Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-23641

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-24 Jan, 2024 | 16:56
Updated At-13 Nov, 2024 | 15:09
Rejected At-
Credits

Sending a GET or HEAD request with a body crashes SvelteKit

SvelteKit is a web development kit. In SvelteKit 2, sending a GET request with a body eg `{}` to a built and previewed/hosted sveltekit app throws `Request with GET/HEAD method cannot have body.` and crashes the preview/hosting. After this happens, one must manually restart the app. `TRACE` requests will also cause the app to crash. Prerendered pages and SvelteKit 1 apps are not affected. `@sveltejs/adapter-node` versions 2.1.2, 3.0.3, and 4.0.1 and `@sveltejs/kit` version 2.4.3 contain a patch for this issue.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:24 Jan, 2024 | 16:56
Updated At:13 Nov, 2024 | 15:09
Rejected At:
▼CVE Numbering Authority (CNA)
Sending a GET or HEAD request with a body crashes SvelteKit

SvelteKit is a web development kit. In SvelteKit 2, sending a GET request with a body eg `{}` to a built and previewed/hosted sveltekit app throws `Request with GET/HEAD method cannot have body.` and crashes the preview/hosting. After this happens, one must manually restart the app. `TRACE` requests will also cause the app to crash. Prerendered pages and SvelteKit 1 apps are not affected. `@sveltejs/adapter-node` versions 2.1.2, 3.0.3, and 4.0.1 and `@sveltejs/kit` version 2.4.3 contain a patch for this issue.

Affected Products
Vendor
sveltejs
Product
kit
Versions
Affected
  • >= 2.0.0, < 2.4.3
  • >= 2.0.0, < 2.1.2
  • >= 3.0.0, < 3.0.3
  • = 4.0.0
Problem Types
TypeCWE IDDescription
CWECWE-20CWE-20: Improper Input Validation
Type: CWE
CWE ID: CWE-20
Description: CWE-20: Improper Input Validation
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/sveltejs/kit/security/advisories/GHSA-g5m6-hxpp-fc49
x_refsource_CONFIRM
https://github.com/sveltejs/kit/commit/af34142631c876a7eb62ff81f71e8a3f90dafee9
x_refsource_MISC
Hyperlink: https://github.com/sveltejs/kit/security/advisories/GHSA-g5m6-hxpp-fc49
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/sveltejs/kit/commit/af34142631c876a7eb62ff81f71e8a3f90dafee9
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/sveltejs/kit/security/advisories/GHSA-g5m6-hxpp-fc49
x_refsource_CONFIRM
x_transferred
https://github.com/sveltejs/kit/commit/af34142631c876a7eb62ff81f71e8a3f90dafee9
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/sveltejs/kit/security/advisories/GHSA-g5m6-hxpp-fc49
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/sveltejs/kit/commit/af34142631c876a7eb62ff81f71e8a3f90dafee9
Resource:
x_refsource_MISC
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:24 Jan, 2024 | 17:15
Updated At:05 Feb, 2024 | 16:50

SvelteKit is a web development kit. In SvelteKit 2, sending a GET request with a body eg `{}` to a built and previewed/hosted sveltekit app throws `Request with GET/HEAD method cannot have body.` and crashes the preview/hosting. After this happens, one must manually restart the app. `TRACE` requests will also cause the app to crash. Prerendered pages and SvelteKit 1 apps are not affected. `@sveltejs/adapter-node` versions 2.1.2, 3.0.3, and 4.0.1 and `@sveltejs/kit` version 2.4.3 contain a patch for this issue.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches

svelte
svelte
>>adapter-node>>Versions from 2.0.0(inclusive) to 2.1.2(exclusive)
cpe:2.3:a:svelte:adapter-node:*:*:*:*:*:node.js:*:*
svelte
svelte
>>adapter-node>>Versions from 3.0.0(inclusive) to 3.0.3(exclusive)
cpe:2.3:a:svelte:adapter-node:*:*:*:*:*:node.js:*:*
svelte
svelte
>>adapter-node>>4.0.0
cpe:2.3:a:svelte:adapter-node:4.0.0:*:*:*:*:node.js:*:*
svelte
svelte
>>kit>>Versions from 2.0.0(inclusive) to 2.4.3(exclusive)
cpe:2.3:a:svelte:kit:*:*:*:*:*:node.js:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-20Secondarysecurity-advisories@github.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-20
Type: Secondary
Source: security-advisories@github.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/sveltejs/kit/commit/af34142631c876a7eb62ff81f71e8a3f90dafee9security-advisories@github.com
Patch
https://github.com/sveltejs/kit/security/advisories/GHSA-g5m6-hxpp-fc49security-advisories@github.com
Exploit
Vendor Advisory
Hyperlink: https://github.com/sveltejs/kit/commit/af34142631c876a7eb62ff81f71e8a3f90dafee9
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/sveltejs/kit/security/advisories/GHSA-g5m6-hxpp-fc49
Source: security-advisories@github.com
Resource:
Exploit
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

773Records found

CVE-2026-22774
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.57% / 43.03%
||
7 Day CHG+0.08%
Published-15 Jan, 2026 | 18:53
Updated-30 Jun, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
devalue vulnerable to denial of service due to memory exhaustion in devalue.parse

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.3.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse input from untrusted sources. This affects applications using devalue.parse on externally-supplied data. The root cause is the typed array hydration expecting an ArrayBuffer as input, but not checking the assumption before creating the typed array. This vulnerability is fixed in 5.6.2.

