CVE-2025-9514

A vulnerability has been found in macrozheng mall up to 1.0.3. This impacts an unknown function of the component Registration. Such manipulation leads to weak password requirements. The attack can be executed remotely. Attacks of this nature are highly complex. The exploitability is said to be...

BIT-VAULT-2025-6203 Vault unauthenticated denial of service through complex json payload

A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine, potentially resulting in the Vault server to become...

GHSA-8F82-53H8-2P34 HashiCorp Vault Community Edition Denial of Service Though Complex JSON Payloads

A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine, potentially resulting in the Vault server to become...

Allocation of Resources Without Limits or Throttling

Overview github.com/hashicorp/vault/command is a tool for secrets management, encryption as a service, and privileged access management. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to an improper check of complex JSON in the HTTP...

HashiCorp Vault Community Edition Denial of Service Though Complex JSON Payloads

A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine, potentially resulting in the Vault server to become...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to an improper check of complex JSON in the HTTP handler. An attacker can cause excessive memory and CPU consumption by submitting specially-crafted payloads that meet the default...

CVE-2025-6203

CVE-2025-6203 describes a Denial of Service in Vault triggered by a specially crafted large JSON payload that overconsumes memory and CPU, risking an auditing-subsystem timeout and Vault unresponsiveness. Connected sources (IBM, OSV entries, and HashiCorp advisories) confirm the issue, its associ...

CVE-2025-6203 Vault unauthenticated denial of service through complex json payload

A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine, potentially resulting in the Vault server to become...

CVE-2025-6203 Vault unauthenticated denial of service through complex json payload

A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine, potentially resulting in the Vault server to become...

CVE-2025-9514

A vulnerability has been found in macrozheng mall up to 1.0.3. This impacts an unknown function of the component Registration. Such manipulation leads to weak password requirements. The attack can be executed remotely. Attacks of this nature are highly complex. The exploitability is said to be...

Null Pointer Dereference

libtiff.so is vulnerable to Null Pointer Dereference. The vulnerability is due to improper handling in the t2preadtiffinit function of tools/tiff2pdf.c in the fax2ps component, which allows a local attacker to trigger a null pointer dereference under complex conditions...

CVE-2025-9141

A vulnerability was found in vLLM's Qwen3 Coder tool parser. Since this parser uses Python's eval function, it poses a risk of arbitrary code execution. This vulnerability appears during the parameter conversion process when the parser attempts to handle complex data types...

BIT-PYTHON-2025-6069 HTMLParser quadratic complexity when processing malformed inputs

The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service...

Linux Distros Unpatched Vulnerability : CVE-2021-47333

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - misc: alcorpci: fix null-ptr-deref when there is no PCI bridge There is an issue with the ASPMoptional capability checking function. A device might be attached ...

Linux Distros Unpatched Vulnerability : CVE-2025-38313

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bus: fsl-mc: fix double-free on mcdev The blamed commit tried to simplify how the deallocations are done but, in the process, introduced a double-free on the...

Amazon Linux 2023 : nodejs, nodejs-devel, nodejs-full-i18n (ALAS2023-2025-1123)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1123 advisory. A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The...

PT-2025-28841 · Fnkvision · Fnkvision Fnk-Gu2

Name of the Vulnerable Software and Affected Versions: FNKvision FNK-GU2 versions through 40.1.7 Description: A vulnerability has been identified in FNKvision FNK-GU2. The issue involves a problematic functionality related to the file /rom/wpa supplicant.conf, leading to the cleartext storage of...

CVE-2025-7080

A vulnerability, which was classified as problematic, was found in Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17. Affected is an unknown function of the file internal/utils/jwtutils.go of the component JWT Token Handler. The manipulation of the argument accessSecret/refreshSecret wit...

CVE-2025-7060 Monitorr Installer mkdbajax.php input validation

A vulnerability was found in Monitorr up to 1.7.6m. It has been classified as problematic. This affects an unknown part of the file assets/config/installation/mkdbajax.php of the component Installer. The manipulation of the argument datadir leads to improper input validation. It is possible to...

CVE-2025-6932 D-Link DCS-7517 Qlync Password Generation httpd g_F_n_GenPassForQlync hard-coded password

A vulnerability, which was classified as problematic, was found in D-Link DCS-7517 up to 2.02.0. This affects the function gFnGenPassForQlync of the file /bin/httpd of the component Qlync Password Generation Handler. The manipulation leads to use of hard-coded password. It is possible to initiate...