Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-57810

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-26 Aug, 2025 | 15:37
Updated At-26 Aug, 2025 | 15:58
Rejected At-
Credits

jsPDF Parsing of Corrupt PNGs Leads to Potential Denial of Service (DoS)

jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG file that results in high CPU utilization and denial of service. The vulnerability was fixed in jsPDF 3.0.2.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:26 Aug, 2025 | 15:37
Updated At:26 Aug, 2025 | 15:58
Rejected At:
▼CVE Numbering Authority (CNA)
jsPDF Parsing of Corrupt PNGs Leads to Potential Denial of Service (DoS)

jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG file that results in high CPU utilization and denial of service. The vulnerability was fixed in jsPDF 3.0.2.

Affected Products
Vendor
parallax
Product
jsPDF
Versions
Affected
  • < 3.0.2
Problem Types
TypeCWE IDDescription
CWECWE-20CWE-20: Improper Input Validation
CWECWE-770CWE-770: Allocation of Resources Without Limits or Throttling
Type: CWE
CWE ID: CWE-20
Description: CWE-20: Improper Input Validation
Type: CWE
CWE ID: CWE-770
Description: CWE-770: Allocation of Resources Without Limits or Throttling
Metrics
VersionBase scoreBase severityVector
4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw
x_refsource_CONFIRM
https://github.com/parallax/jsPDF/pull/3880
x_refsource_MISC
https://github.com/parallax/jsPDF/commit/4cf3ab619e565d9b88b4b130bff901b91d8688e9
x_refsource_MISC
https://github.com/parallax/jsPDF/releases/tag/v3.0.2
x_refsource_MISC
Hyperlink: https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/parallax/jsPDF/pull/3880
Resource:
x_refsource_MISC
Hyperlink: https://github.com/parallax/jsPDF/commit/4cf3ab619e565d9b88b4b130bff901b91d8688e9
Resource:
x_refsource_MISC
Hyperlink: https://github.com/parallax/jsPDF/releases/tag/v3.0.2
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw
exploit
Hyperlink: https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw
Resource:
exploit
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:26 Aug, 2025 | 16:15
Updated At:09 Sep, 2025 | 18:56

jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG file that results in high CPU utilization and denial of service. The vulnerability was fixed in jsPDF 3.0.2.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches

parall
parall
>>jspdf>>Versions before 3.0.2(exclusive)
cpe:2.3:a:parall:jspdf:*:*:*:*:*:node.js:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarysecurity-advisories@github.com
CWE-770Primarysecurity-advisories@github.com
CWE ID: CWE-20
Type: Primary
Source: security-advisories@github.com
CWE ID: CWE-770
Type: Primary
Source: security-advisories@github.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/parallax/jsPDF/commit/4cf3ab619e565d9b88b4b130bff901b91d8688e9security-advisories@github.com
Patch
https://github.com/parallax/jsPDF/pull/3880security-advisories@github.com
Issue Tracking
https://github.com/parallax/jsPDF/releases/tag/v3.0.2security-advisories@github.com
Release Notes
https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmwsecurity-advisories@github.com
Exploit
Vendor Advisory
https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw134c704f-9b21-4f2e-91b3-4a467353bcc0
Exploit
Vendor Advisory
Hyperlink: https://github.com/parallax/jsPDF/commit/4cf3ab619e565d9b88b4b130bff901b91d8688e9
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/parallax/jsPDF/pull/3880
Source: security-advisories@github.com
Resource:
Issue Tracking
Hyperlink: https://github.com/parallax/jsPDF/releases/tag/v3.0.2
Source: security-advisories@github.com
Resource:
Release Notes
Hyperlink: https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw
Source: security-advisories@github.com
Resource:
Exploit
Vendor Advisory
Hyperlink: https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource:
Exploit
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1575Records found

CVE-2026-25535
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.72% / 49.31%
||
7 Day CHG+0.17%
Published-19 Feb, 2026 | 14:34
Updated-30 Jun, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
jsPDF Affected by Client-Side/Server-Side Denial of Service via Malicious GIF Dimensions

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the first argument of the `addImage` method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the `addImage` method, a user can provide a harmful GIF file that results in out of memory errors and denial of service. Harmful GIF files have large width and/or height entries in their headers, which lead to excessive memory allocation. Other affected methods are: `html`. The vulnerability has been fixed in jsPDF 4.2.0. As a workaround, sanitize image data or URLs before passing it to the addImage method or one of the other affected methods.

Action-Not Available
Vendor-parallparallaxRed Hat, Inc.
Product-jspdfjsPDFRed Hat Advanced Cluster Security for Kubernetes 4.8Red Hat Advanced Cluster Security for Kubernetes 4.9
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-24133
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.56% / 42.44%
||
7 Day CHG~0.00%
Published-02 Feb, 2026 | 20:32
Updated-18 Feb, 2026 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
jsPDF Affected by Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addImage method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful BMP file that results in out of memory errors and denial of service. Harmful BMP files have large width and/or height entries in their headers, which lead to excessive memory allocation. The html method is also affected. The vulnerability has been fixed in jsPDF@4.1.0.

Action-Not Available
Vendor-parallparallax
Product-jspdfjsPDF
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-29907
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.65% / 46.48%
||
7 Day CHG~0.00%
Published-18 Mar, 2025 | 18:40
Updated-22 Sep, 2025 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
jsPDF Bypass Regular Expression Denial of Service (ReDoS)

jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.1, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitised image urls to the addImage method, a user can provide a harmful data-url that results in high CPU utilization and denial of service. Other affected methods are html and addSvgAsImage. The vulnerability was fixed in jsPDF 3.0.1.

Action-Not Available
Vendor-parallparallax
Product-jspdfjsPDF
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2021-23353
Matching Score-8
Assigner-Snyk
ShareView Details
Matching Score-8
Assigner-Snyk
CVSS Score-5.9||MEDIUM
EPSS-2.64% / 83.75%
||
7 Day CHG~0.00%
Published-09 Mar, 2021 | 18:30
Updated-17 Sep, 2024 | 01:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Regular Expression Denial of Service (ReDoS)

This affects the package jspdf before 2.3.1. ReDoS is possible via the addImage function.

Action-Not Available
Vendor-paralln/a
Product-jspdfjspdf
CVE-2023-22323
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.66% / 47.20%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 17:53
Updated-26 Mar, 2025 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP SSL OCSP Authentication profile vulnerability

In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when OCSP authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_ssl_orchestratorbig-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerbig-ip_ddos_hybrid_defenderBIG-IP
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-21816
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-1.74% / 74.91%
||
7 Day CHG~0.00%
Published-14 Feb, 2023 | 19:33
Updated-01 Jan, 2025 | 00:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Active Directory Domain Services API Denial of Service Vulnerability

Windows Active Directory Domain Services API Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_11_21h2windows_10_22h2windows_server_2022windows_10windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-20
Improper Input Validation
CVE-2023-21144
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.74% / 50.18%
||
7 Day CHG~0.00%
Published-15 Jun, 2023 | 00:00
Updated-18 Dec, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In doInBackground of NotificationContentInflater.java, there is a possible temporary denial or service due to long running operations. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-252766417

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-20522
Matching Score-4
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-4
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.5||HIGH
EPSS-0.62% / 45.17%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 20:56
Updated-07 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient input validation in ASP may allow an attacker with a malicious BIOS to potentially cause a denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-milanpiromepimilanpi_firmwareromepi_firmware3rd Gen EPYC2nd Gen EPYC
CWE ID-CWE-20
Improper Input Validation
CVE-2023-20530
Matching Score-4
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-4
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.5||HIGH
EPSS-0.62% / 45.18%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 20:57
Updated-07 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient input validation of BIOS mailbox messages in SMU may result in out-of-bounds memory reads potentially resulting in a denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7343_firmwareepyc_7543_firmwareepyc_7373xepyc_7453epyc_7743epyc_7413_firmwareepyc_73f3_firmwareepyc_7443epyc_7513epyc_7763_firmwareepyc_7373x_firmwareepyc_7573x_firmwareepyc_7543p_firmwareepyc_7663epyc_7773xepyc_72f3_firmwareepyc_7443p_firmwareepyc_7543epyc_7773x_firmwareepyc_7443pepyc_75f3epyc_7443_firmwareepyc_7313p_firmwareepyc_7313pepyc_7543pepyc_7003epyc_7313epyc_7003_firmwareepyc_7313_firmwareepyc_74f3epyc_7573xepyc_75f3_firmwareepyc_7663_firmwareepyc_7763epyc_7343epyc_7413epyc_7643epyc_7713p_firmwareepyc_7713pepyc_73f3epyc_7713_firmwareepyc_7453_firmwareepyc_7743_firmwareepyc_7643_firmwareepyc_7713epyc_72f3epyc_74f3_firmwareepyc_7513_firmware3rd Gen EPYC
CWE ID-CWE-20
Improper Input Validation
CVE-2017-12235
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-6.94% / 93.34%
||
7 Day CHG~0.00%
Published-28 Sep, 2017 | 07:00
Updated-21 Apr, 2026 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-24||Apply updates per vendor instructions.