Action-Not Available
Vendor-sveltesveltejsRed Hat, Inc.
Product-devaluedevalueRed Hat Trusted Artifact Signer 1.3Red Hat Build of Podman Desktop - Tech PreviewRed Hat Trusted Artifact Signer 1.2
CWE ID-CWE-405
Asymmetric Resource Consumption (Amplification)
CVE-2026-42570
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.38% / 30.35%
||
7 Day CHG+0.04%
Published-09 Jun, 2026 | 16:12
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Svelte devalue: DoS via sparse array deserialization

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From version 5.6.3 to before version 5.8.1, devalue.parse could, due to quirks in some JavaScript engines, be convinced to allocate much more memory than was needed when deserializing sparse arrays, leading to excessive memory consumption. This issue has been patched in version 5.8.1.

Action-Not Available
Vendor-sveltesveltejsRed Hat, Inc.
Product-devaluedevalueRed Hat Build of Podman DesktopRed Hat Trusted Artifact Signer
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-42567
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.42% / 33.92%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 16:22
Updated-11 Jun, 2026 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Svelte: ReDoS in `<svelte:element>` Tag Validation

Svelte is a performance oriented web framework. From version 5.51.5 to before version 5.55.7, an internal regex in the Svelte runtime can take exponential time to test in <svelte:element this={tag}></svelte:element>. This issue has been patched in version 5.55.7.

Action-Not Available
Vendor-sveltesveltejs
Product-sveltesvelte
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2026-40073
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-8.2||HIGH
EPSS-0.54% / 41.58%
||
7 Day CHG~0.00%
Published-10 Apr, 2026 | 16:24
Updated-15 Apr, 2026 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SvelteKit has a BODY_SIZE_LIMIT bypass in @sveltejs/adapter-node

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, under certain circumstances, requests could bypass the BODY_SIZE_LIMIT on SvelteKit applications running with adapter-node. This bypass does not affect body size limits at other layers of the application stack, so limits enforced in the WAF, gateway, or at the platform level are unaffected. This vulnerability is fixed in 2.57.1.

Action-Not Available
Vendor-sveltesveltejs
Product-kitkit
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-40074
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.37% / 28.57%
||
7 Day CHG~0.00%
Published-10 Apr, 2026 | 16:26
Updated-15 Apr, 2026 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SvelteKit's invalidated redirect in handle hook causes Denial-of-Service

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, redirect, when called from inside the handle server hook with a location parameter containing characters that are invalid in a HTTP header, will cause an unhandled TypeError. This could result in DoS on some platforms, especially if the location passed to redirect contains unsanitized user input. This vulnerability is fixed in 2.57.1.

Action-Not Available
Vendor-sveltesveltejs
Product-kitkit
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2026-30226
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.37% / 29.28%
||
7 Day CHG~0.00%
Published-11 Mar, 2026 | 17:47
Updated-17 Mar, 2026 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
devalue has prototype pollution in devalue.parse and devalue.unflatten

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. In devalue v5.6.3 and earlier, devalue.parse and devalue.unflatten were susceptible to prototype pollution via maliciously crafted payloads. Successful exploitation could lead to Denial of Service (DoS) or type confusion. This vulnerability is fixed in 5.6.4.

Action-Not Available
Vendor-sveltesveltejs
Product-devaluedevalue
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2026-22803
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-8.2||HIGH
EPSS-0.53% / 40.73%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 18:37
Updated-21 Jan, 2026 | 20:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SvelteKit has a memory amplification DoS in Remote Functions binary form deserializer

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. From 2.49.0 to 2.49.4, the experimental form remote function uses a binary data format containing a representation of submitted form data. A specially-crafted payload can cause the server to allocate a large amount of memory, causing DoS via memory exhaustion. This vulnerability is fixed in 2.49.5.

Action-Not Available
Vendor-sveltesveltejs
Product-kitkit
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CVE-2026-22775
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.57% / 43.03%
||
7 Day CHG+0.08%
Published-15 Jan, 2026 | 18:59
Updated-30 Jun, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
devalue vulnerable to denial of service due to memory/CPU exhaustion in devalue.parse

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.1.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse input from untrusted sources. This affects applications using devalue.parse on externally-supplied data. The root cause is the ArrayBuffer hydration expecting base64 encoded strings as input, but not checking the assumption before decoding the input. This vulnerability is fixed in 5.6.2.

Action-Not Available
Vendor-sveltesveltejsRed Hat, Inc.
Product-devaluedevalueRed Hat Trusted Artifact Signer 1.3Red Hat Build of Podman Desktop - Tech PreviewRed Hat Trusted Artifact Signer 1.2
CWE ID-CWE-405
Asymmetric Resource Consumption (Amplification)
CVE-2025-26702
Matching Score-4
Assigner-ZTE Corporation
ShareView Details
Matching Score-4
Assigner-ZTE Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.36% / 27.77%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 07:04
Updated-19 Mar, 2025 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Input Validation vulnerability in ZTE GoldenDB allows Input Data Manipulation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.04.

