CVSS: 7.1EPSS: %CPEs: -EXPL: 1CVE-2025-4997 – H3C R2+ProG HTTP POST Request aspForm SetAPInfoById denial of service
https://notcve.org/view.php?id=CVE-2025-4997
20 May 2025 — Affected is the function UpdateWanParams/AddMacList/EditMacList/AddWlanMacList/EditWlanMacList/Edit_BasicSSID/Edit_GuestSSIDFor2P4G/Edit_BasicSSID_5G/SetAPInfoById of the file /goform/aspForm of the component HTTP POST Request Handler. The manipulation of the argument param leads to denial of service. ... Durch das Beeinflussen des Arguments param mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. • https://vuldb.com/?id.309648 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 5.5EPSS: %CPEs: -EXPL: 0CVE-2025-41227 – Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2025-41227
20 May 2025 — VMware ESXi, Workstation, and Fusion contain a denial-of-service vulnerability due to certain guest options. VMware ESXi, Workstation, and Fusion contain a denial-of-service vulnerability due to certain guest options. A malicious actor with non-administrative privileges within a guest operating system may be able to exploit this issue by exhausting memory of the host process leading to a denial-of-service condition. A malicious actor with... • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: %CPEs: -EXPL: 0CVE-2025-41226 – Guest Operations Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2025-41226
20 May 2025 — VMware ESXi contains a denial-of-service vulnerability that occurs when performing a guest operation. VMware ESXi contains a denial-of-service vulnerability that occurs when performing a guest operation. A malicious actor with guest operation privileges on a VM, who is already authenticated through vCenter Server or ESXi may trigger this issue to create a denial-of-service condition of guest VMs with VMware Tools running and guest operati... • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30193 – Denial of service via crafted TCP exchange
https://notcve.org/view.php?id=CVE-2025-30193
20 May 2025 — In some circumstances, when DNSdist is configured to allow an unlimited number of queries on a single, incoming TCP connection from a client, an attacker can cause a denial of service by crafting a TCP exchange that triggers an exhaustion of the stack and a crash of DNSdist, causing a denial of service. ... A workaround is to restrict the maximum number of queries on incoming TCP connections to a safe value, like 50, via the setMaxTCPQuer... • https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2025-03.html • CWE-674: Uncontrolled Recursion •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47944 – Multer vulnerable to Denial of Service from maliciously crafted requests
https://notcve.org/view.php?id=CVE-2025-47944
19 May 2025 — A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.0 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. • https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665 • CWE-248: Uncaught Exception •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47935 – Multer vulnerable to Denial of Service via memory leaks from unclosed streams
https://notcve.org/view.php?id=CVE-2025-47935
19 May 2025 — Under sustained or repeated failure conditions, this can result in denial of service, requiring manual server restarts to recover. All users of Multer handling file uploads are potentially impacted. • https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26621 – OpenCTI vulnerable to Denial of Service through web hook
https://notcve.org/view.php?id=CVE-2025-26621
19 May 2025 — This can be abused to cause a denial of service attack by prototype pollution, making the node js server running the OpenCTI frontend become unavailable. • https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-gq63-jm3h-374p • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-4948 – Libsoup: integer underflow in soup_multipart_new_from_message() leading to denial of service in libsoup
https://notcve.org/view.php?id=CVE-2025-4948
19 May 2025 — A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. ... As a result, any application or server using libsoup could be forced to exit unexpectedly, creating a denial-of-service (DoS) risk. • https://access.redhat.com/security/cve/CVE-2025-4948 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2025-2099 – Regular Expression Denial of Service (ReDoS) in huggingface/transformers
https://notcve.org/view.php?id=CVE-2025-2099
19 May 2025 — A vulnerability in the `preprocess_string()` function of the `transformers.testing_utils` module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service (ReDoS) attack. The regular expression used to process code blocks in docstrings contains nested quantifiers, leading to exponential backtracking when processing input with a large number of newline characters. An attacker can exploit this by providing a specially crafted payload, caus... • https://github.com/huggingface/transformers/commit/8cb522b4190bd556ce51be04942720650b1a3e57 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 3.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-23122
https://notcve.org/view.php?id=CVE-2025-23122
19 May 2025 — Repeated use can cause unbounded memory growth, leading to a denial of service. • https://nodejs.org/en/blog/vulnerability/may-2025-security-releases • CWE-401: Missing Release of Memory after Effective Lifetime •