CVE-2021-47662 Unauthenticated remote shutdown of the cobot

Due to missing authorization an unauthenticated remote attacker can cause a DoS attack by connecting via HTTPS and triggering the shutdown button...

FreeBSD : redis,valkey -- DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client (af8d043f-20df-11f0-b9c5-000c295725e4)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the af8d043f-20df-11f0-b9c5-000c295725e4 advisory. Axel Mierczuk reports: By default, the Redis configuration does not limit the output buffer of normal...

CVE-2025-21605 Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client

Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthenticated client can cause unlimited growth of output buffers, until the server runs out of memory or is killed. By default, the Redis configuration does not limit the outpu...

CVE-2024-13926 WP-Syntax <= 1.2 - Author+ Potential ReDoS

The WP-Syntax WordPress plugin through 1.2 does not properly handle input, allowing an attacker to create a post containing a large number of tags, thereby exploiting a catastrophic backtracking issue in the regular expression processing to cause a DoS...

PT-2025-17308 · Unknown · Namelessmc

Name of the Vulnerable Software and Affected Versions: NamelessMC versions 2.1.4 and prior Description: The issue concerns a lack of length validation for the s parameter in GET requests for the forum search functionality, allowing attackers to submit excessively long search queries. This can lea...

CVE-2025-21577

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2025-30704

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Components Services. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to...

CVE-2024-13925

CVE-2024-13925 : Klarna Checkout for WooCommerce (WordPress) before 2.13.5 exposes an unauthenticated WooCommerce Ajax endpoint that allows an attacker to flood log files by posting data at the maximum POST parameter size, causing rapid disk-space exhaustion. Affected: Klarna Checkout for WooComm...

CVE-2025-30688

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQ...

CVE-2025-30693

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

Important: Red Hat Security Advisory: ACS 4.5 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security RHACS. This release of RHACS includes the following bug fix: Fixed a bug to match the aggregation field of the compliance tables to the widgets for consistency. This release also addresses the following security vulnerabilitie...

CVE-2025-32947 PeerTube ActivityPub Crawl Infinite Loop DoS

This vulnerability allows any attacker to cause the PeerTube server to stop responding to requests due to an infinite loop in the "inbox" endpoint when receiving crafted ActivityPub activities...

SurrealDB vulnerable to memory exhaustion via nested functions and scripts

In order to prevent DoS situations due to infinite recursions, SurrealDB implements a limit of nested calls for both native functions and embedded JavaScript functions. However, in SurrealDB instances with embedded scripting functions enabled, it was found that this limit can be circumvented by...

GHSA-M7RC-8W7M-R9QR SurrealDB vulnerable to memory exhaustion via nested functions and scripts

In order to prevent DoS situations due to infinite recursions, SurrealDB implements a limit of nested calls for both native functions and embedded JavaScript functions. However, in SurrealDB instances with embedded scripting functions enabled, it was found that this limit can be circumvented by...

RHEL 7 / 8 : Red Hat JBoss Core Services Apache HTTP Server 2.4.62 (RHSA-2025:3452)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:3452 advisory. Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP...

FreeBSD : Mozilla -- DoS via segmentation fault (f38dd0f1-116c-11f0-8b2c-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f38dd0f1-116c-11f0-8b2c-b42e991fc52e advisory. [email protected] reports: When segmenting specially crafted text, segmentation would corrupt memory...

USN-7409-1 ruby-saml vulnerabilities

It was discovered that ruby-saml did not correctly handle XML parsing. An attacker could possibly use this issue to perform a signature wrapping attack and bypass authentication. CVE-2025-25291 and CVE-2025-25292 It was discovered that ruby-saml did not correctly handle decompressing SAML...

CVE-2025-29908

Netty QUIC codec is a QUIC codec for netty which makes use of quiche. An issue was discovered in the codec. A hash collision vulnerability in the hash map used to manage connections allows remote attackers to cause a considerable CPU load on the server a Hash DoS attack by initiating connections...

GHSA-HQQC-JR88-P6X2 Netty QUIC hash collision DoS attack

An issue was discovered in the codec. A hash collision vulnerability in the hash map used to manage connections allows remote attackers to cause a considerable CPU load on the server a Hash DoS attack by initiating connections with colliding Source Connection IDs SCIDs. See...

CVE-2025-29908

Netty QUIC codec is a QUIC codec for netty which makes use of quiche. An issue was discovered in the codec. A hash collision vulnerability in the hash map used to manage connections allows remote attackers to cause a considerable CPU load on the server a Hash DoS attack by initiating connections...