Denial of Service

Critical null pointer dereference vulnerability in RT-Thread 5.1.0's lwp_syscall.c csys_sendto function, allowing authenticated local attackers to cause denial of service and potentially achieve code execution with high integrity impact. The vulnerability requires local access and valid credentials but exploits a memory safety flaw in a core system call handler that could be leveraged for privilege escalation or system instability in embedded/IoT deployments running RT-Thread.

A flaw exists in the nbdkit "blocksize" filter that can be triggered by a specific type of client request. When a client requests block status information for a very large data range, exceeding a certain limit, it causes an internal error in the nbdkit, leading to a denial of service.

A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster

The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. Authorino allows the users with developer persona to add callbacks to be executed to HTTP endpoints once the authorization process is completed. It was found that an attacker with developer persona access can add a large number of those callbacks to be executed by Authorino and as the authentication policy is enforced by a single instance of the service, this leada to a Denial of Service in Authorino while processing the post-authorization callbacks.

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause apps crash through type confusion.

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause apps crash through type confusion.

A race condition vulnerability exists in the Linux kernel's CAN broadcast manager (BCM) module where concurrent updates to the 'currframe' counter from both user space and hrtimer interrupt context can trigger a slab-out-of-bounds read. This affects local authenticated users who can trigger the vulnerability through CAN frame sequence manipulation; a proof-of-concept has been demonstrated by Anderson Nascimento, making this a real and reproducible issue with CVSS 7.1 severity affecting confidentiality and availability.

A denial of service vulnerability in versions (CVSS 7.5). High severity vulnerability requiring prompt remediation. Vendor patch is available.

NULL pointer dereference vulnerability in QNAP File Station 5 that allows authenticated remote attackers to trigger a denial-of-service condition by causing the application to crash. While the CVSS 7.5 score reflects the severity of availability impact, the vulnerability requires valid user credentials to exploit, making it primarily a risk for organizations with compromised or malicious insider accounts. The vendor has released patches in version 5.5.6.4847 and later.

NULL pointer dereference vulnerability in QNAP File Station 5 that allows authenticated remote attackers to trigger a denial-of-service condition by crashing the application. While the CVSS score of 7.5 is elevated, the requirement for a valid user account (PR:N is misleading in vector; effective privilege requirement exists) and lack of data confidentiality/integrity impact limit real-world severity. The vulnerability affects File Station 5 versions prior to 5.5.6.4847, and the vendor has released patched versions.

NULL pointer dereference vulnerability affecting QNAP File Station 5 that allows authenticated remote attackers to trigger a denial-of-service condition by crashing the application. The vulnerability has a CVSS score of 7.5 (High) due to its network accessibility and high availability impact, though it requires valid user credentials to exploit. QNAP has released patched versions (5.5.6.4847 and later) to remediate this issue.

Denial-of-service vulnerability in QNAP File Station 5 that allows an authenticated attacker to exhaust system resources without limits or throttling, preventing legitimate users and processes from accessing the affected service. The vulnerability affects File Station 5 versions prior to 5.5.6.4847 and is remotely exploitable with no user interaction required once account access is obtained. With a CVSS score of 7.5 (High) and network-based attack vector, this represents a significant availability risk for organizations relying on File Station for network file access.

NULL pointer dereference vulnerability in QNAP File Station 5 that allows authenticated remote attackers to trigger a denial-of-service condition by crashing the application. The vulnerability affects File Station 5 versions prior to 5.5.6.4847, and while it requires valid user credentials (PR:N indicates no privileges required once authenticated), it has a CVSS score of 7.5 reflecting high availability impact. No indication of active exploitation in the wild or public POC is evident from the provided data.

CVE-2025-22484 is an unthrottled resource allocation vulnerability in Qnap File Station 5 that allows authenticated remote attackers to exhaust system resources and cause denial of service. An attacker with valid user credentials can exploit this CWE-770 weakness to prevent legitimate users and processes from accessing shared resources, affecting availability. The vulnerability has a moderate-to-high CVSS 7.1 score driven by network accessibility and high availability impact, though it requires prior authentication; the fix is available in File Station 5 version 5.5.6.4847 and later.

