Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-30681

Summary
Assigner-oracle
Assigner Org ID-43595867-4340-4103-b7a2-9a5208d29a85
Published At-15 Apr, 2025 | 20:30
Updated At-16 Apr, 2025 | 14:50
Rejected At-
Credits

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:oracle
Assigner Org ID:43595867-4340-4103-b7a2-9a5208d29a85
Published At:15 Apr, 2025 | 20:30
Updated At:16 Apr, 2025 | 14:50
Rejected At:
▼CVE Numbering Authority (CNA)

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).

Affected Products
Vendor
Oracle CorporationOracle Corporation
Product
MySQL Cluster
Versions
Affected
  • From 7.6.0 through 7.6.33 (semver)
  • From 8.0.0 through 8.0.41 (semver)
  • From 8.4.0 through 8.4.4 (semver)
  • From 9.0.0 through 9.2.0 (semver)
Vendor
Oracle CorporationOracle Corporation
Product
MySQL Server
Versions
Affected
  • From 8.0.0 through 8.0.41 (semver)
  • From 8.4.0 through 8.4.4 (semver)
  • From 9.0.0 through 9.2.0 (semver)
Problem Types
TypeCWE IDDescription
N/AN/AEasily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster.
Type: N/A
CWE ID: N/A
Description: Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster.
Metrics
VersionBase scoreBase severityVector
3.12.7LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
Version: 3.1
Base score: 2.7
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.oracle.com/security-alerts/cpuapr2025.html
vendor-advisory
Hyperlink: https://www.oracle.com/security-alerts/cpuapr2025.html
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-400CWE-400 Uncontrolled Resource Consumption
Type: CWE
CWE ID: CWE-400
Description: CWE-400 Uncontrolled Resource Consumption
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert_us@oracle.com
Published At:15 Apr, 2025 | 21:15
Updated At:17 Apr, 2025 | 21:38

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.12.7LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
Type: Secondary
Version: 3.1
Base score: 2.7
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
CPE Matches
Oracle Corporation
oracle
>>mysql_cluster>>Versions from 7.6.0(inclusive) to 7.6.33(inclusive)
cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>mysql_cluster>>Versions from 8.0.0(inclusive) to 8.0.41(inclusive)
cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>mysql_cluster>>Versions from 8.4.0(inclusive) to 8.4.4(inclusive)
cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>mysql_cluster>>Versions from 9.0.0(inclusive) to 9.2.0(inclusive)
cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>mysql_server>>Versions from 8.0.0(inclusive) to 8.0.41(inclusive)
cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>mysql_server>>Versions from 8.4.0(inclusive) to 8.4.4(inclusive)
cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>mysql_server>>Versions from 9.0.0(inclusive) to 9.2.0(inclusive)
cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-400Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-400
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.oracle.com/security-alerts/cpuapr2025.htmlsecalert_us@oracle.com
Patch
Vendor Advisory
Hyperlink: https://www.oracle.com/security-alerts/cpuapr2025.html
Source: secalert_us@oracle.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

163Records found
CVE-2025-21549
Matching Score-6
Assigner-Oracle
ShareView Details
Matching Score-6
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.11% / 30.52%
||
7 Day CHG+0.01%
Published-21 Jan, 2025 | 20:53
Updated-23 Jun, 2025 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-weblogic_serverOracle WebLogic Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-21296
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-2.7||LOW
EPSS-0.57% / 67.59%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 20:00
Updated-03 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-service in Fleet

Fleet is an open source osquery manager. In Fleet before version 3.7.0 a malicious actor with a valid node key can send a badly formatted request that causes the Fleet server to exit, resulting in denial of service. This is possible only while a live query is currently ongoing. We believe the impact of this vulnerability to be low given the requirement that the actor has a valid node key. There is no information disclosure, privilege escalation, or code execution. The issue is fixed in Fleet 3.7.0.

Action-Not Available
Vendor-fleetdmfleetdm
Product-fleetfleet
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-44321
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-5.1||MEDIUM
EPSS-0.06% / 19.96%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 11:04
Updated-12 Aug, 2025 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected devices do not properly validate the length of inputs when performing certain configuration changes in the web interface allowing an authenticated attacker to cause a denial of service condition. The device needs to be restarted for the web interface to become available again.

Action-Not Available
Vendor-Siemens AG
Product-6gk5328-4ss00-2ar3_firmware6gk5206-2bb00-2ac26ag1206-2bs00-7ac2_firmware6gk5208-0ga00-2ac2_firmware6gk5204-0ba00-2gf2_firmware6gk5208-0ha00-2ts6_firmware6ag1216-4bs00-7ac26gk5324-0ba00-3ar36gk5205-3bf00-2tb2_firmware6gk5208-0ba00-2tb2_firmware6gk5216-3rs00-2ac26gk5208-0ga00-2ac26gk5213-3bb00-2tb2_firmware6gk5206-2rs00-5ac26gk5224-4gs00-2ac26gk5328-4fs00-3rr3_firmware6gk5216-0ha00-2es6_firmware6gk5204-0ba00-2gf26gk5326-2qs00-3rr3_firmware6gk5328-4fs00-2ar3_firmware6gk5216-0ha00-2ts6_firmware6gk5328-4fs00-3ar36gk5206-2rs00-2ac2_firmware6gk5213-3bd00-2ab2_firmware6gk5205-3bb00-2ab26gk5208-0ga00-2tc2_firmware6gk5213-3bd00-2tb26gk5204-0ba00-2yf2_firmware6gk5206-2rs00-5ac2_firmware6gk5206-2gs00-2fc2_firmware6gk5224-0ba00-2ac2_firmware6gk5216-0ba00-2ac2_firmware6gk5205-3bb00-2tb26gk5324-0ba00-2ar3_firmware6gk5216-4gs00-2fc2_firmware6gk5208-0ua00-5es66ag1208-0ba00-7ac26gk5224-4gs00-2fc2_firmware6gk5328-4fs00-2ar36gk5213-3bf00-2tb2_firmware6gk5205-3bb00-2tb2_firmware6gk5208-0ra00-2ac2_firmware6gk5224-4gs00-2tc26gk5216-0ba00-2ac26gk5324-0ba00-3ar3_firmware6gk5216-4bs00-2ac26gk5224-4gs00-2ac2_firmware6gk5326-2qs00-3ar3_firmware6gk5324-0ba00-2ar36gk5208-0ga00-2tc26gk5213-3bf00-2ab26gk5216-0ha00-2as66gk5216-0ha00-2es66gk5216-4gs00-2tc26gk5206-2bd00-2ac26gk5224-0ba00-2ac26gk5328-4fs00-2rr3_firmware6gk5206-2rs00-5fc26gk5206-2gs00-2tc2_firmware6gk5208-0ua00-5es6_firmware6gk5206-2gs00-2tc26gk5216-0ua00-5es66gk5213-3bf00-2ab2_firmware6gk5205-3bf00-2ab26ag1206-2bb00-7ac2_firmware6gk5208-0ga00-2fc26gk5213-3bd00-2tb2_firmware6gk5208-0ga00-2fc2_firmware6gk5213-3bf00-2tb26gk5328-4fs00-2rr36gk5213-3bb00-2tb26gk5216-0ba00-2ab26gk5216-0ba00-2fc2_firmware6gk5204-2aa00-2yf26gk5213-3bd00-2ab26gk5206-2gs00-2fc26gk5206-2gs00-2ac26gk5205-3bb00-2ab2_firmware6gk5208-0ba00-2fc2_firmware6gk5208-0ba00-2ab26gk5204-2aa00-2gf26gk5208-0ba00-2ac2_firmware6gk5216-0ba00-2fc26gk5328-4ss00-3ar36gk5216-3rs00-5ac26gk5208-0ba00-2tb26gk5206-2rs00-5fc2_firmware6gk5206-2bs00-2ac26gk5328-4fs00-3rr36gk5205-3bd00-2ab26gk5224-4gs00-2tc2_firmware6gk5224-4gs00-2fc26gk5208-0ba00-2ac26gk5206-2bs00-2fc26gk5208-0ha00-2as6_firmware6gk5206-2bs00-2ac2_firmware6gk5208-0ra00-2ac26gk5205-3bf00-2tb26gk5216-0ua00-5es6_firmware6gk5216-4gs00-2ac26gk5208-0ha00-2as66gk5205-3bd00-2tb26ag1206-2bs00-7ac26gk5204-0ba00-2yf26gk5208-0ha00-2ts66gk5208-0ra00-5ac26gk5213-3bb00-2ab26gk5216-0ba00-2ab2_firmware6gk5216-0ha00-2ts66gk5208-0ba00-2fc26gk5216-0ba00-2tb2_firmware6gk5206-2gs00-2ac2_firmware6gk5326-2qs00-3rr36gk5216-4bs00-2ac2_firmware6gk5216-4gs00-2ac2_firmware6gk5206-2bs00-2fc2_firmware6gk5205-3bd00-2ab2_firmware6gk5328-4ss00-2ar36ag1216-4bs00-7ac2_firmware6gk5208-0ha00-2es6_firmware6gk5205-3bf00-2ab2_firmware6gk5216-3rs00-2ac2_firmware6ag1206-2bb00-7ac26gk5204-2aa00-2gf2_firmware6gk5208-0ra00-5ac2_firmware6gk5216-4gs00-2tc2_firmware6gk5208-0ha00-2es66gk5328-4ss00-3ar3_firmware6gk5216-3rs00-5ac2_firmware6gk5204-2aa00-2yf2_firmware6gk5216-0ha00-2as6_firmware6gk5216-4gs00-2fc26gk5206-2bd00-2ac2_firmware6gk5328-4fs00-3ar3_firmware6gk5208-0ba00-2ab2_firmware6gk5205-3bd00-2tb2_firmware6ag1208-0ba00-7ac2_firmware6gk5326-2qs00-3ar36gk5206-2rs00-2ac26gk5206-2bb00-2ac2_firmware6gk5213-3bb00-2ab2_firmware6gk5216-0ba00-2tb2SCALANCE