A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol (PN-DCP) for Cisco IOS 12.2 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper parsing of ingress PN-DCP Identify Request packets destined to an affected device. An attacker could exploit this vulnerability by sending a crafted PN-DCP Identify Request packet to an affected device and then continuing to send normal PN-DCP Identify Request packets to the device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. This vulnerability affects Cisco devices that are configured to process PROFINET messages. Beginning with Cisco IOS Software Release 12.2(52)SE, PROFINET is enabled by default on all the base switch module and expansion-unit Ethernet ports. Cisco Bug IDs: CSCuz47179.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-industrial_ethernet_2000_4s-ts-g-l_switchindustrial_ethernet_2000_4ts-g-l_switchindustrial_ethernet_2000_16tc-g-n_switchindustrial_ethernet_2000_16tc-g-e_switchindustrial_ethernet_2000_4ts-g-b_switchindustrial_ethernet_2000_8t67p-g-e_switchindustrial_ethernet_2000_16t67p-g-e_switchindustrial_ethernet_2000_4t-g-b_switchindustrial_ethernet_2000_16tc-g-x_switchindustrial_ethernet_2000_16ptc-g-nx_switchindustrial_ethernet_2000_8tc-g-e_switchindustrial_ethernet_2000_8tc-g-l_switchindustrial_ethernet_2000_8tc-g-n_switchiosindustrial_ethernet_2000_16tc-l_switchindustrial_ethernet_2000_24t67-b_switchindustrial_ethernet_2000_16t67-b_switchindustrial_ethernet_2000_16tc-g-l_switchindustrial_ethernet_2000_4t-b_switchindustrial_ethernet_2000_8tc-g-b_switchindustrial_ethernet_2000_series_firmwareindustrial_ethernet_2000_16ptc-g-l_switchindustrial_ethernet_2000_8tc-l_switchindustrial_ethernet_2000_8t67-b_switchindustrial_ethernet_2000_4ts-b_switchindustrial_ethernet_2000_8tc-b_switchindustrial_ethernet_2000_4t-l_switchindustrial_ethernet_2000_4s-ts-g-b_switchindustrial_ethernet_2000_4t-g-l_switchindustrial_ethernet_2000_4ts-l_switchindustrial_ethernet_2000_16ptc-g-e_switchCisco IOSIOS software
CWE ID-CWE-20
Improper Input Validation
CVE-2026-9563
Matching Score-4
Assigner-Eclipse Foundation
ShareView Details
Matching Score-4
Assigner-Eclipse Foundation
CVSS Score-7.5||HIGH
EPSS-0.37% / 28.60%
||
7 Day CHG~0.00%
Published-02 Jul, 2026 | 07:33
Updated-02 Jul, 2026 | 12:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse Parsson published Maven Central artifacts before version 1.1.8, the JSON parser did not enforce a default maximum on the number of characters consumed while parsing a single JSON document. Applications that parse attacker- controlled JSON can be forced to consume excessive CPU and memory by processing very large documents, including large arrays, objects, strings, numbers, whitespace, or nested structures, resulting in a denial of service. Eclipse Parsson 1.1.8 introduces a configurable maximum parsing limit with a default limit of 15 million parser-consumed characters.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-Eclipse Parsson
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2017-12233
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-6.94% / 93.34%
||
7 Day CHG~0.00%
Published-28 Sep, 2017 | 07:00
Updated-21 Apr, 2026 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-24||Apply updates per vendor instructions.

Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of crafted CIP packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted CIP packets to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCuz95334.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-1100-lte_integrated_services_router1111-4pwe1117-4plteeaweesr-6300-con-k91101-4p_integrated_services_routeresr-6300-ncp-k9catalyst_ie3400_heavy_duty_switch1921_integrated_services_router1113-8pwe1803_integrated_service_router1941_integrated_services_router1100-8p_integrated_services_router1812_integrated_service_routercatalyst_ie93001100_integrated_services_router1116-4pwecatalyst_ie3300_rugged_switch1111x-8p1801_integrated_service_router1906c_integrated_services_router1100-4gltena_integrated_services_router1120_integrated_services_router1100-4g\/6g_integrated_services_router1905_integrated_services_router1100-4p_integrated_services_routercatalyst_ie3400_rugged_switch1101-4p1100-4gltegb_integrated_services_router1100-4p1131_integrated_services_routercatalyst_ie3200_rugged_switch1117-4pmlteeawe1000_integrated_services_router1109-4p1120_connected_grid_router1941w_integrated_services_routerios1117-4pmwe1101_integrated_services_router1802_integrated_service_router1841_integrated_service_router11201100-6g_integrated_services_router1100-8p1113-8pmwe1116-4plteeawe1160_integrated_services_router1100_terminal_services_gateways1109-2p1861_integrated_service_router1100-4g_integrated_services_router1811_integrated_service_router1111-8pwb1113-8plteeawe1117-4pweCisco IOSIOS software
CWE ID-CWE-20
Improper Input Validation
CVE-2020-25648
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-3.85% / 88.88%
||
7 Day CHG~0.00%
Published-20 Oct, 2020 | 00:00
Updated-04 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.

Action-Not Available
Vendor-n/aOracle CorporationRed Hat, Inc.Fedora ProjectMozilla Corporation
Product-communications_pricing_design_centercommunications_offline_mediation_controllernetwork_security_servicesfedoraenterprise_linuxjd_edwards_enterpriseone_toolsnss
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-8966
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-0.74% / 50.27%
||
7 Day CHG~0.00%
Published-20 Mar, 2025 | 10:11
Updated-15 Oct, 2025 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service in gradio-app/gradio

A vulnerability in the file upload process of gradio-app/gradio version @gradio/video@0.10.2 allows for a Denial of Service (DoS) attack. An attacker can append a large number of characters to the end of a multipart boundary, causing the system to continuously process each character and issue warnings. This can render Gradio inaccessible for extended periods, disrupting services and causing significant downtime.

Action-Not Available
Vendor-gradiogradio-app
Product-videogradio-app/gradio
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-20108
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.93% / 56.37%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 00:00
Updated-02 Aug, 2024 | 08:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P) could allow an unauthenticated, remote attacker to cause a temporary service outage for all Cisco Unified CM IM&amp;P users who are attempting to authenticate to the service, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted login message to the affected device. A successful exploit could allow the attacker to cause an unexpected restart of the authentication service, preventing new users from successfully authenticating. Exploitation of this vulnerability does not impact Cisco Unified CM IM&amp;P users who were authenticated prior to an attack.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-unified_communications_manager_im_and_presence_serviceCisco Unified Communications Manager IM and Presence Service
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-20155
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.67% / 47.45%
||
7 Day CHG~0.00%
Published-01 Nov, 2023 | 16:48
Updated-26 Nov, 2024 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in a logging API in Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause the device to become unresponsive or trigger an unexpected reload. This vulnerability could also allow an attacker with valid user credentials, but not Administrator privileges, to view a system log file that they would not normally have access to. This vulnerability is due to a lack of rate-limiting of requests that are sent to a specific API that is related to an FMC log. An attacker could exploit this vulnerability by sending a high rate of HTTP requests to the API. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to the FMC CPU spiking to 100 percent utilization or to the device reloading. CPU utilization would return to normal if the attack traffic was stopped before an unexpected reload was triggered.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-secure_firewall_management_centerCisco Firepower Management Center
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-1973
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.29% / 66.79%
||
7 Day CHG~0.00%
Published-07 Nov, 2024 | 10:01
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Undertow: unrestricted request storage leads to memory exhaustion

A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7Red Hat JBoss Enterprise Application Platform 7Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9Red Hat JBoss Enterprise Application Platform 8Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
CWE ID-CWE-20
Improper Input Validation
CVE-2024-41132
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.77% / 51.28%
||
7 Day CHG~0.00%
Published-22 Jul, 2024 | 14:28
Updated-11 Sep, 2024 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SixLabors ImageSharp Allows Excessive Memory Allocation in Gif Decoder

ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in the Gif decoder. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. All users are advised to upgrade to v3.1.5 or v2.1.9.

Action-Not Available
Vendor-sixlaborsSixLaborssixlabors
Product-imagesharpImageSharpimagesharp
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2020-29487
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.43% / 69.76%
||
7 Day CHG~0.00%
Published-15 Dec, 2020 | 17:30
Updated-04 Aug, 2024 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Xen XAPI before 2020-12-15. Certain xenstore keys provide feedback from the guest, and are therefore watched by toolstack. Specifically, keys are watched by xenopsd, and data are forwarded via RPC through message-switch to xapi. The watching logic in xenopsd sends one RPC update containing all data, any time any single xenstore key is updated, and therefore has O(N^2) time complexity. Furthermore, message-switch retains recent (currently 128) RPC messages for diagnostic purposes, yielding O(M*N) space complexity. The quantity of memory a single guest can monopolise is bounded by xenstored quota, but the quota is fairly large. It is believed to be in excess of 1G per malicious guest. In practice, this manifests as a host denial of service, either through message-switch thrashing against swap, or OOMing entirely, depending on dom0's configuration. (There are no quotas in xenopsd to limit the quantity of keys that result in RPC traffic.) A buggy or malicious guest can cause unreasonable memory usage in dom0, resulting in a host denial of service. All versions of XAPI are vulnerable. Systems that are not using the XAPI toolstack are not vulnerable.