In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: "We are writing to report that this recent patch (141d34391abbb315d68556b7c67ad97885407547) [1] can be bypassed, and a UAF can still occur when HFSC is utilized with NETEM. The patch only checks the cl->cl_nactive field to determine whether it is the first insertion or not [2], but this field is only incremented by init_vf [3]. By using HFSC_RSC (which uses init_ed) [4], it is possible to bypass the check and insert the class twice in the eltree. Under normal conditions, this would lead to an infinite loop in hfsc_dequeue for the reasons we already explained in this report [5]. However, if TBF is added as root qdisc and it is configured with a very low rate, it can be utilized to prevent packets from being dequeued. This behavior can be exploited to perform subsequent insertions in the HFSC eltree and cause a UAF." To fix both the UAF and the infinite loop, with netem as an hfsc child, check explicitly in hfsc_enqueue whether the class is already in the eltree whenever the HFSC_RSC flag is set. [1] https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=141d34391abbb315d68556b7c67ad97885407547 [2] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L1572 [3] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L677 [4] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L1574 [5] https://lore.kernel.org/netdev/8DuRWwfqjoRDLDmBMlIfbrsZg9Gx50DHJc1ilxsEBNe2D6NMoigR_eIRIG0LOjMc3r10nUUZtArXx4oZBIdUfZQrwjcQhdinnMis_0G7VEk=@willsroot.io/T/#u

Use-after-free vulnerability in the Linux kernel's HFSC (Hierarchical Fair Service Curve) queue discipline scheduler that occurs when enqueuing packets triggers a peek operation on child qdiscs before queue accounting is updated. Local attackers with unprivileged user privileges can exploit this to cause denial of service or potentially execute code with kernel privileges. The vulnerability affects Linux kernel versions with the vulnerable HFSC implementation and has a CVSS score of 7.8 (high severity) with local attack vector requirements.

A remote code execution vulnerability in IDF (CVSS 8.3). High severity vulnerability requiring prompt remediation.

CVE-2025-41360 is an uncontrolled resource consumption vulnerability affecting IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04 that enables remote denial of service through packet flooding attacks. The vulnerability allows unauthenticated network attackers to exhaust device resources with minimal complexity, resulting in service unavailability. The high CVSS score of 8.7 reflects the critical availability impact, though exploitation requires network access and no privilege escalation is possible.

CVE-2025-48906 is an authentication bypass vulnerability in the DSoftBus module that allows unauthenticated attackers on the local network to completely compromise system confidentiality, integrity, and availability without user interaction. The vulnerability affects DSoftBus implementations across multiple platforms with a CVSS score of 8.8, indicating critical severity with high exploitability potential on adjacent networks.

Resource allocation control failure vulnerability in the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability.

IBM Verify Identity Access Digital Credentials 24.06 could allow an authenticated user to crash the service with a specially crafted POST request.

A vulnerability, which was classified as problematic, has been found in Radare2 5.9.9. Affected by this issue is the function r_cons_flush in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to use after free. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.

When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash. This issue affects Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0. This is fixed in 6.5.10, 6.8.5 and 6.9.1.

Critical buffer overflow vulnerability in PCMan FTP Server 2.0.7's SYSTEM Command Handler that allows unauthenticated remote attackers to cause denial of service and potentially execute arbitrary code with limited impact on confidentiality and integrity. The vulnerability has been publicly disclosed with exploit code available, making it actively exploitable in the wild against unpatched systems.

Critical buffer overflow vulnerability in the SET Command Handler of PCMan FTP Server 2.0.7 that allows remote attackers to cause denial of service and potentially execute arbitrary code with no authentication required. The vulnerability has been publicly disclosed with exploit code available, making it an active threat to unpatched FTP server deployments. With a CVSS score of 7.3 and low attack complexity, this vulnerability represents a significant risk to organizations running vulnerable versions.

Critical buffer overflow vulnerability in PCMan FTP Server 2.0.7 affecting the PLS Command Handler component. Remote attackers can exploit this flaw without authentication or user interaction to achieve confidentiality, integrity, and availability impacts. Public exploit code is available and the vulnerability may be actively exploited in the wild.

A buffer overflow vulnerability in A vulnerability classified as critical (CVSS 7.3). Risk factors: public PoC available.

Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.16, there is a denial of service vulnerability in the Content-Disposition parsing component of Rack. This is very similar to the previous security issue CVE-2022-44571. Carefully crafted input can cause Content-Disposition header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. This header is used typically used in multipart parsing. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted. Version 3.1.16 contains a patch for the vulnerability.