XC208SCALANCE XB213-3 (ST, E/IP)SCALANCE M876-3SCALANCE XR326-2C PoE WGSCALANCE MUM853-1 (EU)SCALANCE XB205-3 (ST, PN)SCALANCE XC216-4C G EECSCALANCE M812-1 ADSL-Router familySCALANCE XB208 (E/IP)SCALANCE XP208SCALANCE XP208GSCALANCE S615 LAN-RouterSCALANCE XP216G EECSCALANCE MUM853-1 (B1)SCALANCE XP216EEC (V2)SCALANCE M804PBSCALANCE XP208G PoE EECSIPLUS NET SCALANCE XC208SCALANCE XB205-3LD (SC, E/IP)SCALANCE XP216SCALANCE XC206-2G PoE (54 V DC)SCALANCE S615 EEC LAN-RouterSCALANCE XP208PoE EECSCALANCE M876-4SCALANCE XB213-3LD (SC, PN)SCALANCE MUM856-1 (EU)SCALANCE MUM856-1 (RoW)SCALANCE XB213-3 (ST, PN)SCALANCE M816-1 ADSL-Router familySCALANCE XF204-2BASCALANCE XC216-4C G (EIP Def.)SIPLUS NET SCALANCE XC206-2SCALANCE XC208G PoE (54 V DC)SCALANCE M874-2SCALANCE XB206-2 STSIPLUS NET SCALANCE XC206-2SFPSCALANCE XP216GSCALANCE XC206-2G PoE EEC (54 V DC)SCALANCE XC206-2G PoESCALANCE XC216SCALANCE XB213-3 (SC, PN)SCALANCE XC216-3G PoE (54 V DC)SCALANCE XF204GSCALANCE XB206-2 (ST/BFOC)SCALANCE MUM856-1 (A1)SCALANCE XC206-2 (ST/BFOC)SCALANCE XC224SCALANCE M874-3 3G-Router (CN)SCALANCE XR328-4C WG (24XFE, 4XGE, 24V)RUGGEDCOM RM1224 LTE(4G) NAMSCALANCE XC206-2SFP EECSCALANCE XP208EECSCALANCE XP216G PoE EECSCALANCE MUM856-1 (CN)SCALANCE XC216EECSCALANCE XF204-2BA DNASCALANCE XC206-2 (SC)SCALANCE M826-2 SHDSL-RouterSCALANCE XC216-4C GSCALANCE XC216-3G PoESCALANCE M874-3SCALANCE XP216PoE EEC (V2)SCALANCE XB206-2LDSCALANCE XC224-4C G EECSCALANCE XC208EECSCALANCE XC208GSCALANCE XB208 (PN)SCALANCE XB216 (E/IP)SCALANCE XC206-2SFP G EECSCALANCE XF204SCALANCE XP208G EECSCALANCE XP216 (Ethernet/IP)SCALANCE XC206-2SFP GSCALANCE XC206-2SFP G (EIP DEF.)SCALANCE MUM856-1 (B1)SCALANCE XB205-3 (ST, E/IP)SCALANCE XR324WG (24 X FE, DC 24V)SCALANCE XR328-4C WG (28xGE, DC 24V)SCALANCE XB206-2 SCSIPLUS NET SCALANCE XC216-4CSCALANCE XC208G PoESCALANCE XR324WG (24 x FE, AC 230V)RUGGEDCOM RM1224 LTE(4G) EUSCALANCE MUM853-1 (A1)SCALANCE XC224-4C G (EIP Def.)SCALANCE XR328-4C WG (24xFE,4xGE,AC230V)SCALANCE XC216-4CSCALANCE XB216 (PN)SCALANCE XP216EECSCALANCE XR328-4C WG (24xFE, 4xGE,DC24V)SCALANCE XR328-4C WG (28xGE, AC 230V)SCALANCE XC224-4C GSCALANCE M876-4 (EU)SCALANCE XP208G PPSCALANCE XB213-3LD (SC, E/IP)SCALANCE XB213-3 (SC, E/IP)SCALANCE XB205-3LD (SC, PN)SCALANCE M876-3 (ROK)SCALANCE XB205-3 (SC, PN)SCALANCE XC208G EECSCALANCE XP216POE EECSCALANCE XR326-2C PoE WG (without UL)SCALANCE M876-4 (NAM)SCALANCE XP216 (V2)SCALANCE XB206-2 (SC)SCALANCE XP208 (Ethernet/IP)SCALANCE XC206-2SFPSCALANCE XB206-2 LDSCALANCE XC208G (EIP def.)SCALANCE XF204 DNA
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-4533
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.07% / 21.25%
||
7 Day CHG~0.00%
Published-11 May, 2025 | 06:31
Updated-12 May, 2025 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
JeecgBoot Document Library Upload zip unzipFile resource consumption

A vulnerability classified as problematic was found in JeecgBoot up to 3.8.0. This vulnerability affects the function unzipFile of the file /jeecg-boot/airag/knowledge/doc/import/zip of the component Document Library Upload. The manipulation of the argument File leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-n/a
Product-JeecgBoot
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2023-37481
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-2.7||LOW
EPSS-0.08% / 24.45%
||
7 Day CHG~0.00%
Published-18 Jul, 2023 | 18:19
Updated-18 Oct, 2024 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fides Webserver Vulnerable to SVG Bomb File Uploads

Fides is an open-source privacy engineering platform for managing data privacy requests and privacy regulations. The Fides webserver is vulnerable to a type of Denial of Service (DoS) attack. Attackers can exploit this vulnerability to upload zip files containing malicious SVG bombs (similar to a billion laughs attack), causing resource exhaustion in Admin UI browser tabs and creating a persistent denial of service of the 'new connector' page (`datastore-connection/new`). This vulnerability affects Fides versions `2.11.0` through `2.15.1`. Exploitation is limited to users with elevated privileges with the `CONNECTOR_TEMPLATE_REGISTER` scope, which includes root users and users with the owner role. The vulnerability has been patched in Fides version `2.16.0`. Users are advised to upgrade to this version or later to secure their systems against this threat. There is no known workaround to remediate this vulnerability without upgrading.

Action-Not Available
Vendor-ethycaethyca
Product-fidesfides
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-37480
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-2.7||LOW
EPSS-0.03% / 8.30%
||
7 Day CHG~0.00%
Published-18 Jul, 2023 | 18:19
Updated-18 Oct, 2024 | 17:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fides Webserver Vulnerable to Zip Bomb File Uploads

Fides is an open-source privacy engineering platform for managing data privacy requests and privacy regulations. The Fides webserver is vulnerable to a type of Denial of Service (DoS) attack. Attackers can exploit a weakness in the connector template upload feature to upload a malicious zip bomb file, resulting in resource exhaustion and service unavailability for all users of the Fides webserver. This vulnerability affects Fides versions `2.11.0` through `2.15.1`. Exploitation is limited to users with elevated privileges with the `CONNECTOR_TEMPLATE_REGISTER` scope, which includes root users and users with the owner role. The vulnerability has been patched in Fides version `2.16.0`. Users are advised to upgrade to this version or later to secure their systems against this threat. There is no known workaround to remediate this vulnerability without upgrading. If an attack occurs, the impact can be mitigated by manually or automatically restarting the affected container.

