CVSS: 6.9EPSS: 0%CPEs: 3EXPL: 0CVE-2025-14466 – Güralp Systems Fortimus Series, Minimus Series, and Certimus Series have an Allocation of Resources Without Limits or Throttling vulnerability
https://notcve.org/view.php?id=CVE-2025-14466
16 Dec 2025 — A vulnerability in the web interface of the Güralp Fortimus Series, Minimus Series and Certimus Series allows an unauthenticated attacker with network access to send specially-crafted HTTP requests that can cause the web service process to deliberately restart. Although this mechanism limits the impact of the attack, it results in a brief denial-of-service condition during the restart. • https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-350-01.json • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-68156 – Expr has Denial of Service via Unbounded Recursion in Builtin Functions
https://notcve.org/view.php?id=CVE-2025-68156
16 Dec 2025 — While exploitability depends on whether an attacker can influence or inject cyclic or pathologically deep data into the evaluation environment, this behavior represents a denial-of-service (DoS) risk and affects overall library robustness. While exploitability depends on whether an attacker can influence or inject cyclic or pathologically deep data into the evaluation environment, this behavior represents a denial-of-service (DoS) risk... • https://github.com/expr-lang/expr/pull/870 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-33235
https://notcve.org/view.php?id=CVE-2025-33235
16 Dec 2025 — A successful exploit of this vulnerability might lead to information disclosure, data tampering, denial of service, or escalation of privileges. • https://nvd.nist.gov/vuln/detail/CVE-2025-33235 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-33225
https://notcve.org/view.php?id=CVE-2025-33225
16 Dec 2025 — A successful exploit of this vulnerability may lead to escalation of privileges, code execution, denial of service, information disclosure, and data tampering. • https://nvd.nist.gov/vuln/detail/CVE-2025-33225 • CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-33212
https://notcve.org/view.php?id=CVE-2025-33212
16 Dec 2025 — A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, and data tampering. • https://nvd.nist.gov/vuln/detail/CVE-2025-33212 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-68130 – tRPC has possible prototype pollution in `experimental_nextAppDirCaller`
https://notcve.org/view.php?id=CVE-2025-68130
16 Dec 2025 — An attacker can pollute `Object.prototype` by submitting specially crafted FormData field names, potentially leading to authorization bypass, denial of service, or other security impacts. • https://github.com/trpc/trpc/security/advisories/GHSA-43p4-m455-4f4j • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-68246 – ksmbd: close accepted socket when per-IP limit rejects connection
https://notcve.org/view.php?id=CVE-2025-68246
16 Dec 2025 — That leaks one socket per rejected attempt from a single IP and enables a trivial remote DoS. Release client_sk before continuing. ... That leaks one socket per rejected attempt from a single IP and enables a trivial remote DoS. Release client_sk before continuing. • https://git.kernel.org/stable/c/7a3c7154d5fc05956a8ad9e72ecf49e21555bfca •
CVSS: 8.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-14443 – Ose-openshift-apiserver: openshift api server: server-side request forgery (ssrf) vulnerability in imagestreamimport mechanism
https://notcve.org/view.php?id=CVE-2025-14443
16 Dec 2025 — This vulnerability allows internal network enumeration, service discovery, limited information disclosure, and potential denial-of-service (DoS) through Server-Side Request Forgery (SSRF) due to missing IP address and network-range validation when processing user-supplied image references. • https://access.redhat.com/security/cve/CVE-2025-14443 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.1EPSS: 0%CPEs: 37EXPL: 0CVE-2025-62848 – QTS, QuTS hero
https://notcve.org/view.php?id=CVE-2025-62848
16 Dec 2025 — The remote attackers can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and later QuTS hero h5.2.7.3297 build 20251024 and later QuTS hero h5.3.1.3292 build 20251024 and later • https://www.qnap.com/en/security-advisory/qsa-25-45 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2025-14747 – Ningyuanda TC155 RTSP Service denial of service
https://notcve.org/view.php?id=CVE-2025-14747
16 Dec 2025 — The impacted element is an unknown function of the component RTSP Service. Performing manipulation results in denial of service. • https://github.com/pwnpwnpur1n/IoT-advisories/blob/main/TC155-Unauth-Malformed-RTSP-Describe-Request.md • CWE-404: Improper Resource Shutdown or Release •