Action-Not Available
Vendor-ZTE Corporation
Product-goldendbGoldenDB
CWE ID-CWE-20
Improper Input Validation
CVE-2025-26858
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.45% / 35.85%
||
7 Day CHG+0.02%
Published-01 Dec, 2025 | 15:25
Updated-05 Dec, 2025 | 20:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability exists in the Modbus TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted set of network packets can lead to denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.

Action-Not Available
Vendor-socomecSocomec
Product-diris_m-70diris_m-70_firmwareDIRIS Digiware M-70
CWE ID-CWE-20
Improper Input Validation
CVE-2025-26413
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.61% / 44.96%
||
7 Day CHG~0.00%
Published-22 Apr, 2025 | 07:07
Updated-23 Jun, 2025 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Kvrocks: The server was crashed by the negative offset

Improper Input Validation vulnerability in Apache Kvrocks. The SETRANGE command didn't check if the `offset` input is a positive integer and use it as an index of a string. So it will cause the server to crash due to its index is  out of range. This issue affects Apache Kvrocks: through 2.11.1. Users are recommended to upgrade to version 2.12.0, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-kvrocksApache Kvrocks
CWE ID-CWE-20
Improper Input Validation
CVE-2025-26488
Matching Score-4
Assigner-EU Agency for Cybersecurity (ENISA)
ShareView Details
Matching Score-4
Assigner-EU Agency for Cybersecurity (ENISA)
CVSS Score-7.5||HIGH
EPSS-0.32% / 23.62%
||
7 Day CHG~0.00%
Published-08 Dec, 2025 | 08:52
Updated-22 Dec, 2025 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper input validation in XML Management service in Infinera MTC-9

Improper Input Validation vulnerability in Infinera MTC-9 allows remote unauthenticated users to crash the service and cause a reboot of the appliance, thus causing a DoS condition, via crafted XML payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0.

Action-Not Available
Vendor-InfineraNokia Corporation
Product-infinera_mtc-9_firmwareinfinera_mtc-9MTC-9
CWE ID-CWE-20
Improper Input Validation
CVE-2025-26780
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 26.26%
||
7 Day CHG-0.00%
Published-07 Jul, 2025 | 00:00
Updated-27 Oct, 2025 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in L2 in Samsung Mobile Processor and Modem Exynos 2400 and Modem 5400. The lack of a length check leads to a Denial of Service via a malformed PDCP packet.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_2400_firmwaremodem_5400_firmwareexynos_2400modem_5400n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2025-24970
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-1.97% / 77.96%
||
7 Day CHG~0.00%
Published-10 Feb, 2025 | 21:57
Updated-16 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine

Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native crash. Version 4.1.118.Final contains a patch. As workaround its possible to either disable the usage of the native SSLEngine or change the code manually.

Action-Not Available
Vendor-The Netty Project
Product-netty
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1687
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-2.90% / 85.24%
||
7 Day CHG~0.00%
Published-03 May, 2019 | 15:00
Updated-21 Nov, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software TCP Proxy Denial of Service Vulnerability

A vulnerability in the TCP proxy functionality for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to an error in TCP-based packet inspection, which could cause the TCP packet to have an invalid Layer 2 (L2)-formatted header. An attacker could exploit this vulnerability by sending a crafted TCP packet sequence to the targeted device. A successful exploit could allow the attacker to cause a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-asa_5550asa_5545-xasa_5505asa_5540adaptive_security_appliance_softwareasa_5555-xasa_5520asa_5510asa_5525-xasa_5580asa_5585-xasa_5512-xfirepower_threat_defenseasa_5515-xCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-20
Improper Input Validation
CVE-2019-16141
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.58% / 72.58%
||
7 Day CHG~0.00%
Published-09 Sep, 2019 | 11:55
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the once_cell crate before 1.0.1 for Rust. There is a panic during initialization of Lazy.

Action-Not Available
Vendor-once_cell_projectn/a
Product-once_celln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2025-23336
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.32% / 24.10%
||
7 Day CHG~0.00%
Published-17 Sep, 2025 | 22:00
Updated-25 Sep, 2025 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause a denial of service by loading a misconfigured model. A successful exploit of this vulnerability might lead to denial of service.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationNVIDIA Corporation
Product-linux_kerneltriton_inference_serverwindowsTriton Inference Server
CWE ID-CWE-20
Improper Input Validation
CVE-2013-7333
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.12% / 62.15%
||
7 Day CHG~0.00%
Published-23 Oct, 2019 | 16:46
Updated-06 Aug, 2024 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in version 0.90 of the Open Floodlight SDN controller software could allow an attacker with access to the OpenFlow control network to selectively disconnect individual switches from the SDN controller, causing degradation and eventually denial of network access to all devices connected to the targeted switch.

Action-Not Available
Vendor-projectfloodlightn/a
Product-open_sdn_controllern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-43723
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.92% / 55.88%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-22 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0), SICAM PAS/PQS (All versions >= 7.0 < V8.06). Affected software does not properly validate the input for a certain parameter in the s7ontcp.dll. This could allow an unauthenticated remote attacker to send messages and create a denial of service condition as the application crashes. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions.

Action-Not Available
Vendor-Siemens AG
Product-sicam_pas\/pqsSICAM PAS/PQS
CWE ID-CWE-1287
Improper Validation of Specified Type of Input
CWE ID-CWE-20
Improper Input Validation
CVE-2020-25059
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.41% / 33.33%
||
7 Day CHG~0.00%
Published-31 Aug, 2020 | 20:47
Updated-04 Aug, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A service crash may occur because of incorrect input validation. The LG ID is LVE-SMP-200013 (July 2020).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-4100
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.36% / 81.69%
||
7 Day CHG~0.00%
Published-04 Nov, 2019 | 14:55
Updated-06 Aug, 2024 | 16:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cryptocat before 2.0.22 has Remote Denial of Service via username

Action-Not Available
Vendor-cryptocat_projectn/a
Product-cryptocatn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-25195
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-1.45% / 70.27%
||
7 Day CHG~0.00%
Published-15 Dec, 2020 | 19:38
Updated-04 Aug, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The length of the input fields of Host Engineering H0-ECOM100, H2-ECOM100, and H4-ECOM100 modules are verified only on the client side when receiving input from the configuration web server, which may allow an attacker to bypass the check and send input to crash the device.

Action-Not Available
Vendor-hostengn/a
Product-h0-ecom100_firmwareh2-ecom100_firmwareh0-ecom100h4-ecom100h4-ecom100_firmwareh2-ecom100Host Engineering H0-ECOM100 ModuleHost Engineering H4-ECOM100 ModuleHost Engineering H2-ECOM100 Module
CWE ID-CWE-20
Improper Input Validation
CVE-2020-24679
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
ShareView Details
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
CVSS Score-7.5||HIGH
EPSS-1.75% / 75.04%
||
7 Day CHG~0.00%
Published-22 Dec, 2020 | 21:17
Updated-17 Sep, 2024 | 01:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service attack on Symphony Plus

A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. An attacker might use this flaw to make it crash or even execute arbitrary code on the machine where the service is hosted.

Action-Not Available
Vendor-ABB
Product-symphony_\+_historiansymphony_\+_operationsABB Ability™ Symphony® Plus OperationsABB Ability™ Symphony® Plus Historian
CWE ID-CWE-20
Improper Input Validation
CVE-2022-41898
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.44% / 35.34%
||
7 Day CHG~0.00%
Published-18 Nov, 2022 | 00:00
Updated-22 Apr, 2025 | 16:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` fail via inputs in `SparseFillEmptyRowsGrad` in Tensorflow

TensorFlow is an open source platform for machine learning. If `SparseFillEmptyRowsGrad` is given empty inputs, TensorFlow will crash. We have patched the issue in GitHub commit af4a6a3c8b95022c351edae94560acc61253a1b8. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-20
Improper Input Validation
CVE-2022-41896
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.44% / 35.34%
||
7 Day CHG~0.00%
Published-18 Nov, 2022 | 00:00
Updated-22 Apr, 2025 | 16:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`tf.raw_ops.Mfcc` crashes in Tensorflow

TensorFlow is an open source platform for machine learning. If `ThreadUnsafeUnigramCandidateSampler` is given input `filterbank_channel_count` greater than the allowed max size, TensorFlow will crash. We have patched the issue in GitHub commit 39ec7eaf1428e90c37787e5b3fbd68ebd3c48860. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2025-21230
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-2.59% / 83.38%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-09 Jun, 2026 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10_1507windows_10_22h2windows_10_1607windows_11_23h2windows_server_2019windows_server_2022windows_10_1809windows_11_24h2windows_server_2025windows_11_22h2windows_server_2012windows_10_21h2windows_server_2008windows_server_2022_23h2Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows 10 Version 21H2Windows 10 Version 1507Windows 11 Version 24H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows 11 version 22H3Windows Server 2008 Service Pack 2Windows Server 2016 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2025Windows Server 2022Windows Server 2012Windows 10 Version 22H2Windows Server 2012 R2
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-5946
Matching Score-4
Assigner-Internet Systems Consortium (ISC)
ShareView Details
Matching Score-4
Assigner-Internet Systems Consortium (ISC)
CVSS Score-7.5||HIGH
EPSS-1.81% / 75.97%
||
7 Day CHG+0.84%
Published-20 May, 2026 | 13:10
Updated-30 Jun, 2026 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Invalid handling of CLASS != IN

Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example, `CHAOS` or `HESIOD`, or DNS messages that specify meta-classes (`ANY` or `NONE`) in the question section. Specially crafted requests reaching the affected code paths — recursion, dynamic updates (`UPDATE`), zone change notifications (`NOTIFY`), or processing of `IN`-specific record types in non-`IN` data — can cause assertion failures in `named`. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1.

Action-Not Available
Vendor-Internet Systems Consortium, Inc.Red Hat, Inc.
Product-bindBIND 9Red Hat Enterprise Linux BaseOS (v. 8)Red Hat Enterprise Linux CRB (v. 8)Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)Red Hat OpenShift Container Platform 4Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)Red Hat Enterprise Linux 7Red Hat Enterprise Linux AppStream (v. 9)Red Hat Hardened ImagesRed Hat Enterprise Linux 9Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream (v. 10)
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-1287
Improper Validation of Specified Type of Input
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-617
Reachable Assertion
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2022-41908
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.45% / 36.02%
||
7 Day CHG~0.00%
Published-18 Nov, 2022 | 00:00
Updated-22 Apr, 2025 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` fail via inputs in `PyFunc` in Tensorflow

TensorFlow is an open source platform for machine learning. An input `token` that is not a UTF-8 bytestring will trigger a `CHECK` fail in `tf.raw_ops.PyFunc`. We have patched the issue in GitHub commit 9f03a9d3bafe902c1e6beb105b2f24172f238645. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-20
Improper Input Validation
CVE-2026-56340
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.35% / 27.19%
||
7 Day CHG+0.06%
Published-20 Jun, 2026 | 18:27
Updated-30 Jun, 2026 | 12:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
vLLM - Denial of Service via Unvalidated Multimodal Embeddings

vLLM versions >= 0.10.2 and < 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests with malformed (negative or out-of-bounds) tensor indices, when the prompt-embeds feature is enabled, to trigger crashes or resource exhaustion (denial of service), with potential for out-of-bounds/write-what-where memory corruption. This continues CVE-2025-62164, whose prior fix only disabled the feature by default rather than addressing the root cause.

Action-Not Available
Vendor-vllmvLLMRed Hat, Inc.
Product-vllmvLLMRed Hat AI Inference ServerRed Hat OpenShift AI (RHOAI)Red Hat Enterprise Linux AI (RHEL AI) 3
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-41899
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.44% / 35.34%
||
7 Day CHG~0.00%
Published-18 Nov, 2022 | 00:00
Updated-22 Apr, 2025 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`CHECK` fail via inputs in `SdcaOptimizer` in Tensorflow

TensorFlow is an open source platform for machine learning. Inputs `dense_features` or `example_state_data` not of rank 2 will trigger a `CHECK` fail in `SdcaOptimizer`. We have patched the issue in GitHub commit 80ff197d03db2a70c6a111f97dcdacad1b0babfa. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-617
Reachable Assertion
CVE-2022-41888
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.44% / 35.27%
||
7 Day CHG~0.00%
Published-18 Nov, 2022 | 00:00
Updated-22 Apr, 2025 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unckecked rank size in `tf.image.generate_bounding_box_proposals` in Tensorflow

TensorFlow is an open source platform for machine learning. When running on GPU, `tf.image.generate_bounding_box_proposals` receives a `scores` input that must be of rank 4 but is not checked. We have patched the issue in GitHub commit cf35502463a88ca7185a99daa7031df60b3c1c98. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-20
Improper Input Validation
CVE-2020-16850
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.12% / 79.59%
||
7 Day CHG~0.00%
Published-30 Nov, 2020 | 21:34
Updated-04 Aug, 2024 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an unauthenticated attacker to halt the industrial process by sending a crafted packet over the network. This denial of service attack exposes Improper Input Validation. After halting, physical access to the PLC is required in order to restore production, and the device state is lost. This is related to R04CPU, RJ71GF11-T2, R04CPU, and RJ71GF11-T2.

Action-Not Available
Vendor-n/aMitsubishi Electric Corporation
Product-r08sfcpur16mtcpu_firmwarer04cpu_firmwarer64mtcpur16sfcpu_firmwarer16mtcpur04cpur32pcpur08cpur64mtcpu_firmwarer08pcpur00cpu_firmwarer32mtcpu_firmwarer08pcpu_firmwarer02cpu_firmwarer32mtcpur16sfcpur16cpu_firmwarer16pcpur120cpu_firmwarer32cpu_firmwarer00cpur08sfcpu_firmwarer120cpur32sfcpu_firmwarer32sfcpur01cpur32pcpu_firmwarer01cpu_firmwarer16cpur08cpu_firmwarer16pcpu_firmwarer02cpur120pcpu_firmwarer120sfcpur120sfcpu_firmwarer32cpur120pcpun/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-20
Improper Input Validation
CVE-2025-15358
Matching Score-4
Assigner-Delta Electronics, Inc.
ShareView Details
Matching Score-4
Assigner-Delta Electronics, Inc.
CVSS Score-7.5||HIGH
EPSS-0.28% / 19.52%
||
7 Day CHG~0.00%
Published-30 Dec, 2025 | 09:04
Updated-06 Jan, 2026 | 21:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DVP-12SE11T - Denial of Service Vulnerability

DVP-12SE11T - Denial of Service Vulnerability

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-dvp-12se11tdvp-12se11t_firmwareDVP-12SE11T
CWE ID-CWE-20
Improper Input Validation
CVE-2020-1644
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-1.28% / 66.42%
||
7 Day CHG~0.00%
Published-17 Jul, 2020 | 18:40
Updated-16 Sep, 2024 | 23:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: RPD crash due to specific BGP UPDATE packets

