CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-1991 – IBM Informix Dynamic Server denial of service
https://notcve.org/view.php?id=CVE-2025-1991
28 Jun 2025 — IBM Informix Dynamic Server 12.10,14.10, and15.0 could allow a remote attacker to cause a denial of service due to an integer underflow when processing packets. • https://www.ibm.com/support/pages/node/7238455 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-45851
https://notcve.org/view.php?id=CVE-2025-45851
27 Jun 2025 — An issue in Hikvision DS-2CD1321-I V5.7.21 build 230819 allows attackers to cause a Denial of Service (DoS) via sending a crafted POST request to the endpoint /ISAPI/Security/challenge. An issue in Hikvision DS-2CD1321-I V5.7.21 build 230819 allows attackers to cause a Denial of Service (DoS) via sending a crafted POST request to the endpoint /ISAPI/Security/challenge. • https://crashpark.weebly.com/blog/hikvision-ip-camera-unauthenticated-denial-of-service-dos •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-44559
https://notcve.org/view.php?id=CVE-2025-44559
27 Jun 2025 — An issue in the Bluetooth Low Energy (BLE) stack of Realtek RTL8762E BLE SDK v1.4.0 allows attackers within Bluetooth range to cause a Denial of Service (DoS) via sending a specific sequence of crafted control packets. • http://realtek.com • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-6710 – Pre-authentication Denial of Service Stack Overflow Vulnerability in JSON Parsing via Excessive Recursion in MongoDB
https://notcve.org/view.php?id=CVE-2025-6710
26 Jun 2025 — The same issue affects MongoDB Server v6.0 versions prior to 6.0.21, but an attacker can only induce denial of service after authenticating. • https://jira.mongodb.org/browse/SERVER-106749 • CWE-674: Uncontrolled Recursion •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-6709 – Pre-Authentication Denial of Service Vulnerability in MongoDB Server's OIDC Authentication
https://notcve.org/view.php?id=CVE-2025-6709
26 Jun 2025 — The MongoDB Server is susceptible to a denial of service vulnerability due to improper handling of specific date values in JSON input when using OIDC authentication. ... The same issue affects MongoDB Server v6.0 versions prior to 6.0.21, but an attacker can only induce denial of service after authenticating. • https://jira.mongodb.org/browse/SERVER-106748 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2025-3279 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2025-3279
26 Jun 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated attackers to create a DoS condition by sending crafted GraphQL requests. • https://gitlab.com/gitlab-org/gitlab/-/issues/534424 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-52894 – OpenBao Vulnerable to Unauthenticated Rekey Operation Cancellation
https://notcve.org/view.php?id=CVE-2025-52894
25 Jun 2025 — OpenBao before v2.3.0 allowed an attacker to perform unauthenticated, unaudited cancellation of root rekey and recovery rekey operations, effecting a denial of service. • https://github.com/openbao/openbao/commit/fe75468822a22a88318c6079425357a02ae5b77b • CWE-20: Improper Input Validation •
CVSS: 3.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-52889 – Incus vulnerable to DoS through antispoofing nftables firewall rule bypass on bridge networks with ACLs
https://notcve.org/view.php?id=CVE-2025-52889
25 Jun 2025 — Incus is a system container and virtual machine manager. When using an ACL on a device connected to a bridge, Incus version 6.12 and 6.13 generates nftables rules for local services (DHCP, DNS...) that partially bypass security options `security.mac_filtering`, `security.ipv4_filtering` and `security.ipv6_filtering`. This can lead to DHCP pool exhaustion and opens the door for other attacks. A patch is available at commit 2516fb19ad8428454cb4edfe70c0a5f0dc1da214. • https://github.com/lxc/incus/commit/2516fb19ad8428454cb4edfe70c0a5f0dc1da214 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 3.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-4656 – Vault Vulnerable to Recovery Key Cancellation Denial of Service
https://notcve.org/view.php?id=CVE-2025-4656
25 Jun 2025 — Vault Community and Vault Enterprise rekey and recovery key operations can lead to a denial of service due to uncontrolled cancellation by a Vault operator. • https://discuss.hashicorp.com/t/hcsec-2025-11-vault-vulnerable-to-recovery-key-cancellation-denial-of-service/75570 • CWE-1088: Synchronous Access of Remote Resource without Timeout •
CVSS: 9.2EPSS: 16%CPEs: 4EXPL: 2CVE-2025-6543 – Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2025-6543
25 Jun 2025 — Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server Citrix NetScaler ADC and Gateway contain a buffer ... • https://github.com/grupooruss/Citrix-cve-2025-6543 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •