CVSS: 6.5EPSS: %CPEs: 5EXPL: 0CVE-2025-41665 – Phoenix Contact: DoS of the PLC due to incorrect default permissions possible
https://notcve.org/view.php?id=CVE-2025-41665
08 Jul 2025 — An low privileged remote attacker can enforce the watchdog of the affected devices to reboot the PLC due to incorrect default permissions of a config file. • https://certvde.com/en/advisories/VDE-2025-054 • CWE-276: Incorrect Default Permissions •
CVSS: 5.6EPSS: %CPEs: 4EXPL: 0CVE-2025-24004 – USB-C Buffer Overflow via Display Interface in EV Charging Stations
https://notcve.org/view.php?id=CVE-2025-24004
08 Jul 2025 — A physical attacker with access to the device display via USB-C can send a message to the device which triggers an unsecure copy to a buffer resulting in loss of integrity and a temporary denial-of-service for the stations until they got restarted by the watchdog. • https://certvde.com/de/advisories/VDE-2025-014 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.5EPSS: %CPEs: 4EXPL: 0CVE-2025-24003 – MQTT OOB Write Vulnerability in EichrechtAgents of German EV Charging Stations
https://notcve.org/view.php?id=CVE-2025-24003
08 Jul 2025 — An unauthenticated remote attacker can use MQTT messages to trigger out-of-bounds writes in charging stations complying with German Calibration Law, resulting in a loss of integrity for only EichrechtAgents and potential denial-of-service for these stations. • https://certvde.com/en/advisories/VDE-2025-014 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.3EPSS: %CPEs: 4EXPL: 0CVE-2025-24002 – MQTT DoS Vulnerability in German EV Charging Stations
https://notcve.org/view.php?id=CVE-2025-24002
08 Jul 2025 — An unauthenticated remote attacker can use MQTT messages to crash a service on charging stations complying with German Calibration Law, resulting in a temporary denial-of-service for these stations until they got restarted by the watchdog. • https://certvde.com/en/advisories/VDE-2025-014 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: %CPEs: -EXPL: 0CVE-2025-20695
https://notcve.org/view.php?id=CVE-2025-20695
08 Jul 2025 — This could lead to remote denial of service with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/July-2025 • CWE-124: Buffer Underwrite ('Buffer Underflow') •
CVSS: 7.5EPSS: %CPEs: -EXPL: 0CVE-2025-20694
https://notcve.org/view.php?id=CVE-2025-20694
08 Jul 2025 — This could lead to remote denial of service with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/July-2025 • CWE-124: Buffer Underwrite ('Buffer Underflow') •
CVSS: 5.5EPSS: %CPEs: 1EXPL: 0CVE-2025-20687
https://notcve.org/view.php?id=CVE-2025-20687
08 Jul 2025 — In Bluetooth driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local denial of service with User execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/July-2025 • CWE-125: Out-of-bounds Read •
CVSS: 3.3EPSS: %CPEs: 17EXPL: 0CVE-2025-42954 – Denial of service (DOS) in SAP NetWeaver Business Warehouse (CCAW application)
https://notcve.org/view.php?id=CVE-2025-42954
08 Jul 2025 — SAP NetWeaver Business Warehouse CCAW application allows a privileged attacker to cause a high CPU load by executing a RFC enabled function modules without any input parameters, which results in reduced performance or interrupted operation of the affected resource. This leads to low impact on availability of the application, there is no impact on confidentiality and integrity. • https://me.sap.com/notes/3608156 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.0EPSS: %CPEs: 7EXPL: 0CVE-2025-20322 – Denial of Service (DoS) in Search Head Cluster through Cross-Site Request Forgery (CSRF) in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2025-20322
07 Jul 2025 — In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, an unauthenticated attacker could send a specially-crafted SPL search command that could trigger a rolling restart in the Search Head Cluster through a Cross-Site Request Forgery (CSRF), potentially leading to a denial of service (DoS).<br><br>The vulnerability requires the attacker to phish the administrator-lev... • https://advisory.splunk.com/advisories/SVD-2025-0705 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: %CPEs: 7EXPL: 0CVE-2025-20320 – Denial of Service (DoS) through “User Interface - Views“ configuration page in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2025-20320
07 Jul 2025 — In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.107, 9.3.2408.117, and 9.2.2406.121, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the `User Interface - Views` configuration page that could potentially lead to a denial of service (DoS).The user could cause the DoS by exploiting a path traversal vulnerabilit... • https://advisory.splunk.com/advisories/SVD-2025-0703 • CWE-35: Path Traversal: '.../ •