On Juniper Networks Junos OS and Junos OS Evolved devices, the receipt of a specific BGP UPDATE packet causes an internal counter to be incremented incorrectly, which over time can lead to the routing protocols process (RPD) crash and restart. This issue affects both IBGP and EBGP multihop deployment in IPv4 or IPv6 network. This issue affects: Juniper Networks Junos OS: 17.2X75 versions prior to 17.2X75-D105.19; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S10, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S4; 18.2X75 versions prior to 18.2X75-D13, 18.2X75-D411.1, 18.2X75-D420.18, 18.2X75-D52.3, 18.2X75-D60; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S2; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S2, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2. Juniper Networks Junos OS Evolved: any releases prior to 20.1R2-EVO. This issue does not affect Juniper Networks Junos OS releases prior to 17.3R1.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OSJunos OS Evolved
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CWE ID-CWE-20
Improper Input Validation
CVE-2025-15606
Matching Score-4
Assigner-TP-Link Systems Inc.
ShareView Details
Matching Score-4
Assigner-TP-Link Systems Inc.
CVSS Score-7.1||HIGH
EPSS-0.29% / 20.91%
||
7 Day CHG~0.00%
Published-23 Mar, 2026 | 18:36
Updated-31 Mar, 2026 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service (DoS) in HTTPD Input Handling on TP-Link TD-W8961N

A Denial-of-Service (DoS) vulnerability in the httpd component of TP-Link's TD-W8961N v4.0 due to improper input sanitization, allows crafted requests to trigger a processing error that causes the httpd service to crash. Successful exploitation may allow the attacker to cause service interruption, resulting in a DoS condition.

Action-Not Available
Vendor-TP-Link Systems Inc.TP-Link Systems Inc.
Product-td-w8961nd_firmwaretd-w8961nTD-W8961N v4.0
CWE ID-CWE-20
Improper Input Validation
CVE-2022-40502
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.42% / 34.15%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 06:58
Updated-03 Aug, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper input validation in WLAN Host

Transient DOS due to improper input validation in WLAN Host.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcn5024_firmwarewsa8830qcn9070sxr2230p_firmwareqcs610ipq8173_firmwareqcn5124qca4024_firmwareqcn9072wcn3950_firmwareipq8078aipq5028_firmwareqca6595au_firmwareipq6000wcd9370ssg2115pqcn5152_firmwareqca6584au_firmwareqcn9000_firmwareipq5018qca6554a_firmwarewcd9385_firmwareqam8295pwcn3950ipq8076aqcn6024_firmwaresd_8_gen1_5g_firmwareipq8074aqcn5124_firmwareqam8295p_firmwareqcn6100_firmwareqcn6102_firmwarewcn7850qca6574au_firmwareqcn5122_firmwareqcn5164_firmwareqca6595auqca8081_firmwareqcn6023_firmwarewcd9375_firmwareqcn9002ipq5010qca6564au_firmwareqca6584ausa6155p_firmwaresd680_firmwareipq8078a_firmwareqcn9274ipq8174qcn9001wcn7851ipq5028qca6698aqqcn5052ipq6010qcn6112_firmwarewcn3988_firmwareqcn9074sa8195pqcn6132wsa8810_firmwaresd680sa6155psg4150pqca8081wcn7851_firmwareqca6698aq_firmwareipq8071aqcn6023ipq8071a_firmwarewcd9385qca9888_firmwareqcn6122wcd9341qca6696_firmwareipq9008_firmwareqcn5154_firmwarecsr8811wcd9375qcn9100_firmwarewsa8830_firmwareipq5010_firmwareipq8074a_firmwarewcn3988wsa8815_firmwarewcn7850_firmwarewsa8835_firmwaresa8195p_firmwaresm8475qcn5022_firmwaresa8295p_firmwaresa4150psg4150p_firmwareqca8072ipq5018_firmwarewcd9380_firmwaressg2125pqcn9000ipq8072aqca6554aipq8076a_firmwareqca6595ipq8078qca6564auqcn9001_firmwareipq8173wcn6856_firmwareipq9008qcn5164qcn6122_firmwareqca6574sxr1230p_firmwarewsa8835csr8811_firmwarewcd9380qcn5054_firmwareqcs410qcn5154qca8075_firmwaressg2125p_firmwareqca6574aqcn5024wcn6855_firmwareqca9889qcn6132_firmwareqcn9003_firmwaresxr1230pqca9888qca8072_firmwarewcn3980qcn5052_firmwareqcn9274_firmwareqcn9003ipq8070a_firmwareipq6018_firmwareipq8076_firmwareqca6574_firmwarewsa8815qcn6112sxr2230pipq8076qca6574a_firmwareqcn5152ipq6028qcn9024ipq9574_firmwarewcn3980_firmwaresa8295pwcn6740_firmwareqcn6102qcn9100ipq8078_firmwarewsa8832_firmwareqcn5054qcn9070_firmwareipq6028_firmwareipq8072a_firmwareqca6574auqca9889_firmwaresa8155p_firmwareipq9574qcn5122qcn9024_firmwareipq8174_firmwarewcd9341_firmwarewsa8810wsa8832wcn6855qcs610_firmwarewcn6856ipq6018qcn5022ipq6010_firmwareqca6595_firmwarewcn6740qca6696sa4150p_firmwareqca4024wcd9370_firmwareqca8075qcn9022_firmwaresa8155pqcn6024qcn9022ipq8070aqcn9002_firmwareqcn6100qcn9072_firmwareipq6000_firmwaressg2115p_firmwareqcn9074_firmwareqcs410_firmwareSnapdragonqcn5024_firmwareipq5018_firmwarewcd9380_firmwaresxr2230p_firmwareipq8076a_firmwareipq8173_firmwareqcn9001_firmwarewcn6856_firmwareqca4024_firmwareqcn6122_firmwaresxr1230p_firmwarewcn3950_firmwarecsr8811_firmwareipq5028_firmwareqca6595au_firmwareqcn5054_firmwareqca8075_firmwaressg2125p_firmwarewcn6855_firmwareqcn5152_firmwareqcn6132_firmwareqcn9003_firmwareqca6584au_firmwareqca8072_firmwareqcn9000_firmwareqcn5052_firmwareqcn9274_firmwareipq8070a_firmwareqca6554a_firmwarewcd9385_firmwareqcn6024_firmwareipq8076_firmwareipq6018_firmwareqca6574_firmwaresd_8_gen1_5g_firmwareqcn5124_firmwareqam8295p_firmwareqcn6100_firmwareqcn6102_firmwareqca6574a_firmwareqca6574au_firmwareqcn5122_firmwareqcn5164_firmwarewcd9375_firmwareqca8081_firmwareqcn6023_firmwareipq9574_firmwarewcn3980_firmwarewcn6740_firmwareqca6564au_firmwaresd680_firmwaresa6155p_firmwareipq8078a_firmwareipq8078_firmwarewsa8832_firmwareqcn9070_firmwareipq6028_firmwareipq8072a_firmwareqcn6112_firmwarewcn3988_firmwareqca9889_firmwaresa8155p_firmwareqcn9024_firmwareipq8174_firmwarewsa8810_firmwarewcd9341_firmwareqcs610_firmwarewcn7851_firmwareqca6698aq_firmwareipq8071a_firmwareqca9888_firmwareipq6010_firmwareqca6696_firmwareqca6595_firmwareipq9008_firmwareqcn5154_firmwaresa4150p_firmwarewcd9370_firmwareqcn9100_firmwareqcn9022_firmwarewsa8830_firmwareqcn9002_firmwareipq5010_firmwareipq8074a_firmwarewsa8815_firmwarewsa8835_firmwarewcn7850_firmwareqcn9072_firmwareipq6000_firmwaresa8195p_firmwaressg2115p_firmwareqcn9074_firmwareqcs410_firmwareqcn5022_firmwaresa8295p_firmwaresg4150p_firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2022-40898
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.66% / 83.84%
||
7 Day CHG~0.00%
Published-22 Dec, 2022 | 00:00
Updated-15 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.

