
CVE-2025-5399 – WebSocket endless loop
https://notcve.org/view.php?id=CVE-2025-5399
07 Jun 2025 — This might be used to DoS libcurl-using application. ... This might be used to DoS libcurl-using application. • https://curl.se/docs/CVE-2025-5399.html •

CVE-2025-47950 – CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification
https://notcve.org/view.php?id=CVE-2025-47950
06 Jun 2025 — In versions prior to 1.12.2, a Denial of Service (DoS) vulnerability exists in the CoreDNS DNS-over-QUIC (DoQ) server implementation. ... A remote, unauthenticated attacker could open a large number of streams, leading to uncontrolled memory consumption and eventually causing an Out Of Memory (OOM) crash — especially in containerized or memory-constrained environments. The patch in version 1.12.2 introduces two key mitigation mechanisms: `max_streams`,... • https://datatracker.ietf.org/doc/html/rfc9250 • CWE-770: Allocation of Resources Without Limits or Throttling •

CVE-2025-22490 – File Station 5
https://notcve.org/view.php?id=CVE-2025-22490
06 Jun 2025 — A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.48... • https://www.qnap.com/en/security-advisory/qsa-25-16 • CWE-476: NULL Pointer Dereference •

CVE-2025-29873 – File Station 5
https://notcve.org/view.php?id=CVE-2025-29873
06 Jun 2025 — A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.48... • https://www.qnap.com/en/security-advisory/qsa-25-16 • CWE-476: NULL Pointer Dereference •

CVE-2025-29876 – File Station 5
https://notcve.org/view.php?id=CVE-2025-29876
06 Jun 2025 — A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.48... • https://www.qnap.com/en/security-advisory/qsa-25-16 • CWE-476: NULL Pointer Dereference •

CVE-2025-29877 – File Station 5
https://notcve.org/view.php?id=CVE-2025-29877
06 Jun 2025 — A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.48... • https://www.qnap.com/en/security-advisory/qsa-25-16 • CWE-476: NULL Pointer Dereference •

CVE-2025-41361 – Uncontrolled resource consumption vulnerability in IDF and ZLF
https://notcve.org/view.php?id=CVE-2025-41361
06 Jun 2025 — The devices improperly handle TLS requests associated with PROCOME sockets, so TLS requests sent to those PROCOME ports could cause the device to reboot and result in a denial of service. • https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-zivs-idf-and-zlf-products • CWE-400: Uncontrolled Resource Consumption •

CVE-2025-41360 – Uncontrolled resource consumption vulnerability in IDF and ZLF
https://notcve.org/view.php?id=CVE-2025-41360
06 Jun 2025 — The device is vulnerable to a packet flooding denial of service attack. • https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-zivs-idf-and-zlf-products • CWE-400: Uncontrolled Resource Consumption •

CVE-2024-56343 – IBM Verify Identity Access Digital Credentials denial of service
https://notcve.org/view.php?id=CVE-2024-56343
06 Jun 2025 — IBM Verify Identity Access Digital Credentials 24.06 could allow an authenticated user to crash the service with a specially crafted POST request. • https://www.ibm.com/support/pages/node/7235710 • CWE-771: Missing Reference to Active Allocated Resource •

CVE-2025-49007 – ReDoS Vulnerability in Rack::Multipart handle_mime_head
https://notcve.org/view.php?id=CVE-2025-49007
04 Jun 2025 — Starting in version 3.1.0 and prior to version 3.1.16, there is a denial of service vulnerability in the Content-Disposition parsing component of Rack. ... Carefully crafted input can cause Content-Disposition header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. • https://github.com/rack/rack/commit/4795831a0a310c2d31102749e551b38faab6401f • CWE-770: Allocation of Resources Without Limits or Throttling •