Action-Not Available
Vendor-n/aXen Project
Product-xapin/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-41727
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-8.7||HIGH
EPSS-0.48% / 38.03%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 14:32
Updated-20 Aug, 2024 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP TMM vulnerability

In BIG-IP tenants running on r2000 and r4000 series hardware, or BIG-IP Virtual Edition (VEs) using Intel E810 SR-IOV NIC, undisclosed traffic can cause an increase in memory resource utilization.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_automation_toolchainbig-ip_webacceleratorbig-ip_application_acceleration_managerbig-ip_ssl_orchestratorbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_local_traffic_managerbig-ip_analyticsbig-ip_domain_name_systembig-ip_application_security_managerr2000big-ip_edge_gatewaybig-ip_advanced_web_application_firewallbig-ip_carrier-grade_natbig-ip_link_controllerr4000big-ip_application_visibility_and_reportingbig-ip_container_ingress_servicesbig-ip_access_policy_managerbig-ip_websafebig-ip_advanced_firewall_managerbig-ip_ddos_hybrid_defenderBIG-IP
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2020-25275
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.66% / 90.64%
||
7 Day CHG~0.00%
Published-04 Jan, 2021 | 16:19
Updated-04 Aug, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts.

Action-Not Available
Vendor-n/aFedora ProjectDebian GNU/LinuxDovecot
Product-debian_linuxfedoradovecotn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-12234
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-6.94% / 93.34%
||
7 Day CHG~0.00%
Published-28 Sep, 2017 | 07:00
Updated-21 Apr, 2026 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-24||Apply updates per vendor instructions.

Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of crafted CIP packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted CIP packets to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvc43709.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-1100-lte_integrated_services_router1111-4pwe1117-4plteeaweesr-6300-con-k91101-4p_integrated_services_routeresr-6300-ncp-k9catalyst_ie3400_heavy_duty_switch1921_integrated_services_router1113-8pwe1803_integrated_service_router1941_integrated_services_router1100-8p_integrated_services_router1812_integrated_service_routercatalyst_ie93001100_integrated_services_router1116-4pwecatalyst_ie3300_rugged_switch1111x-8p1801_integrated_service_router1906c_integrated_services_router1100-4gltena_integrated_services_router1120_integrated_services_router1100-4g\/6g_integrated_services_router1905_integrated_services_router1100-4p_integrated_services_routercatalyst_ie3400_rugged_switch1101-4p1100-4gltegb_integrated_services_router1100-4p1131_integrated_services_routercatalyst_ie3200_rugged_switch1117-4pmlteeawe1000_integrated_services_router1109-4p1120_connected_grid_router1941w_integrated_services_routerios1117-4pmwe1101_integrated_services_router1802_integrated_service_router1841_integrated_service_router11201100-6g_integrated_services_router1100-8p1113-8pmwe1116-4plteeawe1160_integrated_services_router1100_terminal_services_gateways1109-2p1861_integrated_service_router1100-4g_integrated_services_router1811_integrated_service_router1111-8pwb1113-8plteeawe1117-4pweCisco IOSIOS software
CWE ID-CWE-20
Improper Input Validation
CVE-2024-4140
Matching Score-4
Assigner-Canonical Ltd.
ShareView Details
Matching Score-4
Assigner-Canonical Ltd.
CVSS Score-7.5||HIGH
EPSS-1.13% / 62.53%
||
7 Day CHG~0.00%
Published-02 May, 2024 | 19:59
Updated-26 Aug, 2025 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth and the total number of parts.

Action-Not Available
Vendor-rjbsrjbsrjbsFedora Project
Product-email-mimefedoraEmail-MIMEemail_mime
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-7507
Matching Score-4
Assigner-Rockwell Automation
ShareView Details
Matching Score-4
Assigner-Rockwell Automation
CVSS Score-8.7||HIGH
EPSS-0.50% / 39.15%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 19:35
Updated-04 Mar, 2025 | 17:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rockwell Automation ControlLogix/GuardLogix 5580 and CompactLogix/Compact GuardLogix® 5380 Controller Denial-of-Service Vulnerability via Input Validation

CVE-2024-7507 IMPACT A denial-of-service vulnerability exists in the affected products. This vulnerability occurs when a malformed PCCC message is received, causing a fault in the controller.

Action-Not Available
Vendor-Rockwell Automation, Inc.
Product-compactlogix_5480compactlogix_5380controllogix_5580_firmwarecontrollogix_5580compact_guardlogix_5380_sil_3_firmwarecompact_guardlogix_5380_sil_3compactlogix_5380_firmwarecompact_guardlogix_5380_sil_2_firmwareguardlogix_5580_firmwarecompactlogix_5480_firmwareguardlogix_5580compact_guardlogix_5380_sil_2CompactLogix 5380 (5069 – L3z)CompactLogix 5480 (5069-L4)Compact GuardLogix 5380 (5069- L3zS2)GuardLogix 5580 (1756-L8z)ControlLogix® 5580 (1756 –L8z)controllogix_5580_firmwarecompactlogix_5480_firmwareguardlogix_5580_firmwarecontrollogix_5380_firmwarecompact_guardlogix_5380_firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2024-41742
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.72% / 49.46%
||
7 Day CHG~0.00%
Published-19 Jan, 2025 | 15:03
Updated-16 Jul, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM TXSeries for Multiplatforms denial of service

IBM TXSeries for Multiplatforms 10.1 is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting a slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-txseries_for_multiplatformslinux_kernelTXSeries for Multiplatforms
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-41743
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.60% / 44.63%
||
7 Day CHG~0.00%
Published-19 Jan, 2025 | 15:02
Updated-16 Jul, 2025 | 00:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM TXSeries for Multiplatforms denial of service

IBM TXSeries for Multiplatforms 10.1 could allow a remote attacker to cause a denial of service using persistent connections due to improper allocation of resources.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-txseries_for_multiplatformslinux_kernelTXSeries for Multiplatforms
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-0881
Matching Score-4
Assigner-Canonical Ltd.
ShareView Details
Matching Score-4
Assigner-Canonical Ltd.
CVSS Score-7.5||HIGH
EPSS-0.41% / 32.84%
||
7 Day CHG+0.03%
Published-31 Mar, 2025 | 13:28
Updated-26 Aug, 2025 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DDoS in Ubuntu package linux-bluefield

Running DDoS on tcp port 22 will trigger a kernel crash. This issue is introduced by the backport of a commit regarding nft_lookup without the subsequent fixes that were introduced after this commit. The resolution of this CVE introduces those commits to the linux-bluefield package.

Action-Not Available
Vendor-UbuntuCanonical Ltd.
Product-linux-bluefieldUbuntu package linux-bluefield
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CWE ID-CWE-20
Improper Input Validation
CVE-2023-0026
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.65% / 46.46%
||
7 Day CHG~0.00%
Published-21 Jun, 2023 | 00:00
Updated-25 Feb, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
2023-06: Out-of-Cycle Security Bulletin: Junos OS and Junos OS Evolved: A BGP session will flap upon receipt of a specific, optional transitive attribute

An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a BGP update message is received over an established BGP session, and that message contains a specific, optional transitive attribute, this session will be torn down with an update message error. This issue cannot propagate beyond an affected system as the processing error occurs as soon as the update is received. This issue is exploitable remotely as the respective attribute can propagate through unaffected systems and intermediate AS (if any). Continuous receipt of a BGP update containing this attribute will create a sustained Denial of Service (DoS) condition. Some customers have experienced these BGP session flaps which prompted Juniper SIRT to release this advisory out of cycle before fixed releases are widely available as there is an effective workaround. This issue affects: Juniper Networks Junos OS 15.1R1 and later versions prior to 20.4R3-S8; 21.1 version 21.1R1 and later versions prior to 21.2R3-S6; 21.3 versions prior to 21.3R3-S5; 21.4 versions prior to 21.4R3-S4; 22.1 versions prior to 22.1R3-S4; 22.2 versions prior to 22.2R3-S2; 22.3 versions prior to 22.3R2-S2, 22.3R3-S1; 22.4 versions prior to 22.4R2-S1, 22.4R3; 23.1 versions prior to 23.1R1-S1, 23.1R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S8-EVO; 21.1 version 21.1R1-EVO and later versions prior to 21.2R3-S6-EVO; 21.3 versions prior to 21.3R3-S5-EVO; 21.4 versions prior to 21.4R3-S4-EVO; 22.1 versions prior to 22.1R3-S4-EVO; 22.2 versions prior to 22.2R3-S2-EVO; 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO; 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO; 23.1 versions prior to 23.1R1-S1-EVO, 23.1R2-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OSJunos OS Evolved
CWE ID-CWE-20
Improper Input Validation
CVE-2023-0434
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.4||MEDIUM
EPSS-0.82% / 52.65%
||
7 Day CHG~0.00%
Published-22 Jan, 2023 | 00:00
Updated-02 Apr, 2025 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in pyload/pyload

Improper Input Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev40.

