CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2025-5987 – Libssh: invalid return code for chacha20 poly1305 with openssl backend
https://notcve.org/view.php?id=CVE-2025-5987
05 Jul 2025 — An attacker could use this issue to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code. ... An attacker could use this issue to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code. • https://access.redhat.com/security/cve/CVE-2025-5987 • CWE-393: Return of Wrong Status Code •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53366 – MCP SDK Vulnerable to FastMCP Server Validation Error, Leading to Denial of Service
https://notcve.org/view.php?id=CVE-2025-53366
04 Jul 2025 — Prior to version 1.9.4, a validation error in the MCP SDK can cause an unhandled exception when processing malformed requests, resulting in service unavailability (500 errors) until manually restarted. • https://github.com/modelcontextprotocol/python-sdk/commit/29c69e6a47d0104d0afcea6ac35e7ab02fde809a • CWE-248: Uncaught Exception •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53365 – MCP Python SDK has Unhandled Exception in Streamable HTTP Transport ,Leading to Denial of Service
https://notcve.org/view.php?id=CVE-2025-53365
04 Jul 2025 — Prior to version 1.10.0, if a client deliberately triggers an exception after establishing a streamable HTTP session, this can lead to an uncaught ClosedResourceError on the server side, causing the server to crash and requiring a restart to restore service. • https://github.com/modelcontextprotocol/python-sdk/commit/7b420656de48cfdb90b39eb582e60b6d55c2f891 • CWE-248: Uncaught Exception •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-53481 – Denial of service vector on ipinfo/v0/norevision
https://notcve.org/view.php?id=CVE-2025-53481
04 Jul 2025 — Uncontrolled Resource Consumption vulnerability in Wikimedia Foundation Mediawiki - IPInfo Extension allows Excessive Allocation.This issue affects Mediawiki - IPInfo Extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2. • https://gerrit.wikimedia.org/r/q/I08a7154f8fa08bb6f0940e522075bdc2a3d4433f • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-38188 – drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE
https://notcve.org/view.php?id=CVE-2025-38188
04 Jul 2025 — Otherwise a userspace submission in one context could cause another context to function incorrectly and hang, effectively a denial of service (although without leaking data). ... Otherwise a userspace submission in one context could cause another context to function incorrectly and hang, effectively a denial of service (although without leaking data). • https://git.kernel.org/stable/c/af66706accdf5afef45204afc87037f876e0665c •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-38181 – calipso: Fix null-ptr-deref in calipso_req_{set,del}attr().
https://notcve.org/view.php?id=CVE-2025-38181
04 Jul 2025 — See also commit 3b24d854cb35 ("tcp/dccp: do not touch listener sk_refcnt under synflood"). ... See also commit 3b24d854cb35 ("tcp/dccp: do not touch listener sk_refcnt under synflood"). • https://git.kernel.org/stable/c/e1adea927080821ebfa7505bff752a4015955660 •
CVSS: 7.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46733 – REE userspace code can panic TAs, leading to fTPM PCR reset and data disclosure
https://notcve.org/view.php?id=CVE-2025-46733
04 Jul 2025 — For some, it could manifest as a denial of service, while for others, like the fTPM TA, it can result in the disclosure of sensitive data. • https://github.com/OP-TEE/optee_os/commit/941a58d78c99c4754fbd4ec3079ec9e1d596af8f • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 4.2EPSS: 0%CPEs: 4EXPL: 0CVE-2025-5351 – Libssh: double free vulnerability in libssh key export functions
https://notcve.org/view.php?id=CVE-2025-5351
04 Jul 2025 — An attacker could use this issue to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code. ... An attacker could use this issue to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code. • https://access.redhat.com/security/cve/CVE-2025-5351 • CWE-415: Double Free •
CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0CVE-2025-5372 – Libssh: incorrect return code handling in ssh_kdf() in libssh
https://notcve.org/view.php?id=CVE-2025-5372
04 Jul 2025 — An attacker could use this issue to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code. ... An attacker could use this issue to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code. • https://access.redhat.com/security/cve/CVE-2025-5372 • CWE-682: Incorrect Calculation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49826 – Next.js DoS vulnerability via cache poisoning
https://notcve.org/view.php?id=CVE-2025-49826
03 Jul 2025 — From versions 15.0.4-canary.51 to before 15.1.8, a cache poisoning bug leading to a Denial of Service (DoS) condition was found in Next.js. ... Desde la versión 15.0.4-canary.51 hasta la versión anterior a la 15.1.8, se detectó un error de envenenamiento de caché que provocaba una condición de denegación de servicio (DoS) en Next.js. • https://github.com/vercel/next.js/commit/a15b974ed707d63ad4da5b74c1441f5b7b120e93 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •