CVSS: 9.8EPSS: %CPEs: 2EXPL: 0CVE-2025-11677 – Use After Free in libwebsockets WebSocket server
https://notcve.org/view.php?id=CVE-2025-11677
20 Oct 2025 — Use After Free in WebSocket server implementation in lws_handshake_server in warmcat libwebsockets may allow an attacker, in specific configurations where the user provides a callback function that handles LWS_CALLBACK_HTTP_CONFIRM_UPGRADE, to achieve denial of service. Use After Free in WebSocket server implementation in lws_handshake_server in warmcat libwebsockets may allow an attacker, in specific configurations where the user provides a callback function that handles LWS_CALLBACK_H... • https://libwebsockets.org/git/libwebsockets/commit?id=2f082ec31261f556969160143ba94875d783971a • CWE-416: Use After Free •
CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2024-55568
https://notcve.org/view.php?id=CVE-2024-55568
20 Oct 2025 — The absence of a NULL check leads to a Denial of Service when an attacker sends malformed MM packets to the target. • https://semiconductor.samsung.com/support/quality-support/product-security-updates • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2025-26781
https://notcve.org/view.php?id=CVE-2025-26781
20 Oct 2025 — Incorrect handling of RLC AM PDUs leads to a Denial of Service. • https://semiconductor.samsung.com/support/quality-support/product-security-updates • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2025-26782
https://notcve.org/view.php?id=CVE-2025-26782
20 Oct 2025 — Incorrect handling of RLC AM PDUs leads to a Denial of Service. • https://semiconductor.samsung.com/support/quality-support/product-security-updates • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2025-56219
https://notcve.org/view.php?id=CVE-2025-56219
20 Oct 2025 — This can lead to a resource exhaustion and a Denial of Service (DoS) when an excessively large number of user accounts are created. • http://ascertia.com • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: %CPEs: -EXPL: 0CVE-2025-56223
https://notcve.org/view.php?id=CVE-2025-56223
20 Oct 2025 — A lack of rate limiting in the component /Home/UploadStreamDocument of SigningHub v8.6.8 allows attackers to cause a Denial of Service (DoS) via uploading an excessive number of files. • http://ascertia.com • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-62672
https://notcve.org/view.php?id=CVE-2025-62672
19 Oct 2025 — rplay through 3.3.2 allows attackers to cause a denial of service (SIGSEGV and daemon crash) or possibly have unspecified other impact. • https://salsa.debian.org/alteholz/rplay • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-62666 – DoS vector through the cirrusbuilddoc query API
https://notcve.org/view.php?id=CVE-2025-62666
18 Oct 2025 — Allocation of Resources Without Limits or Throttling vulnerability in The Wikimedia Foundation Mediawiki - CirrusSearch Extension allows HTTP DoS.This issue affects Mediawiki - CirrusSearch Extension: from master before 1.43. • https://gerrit.wikimedia.org/r/q/I3e8d819868c0491b18368af8e543180e747023c2 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2025-62171 – ImageMagick vulnerable to denial of service via integer overflow in BMP decoder on 32-bit systems
https://notcve.org/view.php?id=CVE-2025-62171
17 Oct 2025 — On 32-bit systems with size_t of 4 bytes, a malicious BMP file with specific dimensions can cause this multiplication to overflow and wrap to zero. ... This vulnerability only affects 32-bit builds of ImageMagick where default resource limits for width, height, and area have been manually increased beyond their defaults. 64-bit systems with size_t of 8 bytes are not vulnerable, and systems using default ImageMagick resource limits are not vulnerable. • https://github.com/ImageMagick/ImageMagick/commit/cea1693e2ded51b4cc91c70c54096cbed1691c00 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-59043 – OpenBao vulnerable to denial of service via malicious JSON request processing
https://notcve.org/view.php?id=CVE-2025-59043
17 Oct 2025 — This can be used to circumvent the max_request_size configuration parameter which is intended to protect against denial of service attacks. The request body is parsed into a map very early in the request handling chain before authentication, which means an unauthenticated attacker can send a specifically crafted JSON object and cause an out-of-memory crash. Additionally, for requests with large numbers of strings, the audit subsystem can consume large quantities of ... • https://github.com/openbao/openbao/blob/788536bd3e10818a7b4fb00aac6affc23388e5a9/http/logical.go#L50 • CWE-400: Uncontrolled Resource Consumption •