CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-65567
https://notcve.org/view.php?id=CVE-2025-65567
18 Dec 2025 — A denial-of-service vulnerability exists in the omec-project UPF (pfcpiface component) in version upf-epc-pfcpiface:2.1.3-dev. • https://github.com/omec-project/upf/issues/959 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-65568
https://notcve.org/view.php?id=CVE-2025-65568
18 Dec 2025 — A denial-of-service vulnerability exists in the omec-project UPF (pfcpiface component) in version upf-epc-pfcpiface:2.1.3-dev. • http://omec-projectupf.com • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-66646 – RIOT-OS has NULL pointer dereference in gnrc_ipv6_ext_frag_reass
https://notcve.org/view.php?id=CVE-2025-66646
17 Dec 2025 — However, the implementation still tries to copy the payload into the reassembly buffer, resulting in a NULL pointer dereference which crashes the OS (DoS). To trigger the vulnerability, the `gnrc_ipv6_ext_frag` module must be enabled and the attacker must be able to send arbitrary IPv6 packets to the victim. • https://github.com/RIOT-OS/RIOT/blob/eb65305cf9f1b7affb50b17af5c12341b83a8636/sys/net/gnrc/network_layer/ipv6/ext/frag/gnrc_ipv6_ext_frag.c#L411 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-12689 – DoS in Calls plugin via malformed UTF-8 in WebSocket request
https://notcve.org/view.php?id=CVE-2025-12689
17 Dec 2025 — Mattermost versions 11.0.x <= 11.0.4, 10.12.x <= 10.12.2, 10.11.x <= 10.11.6 fail to check WebSocket request field for proper UTF-8 format, which allows attacker to crash Calls plug-in via sending malformed request. • https://mattermost.com/security-updates • CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-67073
https://notcve.org/view.php?id=CVE-2025-67073
17 Dec 2025 — A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serviceName`) to /goform/AdvSetMacMtuWan. • https://github.com/johnathanhuutri/CVEReport/tree/master/CVE-2025-67073 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-14501 – Sante PACS Server HTTP Content-Length Header Handling NULL Pointer Dereference Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2025-14501
17 Dec 2025 — This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. ... An attacker can leverage this vulnerability to create a denial-of-service condition on the system. •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-29370
https://notcve.org/view.php?id=CVE-2024-29370
17 Dec 2025 — In python-jose 3.3.0 (specifically jwe.decrypt), a vulnerability allows an attacker to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. • https://github.com/mpdavis/python-jose/issues/344 • CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-29371
https://notcve.org/view.php?id=CVE-2024-29371
17 Dec 2025 — In jose4j before 0.9.5, an attacker can cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. • https://bitbucket.org/b_c/jose4j/issues/220/vuln-zip-bomb-attack • CWE-1259: Improper Restriction of Security Token Assignment •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-67074
https://notcve.org/view.php?id=CVE-2025-67074
17 Dec 2025 — A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serverName`) to /goform/AdvSetMacMtuWan. • https://github.com/johnathanhuutri/CVEReport/tree/master/CVE-2025-67074 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-68274 – SIPGO library has response DoS vulnerability via nil pointer dereference
https://notcve.org/view.php?id=CVE-2025-68274
16 Dec 2025 — SIPGO is a library for writing SIP services in the GO language. Starting in version 0.3.0 and prior to version 1.0.0-alpha-1, a nil pointer dereference vulnerability is in the SIPGO library's `NewResponseFromRequest` function that affects all normal SIP operations. The vulnerability allows remote attackers to crash any SIP application by sending a single malformed SIP request without a To header. The vulnerability occurs when SIP message parsing succeeds for a request missing the To header, but the response... • https://github.com/emiago/sipgo/commit/dc9669364a154ec6d134e542f6a63c31b5afe6e8 • CWE-476: NULL Pointer Dereference CWE-755: Improper Handling of Exceptional Conditions •