CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46404
https://notcve.org/view.php?id=CVE-2025-46404
05 Nov 2025 — A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. • https://talosintelligence.com/vulnerability_reports/TALOS-2025-2194 • CWE-476: NULL Pointer Dereference •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46784
https://notcve.org/view.php?id=CVE-2025-46784
05 Nov 2025 — A denial of service vulnerability exists in the lasso_node_init_from_message_with_format functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a memory depletion, resulting in denial of service. • https://talosintelligence.com/vulnerability_reports/TALOS-2025-2195 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0CVE-2025-46705
https://notcve.org/view.php?id=CVE-2025-46705
05 Nov 2025 — A denial of service vulnerability exists in the g_assert_not_reached functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML assertion response can lead to a denial of service. • https://talosintelligence.com/vulnerability_reports/TALOS-2025-2196 • CWE-617: Reachable Assertion •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-31133 – runc container escape via "masked path" abuse due to mount race conditions
https://notcve.org/view.php?id=CVE-2025-31133
05 Nov 2025 — This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. ... Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects. • https://github.com/opencontainers/runc/commit/1a30a8f3d921acbbb6a4bb7e99da2c05f8d48522 • CWE-61: UNIX Symbolic Link (Symlink) Following CWE-363: Race Condition Enabling Link Following •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-52565 – container escape due to /dev/console mount and related races
https://notcve.org/view.php?id=CVE-2025-52565
05 Nov 2025 — This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). ... Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects. • https://github.com/opencontainers/runc/commit/01de9d65dc72f67b256ef03f9bfb795a2bf143b4 • CWE-61: UNIX Symbolic Link (Symlink) Following CWE-363: Race Condition Enabling Link Following •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-52881 – runc: LSM labels can be bypassed with malicious config using dummy procfs files
https://notcve.org/view.php?id=CVE-2025-52881
05 Nov 2025 — Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects. • http://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322 • CWE-61: UNIX Symbolic Link (Symlink) Following CWE-363: Race Condition Enabling Link Following •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-60753
https://notcve.org/view.php?id=CVE-2025-60753
05 Nov 2025 — This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash). • https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753 • CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-59596
https://notcve.org/view.php?id=CVE-2025-59596
04 Nov 2025 — CVE-2025-59596 is a denial-of-service vulnerability in Secure Access Windows client versions 12.0 to 14.10 that is addressed in version 14.12. • https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-59596 • CWE-20: Improper Input Validation •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-59595
https://notcve.org/view.php?id=CVE-2025-59595
04 Nov 2025 — CVE-2025-59595 is an internally discovered denial of service vulnerability in versions of Secure Access prior to 14.12. • https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-59595 •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-54863 – Insufficiently Protected Credentials in Radiometrics VizAir
https://notcve.org/view.php?id=CVE-2025-54863
04 Nov 2025 — Additionally, attackers could flood the system with false alerts, leading to a denial-of-service condition and significant disruption to airport operations. • https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-308-04.json • CWE-522: Insufficiently Protected Credentials •