Action-Not Available
Vendor-pyloadpyload
Product-pyloadpyload/pyload
CWE ID-CWE-20
Improper Input Validation
CVE-2023-0359
Matching Score-4
Assigner-Zephyr Project
ShareView Details
Matching Score-4
Assigner-Zephyr Project
CVSS Score-5.9||MEDIUM
EPSS-0.73% / 49.67%
||
7 Day CHG~0.00%
Published-10 Jul, 2023 | 04:21
Updated-12 Nov, 2024 | 14:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ipv6: Missing ipv6 nullptr-check in handle_ra_input

A missing nullptr-check in handle_ra_input can cause a nullptr-deref.

Action-Not Available
Vendor-Zephyr Project
Product-zephyrZephyr
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-11468
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.19% / 86.55%
||
7 Day CHG~0.00%
Published-20 Jul, 2017 | 23:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint.

Action-Not Available
Vendor-n/aDocker, Inc.Red Hat, Inc.
Product-docker_registryenterprise_linux_servern/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-0121
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.24% / 65.64%
||
7 Day CHG~0.00%
Published-07 Jun, 2023 | 00:00
Updated-07 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Allocation of Resources Without Limits or Throttling in GitLab

A denial of service issue was discovered in GitLab CE/EE affecting all versions starting from 13.2.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2 which allows an attacker to cause high resource consumption using malicious test report artifacts.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-0383
Matching Score-4
Assigner-M-Files Corporation
ShareView Details
Matching Score-4
Assigner-M-Files Corporation
CVSS Score-7.5||HIGH
EPSS-0.85% / 53.76%
||
7 Day CHG~0.00%
Published-20 Apr, 2023 | 08:00
Updated-23 Feb, 2026 | 09:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uncontrolled Resource Consuption in M-Files Server

User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption.

Action-Not Available
Vendor-M-Files Oy
Product-m-files_serverM-Files Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2022-50695
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.74% / 50.14%
||
7 Day CHG~0.00%
Published-30 Dec, 2025 | 22:41
Updated-18 Feb, 2026 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x ICMP Flood Attack via Network Commands

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains a network vulnerability that allows unauthenticated attackers to send ICMP signals to arbitrary hosts through network command scripts. Attackers can abuse ping.php, traceroute.php, and dns.php to generate network flooding attacks targeting external hosts.

Action-Not Available
Vendor-sound4SOUND4 Ltd.Kantar Media
Product-pulsebig_voice4_firmwarefirstpulse_firmwarewm2pulse_eco_firmwareimpact_ecoimpact_eco_firmwarebig_voice4stream_extensionwm2_firmwarefirst_firmwareimpactbig_voice2impact_firmwarepulse_ecobig_voice2_firmwareImpact/Pulse/FirstImpact/Pulse EcoBigVoice4BigVoice2StreamWM2
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-39949
Matching Score-4
Assigner-Dahua Technologies
ShareView Details
Matching Score-4
Assigner-Dahua Technologies
CVSS Score-7.5||HIGH
EPSS-0.56% / 42.53%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 03:42
Updated-30 Sep, 2025 | 11:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.

Action-Not Available
Vendor-Dahua Technology Co., Ltd
Product-nvr4432-16p-4ks2\/i_firmwarenvr4208-8p-4ks3nvr4208-8p-4ks2\/l_firmwarenvr4232-4ks2\/l_firmwarenvr4108-4ks3nvr4108-4ks2\/lnvr4204-p-4ks2\/l_firmwarenvr4108hs-4ks3_firmwarenvr4232-4ks3nvr4232-16p-4ks3_firmwarenvr4232-16p-4ks3nvr4104-4ks3_firmwarenvr4816-16p-4ks2\/i_firmwarenvr4108-4ks2\/l_firmwarenvr4108-8p-4ks2\/l_firmwarenvr4104hs-p-4ks3nvr4216-4ks2\/lnvr4116hs-8p-4ks3_firmwarenvr4416-4ks2\/invr4816-16p-4ks2\/invr4104hs-4ks2\/l_firmwarenvr4108-8p-4ks3_firmwarenvr4204-p-4ks2\/lnvr4104hs-p-4ks3\(960g\)nvr4416-4ks2\/i_firmwarenvr4104-4ks3nvr4832-4ks2\/i_firmwarenvr4104-p-4ks3nvr4232-16p-4ks2\/lnvr4108-p-4ks3nvr4108-4ks3_firmwarenvr4108hs-4ks2\/lnvr4204-4ks3_firmwarenvr4204-4ks2\/lnvr4108hs-4ks2\/l_firmwarenvr4232-16p-4ks2\/l_firmwarenvr4108hs-8p-4ks3_firmwarenvr4832-16p-4ks2\/i_firmwarenvr4216-16p-4ks3_firmwarenvr4116hs-8p-4ks2\/lnvr4108hs-p-4ks2\/lnvr4104-p-4ks2\/lnvr4104hs-p-4ks3_firmwarenvr4104-p-4ks3_firmwarenvr4432-4ks2\/invr4208-4ks3nvr4208-4ks2\/l_firmwarenvr4208-8p-4ks3_firmwarenvr4104-4ks2\/l_firmwarenvr4204-p-4ks3_firmwarenvr4204-p-4ks3nvr4108hs-8p-4ks2\/lnvr4116-4ks3nvr4104hs-4ks2\/lnvr4108hs-4ks3\(960g\)nvr4104-p-4ks3\(960g\)nvr4216-4ks3nvr4104hs-4ks3\(960g\)_firmwarenvr4432-16p-4ks2\/invr4216-4ks3_firmwarenvr4232-4ks2\/lnvr4816-4ks2\/i_firmwarenvr4108hs-p-4ks3nvr4208-4ks2\/lnvr4116hs-4ks3nvr4816-4ks2\/invr4108-8p-4ks3nvr4108-p-4ks2\/l_firmwarenvr4216-16p-4ks2\/lnvr4416-16p-4ks2\/i_firmwarenvr4108hs-4ks3nvr4116-4ks2\/l_firmwarenvr4204-4ks2\/l_firmwarenvr4104hs-4ks3nvr4116hs-8p-4ks3nvr4104hs-p-4ks3\(960g\)_firmwarenvr4108hs-4ks3\(960g\)_firmwarenvr4108-p-4ks2\/lnvr4104-4ks2\/lnvr4116-8p-4ks3_firmwarenvr4208-8p-4ks2\/lnvr4116hs-4ks2\/lnvr4216-16p-4ks3nvr4116-8p-4ks3nvr4432-4ks2\/i_firmwarenvr4208-4ks3_firmwarenvr4832-16p-4ks2\/invr4108hs-8p-4ks3nvr4108hs-p-4ks2\/l_firmwarenvr4104-p-4ks3\(960g\)_firmwarenvr4104hs-4ks3\(960g\)nvr4104hs-p-4ks2\/lnvr4216-4ks2\/l_firmwarenvr4116-4ks2\/lnvr4116-8p-4ks2\/lnvr4108-8p-4ks2\/lnvr4116hs-8p-4ks2\/l_firmwarenvr4216-16p-4ks2\/l_firmwarenvr4232-4ks3_firmwarenvr4116hs-4ks3_firmwarenvr4104-p-4ks2\/l_firmwarenvr4108hs-8p-4ks2\/l_firmwarenvr4116-4ks3_firmwarenvr4116hs-4ks2\/l_firmwarenvr4108hs-p-4ks3_firmwarenvr4832-4ks2\/invr4116-8p-4ks2\/l_firmwarenvr4104hs-p-4ks2\/l_firmwarenvr4416-16p-4ks2\/invr4104hs-4ks3_firmwarenvr4204-4ks3nvr4108-p-4ks3_firmwareNVR4XXXnvr4xxx_firmware
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-617
Reachable Assertion
CVE-2022-50799
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-7.1||HIGH
EPSS-0.36% / 27.80%
||
7 Day CHG~0.00%
Published-30 Dec, 2025 | 22:41
Updated-02 Jan, 2026 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fetch Softworks Fetch FTP Client 5.8.2 Remote CPU Consumption Denial of Service

Fetch FTP Client 5.8.2 contains a denial of service vulnerability that allows attackers to trigger 100% CPU consumption by sending long server responses. Attackers can send specially crafted FTP server responses exceeding 2K bytes to cause excessive resource utilization and potentially crash the application.

Action-Not Available
Vendor-Fetch Softworks
Product-Fetch Softworks Fetch FTP Client
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-39944
Matching Score-4
Assigner-Dahua Technologies
ShareView Details
Matching Score-4
Assigner-Dahua Technologies
CVSS Score-7.5||HIGH
EPSS-0.56% / 42.53%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 03:13
Updated-30 Sep, 2025 | 11:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been found in Dahua products.Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.

