Page 4 of 51706 results (0.017 seconds)

CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1

17 Jul 2025 — A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service. • https://github.com/jpts/cve-2025-23266-poc • CWE-426: Untrusted Search Path •

CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0

17 Jul 2025 — Prior to version 25.0.0, a null pointer dereference in the Compound handler may lead to denial of service. • https://securitylab.github.com/advisories/GHSL-2025-059_7-Zip • CWE-476: NULL Pointer Dereference •

CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0

17 Jul 2025 — Zeroes written outside heap buffer in RAR5 handler may lead to memory corruption and denial of service in versions of 7-Zip prior to 25.0.0. • https://securitylab.github.com/advisories/GHSL-2025-058_7-Zip • CWE-122: Heap-based Buffer Overflow •

CVSS: 7.6EPSS: 0%CPEs: -EXPL: 0

17 Jul 2025 — NVIDIA DOCA-Host and Mellanox OFED contain a vulnerability in the VGT+ feature, where an attacker on a VM might cause escalation of privileges and denial of service on the VLAN. • https://nvidia.custhelp.com/app/answers/detail/a_id/5654 • CWE-279: Incorrect Execution-Assigned Permissions •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

17 Jul 2025 — A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. • https://cna.openjsf.org/security-advisories.html • CWE-248: Uncaught Exception •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

16 Jul 2025 — IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 are vulnerable to a denial of service, caused by a stack-based overflow. • https://www.ibm.com/support/pages/node/7239856 • CWE-121: Stack-based Buffer Overflow •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

16 Jul 2025 — A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. • https://kb.isc.org/docs/cve-2025-40777 • CWE-617: Reachable Assertion •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

16 Jul 2025 — Broken access control in Fortra's GoAnywhere MFT prior to 7.8.1 allows an attacker to create a denial of service situation when configured to use GoAnywhere One-Time Password (GOTP) email two-factor authentication (2FA) and the user has not set an email address. • https://www.fortra.com/security/advisories/product-security/FI-2025-009 • CWE-862: Missing Authorization •

CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0

16 Jul 2025 — A buffer overflow vulnerability in the URL parser of the zhttpd web server in Zyxel VMG8825-T50K firmware versions prior to V5.50(ABOM.5)C0 could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and potentially execute arbitrary code by sending a specially crafted HTTP request. • https://www.zyxel.com/service-provider/global/en/zyxel-security-advisory-remote-code-execution-and-denial-service-vulnerabilities-cpe • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 3.3EPSS: 0%CPEs: -EXPL: 0

16 Jul 2025 — Successful exploitation of the vulnerability could allow an attacker with administrator credentials for the access point to inject malicious JavaScript into the payload of web traffics, potentially leading to session hijacking and denial-of-service (DoS). • https://www.al-enterprise.com/-/media/assets/internet/documents/sa-n0150-omniaccess-stellar-multiple-vulnerabilities.pdf • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •