CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-40672 – Privilege Escalation in Panloader.exe
https://notcve.org/view.php?id=CVE-2025-40672
26 May 2025 — This would allow an attacker to obtain administrator permissions to perform whatever activities he/she wants, shuch as accessing sensitive information, executing code remotely, and even causing a denial of service (DoS). This would allow an attacker to obtain administrator permissions to perform whatever activities he/she wants, shuch as accessing sensitive information, executing code remotely, and even causing a denial of service (DoS). ... Esto permi... • https://www.incibe.es/en/incibe-cert/notices/aviso/privilege-escalation-proactivanet-espiral-ms-group • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-41655 – PEPPERL+FUCHS: Attacker can cause a DoS via URL
https://notcve.org/view.php?id=CVE-2025-41655
26 May 2025 — An unauthenticated remote attacker can access a URL which causes the device to reboot. Un atacante remoto no autenticado puede acceder a una URL que provoca que el dispositivo se reinicie. • https://certvde.com/en/advisories/VDE-2025-011 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48375 – Schule Missing Rate Limiting on OTP Email Requests – Susceptible to Abuse & DoS
https://notcve.org/view.php?id=CVE-2025-48375
23 May 2025 — This vulnerability can be exploited to send an excessive number of OTP emails, leading to potential denial-of-service (DoS) conditions or facilitating user harassment through email flooding. • https://github.com/schule111/Schule/security/advisories/GHSA-h3f2-mc85-67gc • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.7EPSS: 0%CPEs: 2EXPL: 0CVE-2022-31812
https://notcve.org/view.php?id=CVE-2022-31812
23 May 2025 — Affected server applications contain an out of bounds read past the end of an allocated buffer while checking the integrity of incoming packets. This could allow an unauthenticated remote attacker to create a denial of service condition. • https://cert-portal.siemens.com/productcert/html/ssa-041082.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 1CVE-2018-25110 – Regular Expression Denial of Service (ReDoS) in markedjs/marked
https://notcve.org/view.php?id=CVE-2018-25110
23 May 2025 — Marked prior to version 0.3.17 is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to catastrophic backtracking in several regular expressions used for parsing HTML tags and markdown links. An attacker can exploit this vulnerability by providing specially crafted markdown input, such as deeply nested or repetitively structured brackets or tag attributes, which cause the parser to hang and lead to a Denial of Service. • https://github.com/Checkmarx/Vulnerabilities-Proofs-of-Concept/tree/main/2018/CVE-2018-25110 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2024-7803 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2024-7803
23 May 2025 — A Discord webhook integration may cause DoS. • https://gitlab.com/gitlab-org/gitlab/-/issues/479168 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.9EPSS: 0%CPEs: -EXPL: 0CVE-2025-47149
https://notcve.org/view.php?id=CVE-2025-47149
23 May 2025 — The optional feature 'Anti-Virus & Sandbox' of i-FILTER contains an issue with improper pattern file validation. ... If the product uses a specially crafted pattern file, information in the server where the product is running may be retrieved, and/or cause a denial of service (DoS) condition. • https://download.daj.co.jp/support/detail/?page=releasenote_content&division=6&id=1057 • CWE-348: Use of Less Trusted Source •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48075 – Fiber panics when fiber.Ctx.BodyParser parses invalid range index
https://notcve.org/view.php?id=CVE-2025-48075
22 May 2025 — Starting in version 2.52.6 and prior to version 2.52.7, `fiber.Ctx.BodyParser` can map flat data to nested slices using `key[idx]value` syntax, but when idx is negative, it causes a panic instead of returning an error stating it cannot process the data. Since this data is user-provided, this could lead to denial of service for anyone relying on this `fiber.Ctx.BodyParser` functionality. • https://github.com/gofiber/fiber/commit/e115c08b8f059a4a031b492aa9eef0712411853d • CWE-129: Improper Validation of Array Index •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2025-0993 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2025-0993
22 May 2025 — This could allow an authenticated attacker to cause a denial of service condition by exhausting server resources. • https://gitlab.com/gitlab-org/gitlab/-/issues/516927 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2025-2853 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2025-2853
22 May 2025 — A lack of proper validation in GitLab could allow an authenticated user to cause a denial of service condition. • https://gitlab.com/gitlab-org/gitlab/-/issues/527218 • CWE-770: Allocation of Resources Without Limits or Throttling •