Action-Not Available
Vendor-Dahua Technology Co., Ltd
Product-nvr4432-16p-4ks2\/i_firmwarenvr4208-8p-4ks3nvr4208-8p-4ks2\/l_firmwarenvr4232-4ks2\/l_firmwarenvr4108-4ks3nvr4108-4ks2\/lnvr4204-p-4ks2\/l_firmwarenvr4108hs-4ks3_firmwarenvr4232-4ks3nvr4232-16p-4ks3_firmwarenvr4232-16p-4ks3nvr4104-4ks3_firmwarenvr4816-16p-4ks2\/i_firmwarenvr4108-4ks2\/l_firmwarenvr4108-8p-4ks2\/l_firmwarenvr4104hs-p-4ks3nvr4216-4ks2\/lnvr4116hs-8p-4ks3_firmwarenvr4416-4ks2\/invr4816-16p-4ks2\/invr4104hs-4ks2\/l_firmwarenvr4108-8p-4ks3_firmwarenvr4204-p-4ks2\/lnvr4104hs-p-4ks3\(960g\)nvr4416-4ks2\/i_firmwarenvr4104-4ks3nvr4832-4ks2\/i_firmwarenvr4104-p-4ks3nvr4232-16p-4ks2\/lnvr4108-p-4ks3ipc-hfs8449g-z7-lednvr4108-4ks3_firmwarenvr4108hs-4ks2\/lnvr4204-4ks3_firmwarenvr4204-4ks2\/lnvr4108hs-4ks2\/l_firmwarenvr4232-16p-4ks2\/l_firmwarenvr4108hs-8p-4ks3_firmwarenvr4832-16p-4ks2\/i_firmwarenvr4216-16p-4ks3_firmwarenvr4116hs-8p-4ks2\/lnvr4108hs-p-4ks2\/lnvr4104-p-4ks2\/lnvr4104hs-p-4ks3_firmwarenvr4104-p-4ks3_firmwarenvr4432-4ks2\/invr4208-4ks3nvr4208-4ks2\/l_firmwarenvr4208-8p-4ks3_firmwarenvr4104-4ks2\/l_firmwarenvr4204-p-4ks3_firmwarenvr4204-p-4ks3nvr4108hs-8p-4ks2\/lnvr4116-4ks3nvr4104hs-4ks2\/lnvr4108hs-4ks3\(960g\)nvr4104-p-4ks3\(960g\)nvr4216-4ks3nvr4104hs-4ks3\(960g\)_firmwarenvr4432-16p-4ks2\/invr4216-4ks3_firmwarenvr4232-4ks2\/lnvr4816-4ks2\/i_firmwarenvr4108hs-p-4ks3nvr4208-4ks2\/lnvr4116hs-4ks3ipc-hfs8849g-z3-led_firmwarenvr4816-4ks2\/invr4108-8p-4ks3nvr4108-p-4ks2\/l_firmwarenvr4216-16p-4ks2\/lnvr4416-16p-4ks2\/i_firmwarenvr4108hs-4ks3nvr4116-4ks2\/l_firmwarenvr4204-4ks2\/l_firmwarenvr4104hs-4ks3nvr4116hs-8p-4ks3nvr4104hs-p-4ks3\(960g\)_firmwarenvr4108hs-4ks3\(960g\)_firmwarenvr4108-p-4ks2\/lnvr4104-4ks2\/lnvr4116-8p-4ks3_firmwarenvr4208-8p-4ks2\/lnvr4116hs-4ks2\/lnvr4216-16p-4ks3nvr4116-8p-4ks3nvr4432-4ks2\/i_firmwarenvr4208-4ks3_firmwarenvr4832-16p-4ks2\/invr4108hs-8p-4ks3nvr4108hs-p-4ks2\/l_firmwarenvr4104-p-4ks3\(960g\)_firmwarenvr4104hs-4ks3\(960g\)nvr4104hs-p-4ks2\/lipc-hfs8449g-z7-led_firmwarenvr4216-4ks2\/l_firmwarenvr4116-4ks2\/lnvr4116-8p-4ks2\/lnvr4108-8p-4ks2\/lnvr4116hs-8p-4ks2\/l_firmwarenvr4216-16p-4ks2\/l_firmwarenvr4232-4ks3_firmwarenvr4116hs-4ks3_firmwarenvr4104-p-4ks2\/l_firmwareipc-hfs8849g-z3-lednvr4108hs-8p-4ks2\/l_firmwarenvr4116-4ks3_firmwarenvr4116hs-4ks2\/l_firmwarenvr4108hs-p-4ks3_firmwarenvr4832-4ks2\/invr4116-8p-4ks2\/l_firmwarenvr4104hs-p-4ks2\/l_firmwarenvr4416-16p-4ks2\/invr4104hs-4ks3_firmwarenvr4204-4ks3nvr4108-p-4ks3_firmwareIPC-HX8XXX and NVR4XXXipc-hfw8xxxnvr4832-iipc-hf8xxx_firmware
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2020-28400
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-1.86% / 76.62%
||
7 Day CHG~0.00%
Published-13 Jul, 2021 | 11:02
Updated-14 Apr, 2026 | 08:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial of service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device.