FreshRSS is a self-hosted RSS feed aggregator. A vulnerability in versions prior to 1.26.2 causes a user to be repeatedly logged out after fetching a malicious feed entry, effectively causing that user to suffer denial of service. Version 1.26.2 contains a patch for the issue.

Buffer overflow vulnerability (CWE-787: Out-of-bounds Write) in DNS name processing affecting systems running LLMNR or mDNS with Buffer Allocation Scheme 1 enabled. An attacker with local access can trigger out-of-bounds writes by crafting LLMNR/mDNS queries with excessively long DNS names, potentially achieving code execution or system compromise. The vulnerability requires local access (AV:L) but no user interaction or authentication, making it a significant privilege escalation vector on multi-user systems.

Critical buffer overflow vulnerability in the HOST Command Handler of FreeFloat FTP Server 1.0 that allows unauthenticated remote attackers to trigger a denial of service or potentially achieve code execution. The vulnerability has a disclosed public exploit and may be actively exploited in the wild. With a CVSS score of 7.3 and network-accessible attack vector, this poses significant risk to any organization running the affected FTP server without immediate patching.

A denial of service vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation.

A denial of service vulnerability in Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 (CVSS 7.8) that allows denial of service. Risk factors: public PoC available.

CVE-2018-25112 is an unauthenticated network-based Denial-of-Service vulnerability affecting IEC 61131-compliant Industrial Logic Controllers (ILCs). An attacker can exhaust device resources by flooding the controller with crafted network traffic, rendering it unresponsive. With a CVSS score of 7.5 (High severity), no authentication required, and network-accessible attack surface, this poses significant risk to industrial control systems; however, exploitation likelihood depends on network exposure and whether patches are available from affected vendors.

Prototype pollution in billboard.js before 3.15.1 via generate function.

Critical buffer overflow vulnerability in FreeFloat FTP Server 1.0's SYSTEM Command Handler that allows unauthenticated remote attackers to achieve information disclosure, integrity violation, and service disruption. The vulnerability has been publicly disclosed with exploit code available, making it actively exploitable in real-world environments without requiring user interaction or elevated privileges.

Critical buffer overflow vulnerability in the PASV command handler of FreeFloat FTP Server 1.0 that allows unauthenticated remote attackers to cause denial of service and potentially achieve code execution with limited impact on confidentiality and integrity. The vulnerability has been publicly disclosed with exploit code available, making it immediately actionable for threat actors. While the CVSS score of 7.3 reflects moderate severity, the combination of remote exploitability, public POC availability, and lack of authentication requirements positions this as a high-priority remediation target.

Critical buffer overflow vulnerability in the NOOP Command Handler of FreeFloat FTP Server 1.0 that allows remote, unauthenticated attackers to achieve arbitrary code execution or cause denial of service. The vulnerability has been publicly disclosed with working exploits available, and while the CVSS score of 7.3 indicates moderate severity, the combination of remote exploitability, lack of authentication requirements, and confirmed public disclosure elevates real-world risk significantly.

InvenTree is an Open Source Inventory Management System. Prior to version 0.17.13, the skip field in the built-in `label-sheet` plugin lacks an upper bound, so a large value forces the server to allocate an enormous Python list. This lets any authenticated label-printing user trigger a denial-of-service via memory exhaustion. the issue is fixed in versions 0.17.13 and higher. No workaround is available aside from upgrading to the patched version.

NULL pointer dereference vulnerability in Samsung's Exynos mobile processors (models 1280, 2200, 1380, 1480, 2400) that allows unauthenticated remote attackers to trigger a denial of service condition without user interaction. The vulnerability has a CVSS 3.1 score of 7.5 (High) with network-based attack vector and high availability impact, though no integrity or confidentiality compromise occurs. Exploitation likelihood and active weaponization status cannot be confirmed without KEV catalog verification and public exploit availability data.

Denial of Service vulnerability in Multer (Node.js multipart form-data middleware) affecting versions 1.4.4-lts.1 through 2.0.0 where an attacker can crash the application process by uploading a file with an empty string field name, triggering an unhandled exception. The vulnerability has a CVSS score of 8.7 indicating high severity, though the impact is limited to availability (DoS) rather than confidentiality or integrity. No active exploitation or public POC has been confirmed at this time, but the low attack complexity and network accessibility make this a practical DoS vector for any exposed Multer instance.

A vulnerability was found in Open5GS up to 2.7.3. It has been classified as problematic. Affected is the function gmm_state_authentication/emm_state_authentication of the component AMF/MME. The manipulation leads to reachable assertion. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 9f5d133657850e6167231527514ee1364d37a884. It is recommended to apply a patch to fix this issue. This is a different issue than CVE-2025-1893.

IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an authenticated user to cause a denial of service due to improperly validating API data input.

A vulnerability classified as problematic was found in Open5GS up to 2.7.3. Affected by this vulnerability is the function ngap_handle_path_switch_request_transfer of the file src/smf/ngap-handler.c of the component NGAP PathSwitchRequest Message Handler. The manipulation leads to reachable assertion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named 2daa44adab762c47a8cef69cc984946973a845b3. It is recommended to apply a patch to fix this issue.

In cplog service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed.

In cplog service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with no additional execution privileges needed.

Qualcomm Adreno GPU drivers in Chrome contain a use-after-free vulnerability (CVE-2025-27038, CVSS 7.5) enabling memory corruption during graphics rendering. KEV-listed, this vulnerability can be triggered through Chrome on Android devices with Qualcomm chipsets, providing a kernel-level exploitation path from web content.

Use-after-free memory corruption vulnerability in IOCTL command processing that occurs when buffers in write loopback mode are accessed after being freed. This local privilege escalation affects authenticated users (PR:L) on affected systems and can enable attackers to achieve confidentiality, integrity, and availability compromise (C:H/I:H/A:H). The vulnerability requires local access and low complexity exploitation, making it a significant risk for multi-user systems or systems where local code execution is possible.

Network-accessible denial-of-service vulnerability in tone measurement response buffer processing that occurs when buffer contents fall outside expected range parameters, resulting in application/service crashes. The vulnerability affects systems implementing tone measurement protocols with improper input validation on buffer boundaries. An unauthenticated remote attacker can trigger this vulnerability with minimal complexity, causing service unavailability; however, without CVE details indicating active KEV status or public PoC availability, real-world exploitation likelihood remains moderate despite the high CVSS 7.5 score.

Memory corruption vulnerability in dynamic process creation functionality that occurs when a client passes only the address and length of a shell binary without proper validation or bounds checking. This vulnerability affects local attackers with limited user privileges who can exploit the memory corruption to achieve arbitrary code execution with full system impact (confidentiality, integrity, and availability compromise). The vulnerability requires local access and low complexity exploitation, making it a significant risk for multi-user systems; KEV and active exploitation status are not confirmed in available data, but the high CVSS score (7.8) and memory corruption nature suggest this warrants urgent patching.

Memory corruption vulnerability in Qualcomm's FastRPC implementation that affects local privilege escalation through malformed INIT and multimode invoke IOCTL calls. An attacker with local access and basic user privileges can trigger memory corruption to achieve code execution with elevated privileges, potentially compromising system integrity and confidentiality. The vulnerability carries a CVSS 7.8 score indicating high severity, though exploitation requires local access and authenticated session context.

Memory corruption vulnerability in Qualcomm's Virtual Machine (VM) attachment mechanism that occurs when the Host Linux OS (HLOS) retains access to a VM during attachment operations. This local privilege escalation vulnerability affects Qualcomm System-on-Chip (SoC) implementations and allows a local attacker with user-level privileges to achieve code execution with full system compromise (confidentiality, integrity, and availability impact). The vulnerability has not been reported as actively exploited in the KEV catalog, but the high CVSS score (7.8) and local attack vector indicate significant real-world risk for deployed Qualcomm-based devices.

ModSecurity versions prior to 2.9.10 contain a denial of service vulnerability in the `sanitiseArg` and `sanitizeArg` actions that allows unauthenticated remote attackers to cause service disruption by submitting requests with an excessive number of arguments. This is a network-accessible DoS vulnerability with high impact on availability that affects widely-deployed WAF deployments across Apache, IIS, and Nginx platforms.

A Use of Out-of-range Pointer Offset vulnerability in sslh leads to denial of service on some architectures.This issue affects sslh before 2.2.4.