Action-Not Available
Vendor-wheel_projectn/a
Product-wheeln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-40265
Matching Score-4
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-4
Assigner-Mitsubishi Electric Corporation
CVSS Score-8.6||HIGH
EPSS-0.94% / 56.41%
||
7 Day CHG~0.00%
Published-30 Nov, 2022 | 00:04
Updated-24 Apr, 2025 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service (DoS) Vulnerability in MELSEC iQ-R Series Ethernet Interface Module

Improper Input Validation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Firmware version "65" and prior and Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Network Part Firmware version "65" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition by sending specially crafted packets. A system reset is required for recovery.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-rj71en71_firmwarer08encpur16encpu_firmwarerj71en71r16encpur32encpur32encpu_firmwarer04encpu_firmwarer04encpur120encpur08encpu_firmwarer120encpu_firmwareMELSEC iQ-R Series R04/08/16/32/120ENCPUMELSEC iQ-R Series RJ71EN71
CWE ID-CWE-20
Improper Input Validation
CVE-2025-6625
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-8.7||HIGH
EPSS-0.46% / 36.35%
||
7 Day CHG~0.00%
Published-18 Aug, 2025 | 06:58
Updated-18 Aug, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CWE-20: Improper Input Validation vulnerability exists that could cause a Denial Of Service when specific crafted FTP command is sent to the device.

Action-Not Available
Vendor-Schneider Electric SE
Product-BMXNOR0200H: Ethernet / Serial RTU ModuleBMXNOC0401: Modicon M340 X80 Ethernet Communication modulesBMXNOE0100: Modbus/TCP Ethernet Modicon M340 moduleModicon M340BMXNOE0110: Modbus/TCP Ethernet Modicon M340 FactoryCast moduleBMXNGD0100: M580 Global Data module
CWE ID-CWE-20
Improper Input Validation
CVE-2020-12824
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.07% / 60.89%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 03:33
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pexip Infinity 23.x before 23.3 has improper input validation, leading to a temporary software abort via RTP.

Action-Not Available
Vendor-pexipn/a
Product-pexip_infinityn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-40237
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.66% / 46.86%
||
7 Day CHG~0.00%
Published-27 Feb, 2023 | 14:18
Updated-03 Aug, 2024 | 12:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM MQ for HPE NonStop denial of service

IBM MQ for HPE NonStop 8.1.0 is vulnerable to a denial of service attack due to an error within the CCDT and channel synchronization logic. IBM X-Force ID: 235727.