Action-Not Available
Vendor-Siemens AG
Product-scalance_xf206-1_firmwarescalance_x201-3p_irtscalance_xr324-4m_eecruggedcom_rm1224_firmwarescalance_x206-1scalance_x320-1fe_firmwareek-ertec_200_evaulation_kit_firmwarescalance_xp-200scalance_xr324-4m_eec_firmwarescalance_xf-200bascalance_x208simatic_mv500softnet-ie_pnioscalance_x204-2_scalance_x206-1_firmwarescalance_s615_firmwarescalance_x204_irtscalance_m-800_firmwarescalance_x308-2lh\+_firmwarescalance_x308-2ld_firmwarescalance_xc-200_firmwarescalance_xf204-2ba_irtscalance_xr324-12m_tssimatic_profinet_driver_firmwarescalance_xf208_firmwarescalance_xr-300wg_firmwarescalance_x306-1ldfescalance_x202-2p_irt_proscalance_x304-2fescalance_x204-2fm_firmwarescalance_x204-2tssimatic_mv500_firmwarescalance_xr324-4m_poe_ts_firmwarescalance_xf204scalance_x200-4_p_irtscalance_x308-2lh\+scalance_xm400scalance_x307-3_firmwarescalance_xf204_irtscalance_xf-200ba_firmwarescalance_x201-3p_irt_firmwarescalance_x202-2p_irt_pro_firmwarescalance_x310fe_firmwarescalance_xf204-2ba_irt_firmwarescalance_x308-2ldscalance_w700simocode_prov_ethernet\/ipsimatic_net_cp1604_firmwarescalance_x308-2scalance_xr324-12m_ts_firmwareruggedcom_rm1224scalance_x204-2ld_tsscalance_s615scalance_x224simatic_net_cm_1542-1scalance_x302-7eec_firmwarescalance_x212-2ld_firmwarescalance_x204_irt_firmwarescalance_x200-4_p_irt_firmwarescalance_x308-2m_tsscalance_xr324-4m_poeek-ertec_200p_evaluation_kitsimocode_prov_profinetscalance_w700_firmwarescalance_x307-3ldscalance_x204_irt_pro_firmwareek-ertec_200_evaulation_kitscalance_w1700_firmwarescalance_xf201-3p_irt_firmwarescalance_xb-200_firmwaresimatic_net_cp1616_firmwarescalance_xc-200scalance_xr324-4m_poe_tssimatic_net_cp1616scalance_m-800scalance_x201-3p_irt_pro_firmwaresimatic_cfu_pa_firmwarescalance_x208pro_firmwarescalance_xr324-12mscalance_x212-2ldsimatic_s7-1200scalance_x310fesimatic_cfu_pasimocode_prov_profinet_firmwarescalance_xr-300wgscalance_x201-3p_irt_prosimatic_power_line_booster_plbscalance_x308-2_firmwarescalance_x204-2fmscalance_xm400_firmwaresimatic_power_line_booster_plb_firmwaresimocode_prov_ethernet\/ip_firmwarescalance_x306-1ldfe_firmwarescalance_x320-3ldfe_firmwarescalance_x307-3ld_firmwarescalance_x308-2lhscalance_x310simatic_net_cm_1542-1_firmwarescalance_x308-2m_poe_firmwarescalance_x308-2m_poescalance_x202-2_irtscalance_xf204_firmwarescalance_x308-2m_firmwarescalance_x204-2ld_firmwarescalance_x212-2_firmwarescalance_x204_irt_proscalance_xf204-2_firmwarescalance_xf202-2p_irtscalance_x308-2mscalance_xr500_firmwarescalance_x202-2_irt_firmwarescalance_x206-1ldscalance_w1700scalance_xf204_irt_firmwarescalance_x308-2m_ts_firmwarescalance_xf201-3p_irtscalance_x204-2ldscalance_xf208simatic_net_dk-16xx_pn_ioscalance_xr324-4m_poe_firmwarescalance_x204-2ld_ts_firmwarescalance_x307-2eecscalance_x304-2fe_firmwaredk_standard_ethernet_controller_evaluation_kitsimatic_profinet_driverdk_standard_ethernet_controller_evaluation_kit_firmwarescalance_x307-2eec_firmwarescalance_x308-2lh_firmwarescalance_x320-3ldfeek-ertec_200p_evaluation_kit_firmwarescalance_x204-2_firmwarescalance_xf206-1scalance_xr324-12m_firmwaresimatic_s7-1200_firmwarescalance_x310_firmwarescalance_x206-1ld_firmwarescalance_xp-200_firmwarescalance_x212-2simatic_net_cp1626_firmwarescalance_x204-2ts_firmwarescalance_x208proscalance_x320-1fescalance_x216_firmwarescalance_xb-200scalance_xf202-2p_irt_firmwaresoftnet-ie_pnio_firmwarescalance_x208_firmwarescalance_xr500simatic_ie\/pb-link_v3simatic_ie\/pb-link_v3_firmwarescalance_x307-3simatic_net_cp1626scalance_x216simatic_net_cp1604scalance_xf204-2_scalance_x224_firmwarescalance_x302-7eecSCALANCE X302-7 EEC (230V)SCALANCE W1748-1 M12SCALANCE MUM853-1 (A1)SCALANCE X310FESCALANCE W734-1 RJ45 (USA)SIMATIC MV540 SSCALANCE XR524-8C, 24VSCALANCE XR324-12M TS (24V)SIPLUS S7-1200 CPU 1215C AC/DC/RLYSIMATIC S7-1200 CPU 1215C DC/DC/RlySCALANCE XR328-4C WG (28xGE, DC 24V)SCALANCE XC206-2G PoE (54 V DC)SCALANCE XR324-4M EEC (24V, ports on front)SIPLUS NET SCALANCE XC206-2SCALANCE XP216EECSCALANCE XC216EECSCALANCE X208PROSCALANCE XR324WG (24 x FE, AC 230V)SCALANCE XR552-12M (2HR2, L3 int.)SIMATIC S7-1200 CPU 1211C DC/DC/DCSCALANCE XR328-4C WG (24XFE, 4XGE, 24V)SCALANCE W786-1 RJ45SCALANCE S615 LAN-RouterSCALANCE X302-7 EEC (2x 230V, coated)SIMATIC CM 1542-1SCALANCE XP216SCALANCE XR324-4M EEC (2x 24V, ports on front)SIMATIC MV550 SSCALANCE XP216POE EECSCALANCE X306-1LD FESCALANCE X307-2 EEC (24V)SCALANCE X201-3P IRTSCALANCE W761-1 RJ45SCALANCE W722-1 RJ45SCALANCE X202-2P IRT PROSCALANCE XR526-8C, 24V (L3 int.)SCALANCE XR328-4C WG (24xFE,4xGE,AC230V)SCALANCE XR528-6M (2HR2)SCALANCE XC224SCALANCE XM408-4C (L3 int.)SIPLUS NET SCALANCE XC208SCALANCE M812-1 ADSL-RouterSCALANCE XC206-2G PoESCALANCE XR324-4M EEC (2x 24V, ports on rear)SCALANCE XC208G PoE (54 V DC)SCALANCE W786-2IA RJ45SCALANCE X307-2 EEC (2x 230V)SCALANCE X308-2M PoESCALANCE XR324-4M PoE (230V, ports on rear)SCALANCE XB213-3 (SC, E/IP)SCALANCE XR526-8C, 24VSCALANCE X200-4P IRTSIMATIC IE/PB-LINKSIMATIC S7-1200 CPU 1212C DC/DC/RlySCALANCE XB208 (E/IP)SIPLUS S7-1200 CPU 1214 AC/DC/RLYSCALANCE XP216 (Ethernet/IP)SCALANCE XB205-3 (ST, E/IP)SCALANCE MUM853-1 (EU)SCALANCE X212-2SIPLUS S7-1200 CPU 1215FC DC/DC/DCSCALANCE XF204-2BASCALANCE XR326-2C PoE WGSCALANCE X308-2LDSCALANCE W774-1 RJ45 (USA)SCALANCE XC216-3G PoE (54 V DC)SCALANCE XR526-8C, 2x230VSIMATIC PROFINET DriverSCALANCE XC206-2SFP G (EIP DEF.)SCALANCE XR526-8C, 1x230VSCALANCE MUM856-1 (A1)SCALANCE XR524-8C, 24V (L3 int.)SCALANCE X408-2SCALANCE M874-3SCALANCE XM408-8CSCALANCE X302-7 EEC (24V, coated)SCALANCE M876-4 (NAM)SCALANCE X202-2IRTSCALANCE X212-2LDSIMATIC S7-1200 CPU 1214C DC/DC/RlySCALANCE W774-1 RJ45SCALANCE XC206-2SFP EECSCALANCE X206-1LDSCALANCE XC216-3G PoESCALANCE XR528-6M (2HR2, L3 int.)SCALANCE XR324-4M PoE (24V, ports on rear)SCALANCE X206-1SCALANCE XC216-4C G EECSCALANCE XC216-4C GSCALANCE XB213-3LD (SC, E/IP)SCALANCE W788-2 RJ45SCALANCE XR524-8C, 1x230VSCALANCE XF204-2SCALANCE MUM856-1 (EU)SCALANCE X308-2MSCALANCE XC206-2SFP G EECSCALANCE W734-1 RJ45SCALANCE W748-1 M12SIMATIC S7-1200 CPU 1215C DC/DC/DCSCALANCE XF204-2BA DNASCALANCE