
CVE-2025-5915 – Libarchive: heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c
https://notcve.org/view.php?id=CVE-2025-5915
09 Jun 2025 — This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions. • https://access.redhat.com/security/cve/CVE-2025-5915 • CWE-122: Heap-based Buffer Overflow •

CVE-2025-48053 – Discourse vulnerable to DoS via large URL payload in PM to a bot
https://notcve.org/view.php?id=CVE-2025-48053
09 Jun 2025 — Prior to version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch, sending a malicious URL in a PM to a bot user can cause a reduced the availability of a Discourse instance. This issue is patched in version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch. • https://github.com/discourse/discourse/security/advisories/GHSA-3q5q-qmrm-rvwx • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •

CVE-2025-25208 – Rhcl: authorino denial of service through authpolicy with sharedsecretref severity
https://notcve.org/view.php?id=CVE-2025-25208
09 Jun 2025 — A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster Un personaje de desarrollador puede hacer caer el servicio Authorino, impidiendo la evaluación de todas las AuthPolicies en el clúster. • https://access.redhat.com/security/cve/CVE-2025-25208 • CWE-400: Uncontrolled Resource Consumption •

CVE-2025-25207 – Rhcl: authpolicy callbacks result in denial of service in authorino severity
https://notcve.org/view.php?id=CVE-2025-25207
09 Jun 2025 — The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. ... It was found that an attacker with developer persona access can add a large number of those callbacks to be executed by Authorino and as the authentication policy is enforced by a single instance of the service, this leada to a Denial of Service in Authorino while processing the post-authorization callbacks. • https://access.redhat.com/security/cve/CVE-2025-25207 • CWE-400: Uncontrolled Resource Consumption •

CVE-2025-27242 – Ssecurity_component_manager has an improper input vulnerability
https://notcve.org/view.php?id=CVE-2025-27242
08 Jun 2025 — in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input. En OpenHarmony v5.0.3 y versiones anteriores se permite que un atacante local provoque un DOS a través de una entrada incorrecta. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-06.md • CWE-20: Improper Input Validation •

CVE-2025-27131 – kernel_liteos_m has an improper input vulnerability
https://notcve.org/view.php?id=CVE-2025-27131
08 Jun 2025 — in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input. En OpenHarmony v5.0.3 y versiones anteriores se permite que un atacante local provoque un DOS a través de una entrada incorrecta. in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-06.md • CWE-20: Improper Input Validation •

CVE-2025-25217 – arkui_ace_enginehas a NULL pointer dereference vulnerability
https://notcve.org/view.php?id=CVE-2025-25217
08 Jun 2025 — in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference. En OpenHarmony v5.0.3 y versiones anteriores se permite que un atacante local cometa un ataque DOS mediante la desreferencia de un puntero NULL. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-06.md • CWE-476: NULL Pointer Dereference •

CVE-2025-23235 – arkcompiler_ets_runtime has an out-of-bounds write vulnerability
https://notcve.org/view.php?id=CVE-2025-23235
08 Jun 2025 — in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through out-of-bounds read. En OpenHarmony v5.0.3 y versiones anteriores se permite que un atacante local provoque un ataque DOS mediante lecturas fuera de los límites. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-06.md • CWE-125: Out-of-bounds Read •

CVE-2025-5399 – WebSocket endless loop
https://notcve.org/view.php?id=CVE-2025-5399
07 Jun 2025 — This might be used to DoS libcurl-using application. ... This might be used to DoS libcurl-using application. • https://curl.se/docs/CVE-2025-5399.html •

CVE-2025-47950 – CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification
https://notcve.org/view.php?id=CVE-2025-47950
06 Jun 2025 — In versions prior to 1.12.2, a Denial of Service (DoS) vulnerability exists in the CoreDNS DNS-over-QUIC (DoQ) server implementation. ... A remote, unauthenticated attacker could open a large number of streams, leading to uncontrolled memory consumption and eventually causing an Out Of Memory (OOM) crash — especially in containerized or memory-constrained environments. The patch in version 1.12.2 introduces two key mitigation mechanisms: `max_streams`,... • https://datatracker.ietf.org/doc/html/rfc9250 • CWE-770: Allocation of Resources Without Limits or Throttling •