Action-Not Available
Vendor-ethycaethyca
Product-fidesfides
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-37900
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-3.4||LOW
EPSS-0.06% / 18.34%
||
7 Day CHG~0.00%
Published-27 Jul, 2023 | 15:50
Updated-15 Oct, 2024 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Crossplane vulnerable to denial of service from large image

Crossplane is a framework for building cloud native control planes without needing to write code. In versions prior to 1.11.5, 1.12.3, and 1.13.0, a high-privileged user could create a Package referencing an arbitrarily large image containing that Crossplane would then parse, possibly resulting in exhausting all the available memory and therefore in the container being OOMKilled. The impact is limited due to the high privileges required to be able to create the Package and the eventually consistency nature of controller. This issue is fixed in versions 1.11.5, 1.12.3, and 1.13.0.

Action-Not Available
Vendor-cncfcrossplane
Product-crossplanecrossplane
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-3985
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.07% / 21.63%
||
7 Day CHG+0.01%
Published-27 Apr, 2025 | 20:31
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apereo CAS ResponseEntity redos

A vulnerability was found in Apereo CAS 5.2.6. It has been classified as problematic. This affects the function ResponseEntity of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\ManageRegisteredServicesMultiActionController.java. The manipulation of the argument Query leads to inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Apereo
Product-CAS
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-28440
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-2.7||LOW
EPSS-0.12% / 32.08%
||
7 Day CHG~0.00%
Published-18 Apr, 2023 | 20:40
Updated-06 Feb, 2025 | 16:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of service via admin theme import route in Discourse

Discourse is an open source platform for community discussion. In affected versions a maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout. This has the greatest potential impact in shared hosting environments where admins are untrusted. This issue has been addressed in versions 3.0.3 and 3.1.0.beta4. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-Civilized Discourse Construction Kit, Inc.
Product-discoursediscourse
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-43893
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-2.7||LOW
EPSS-0.03% / 6.30%
||
7 Day CHG~0.00%
Published-17 Oct, 2023 | 01:58
Updated-13 Sep, 2024 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Privilege denial of service

IBM Security Verify Privilege On-Premises 11.5 could allow a privileged user to cause by using a malicious payload. IBM X-Force ID: 240634.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationIBM Corporation
Product-security_verify_privilege_on-premisesmacoswindowsSecurity Verify Privilege
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-41969
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-2.4||LOW
EPSS-0.06% / 18.20%
||
7 Day CHG+0.01%
Published-01 Dec, 2022 | 20:47
Updated-23 Apr, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nextcloud Server has no password length limit when creating a user as an administrator

Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.11, 24.0.7, and 25.0.0, there is no password length limit when creating a user as an administrator. An administrator can cause a limited DoS attack against their own server. Versions 23.0.11, 24.0.7, and 25.0.0 contain a fix for the issue. As a workaround, don't create user accounts with long passwords.

Action-Not Available
Vendor-Nextcloud GmbH
Product-nextcloud_serversecurity-advisories
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-521
Weak Password Requirements
CVE-2022-4003
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-2.7||LOW
EPSS-0.19% / 40.90%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 20:29
Updated-13 Aug, 2024 | 15:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial-of-service vulnerability could allow an authenticated user to trigger an internal service restart via a specially crafted API request.

Action-Not Available
Vendor-Motorola Mobility LLC. (Lenovo Group Limited)
Product-q14q14_firmwareQ14 Mesh Router Firmware
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-23824
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.08% / 25.56%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 15:18
Updated-17 Jun, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
mailcow ipixel flood attack leads to Denial of Service in admin page

mailcow is a dockerized email package, with multiple containers linked in one bridged network. The application is vulnerable to pixel flood attack, once the payload has been successfully uploaded in the logo the application goes slow and doesn't respond in the admin page. It is tested on the versions 2023-12a and prior and patched in version 2024-01.

Action-Not Available
Vendor-mailcowmailcow
Product-mailcow\mailcow-dockerized
CWE ID-CWE-400
Uncontrolled Resource Consumption
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found