XR324-4M EEC (24V, ports on rear)SCALANCE XR526-8C, 2x230V (L3 int.)SIMATIC S7-1200 CPU 1214C DC/DC/DCSCALANCE X320-1 FESCALANCE X307-2 EEC (230V, coated)SCALANCE X307-2 EEC (2x 230V, coated)SIPLUS S7-1200 CPU 1214C AC/DC/RLYSCALANCE XF202-2P IRTSCALANCE XR528-6MSIMATIC Power Line Booster PLB, Base ModuleSIPLUS SIMOCODE pro V basic unit 2SIMATIC S7-1200 CPU 1211C AC/DC/RlySCALANCE W788-1 RJ45SCALANCE X307-2 EEC (2x 24V, coated)SCALANCE XP208 (Ethernet/IP)SCALANCE XB205-3 (ST, PN)SIMATIC S7-1200 CPU 1212C AC/DC/RlySCALANCE XB216 (E/IP)SIMOCODE pro V EIP 24V DCSCALANCE X302-7 EEC (230V, coated)SCALANCE XC208G PoESCALANCE XR524-8C, 2x230V (L3 int.)SIPLUS S7-1200 CPU 1214FC DC/DC/RLYSCALANCE W788-1 M12SCALANCE XC206-2G PoE EEC (54 V DC)SIMATIC S7-1200 CPU 1212C DC/DC/DCSIMATIC CFU PASCALANCE XM408-8C (L3 int.)SCALANCE XM416-4C (L3 int.)SCALANCE XB216 (PN)SCALANCE XC216SCALANCE XF204Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet ControllerSIPLUS NET SCALANCE XC216-4CSCALANCE XB205-3LD (SC, PN)SIPLUS NET SCALANCE X308-2SIMATIC S7-1200 CPU 1212FC DC/DC/RlySCALANCE W778-1 M12SCALANCE XB213-3 (ST, PN)SCALANCE XC208EECSCALANCE X304-2FESIMATIC CFU DIQSCALANCE XC208G EECRUGGEDCOM RM1224 LTE(4G) NAMSCALANCE XR328-4C WG (28xGE, AC 230V)SCALANCE X224SCALANCE X308-2SCALANCE X204IRTSCALANCE X204-2LD TSSCALANCE X204-2FMSCALANCE M876-4 (EU)SCALANCE XC224-4C G (EIP Def.)SCALANCE XC206-2SFP GSCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)SCALANCE X302-7 EEC (2x 24V)SCALANCE XC206-2 (SC)SCALANCE XB205-3 (SC, PN)SCALANCE MUM856-1 (B1)SCALANCE X307-3SCALANCE XC216-4CSCALANCE XF201-3P IRTSIMOCODE pro V PN 110-240V AC/DCSIPLUS S7-1200 CPU 1212C AC/DC/RLYSCALANCE XF206-1SCALANCE XR324-12M (230V, ports on rear)SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)SOFTNET-IE PNIOSCALANCE X201-3P IRT PROSCALANCE X308-2LHSCALANCE XB213-3 (ST, E/IP)SCALANCE XB208 (PN)SCALANCE M826-2 SHDSL-RouterSIPLUS S7-1200 CPU 1214FC DC/DC/DCSIPLUS S7-1200 CPU 1215 AC/DC/RLYSCALANCE W1788-2 M12SCALANCE XR324-4M PoE TS (24V, ports on front)SCALANCE X202-2P IRTSCALANCE W774-1 M12 EECSIMATIC S7-1200 CPU 1211C DC/DC/RlySIPLUS S7-1200 CPU 1215C DC/DC/DCSCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)SIMATIC S7-1200 CPU 1214C AC/DC/RlySIMATIC S7-1200 CPU 1212FC DC/DC/DCSCALANCE W778-1 M12 EECSCALANCE XR324-12M (230V, ports on front)SIMATIC S7-1200 CPU 1217C DC/DC/DCSCALANCE XR324-4M PoE (24V, ports on front)SIPLUS S7-1200 CPU 1212C DC/DC/DC RAILSIMATIC CP 1604SIMATIC MV540 HSCALANCE XP208SCALANCE W1788-2 EEC M12SCALANCE X307-2 EEC (2x 24V)SCALANCE XC208GSCALANCE XB213-3 (SC, PN)SIPLUS S7-1200 CPU 1214C DC/DC/RLYSIMATIC MV550 HSCALANCE XF208SCALANCE MUM853-1 (B1)SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V)SCALANCE XF204IRTSIMOCODE pro V EIP 110-240V AC/DCSCALANCE W778-1 M12 EEC (USA)SIPLUS S7-1200 CPU 1215 DC/DC/RLYSCALANCE X320-1-2LD FESCALANCE XC208SIMATIC S7-1200 CPU 1214FC DC/DC/RlySCALANCE XR552-12MSIMATIC CP 1626SCALANCE M876-3 (ROK)SIMATIC S7-1200 CPU 1214FC DC/DC/DCSIPLUS S7-1200 CPU 1212C DC/DC/DCSCALANCE X216SCALANCE XR526-8C, 1x230V (L3 int.)Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200SCALANCE XR324-12M (24V, ports on front)SCALANCE X204-2LDSCALANCE X204-2TSSCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)SCALANCE MUM856-1 (CN)SCALANCE XR528-6M (L3 int.)SCALANCE XM408-4CSIMATIC S7-1200 CPU 1215C AC/DC/RlySCALANCE M874-3 3G-Router (CN)SCALANCE S615 EEC LAN-RouterSCALANCE W786-2 SFPSCALANCE X302-7 EEC (2x 24V, coated)SIMATIC S7-1200 CPU 1215FC DC/DC/RlySCALANCE W738-1 M12SCALANCE XC208G (EIP def.)SIMATIC MV560 XSCALANCE XC224-4C G EECSCALANCE W1788-2IA M12SCALANCE X308-2LH+SCALANCE XM416-4CSCALANCE X204IRT PROSIMATIC MV560 USCALANCE XR524-8C, 2x230VSIMATIC S7-1200 CPU V4 family (incl. SIPLUS variants)SCALANCE X204-2SCALANCE XB205-3LD (SC, E/IP)SIPLUS S7-1200 CPU 1212 DC/DC/RLYSIPLUS S7-1200 CPU 1214 DC/DC/RLYSCALANCE W721-1 RJ45SCALANCE XR326-2C PoE WG (without UL)SCALANCE XR324WG (24 X FE, DC 24V)SCALANCE W748-1 RJ45SCALANCE XR524-8C, 1x230V (L3 int.)SCALANCE XR324-12M (24V, ports on rear)SIPLUS S7-1200 CPU 1214C DC/DC/DCSCALANCE XF204-2BA IRTSCALANCE M874-2SIMATIC S7-1200 CPU 1215FC DC/DC/DCSCALANCE XB213-3LD (SC, PN)SCALANCE XC224-4C GSCALANCE X302-7 EEC (2x 230V)SCALANCE XP208EECSCALANCE XF204 DNASCALANCE X307-3LDSCALANCE X310SCALANCE XR324-4M PoE (230V, ports on front)SIPLUS S7-1200 CPU 1215 DC/DC/DCSCALANCE M816-1 ADSL-RouterSCALANCE W1788-1 M12SCALANCE X208SCALANCE W786-2 RJ45RUGGEDCOM RM1224 LTE(4G) EUSIPLUS S7-1200 CPU 1212 AC/DC/RLYSCALANCE X302-7 EEC (24V)SCALANCE X308-2M TSSCALANCE XC216-4C G (EIP Def.)SCALANCE W788-2 M12SCALANCE XC206-2 (ST/BFOC)SCALANCE XP208PoE EECSIPLUS S7-1200 CPU 1214C DC/DC/DC RAILSCALANCE M804PBSCALANCE M876-3SCALANCE XR552-12M (2HR2)SCALANCE M876-4SCALANCE XC206-2SFPSIMATIC CP 1616Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200PSCALANCE W788-2 M12 EECSCALANCE X307-2 EEC (24V, coated)SCALANCE MUM856-1 (RoW)SIMATIC NET DK-16xx PN IOSIPLUS NET SCALANCE XC206-2SFPSCALANCE X307-2 EEC (230V)SIMOCODE pro V PN 24V DCdevelopment_evaluation_kits_for_profinet_io_ek_ertec_200pscalance_m816-1_adsl-router_annex_bscalence_x204_2tsscalence_m874_3scalance_m826-2_shdsl-routerscalance_m812-1_adsl-router_annex_bscalance_m816_1_adsl_router_annex_adevelopment_evaluation_kits_for_profinet_io_ek_ertec_200scalence_m874_2scalance_x200_4p_irtscalance_w1788_2ia_m12scalance_x201_3p_irt_proscalence_x204_2ldscalance_w1748_1_m12scalancce_x204_2scalance_m876_3_rokscalence_202_2p_irt_proscalance_w1788_2_eec_m12scalence_x204_2ld_tsscalance_w700_ieee_802.11n_familyscalance_m804pbscalance_s615scalance_x201_3p_irtscalance_w1788_2_m12scalance_m876_4_namscalance_m876_4_eudevelopment_evaluation_kits_for_profinet_io_dk_standard_ethernet_controllerscalance_m812-1_adsl-router_annex_ascalance_w1788_1_m12scalence_x204_2fmruggedcom_rm1224scalance_m876_3_evdoscalancce_x202_2p_irt
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2017-10868
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-3.47% / 87.64%
||
7 Day CHG~0.00%
Published-22 Dec, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header.

