CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 1CVE-2025-24513 – ingress-nginx controller - auth secret file path traversal vulnerability
https://notcve.org/view.php?id=CVE-2025-24513
24 Mar 2025 — This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster. • https://packetstorm.news/files/id/190070 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1558 – Denial of Service Via Malicious GIF
https://notcve.org/view.php?id=CVE-2025-1558
24 Mar 2025 — Mattermost Mobile Apps versions <=2.25.0 fail to properly validate GIF images prior to rendering which allows a malicious user to cause the Android application to crash via message containing a maliciously crafted GIF. • https://mattermost.com/security-updates • CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-29313
https://notcve.org/view.php?id=CVE-2025-29313
24 Mar 2025 — Use of incorrectly resolved name or reference in OpenDaylight Service Function Chaining (SFC) Subproject SFC Sodium-SR4 and below allows attackers to cause a Denial of Service (DoS). • https://blog.csdn.net/weixin_43959580/article/details/146018191 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-30204 – jwt-go allows excessive memory allocation during header parsing
https://notcve.org/view.php?id=CVE-2025-30204
21 Mar 2025 — golang-jwt is a Go implementation of JSON Web Tokens. ... As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. ... A flaw was found in the golang-jwt implementation of JSON Web Tokens (JWT). In affected versions, a malici... • https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3 • CWE-405: Asymmetric Resource Consumption (Amplification) •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-54551
https://notcve.org/view.php?id=CVE-2024-54551
20 Mar 2025 — Processing web content may lead to a denial-of-service. • https://support.apple.com/en-us/120909 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30160 – Redlib allows a Denial of Service via DEFLATE Decompression Bomb in restore_preferences Form
https://notcve.org/view.php?id=CVE-2025-30160
20 Mar 2025 — A vulnerability has been identified in Redlib where an attacker can cause a denial-of-service (DOS) condition by submitting a specially crafted base2048-encoded DEFLATE decompression bomb to the restore_preferences form. • https://github.com/redlib-org/redlib/commit/15147cea8e42f6569a11603d661d71122f6a02dc • CWE-400: Uncontrolled Resource Consumption CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-12063 – Denial of Service in imartinez/privategpt
https://notcve.org/view.php?id=CVE-2024-12063
20 Mar 2025 — A Denial of Service (DoS) vulnerability exists in the file upload feature of imartinez/privategpt version v0.6.2. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. • https://huntr.com/bounties/7db0091f-cb53-4cde-aad7-7ce491dfd8d9 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-10549 – Denial of Service by ReDOS in h2oai/h2o-3
https://notcve.org/view.php?id=CVE-2024-10549
20 Mar 2025 — A vulnerability in the `/3/Parse` endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service (DoS) attack. The endpoint uses a user-specified string to construct a regular expression, which is then applied to another user-specified string. By sending multiple simultaneous requests, an attacker can exhaust all available threads, leading to a complete denial of service. • https://huntr.com/bounties/ce7bd2d6-fd38-440d-a91a-dd8f3fc06bc2 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-10650 – Denial of Service (DoS) in gaizhenbiao/chuanhuchatgpt
https://notcve.org/view.php?id=CVE-2024-10650
20 Mar 2025 — An unauthenticated Denial of Service (DoS) vulnerability was identified in ChuanhuChatGPT version 20240918, which could be exploited by sending large data payloads using a multipart boundary. ... This can cause the system to continuously process these characters, resulting in prolonged unavailability of the service. • https://huntr.com/bounties/f820371d-a878-44bf-b1fd-2d837dd58eb4 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-8736 – Denial of Service (DoS) via Multipart Boundary in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-8736
20 Mar 2025 — A Denial of Service (DoS) vulnerability exists in multiple file upload endpoints of parisneo/lollms-webui version V12 (Strawberry). ... By appending additional characters to the multipart boundary, an attacker can cause the server to parse each byte of the boundary, ultimately leading to service unavailability. • https://huntr.com/bounties/935dbc03-1b43-4dbb-b6cd-1aa95a789d4f • CWE-400: Uncontrolled Resource Consumption •