm/commit/08bf7840780980c7568c573c70a6a8db94fd45ff • CWE-248: Uncaught Exception •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48887 – vLLM has a Regular Expression Denial of Service (ReDoS, Exponential Complexity) Vulnerability in `pythonic_tool_parser.py`
https://notcve.org/view.php?id=CVE-2025-48887
30 May 2025 — vLLM, an inference and serving engine for large language models (LLMs), has a Regular Expression Denial of Service (ReDoS) vulnerability in the file `vllm/entrypoints/openai/tool_parsers/pythonic_tool_parser.py` of versions 0.6.4 up to but excluding 0.9.0. The root cause is the use of a highly complex and nested regular expression for tool call detection, which can be exploited by an attacker to cause severe performance degradation or make the service unavailable. • https://github.com/vllm-project/vllm/commit/4fc1bf813ad80172c1db31264beaef7d93fe0601 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48889 – Gradio Allows Unauthorized File Copy via Path Manipulation
https://notcve.org/view.php?id=CVE-2025-48889
30 May 2025 — Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. ... While attackers can't read these copied files, they can cause DoS by copying large files (like /dev/urandom) to fill disk space. • https://github.com/gradio-app/gradio/security/advisories/GHSA-8jw3-6x8j-v96g • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-49350 – IBM Db2 denial of service
https://notcve.org/view.php?id=CVE-2024-49350
29 May 2025 — IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. • https://www.ibm.com/support/pages/node/7235069 • CWE-121: Stack-based Buffer Overflow •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-2518 – IBM Db2 denial of service
https://notcve.org/view.php?id=CVE-2025-2518
29 May 2025 — IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. • https://www.ibm.com/support/pages/node/7235072 • CWE-789: Memory Allocation with Excessive Size Value •