CVSS: 3.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-52889 – Incus vulnerable to DoS through antispoofing nftables firewall rule bypass on bridge networks with ACLs
https://notcve.org/view.php?id=CVE-2025-52889
25 Jun 2025 — Incus is a system container and virtual machine manager. When using an ACL on a device connected to a bridge, Incus version 6.12 and 6.13 generates nftables rules for local services (DHCP, DNS...) that partially bypass security options `security.mac_filtering`, `security.ipv4_filtering` and `security.ipv6_filtering`. This can lead to DHCP pool exhaustion and opens the door for other attacks. A patch is available at commit 2516fb19ad8428454cb4edfe70c0a5f0dc1da214. • https://github.com/lxc/incus/commit/2516fb19ad8428454cb4edfe70c0a5f0dc1da214 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 3.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-4656 – Vault Vulnerable to Recovery Key Cancellation Denial of Service
https://notcve.org/view.php?id=CVE-2025-4656
25 Jun 2025 — Vault Community and Vault Enterprise rekey and recovery key operations can lead to a denial of service due to uncontrolled cancellation by a Vault operator. • https://discuss.hashicorp.com/t/hcsec-2025-11-vault-vulnerable-to-recovery-key-cancellation-denial-of-service/75570 • CWE-1088: Synchronous Access of Remote Resource without Timeout •
CVSS: 9.2EPSS: 0%CPEs: 4EXPL: 0CVE-2025-6543 – Memory overflow vulnerability leading to unintended control flow and Denial of Service
https://notcve.org/view.php?id=CVE-2025-6543
25 Jun 2025 — Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server • https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 666EXPL: 1CVE-2024-51983 – Unauthenticated Denial of Service (DoS) via malformed WS-Scan request affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, Toshiba Tec, and Konica Minolta, Inc.
https://notcve.org/view.php?id=CVE-2024-51983
25 Jun 2025 — An unauthenticated attacker who can connect to the Web Services feature (HTTP TCP port 80) can issue a WS-Scan SOAP request containing an unexpected JobToken value which will crash the target device. The device will reboot, after which the attacker can reissue the command to repeatedly crash the device. • https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf • CWE-1286: Improper Validation of Syntactic Correctness of Input •
CVSS: 7.8EPSS: 0%CPEs: 208EXPL: 1CVE-2024-51982 – Unauthenticated Denial of Service (DoS) via malformed PJL request affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, and Ricoh.
https://notcve.org/view.php?id=CVE-2024-51982
25 Jun 2025 — An unauthenticated attacker who can connect to TCP port 9100 can issue a Printer Job Language (PJL) command that will crash the target device. The device will reboot, after which the attacker can reissue the command to repeatedly crash the device. A malformed PJL variable FORMLINES is set to a non number value causing the target to crash. • https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf • CWE-1286: Improper Validation of Syntactic Correctness of Input •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2025-43880
https://notcve.org/view.php?id=CVE-2025-43880
25 Jun 2025 — If exploited, a logged-in user may cause a denial of service (DoS) condition. • https://github.com/weseek/growi/pull/9487 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6557 – Debian Security Advisory 5952-1
https://notcve.org/view.php?id=CVE-2025-6557
24 Jun 2025 — (Chromium security severity: Low) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_24.html • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6556 – Debian Security Advisory 5952-1
https://notcve.org/view.php?id=CVE-2025-6556
24 Jun 2025 — (Chromium security severity: Low) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_24.html • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6555 – Debian Security Advisory 5952-1
https://notcve.org/view.php?id=CVE-2025-6555
24 Jun 2025 — (Chromium security severity: Medium) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_24.html • CWE-416: Use After Free •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-39203
https://notcve.org/view.php?id=CVE-2025-39203
24 Jun 2025 — An IEC 61850-8 crafted message content from IED or remote system can cause a denial of service resulting in disconnection loop. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000218&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-354: Improper Validation of Integrity Check Value •