
CVE-2025-23266 – NVIDIA Container Toolkit Environment Variable Handling Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-23266
17 Jul 2025 — A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service. • https://github.com/jpts/cve-2025-23266-poc • CWE-426: Untrusted Search Path •

CVE-2025-53817 – GHSL-2025-059 - 7-Zip - Null pointer array write attempt in NArchive::NCom::CHandler::GetStream
https://notcve.org/view.php?id=CVE-2025-53817
17 Jul 2025 — Prior to version 25.0.0, a null pointer dereference in the Compound handler may lead to denial of service. • https://securitylab.github.com/advisories/GHSL-2025-059_7-Zip • CWE-476: NULL Pointer Dereference •

CVE-2025-53816 – GHSL-2025-058 - 7-Zip Multi-byte write heap buffer overflow in NCompress::NRar5::CDecoder
https://notcve.org/view.php?id=CVE-2025-53816
17 Jul 2025 — Zeroes written outside heap buffer in RAR5 handler may lead to memory corruption and denial of service in versions of 7-Zip prior to 25.0.0. • https://securitylab.github.com/advisories/GHSL-2025-058_7-Zip • CWE-122: Heap-based Buffer Overflow •

CVE-2025-23263
https://notcve.org/view.php?id=CVE-2025-23263
17 Jul 2025 — NVIDIA DOCA-Host and Mellanox OFED contain a vulnerability in the VGT+ feature, where an attacker on a VM might cause escalation of privileges and denial of service on the VLAN. • https://nvidia.custhelp.com/app/answers/detail/a_id/5654 • CWE-279: Incorrect Execution-Assigned Permissions •

CVE-2025-7338 – Multer vulnerable to Denial of Service via unhandled exception from malformed request
https://notcve.org/view.php?id=CVE-2025-7338
17 Jul 2025 — A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. • https://cna.openjsf.org/security-advisories.html • CWE-248: Uncaught Exception •

CVE-2025-36097 – IBM WebSphere Application Server denial of service
https://notcve.org/view.php?id=CVE-2025-36097
16 Jul 2025 — IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 are vulnerable to a denial of service, caused by a stack-based overflow. • https://www.ibm.com/support/pages/node/7239856 • CWE-121: Stack-based Buffer Overflow •

CVE-2025-40777 – A possible assertion failure when 'stale-answer-client-timeout' is set to '0'
https://notcve.org/view.php?id=CVE-2025-40777
16 Jul 2025 — A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. • https://kb.isc.org/docs/cve-2025-40777 • CWE-617: Reachable Assertion •

CVE-2025-3871 – Broken Access Control Leads to Limited Denial of Service in GoAnywhere MFT 7.8.0 and earlier
https://notcve.org/view.php?id=CVE-2025-3871
16 Jul 2025 — Broken access control in Fortra's GoAnywhere MFT prior to 7.8.1 allows an attacker to create a denial of service situation when configured to use GoAnywhere One-Time Password (GOTP) email two-factor authentication (2FA) and the user has not set an email address. • https://www.fortra.com/security/advisories/product-security/FI-2025-009 • CWE-862: Missing Authorization •

CVE-2025-7673
https://notcve.org/view.php?id=CVE-2025-7673
16 Jul 2025 — A buffer overflow vulnerability in the URL parser of the zhttpd web server in Zyxel VMG8825-T50K firmware versions prior to V5.50(ABOM.5)C0 could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and potentially execute arbitrary code by sending a specially crafted HTTP request. • https://www.zyxel.com/service-provider/global/en/zyxel-security-advisory-remote-code-execution-and-denial-service-vulnerabilities-cpe • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVE-2025-52687 – JavaScript Injection Vulnerability in the OmniAccess Stellar Web Management Interface
https://notcve.org/view.php?id=CVE-2025-52687
16 Jul 2025 — Successful exploitation of the vulnerability could allow an attacker with administrator credentials for the access point to inject malicious JavaScript into the payload of web traffics, potentially leading to session hijacking and denial-of-service (DoS). • https://www.al-enterprise.com/-/media/assets/internet/documents/sa-n0150-omniaccess-stellar-multiple-vulnerabilities.pdf • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •