CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48942 – vLLM DOS: Remotely kill vllm over http with invalid JSON schema
https://notcve.org/view.php?id=CVE-2025-48942
30 May 2025 — This vulnerability is similar GHSA-9hcf-v7m4-6m2j/CVE-2025-48943, but for regex instead of a JSON schema. • https://github.com/vllm-project/vllm/commit/08bf7840780980c7568c573c70a6a8db94fd45ff • CWE-248: Uncaught Exception •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48887 – vLLM has a Regular Expression Denial of Service (ReDoS, Exponential Complexity) Vulnerability in `pythonic_tool_parser.py`
https://notcve.org/view.php?id=CVE-2025-48887
30 May 2025 — vLLM, an inference and serving engine for large language models (LLMs), has a Regular Expression Denial of Service (ReDoS) vulnerability in the file `vllm/entrypoints/openai/tool_parsers/pythonic_tool_parser.py` of versions 0.6.4 up to but excluding 0.9.0. The root cause is the use of a highly complex and nested regular expression for tool call detection, which can be exploited by an attacker to cause severe performance degradation or make the service unavailable. • https://github.com/vllm-project/vllm/commit/4fc1bf813ad80172c1db31264beaef7d93fe0601 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48889 – Gradio Allows Unauthorized File Copy via Path Manipulation
https://notcve.org/view.php?id=CVE-2025-48889
30 May 2025 — Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. ... While attackers can't read these copied files, they can cause DoS by copying large files (like /dev/urandom) to fill disk space. • https://github.com/gradio-app/gradio/security/advisories/GHSA-8jw3-6x8j-v96g • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-49350 – IBM Db2 denial of service
https://notcve.org/view.php?id=CVE-2024-49350
29 May 2025 — IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. • https://www.ibm.com/support/pages/node/7235069 • CWE-121: Stack-based Buffer Overflow •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-2518 – IBM Db2 denial of service
https://notcve.org/view.php?id=CVE-2025-2518
29 May 2025 — IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. • https://www.ibm.com/support/pages/node/7235072 • CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-3050 – IBM Db2 denial of service
https://notcve.org/view.php?id=CVE-2025-3050
29 May 2025 — IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when using Q replication due to the improper allocation of CPU resources. • https://www.ibm.com/support/pages/node/7235073 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.4EPSS: 0%CPEs: 72EXPL: 0CVE-2025-3755 – Information Disclosure and Denial-of-Service(DoS) Vulnerability in MELSEC iQ-F Series CPU module
https://notcve.org/view.php?id=CVE-2025-3755
29 May 2025 — Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to read information in the product, to cause a Denial-of-Service (DoS) condition in MELSOFT connection, or to stop the operation of the CPU module (causing a DoS condtion on the CPU module), by sending specially crafted packets. • https://jvn.jp/vu/JVNVU94070048 • CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2025-29632
https://notcve.org/view.php?id=CVE-2025-29632
29 May 2025 — Buffer Overflow vulnerability in Free5gc v.4.0.0 allows a remote attacker to cause a denial of service via the AMF, NGAP, security.go, handler_generated.go, handleInitialUEMessageMain, DecodePlainNasNoIntegrityCheck, GetSecurityHeaderType components • https://github.com/OHnogood/CVE-2025-29632 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-53423
https://notcve.org/view.php?id=CVE-2024-53423
29 May 2025 — An issue in Open Network Foundation ONOS v2.7.0 allows attackers to cause a Denial of Service (DoS) via supplying crafted packets. • https://gist.github.com/kjw6855/abeecc798d138b49537393e1fd3a5e96 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-54952
https://notcve.org/view.php?id=CVE-2024-54952
29 May 2025 — MikroTik RouterOS 6.40.5, the SMB service contains a memory corruption vulnerability. Remote, unauthenticated attackers can exploit this issue by sending specially crafted packets, triggering a null pointer dereference. This leads to a Remote Denial of Service (DoS), rendering the SMB service unavailable. • https://github.com/noobone123/RouterOS-issues/blob/main/README.md • CWE-476: NULL Pointer Dereference •