1-byte heap buffer overflow in NeKernal OS version 0.0.2's `rt_copy_memory` function, where a null terminator is unconditionally written beyond the destination buffer boundary when the copy length equals the buffer size (256 bytes). This vulnerability affects local attackers with no privilege requirements and can result in high-impact compromise of confidentiality, integrity, and availability. The patch (commit fb7b7f658327f659c6a6da1af151cb389c2ca4ee) removes the overflow-causing null terminator write; no active exploitation or public POC is currently documented, but the CVSS 8.6 score reflects significant severity.

Nil-pointer dereference vulnerability in quic-go's path probe loss recovery logic introduced in v0.50.0 that allows unauthenticated remote attackers to crash QUIC servers. A malicious client can trigger a denial-of-service by sending valid QUIC packets from multiple addresses to initiate path validation, then crafting specific ACKs to dereference a null pointer. The vulnerability affects quic-go versions from v0.50.0 through v0.50.0 (patched in v0.50.1), with a CVSS score of 7.5 and high availability impact but no known active exploitation or public POC at time of disclosure.

A security vulnerability in Arm Ltd Bifrost GPU Kernel Driver (CVSS 7.8) that allows a local non-privileged user process. High severity vulnerability requiring prompt remediation.

Denial-of-service vulnerability in Qt's private qDecodeDataUrl() function that triggers an assertion failure when processing malformed data URLs with incomplete charset parameters. This affects Qt versions up to 5.15.18, 6.0.0-6.5.8, 6.6.0-6.8.3, and 6.9.0, impacting applications using QTextDocument and QNetworkReply. An attacker can crash Qt-based applications by sending a specially crafted data URL, resulting in service disruption; the vulnerability requires user interaction (UI involvement) but has a high CVSS score of 8.4 due to integrity and availability impact.

In ims service, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01394606; Issue ID: MSV-2739.

In Bluetooth driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00412256; Issue ID: MSV-3284.

In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00412240; Issue ID: MSV-3293.

In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413201; Issue ID: MSV-3302.

In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413200; Issue ID: MSV-3304.

A vulnerability classified as problematic was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. This vulnerability affects unknown code of the file /search.php of the component GET Parameter Handler. The manipulation of the argument Search leads to denial of service. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.

vLLM is an inference and serving engine for large language models (LLMs). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

vLLM is an inference and serving engine for large language models (LLMs). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

vLLM, an inference and serving engine for large language models (LLMs), has a Regular Expression Denial of Service (ReDoS) vulnerability in the file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

An incorrect authorization vulnerability exists in multiple WSO2 products due to a flaw in the SOAP admin service, which allows user account creation regardless of the self-registration configuration. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 25.2% and no vendor patch available.

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when using Q. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

MikroTik RouterOS 6.40.5, the SMB service contains a memory corruption vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow vulnerability in Free5gc v.4.0.0 allows a remote attacker to cause a denial of service via the AMF, NGAP, security.go, handler_generated.go, handleInitialUEMessageMain,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

An issue in Open Network Foundation ONOS v2.7.0 allows attackers to cause a Denial of Service (DoS) via supplying crafted packets. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

tcpreplay v4.4.4 was discovered to contain an infinite loop via the tcprewrite function at get.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

yasm commit 9defefae was discovered to contain a NULL pointer dereference via the yasm_section_bcs_append function at section.c. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: displayport: Fix NULL pointer access This patch ensures that the UCSI driver waits for all pending tasks in the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Hackney fails to properly release HTTP connections to the pool after handling 307 Temporary Redirect responses. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

A integer overflow or wraparound in Fortinet FortiOS versions 7.2.0 through 7.2.7, versions 7.0.0 through 7.0.14 may allow a remote unauthenticated attacker to crash the csfd daemon via a specially. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

An issue was discovered in the GPU in Samsung Mobile Processor Exynos 1480 and 2400. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

In the function process_crypto_cmd, the values of ptrs[i] can be potentially equal to NULL which is valid value after calling slice_map_array(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

A flaw was found in GIMP when processing XCF image files. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

An unauthenticated remote attacker can exploit a denial-of-service vulnerability in the device's web server functionality by sending a specially crafted HTTP request with a malicious header,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Radashi is a TypeScript utility toolkit. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

In the Linux kernel, the following vulnerability has been resolved: net_sched: Flush gso_skb list too during ->change() Previously, when reducing a qdisc's limit via the ->change() operation, only. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

A Privilege Escalation vulnerability has been found in Panloader component v3.24.0.0 by Espiral MS Group. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.