Action-Not Available
Vendor-IBM Corporation
Product-mq_for_hpe_nonstopMQ for HPE NonStop
CWE ID-CWE-20
Improper Input Validation
CVE-2022-39012
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.52% / 40.15%
||
7 Day CHG~0.00%
Published-28 Dec, 2022 | 00:00
Updated-11 Apr, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei Aslan Children's Watch has an improper input validation vulnerability. Successful exploitation may cause the watch's application service abnormal.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-aslan-al10_firmwareaslan-al10Aslan-AL10
CWE ID-CWE-20
Improper Input Validation
CVE-2022-38900
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-24.93% / 97.65%
||
7 Day CHG~0.00%
Published-28 Nov, 2022 | 00:00
Updated-25 Apr, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS.

Action-Not Available
Vendor-decode-uri-component_projectn/a
Product-decode-uri-componentn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-3543
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.58% / 83.34%
||
7 Day CHG~0.00%
Published-21 Nov, 2019 | 14:00
Updated-06 Aug, 2024 | 20:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mono 2.10.x ASP.NET Web Form Hash collision DoS

Action-Not Available
Vendor-mono-projectmonoCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxdebian_linuxmonomono
CWE ID-CWE-20
Improper Input Validation
CVE-2020-13387
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.07% / 60.89%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 03:34
Updated-04 Aug, 2024 | 12:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pexip Infinity before 23.4 has a lack of input validation, leading to temporary denial of service via H.323.

Action-Not Available
Vendor-pexipn/a
Product-pexip_infinityn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-12066
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.96% / 85.51%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 16:20
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers to shut down the server.

Action-Not Available
Vendor-teeworldsn/aCanonical Ltd.openSUSEFedora ProjectDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxfedorabackports_sleteeworldsleapn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-17210
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.01% / 58.90%
||
7 Day CHG~0.00%
Published-04 Nov, 2019 | 19:48
Updated-05 Aug, 2024 | 01:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial-of-service issue was discovered in the MQTT library in Arm Mbed OS 2017-11-02. The function readMQTTLenString() is called by the function MQTTDeserialize_publish() to get the length and content of the MQTT topic name. In the function readMQTTLenString(), mqttstring->lenstring.len is a part of user input, which can be manipulated. An attacker can simply change it to a larger value to invalidate the if statement so that the statements inside the if statement are skipped, letting the value of mqttstring->lenstring.data default to zero. Later, curn is accessed, which points to mqttstring->lenstring.data. On an Arm Cortex-M chip, the value at address 0x0 is actually the initialization value for the MSP register. It is highly dependent on the actual firmware. Therefore, the behavior of the program is unpredictable from this time on.

Action-Not Available
Vendor-n/aArm Limited
Product-mbed-mqttmbed-osn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-37395
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.48% / 37.89%
||
7 Day CHG+0.01%
Published-20 Sep, 2022 | 19:46
Updated-28 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Huawei device has an input verification vulnerability. Successful exploitation of this vulnerability may lead to DoS attacks.Affected product versions include:CV81-WDM FW versions 01.70.49.29.46.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-cv81-wdm_fw_firmwarecv81-wdm_fwCV81-WDM FW
CWE ID-CWE-20
Improper Input Validation
CVE-2022-3736
Matching Score-4
Assigner-Internet Systems Consortium (ISC)
ShareView Details
Matching Score-4
Assigner-Internet Systems Consortium (ISC)
CVSS Score-7.5||HIGH
EPSS-50.17% / 98.77%
||
7 Day CHG~0.00%
Published-25 Jan, 2023 | 21:39
Updated-01 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
named configured to answer from stale cache may terminate unexpectedly while processing RRSIG queries

BIND 9 resolver can crash when stale cache and stale answers are enabled, option `stale-answer-client-timeout` is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1.

Action-Not Available
Vendor-Internet Systems Consortium, Inc.
Product-bindBIND 9
CWE ID-CWE-20
Improper Input Validation
CVE-2022-36362
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.87% / 54.25%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-08 Oct, 2024 | 09:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA2) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA2) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA2) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA2) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2) (All versions). Affected devices do not conduct certain validations when interacting with them. This could allow an unauthenticated remote attacker to manipulate the devices IP address, which means the device would not be reachable and could only be recovered by power cycling the device.

Action-Not Available
Vendor-Siemens AG
Product-logo\!8_bm_fs-05logo\!8_bm_fs-05_firmwarelogo\!_8_bm_firmwarelogo\!8_bmLOGO! 230RCEoSIPLUS LOGO! 24CEoLOGO! 12/24RCELOGO! 24RCEoSIPLUS LOGO! 12/24RCEoLOGO! 24CEoSIPLUS LOGO! 24RCEoLOGO! 24RCESIPLUS LOGO! 24CELOGO! 12/24RCEoLOGO! 230RCESIPLUS LOGO! 230RCEoLOGO! 24CESIPLUS LOGO! 24RCESIPLUS LOGO! 12/24RCESIPLUS LOGO! 230RCE
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 15
  • 16
  • Next
Details not found