CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-54952
https://notcve.org/view.php?id=CVE-2024-54952
29 May 2025 — MikroTik RouterOS 6.40.5, the SMB service contains a memory corruption vulnerability. Remote, unauthenticated attackers can exploit this issue by sending specially crafted packets, triggering a null pointer dereference. This leads to a Remote Denial of Service (DoS), rendering the SMB service unavailable. • https://github.com/noobone123/RouterOS-issues/blob/main/README.md • CWE-476: NULL Pointer Dereference •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2025-29632
https://notcve.org/view.php?id=CVE-2025-29632
29 May 2025 — Buffer Overflow vulnerability in Free5gc v.4.0.0 allows a remote attacker to cause a denial of service via the AMF, NGAP, security.go, handler_generated.go, handleInitialUEMessageMain, DecodePlainNasNoIntegrityCheck, GetSecurityHeaderType components • https://github.com/OHnogood/CVE-2025-29632 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3864 – Connection pool exhaustion in hackney
https://notcve.org/view.php?id=CVE-2025-3864
28 May 2025 — Remote attackers can exploit this to exhaust connection pools, causing denial of service in applications using the library. Fix for this issue has been included in 1.24.0 release. ... Remote attackers can exploit this to exhaust connection pools, causing denial of service in applications using the library. • https://cert.pl/en/posts/2025/05/CVE-2025-3864 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27701
https://notcve.org/view.php?id=CVE-2025-27701
27 May 2025 — In the function process_crypto_cmd, the values of ptrs[i] can be potentially equal to NULL which is valid value after calling slice_map_array(). Later this values will be derefenced without prior NULL check, which can lead to local Temporary DoS or OOB Read, leading to information disclosure. • https://source.android.com/security/bulletin/pixel/2025-05-01 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2025-41653 – Weidmueller: Denial-of-Service Vulnerability in the web server functionality of Industrial Ethernet Switches
https://notcve.org/view.php?id=CVE-2025-41653
27 May 2025 — An unauthenticated remote attacker can exploit a denial-of-service vulnerability in the device's web server functionality by sending a specially crafted HTTP request with a malicious header, potentially causing the server to crash or become unresponsive. • https://certvde.com/en/advisories/VDE-2025-044 • CWE-410: Insufficient Resource Pool •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2025-41650 – Weidmueller: Denial-of-Service Vulnerability in Industrial Ethernet Switches
https://notcve.org/view.php?id=CVE-2025-41650
27 May 2025 — An unauthenticated remote attacker can exploit input validation in cmd services of the devices, allowing them to disrupt system operations and potentially cause a denial-of-service. • https://certvde.com/en/advisories/VDE-2025-044 • CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2025-41649 – Weidmueller: Out-of-Bounds Write Vulnerability in Industrial Ethernet Switches
https://notcve.org/view.php?id=CVE-2025-41649
27 May 2025 — An unauthenticated remote attacker can exploit insufficient input validation to write data beyond the bounds of a buffer, potentially leading to a denial-of-service condition for the devices. • https://certvde.com/en/advisories/VDE-2025-044 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48054 – Radashi Vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
https://notcve.org/view.php?id=CVE-2025-48054
27 May 2025 — If an attacker can control parts of the path argument to the set function, they could potentially modify the prototype of all objects in the JavaScript runtime, leading to unexpected behavior, denial of service, or even remote code execution in some specific scenarios. ... A workaround for this issue involves sanitizing the path argument provided to the set function to ensure that no part of the path string is __proto__, prototype, or constructor. • https://github.com/radashi-org/radashi/commit/8147abc8cfc3cfe9b9a17cd389076a5d97235a66 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-49196
https://notcve.org/view.php?id=CVE-2024-49196
27 May 2025 — Type confusion leads to a Denial of Service. • https://semiconductor.samsung.com/support/quality-support/product-security-updates • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-35003 – Apache NuttX RTOS: NuttX Bluetooth Stack HCI and UART DoS/RCE Vulnerabilities.
https://notcve.org/view.php?id=CVE-2025-35003
26 May 2025 — Improper Restriction of Operations within the Bounds of a Memory Buffer and Stack-based Buffer Overflow vulnerabilities were discovered in Apache NuttX RTOS Bluetooth Stack (HCI and UART components) that may result in system crash, denial of service, or arbitrary code execution, after receiving maliciously crafted packets. • https://github.com/apache/nuttx/pull/16179 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •