CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-32944 – PeerTube User Import Authenticated Persistent Denial of Service
https://notcve.org/view.php?id=CVE-2025-32944
15 Apr 2025 — The vulnerability allows any authenticated user to cause the PeerTube server to stop functioning in a persistent manner. If user import is enabled (which is the default setting), any registered user can upload an archive for importing. The code uses the yauzl library for reading the archive. If the yauzl library encounters a filename that is considered illegal, it raises an exception that is uncaught by PeerTube, leading to a crash which repeats infinitely on startup. • https://research.jfrog.com/vulnerabilities/peertube-archive-persistent-dos • CWE-248: Uncaught Exception •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-32908 – Libsoup: denial of service on libsoup through http/2 server
https://notcve.org/view.php?id=CVE-2025-32908
14 Apr 2025 — The HTTP/2 server in libsoup may not fully validate the values of pseudo-headers :scheme, :authority, and :path, which may allow a user to cause a denial of service (DoS). • https://access.redhat.com/security/cve/CVE-2025-32908 • CWE-115: Misinterpretation of Input •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-32907 – Libsoup: denial of service in server when client requests a large amount of overlapping ranges with range header
https://notcve.org/view.php?id=CVE-2025-32907
14 Apr 2025 — A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. • https://access.redhat.com/security/cve/CVE-2025-32907 • CWE-1050: Excessive Platform Resource Consumption within a Loop •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49705 – XSS in iKSORIS
https://notcve.org/view.php?id=CVE-2024-49705
14 Apr 2025 — Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to client-side Denial of Servise (DoS) attacks. ... Similar effect might be achieved when a user tries to change platform language to an unimplemented one. This vulnerability has been patched in version 79.0 Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to client-side Denial of Servise (DoS) attacks. • https://cert.pl/en/posts/2025/04/CVE-2024-10087 • CWE-248: Uncaught Exception •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56406 – Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes
https://notcve.org/view.php?id=CVE-2024-56406
13 Apr 2025 — . $ perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;' Segmentation fault (core dumped) It is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses. Nathan Mills discovered a heap-based buffer overflow vulnerability in the implementation of the Perl programming language when transliterating non-ASCII bytes with tr///, which may result in denial of service, or potentially the execution of arbitrary code. • https://github.com/Perl/perl5/commit/87f42aa0e0096e9a346c9672aa3a0bd3bef8c1dd.patch • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 1CVE-2025-3535 – shuanx BurpAPIFinder BurpApiFinder.db denial of service
https://notcve.org/view.php?id=CVE-2025-3535
13 Apr 2025 — The manipulation leads to denial of service. ... Mittels dem Manipulieren mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. • https://github.com/shuanx/BurpAPIFinder/issues/18 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32079 – Saving the right content to MediaWiki:GrowthMentors.json can take down the site
https://notcve.org/view.php?id=CVE-2025-32079
11 Apr 2025 — Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments allows HTTP DoS.This issue affects Mediawiki - GrowthExperiments: from 1.39 through 1.43. • https://gerrit.wikimedia.org/r/c/mediawiki/extensions/GrowthExperiments/+/1114020 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32076 – Evil regex used to process user-provided data in VisualData
https://notcve.org/view.php?id=CVE-2025-32076
11 Apr 2025 — Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Visual Data Extension allows HTTP DoS.This issue affects Mediawiki - Visual Data Extension: from 1.39 through 1.43. • https://gerrit.wikimedia.org/r/c/mediawiki/extensions/VisualData/+/1121732 • CWE-20: Improper Input Validation •
CVSS: 6.9EPSS: 0%CPEs: -EXPL: 0CVE-2025-31935 – Subnet Solutions PowerSYSTEM Center Deserialization of Untrusted Data
https://notcve.org/view.php?id=CVE-2025-31935
11 Apr 2025 — Crafted data that is passed to the API may trigger an exception, resulting in a denial-of-service condition. • https://www.cisa.gov/news-events/ics-advisories/icsa-25-100-08 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42983
https://notcve.org/view.php?id=CVE-2023-42983
11 Apr 2025 — Processing a file may lead to a denial-of-service or potentially disclose memory contents. • https://support.apple.com/en-us/120950 • CWE-400: Uncontrolled Resource Consumption •