CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2025-3111 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2025-3111
22 May 2025 — A lack of input validation in the Kubernetes integration could allow an authenticated user to cause denial of service.. • https://gitlab.com/gitlab-org/gitlab/-/issues/533313 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47947 – ModSecurity Has Possible DoS Vulnerability
https://notcve.org/view.php?id=CVE-2025-47947
21 May 2025 — Versions up to and including 2.9.8 are vulnerable to denial of service in one special case (in stable released versions): when the payload's content type is `application/json`, and there is at least one rule which does a `sanitiseMatchedBytes` action. A patch is available at pull request 3389 and expected to be part of version 2.9.9. • https://github.com/owasp-modsecurity/ModSecurity/pull/3389 • CWE-1050: Excessive Platform Resource Consumption within a Loop •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47291 – containerd CRI plugin: Incorrect cgroup hierarchy assignment for containers running in usernamespaced Kubernetes pods.
https://notcve.org/view.php?id=CVE-2025-47291
21 May 2025 — This may cause a denial of service of the Kubernetes node. • https://github.com/containerd/containerd/security/advisories/GHSA-cxfp-7pvr-95ff • CWE-266: Incorrect Privilege Assignment •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-4416 – Events Log Track - Moderately critical - Denial of Service - SA-CONTRIB-2025-059
https://notcve.org/view.php?id=CVE-2025-4416
21 May 2025 — Allocation of Resources Without Limits or Throttling vulnerability in Drupal Events Log Track allows Excessive Allocation.This issue affects Events Log Track: from 0.0.0 before 3.1.11, from 4.0.0 before 4.0.2. • https://www.drupal.org/sa-contrib-2025-059 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20152 – ISE restart
https://notcve.org/view.php?id=CVE-2025-20152
21 May 2025 — A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain RADIUS requests. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-restart-ss-uf986G2Q • CWE-125: Out-of-bounds Read •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23337 – jq has signed integer overflow in jv.c:jvp_array_write
https://notcve.org/view.php?id=CVE-2024-23337
21 May 2025 — In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. • https://github.com/jqlang/jq/security/advisories/GHSA-2q6r-344g-cx46 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-40775 – DNS message with invalid TSIG causes an assertion failure
https://notcve.org/view.php?id=CVE-2025-40775
21 May 2025 — A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. • https://kb.isc.org/docs/cve-2025-40775 • CWE-232: Improper Handling of Undefined Values •
CVSS: 8.2EPSS: 0%CPEs: -EXPL: 0CVE-2019-16536 – Stack overflow leading to DoS can be triggered by a malicious authenticated client.
https://notcve.org/view.php?id=CVE-2019-16536
21 May 2025 — Stack overflow leading to DoS can be triggered by a malicious authenticated client in Clickhouse before 19.14.3.3. • https://clickhouse.com/docs/whats-new/security-changelog • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.3EPSS: 0%CPEs: -EXPL: 0CVE-2021-25255 – Yandex Browser Lite for Android prior to version 21.1.0 allows remote attackers to cause a denial of service.
https://notcve.org/view.php?id=CVE-2021-25255
21 May 2025 — Yandex Browser Lite for Android prior to version 21.1.0 allows remote attackers to cause a denial of service. • https://yandex.com/bugbounty/i/hall-of-fame-browser • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-4949 – XXE vulnerability in Eclipse JGit
https://notcve.org/view.php?id=CVE-2025-4949
21 May 2025 — This vulnerability can lead to information disclosure, denial of service, and other security issues. • https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1 • CWE-611: Improper Restriction of XML External Entity Reference CWE-827: Improper Control of Document Type Definition •