Action-Not Available
Vendor-denaKazuho Oku
Product-h2oH2O
CWE ID-CWE-20
Improper Input Validation
CVE-2022-47925
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.92% / 56.08%
||
7 Day CHG~0.00%
Published-27 Mar, 2023 | 13:41
Updated-03 Aug, 2024 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insufficient Input Validation in the Endpoint of the csaf-validator-service

The validate JSON endpoint of the Secvisogram csaf-validator-service in versions < 0.1.0 processes tests with unexpected names. This insufficient input validation of requests by an unauthenticated remote user might lead to a partial DoS of the service. Only the request of the attacker is affected by this vulnerability.

Action-Not Available
Vendor-csaf-validator-lib_projectSecvisogram
Product-csaf-validator-libcsaf-validator-service
CWE ID-CWE-20
Improper Input Validation
CVE-2024-39948
Matching Score-4
Assigner-Dahua Technologies
ShareView Details
Matching Score-4
Assigner-Dahua Technologies
CVSS Score-7.5||HIGH
EPSS-0.56% / 42.53%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 03:40
Updated-30 Sep, 2025 | 11:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.

Action-Not Available
Vendor-Dahua Technology Co., Ltd
Product-nvr4432-16p-4ks2\/i_firmwarenvr4208-8p-4ks3nvr4208-8p-4ks2\/l_firmwarenvr4232-4ks2\/l_firmwarenvr4108-4ks3nvr4108-4ks2\/lnvr4204-p-4ks2\/l_firmwarenvr4108hs-4ks3_firmwarenvr4232-4ks3nvr4232-16p-4ks3_firmwarenvr4232-16p-4ks3nvr4104-4ks3_firmwarenvr4816-16p-4ks2\/i_firmwarenvr4108-4ks2\/l_firmwarenvr4108-8p-4ks2\/l_firmwarenvr4104hs-p-4ks3nvr4216-4ks2\/lnvr4116hs-8p-4ks3_firmwarenvr4416-4ks2\/invr4816-16p-4ks2\/invr4104hs-4ks2\/l_firmwarenvr4108-8p-4ks3_firmwarenvr4204-p-4ks2\/lnvr4104hs-p-4ks3\(960g\)nvr4416-4ks2\/i_firmwarenvr4104-4ks3nvr4832-4ks2\/i_firmwarenvr4104-p-4ks3nvr4232-16p-4ks2\/lnvr4108-p-4ks3nvr4108-4ks3_firmwarenvr4108hs-4ks2\/lnvr4204-4ks3_firmwarenvr4204-4ks2\/lnvr4108hs-4ks2\/l_firmwarenvr4232-16p-4ks2\/l_firmwarenvr4108hs-8p-4ks3_firmwarenvr4832-16p-4ks2\/i_firmwarenvr4216-16p-4ks3_firmwarenvr4116hs-8p-4ks2\/lnvr4108hs-p-4ks2\/lnvr4104-p-4ks2\/lnvr4104hs-p-4ks3_firmwarenvr4104-p-4ks3_firmwarenvr4432-4ks2\/invr4208-4ks3nvr4208-4ks2\/l_firmwarenvr4208-8p-4ks3_firmwarenvr4104-4ks2\/l_firmwarenvr4204-p-4ks3_firmwarenvr4204-p-4ks3nvr4108hs-8p-4ks2\/lnvr4116-4ks3nvr4104hs-4ks2\/lnvr4108hs-4ks3\(960g\)nvr4104-p-4ks3\(960g\)nvr4216-4ks3nvr4104hs-4ks3\(960g\)_firmwarenvr4432-16p-4ks2\/invr4216-4ks3_firmwarenvr4232-4ks2\/lnvr4816-4ks2\/i_firmwarenvr4108hs-p-4ks3nvr4208-4ks2\/lnvr4116hs-4ks3nvr4816-4ks2\/invr4108-8p-4ks3nvr4108-p-4ks2\/l_firmwarenvr4216-16p-4ks2\/lnvr4416-16p-4ks2\/i_firmwarenvr4108hs-4ks3nvr4116-4ks2\/l_firmwarenvr4204-4ks2\/l_firmwarenvr4104hs-4ks3nvr4116hs-8p-4ks3nvr4104hs-p-4ks3\(960g\)_firmwarenvr4108hs-4ks3\(960g\)_firmwarenvr4108-p-4ks2\/lnvr4104-4ks2\/lnvr4116-8p-4ks3_firmwarenvr4208-8p-4ks2\/lnvr4116hs-4ks2\/lnvr4216-16p-4ks3nvr4116-8p-4ks3nvr4432-4ks2\/i_firmwarenvr4208-4ks3_firmwarenvr4832-16p-4ks2\/invr4108hs-8p-4ks3nvr4108hs-p-4ks2\/l_firmwarenvr4104-p-4ks3\(960g\)_firmwarenvr4104hs-4ks3\(960g\)nvr4104hs-p-4ks2\/lnvr4216-4ks2\/l_firmwarenvr4116-4ks2\/lnvr4116-8p-4ks2\/lnvr4108-8p-4ks2\/lnvr4116hs-8p-4ks2\/l_firmwarenvr4216-16p-4ks2\/l_firmwarenvr4232-4ks3_firmwarenvr4116hs-4ks3_firmwarenvr4104-p-4ks2\/l_firmwarenvr4108hs-8p-4ks2\/l_firmwarenvr4116-4ks3_firmwarenvr4116hs-4ks2\/l_firmwarenvr4108hs-p-4ks3_firmwarenvr4832-4ks2\/invr4116-8p-4ks2\/l_firmwarenvr4104hs-p-4ks2\/l_firmwarenvr4416-16p-4ks2\/invr4104hs-4ks3_firmwarenvr4204-4ks3nvr4108-p-4ks3_firmwareNVR4XXXnvr4832-i
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2022-48498
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.43% / 34.85%
||
7 Day CHG~0.00%
Published-19 Jun, 2023 | 00:00
Updated-12 Dec, 2024 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiEMUI
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-4027
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.57% / 43.23%
||
7 Day CHG+0.14%
Published-30 Jan, 2026 | 14:25
Updated-30 Jun, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Undertow: outofmemoryerror in httpservletrequestimpl.getparameternames() can cause remote dos attacks

A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames() can cause an OutOfMemoryError when the client sends a request with large parameter names. This issue can be exploited by an unauthorized user to cause a remote denial-of-service (DoS) attack.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat build of Apache Camel for Spring Boot 3Red Hat build of Apache Camel - HawtIO 4Red Hat build of Apicurio Registry 2Red Hat build of QuarkusRed Hat JBoss Data Grid 7Red Hat Data Grid 8Red Hat JBoss Enterprise Application Platform 7Red Hat Integration Camel K 1Red Hat build of Apache Camel for Spring Boot 4Red Hat Fuse 7Red Hat build of OptaPlanner 8Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat Single Sign-On 7Red Hat build of Apache Camel 4 for Quarkus 3Red Hat Build of KeycloakRed Hat JBoss Fuse Service Works 6streams for Apache KafkaRed Hat Process Automation 7Red Hat JBoss Enterprise Application Platform 8OpenShift ServerlessRed Hat build of Apache Camel for Spring Boot 3Red Hat build of Apache Camel - HawtIO 4Red Hat build of Apicurio Registry 2Red Hat build of QuarkusRed Hat JBoss Data Grid 7Red Hat Data Grid 8Red Hat JBoss Enterprise Application Platform 7Red Hat Integration Camel K 1Red Hat build of Apache Camel for Spring Boot 4OpenShift ServerlessRed Hat Fuse 7Red Hat build of OptaPlanner 8Red Hat Single Sign-On 7Red Hat build of Apache Camel 4 for Quarkus 3Red Hat Build of KeycloakRed Hat JBoss Fuse Service Works 6streams for Apache KafkaRed Hat Process Automation 7Red Hat JBoss Enterprise Application Platform 8Red Hat JBoss Enterprise Application Platform Expansion Pack
CWE ID-CWE-20
Improper Input Validation
CVE-2022-48356
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.47% / 37.61%
||
7 Day CHG~0.00%
Published-27 Mar, 2023 | 00:00
Updated-19 Feb, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The facial recognition module has a vulnerability in input parameter verification. Successful exploitation of this vulnerability may cause failed facial recognition.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-20
Improper Input Validation
CVE-2024-37917
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.47% / 37.20%
||
7 Day CHG+0.03%
Published-02 Apr, 2025 | 00:00
Updated-18 Jun, 2025 | 13:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pexip Infinity before 35.0 has improper input validation that allows remote attackers to trigger a denial of service (software abort) via a crafted signalling message.

Action-Not Available
Vendor-pexipn/a
Product-pexip_infinityn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-1060
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-5.10% / 91.34%
||
7 Day CHG~0.00%
Published-18 Jun, 2018 | 14:00
Updated-05 Aug, 2024 | 03:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.

Action-Not Available
Vendor-[UNKNOWN]Red Hat, Inc.Python Software FoundationDebian GNU/LinuxCanonical Ltd.Fedora Project
Product-enterprise_linux_serverubuntu_linuxdebian_linuxenterprise_linux_workstationfedoraenterprise_linux_desktoppythonansible_towerpython
CWE ID-CWE-20
Improper Input Validation
CVE-2018-10790
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.53% / 71.65%
||
7 Day CHG~0.00%
Published-25 Aug, 2021 | 13:54
Updated-05 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The AP4_CttsAtom class in Core/Ap4CttsAtom.cpp in Bento4 1.5.1.0 allows remote attackers to cause a denial of service (application crash), related to a memory allocation failure, as demonstrated by mp2aac.

Action-Not Available
Vendor-n/aAxiomatic Systems, LLC
Product-bento4n/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2022-47391
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-1.87% / 76.82%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 09:59
Updated-17 Jul, 2025 | 13:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS: Multiple products prone to Improper Input Validation

In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of service.

Action-Not Available
Vendor-CODESYS GmbH
Product-control_for_plcnext_slcontrol_for_beaglebone_slcontrol_win_\(sl\)control_for_pfc200_slsafety_sil2_pspcontrol_for_empc-a\/imx6_slhmi_\(sl\)control_for_wago_touch_panels_600_slsafety_sil2_runtime_toolkitcontrol_rte_\(sl\)control_for_raspberry_pi_sldevelopment_system_v3control_for_linux_slcontrol_for_iot2000_slcontrol_runtime_system_toolkitcontrol_for_pfc100_slcontrol_rte_\(for_beckhoff_cx\)_slCODESYS Control RTE (for Beckhoff CX) SLCODESYS Edge Gateway for WindowsCODESYS Development System V3CODESYS Safety SIL2 PSPCODESYS Control RTE (SL)CODESYS Safety SIL2 Runtime ToolkitCODESYS Control for PLCnext SLCODESYS Control for WAGO Touch Panels 600 SLCODESYS GatewayCODESYS Edge Gateway for LinuxCODESYS Control for BeagleBone SLCODESYS Control for PFC100 SLCODESYS Control for Raspberry Pi SLCODESYS Control for emPC-A/iMX6 SLCODESYS HMI (SL)CODESYS Control for PFC200 SLCODESYS Control Runtime System ToolkitCODESYS Control Win (SL)CODESYS Control for IOT2000 SLCODESYS Control for Linux SL
CWE ID-CWE-20
Improper Input Validation
CVE-2024-38535
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-1.17% / 63.67%
||
7 Day CHG~0.00%
Published-11 Jul, 2024 | 14:50
Updated-02 Aug, 2024 | 04:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Suricata http2: oom from duplicate headers

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6.

Action-Not Available
Vendor-oisfOISFoisf
Product-suricatasuricatasuricata
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-38534
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.87% / 54.36%
||
7 Day CHG~0.00%
Published-11 Jul, 2024 | 14:47
Updated-02 Aug, 2024 | 04:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Suricata modbus: txs without responses are never freed

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Crafted modbus traffic can lead to unlimited resource accumulation within a flow. Upgrade to 7.0.6. Set a limited stream.reassembly.depth to reduce the issue.

Action-Not Available
Vendor-oisfOISFoisf
Product-suricatasuricatasuricata
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 31
  • 32
  • Next
Details not found