CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13801 – BWL Advanced FAQ Manager <= 2.1.4 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update
https://notcve.org/view.php?id=CVE-2024-13801
25 Mar 2025 — The BWL Advanced FAQ Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'baf_set_notice_status' AJAX action in all versions up to, and including, 2.1.4. ... This can be leveraged to update an option that would create an error on the site and deny service to legitimate users or be used to set some values to true such as registration. • https://codecanyon.net/item/bwl-advanced-faq-manager/5007135 • CWE-862: Missing Authorization •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 1CVE-2025-24513 – ingress-nginx controller - auth secret file path traversal vulnerability
https://notcve.org/view.php?id=CVE-2025-24513
24 Mar 2025 — This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster. • https://packetstorm.news/files/id/190070 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1558 – Denial of Service Via Malicious GIF
https://notcve.org/view.php?id=CVE-2025-1558
24 Mar 2025 — Mattermost Mobile Apps versions <=2.25.0 fail to properly validate GIF images prior to rendering which allows a malicious user to cause the Android application to crash via message containing a maliciously crafted GIF. • https://mattermost.com/security-updates • CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-29313
https://notcve.org/view.php?id=CVE-2025-29313
24 Mar 2025 — Use of incorrectly resolved name or reference in OpenDaylight Service Function Chaining (SFC) Subproject SFC Sodium-SR4 and below allows attackers to cause a Denial of Service (DoS). • https://blog.csdn.net/weixin_43959580/article/details/146018191 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-30204 – jwt-go allows excessive memory allocation during header parsing
https://notcve.org/view.php?id=CVE-2025-30204
21 Mar 2025 — golang-jwt is a Go implementation of JSON Web Tokens. ... As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. ... A flaw was found in the golang-jwt implementation of JSON Web Tokens (JWT). In affected versions, a malici... • https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3 • CWE-405: Asymmetric Resource Consumption (Amplification) •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-54551
https://notcve.org/view.php?id=CVE-2024-54551
20 Mar 2025 — Processing web content may lead to a denial-of-service. • https://support.apple.com/en-us/120909 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30160 – Redlib allows a Denial of Service via DEFLATE Decompression Bomb in restore_preferences Form
https://notcve.org/view.php?id=CVE-2025-30160
20 Mar 2025 — A vulnerability has been identified in Redlib where an attacker can cause a denial-of-service (DOS) condition by submitting a specially crafted base2048-encoded DEFLATE decompression bomb to the restore_preferences form. • https://github.com/redlib-org/redlib/commit/15147cea8e42f6569a11603d661d71122f6a02dc • CWE-400: Uncontrolled Resource Consumption CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-12063 – Denial of Service in imartinez/privategpt
https://notcve.org/view.php?id=CVE-2024-12063
20 Mar 2025 — A Denial of Service (DoS) vulnerability exists in the file upload feature of imartinez/privategpt version v0.6.2. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. • https://huntr.com/bounties/7db0091f-cb53-4cde-aad7-7ce491dfd8d9 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-10549 – Denial of Service by ReDOS in h2oai/h2o-3
https://notcve.org/view.php?id=CVE-2024-10549
20 Mar 2025 — A vulnerability in the `/3/Parse` endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service (DoS) attack. The endpoint uses a user-specified string to construct a regular expression, which is then applied to another user-specified string. By sending multiple simultaneous requests, an attacker can exhaust all available threads, leading to a complete denial of service. • https://huntr.com/bounties/ce7bd2d6-fd38-440d-a91a-dd8f3fc06bc2 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-10650 – Denial of Service (DoS) in gaizhenbiao/chuanhuchatgpt
https://notcve.org/view.php?id=CVE-2024-10650
20 Mar 2025 — An unauthenticated Denial of Service (DoS) vulnerability was identified in ChuanhuChatGPT version 20240918, which could be exploited by sending large data payloads using a multipart boundary. ... This can cause the system to continuously process these characters, resulting in prolonged unavailability of the service. • https://huntr.com/bounties/f820371d-a878-44bf-b1fd-2d837dd58eb4 • CWE-400: Uncontrolled Resource Consumption •