CVSS: 5.3EPSS: 0%CPEs: 75EXPL: 0CVE-2025-5514 – Denial-of-Service(DoS) Vulnerability in Web server function on MELSEC iQ-F Series CPU module
https://notcve.org/view.php?id=CVE-2025-5514
25 Aug 2025 — Improper Handling of Length Parameter Inconsistency vulnerability in web server function on Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to delay the processing of the web server function and prevent legitimate users from utilizing the web server function, by sending a specially crafted HTTP request. • https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-010_en.pdf • CWE-130: Improper Handling of Length Parameter Inconsistency •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-43960
https://notcve.org/view.php?id=CVE-2025-43960
25 Aug 2025 — Adminer 4.8.1, when using Monolog for logging, allows a Denial of Service (memory consumption) via a crafted serialized payload (e.g., using s:1000000000), leading to a PHP Object Injection issue. Remote, unauthenticated attackers can trigger this by sending a malicious serialized object, which forces excessive memory usage, rendering Adminer’s interface unresponsive and causing a server-level DoS. • https://github.com/vrana/adminer/compare/v4.8.1...v4.8.2 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-51281
https://notcve.org/view.php?id=CVE-2025-51281
25 Aug 2025 — This vulnerability allows authenticated attackers to cause a Denial of Service (DoS) by sending crafted GET requests with overly long values for these parameters. • https://www.dlink.com/en/security-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-43764
https://notcve.org/view.php?id=CVE-2025-43764
23 Aug 2025 — Self-ReDoS (Regular expression Denial of Service) exists with Role Name search field of Kaleo Designer portlet JavaScript in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.1, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.20 and 7.4 GA through update 92, which allows authenticated users with permissions to update Kaleo Workflows to enter a malicious Regex pattern causing their browser to hang for a very long time. • https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43764 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-41452 – Post auth nginx configuration injection in Danfoss AK-SM8xxA Series
https://notcve.org/view.php?id=CVE-2025-41452
22 Aug 2025 — Post-authenticated external control of system web interface configuration setting vulnerability in Danfoss AK-SM8xxA Series prior to 4.3.1, which could allow for a denial of service attack induced by improper handling of exceptional conditions Post-authenticated external control of system web interface configuration setting vulnerability in Danfoss AK-SM8xxA Series prior to 4.3.1, which could allow for a denial of service attack induced by improper handling of exceptional conditions • https://www.danfoss.com/en/service-and-support/downloads/dcs/adap-kool-software/ak-sm-800a/#tab-overview • CWE-15: External Control of System or Configuration Setting •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-55631
https://notcve.org/view.php?id=CVE-2025-55631
22 Aug 2025 — Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 was discovered to manage users' sessions system wide instead of an account-by-account basis, potentially leading to a Denial of Service (DoS) via resource exhaustion. • https://relieved-knuckle-264.notion.site/Token-max-Dos-23c437003642804db673cbd5449fcc67? • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-55634
https://notcve.org/view.php?id=CVE-2025-55634
22 Aug 2025 — Incorrect access control in the RTMP server settings of Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 allows unauthorized attackers to cause a Denial of Service (DoS) via initiating a large number of simultaneous ffmpeg-based stream pushes. • https://relieved-knuckle-264.notion.site/RTMP-Injection-DoS-through-Unauthenticated-Stream-Publish-23c437003642800297c8c128b6117885? • CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3128 – Mitsubishi Electric Europe smartRTU OS Command Injection
https://notcve.org/view.php?id=CVE-2025-3128
21 Aug 2025 — A remote unauthenticated attacker who has bypassed authentication could execute arbitrary OS commands to disclose, tamper with, destroy or delete information in Mitsubishi Electric smartRTU, or cause a denial-of service condition on the product. • https://emea.mitsubishielectric.com/fa/products/quality/quality-news-information • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-57751 – Denial-of-Service attack in pyLoad CNL Blueprint using dukpy.evaljs
https://notcve.org/view.php?id=CVE-2025-57751
21 Aug 2025 — pyLoad is the free and open-source Download Manager written in pure Python. The jk parameter is received in pyLoad CNL Blueprint. Due to the lack of jk parameter verification, the jk parameter input by the user is directly determined as dykpy.evaljs(), resulting in the server CPU being fully occupied and the web-ui becoming unresponsive. This vulnerability is fixed in 0.5.0b3.dev92. • https://github.com/pyload/pyload/security/advisories/GHSA-9gjj-6gj7-c4wj • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48956 – vLLM API endpoints vulnerable to Denial of Service Attacks
https://notcve.org/view.php?id=CVE-2025-48956
21 Aug 2025 — From 0.1.0 to before 0.10.1.1, a Denial of Service (DoS) vulnerability can be triggered by sending a single HTTP GET request with an extremely large header to an HTTP endpoint. • https://github.com/vllm-project/vllm/security/advisories/GHSA-rxc4-3w6r-4v47 • CWE-400: Uncontrolled Resource Consumption •