CVE-2025-67811

Area9 Rhapsode 1.47.3 allows SQL Injection via multiple API endpoints accessible to authenticated users. Insufficient input validation allows remote attackers to inject arbitrary SQL commands, resulting in unauthorized database access and potential compromise of sensitive data. Fixed in v.1.47.4...

CVE-2009-4325

The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not validate an unspecified pointer, which allows attackers to overwrite "external memory" via unknown vectors, related to a missing "check for null pointers."...

CVE-2021-33259

Several web interfaces in D-Link DIR-868LW 1.12b have no authentication requirements for access, allowing for attackers to obtain users' DNS query history...

CVE-2021-22044

In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level @RequestMappingannotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to @RequestMapping-annotated interface methods...

CVE-2022-37724

Project Wonder WebObjects 1.0 through 5.4.3 is vulnerable to Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces...

CVE-2025-10569 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to create a denial of service condition by providing crafted responses to external API calls...

CVE-2020-7464

In FreeBSD 12.2-STABLE before r365730, 11.4-STABLE before r365738, 12.1-RELEASE before p10, 11.4-RELEASE before p4, and 11.3-RELEASE before p14, a programming error in the ure4 device driver caused some Realtek USB Ethernet interfaces to incorrectly report packets with more than 2048 bytes in a...

CVE-2021-41528

An error when handling authorization related to the import / export interfaces on the RISC Platform prior to the saas-2021-12-29 release can potentially be exploited to access the import / export functionality with low privileges...

CVE-2023-25607

An improper neutralization of special elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions, FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 throug...

CVE-2017-2680

Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment Layer 2. Human interaction is required to recover the systems. PROFIBUS interfaces are not affected...

CVE-2026-22540

The massive sending of ARP requests causes a denial of service on one board of the charger that allows control of the EV interfaces. Since the board must be operating correctly for the charger to also function correctly...

CVE-2026-22541

The massive sending of ICMP requests causes a denial of service on one of the boards from the EVCharger that allows control the EV interfaces. Since the board must be operating correctly for the charger to also function correctly...

CVE-2026-20970

Improper access control in SLocation prior to SMR Jan-2026 Release 1 allows local attackers to execute the privileged APIs...

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release in the UpdateStatus cycle of VM controller in virt handler that fetches all the guest interfaces from QEMU guest agent and adds them to interface status of the VMI. An attacker can disrupt...

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release in the UpdateStatus cycle of VM controller in virt handler that fetches all the guest interfaces from QEMU guest agent and adds them to interface status of the VMI. An attacker can disrupt...

CVE-2026-22541

The massive sending of ICMP requests causes a denial of service on one of the boards from the EVCharger that allows control the EV interfaces. Since the board must be operating correctly for the charger to also function correctly...

CVE-2026-22540

The massive sending of ARP requests causes a denial of service on one board of the charger that allows control of the EV interfaces. Since the board must be operating correctly for the charger to also function correctly...

CVE-2026-22541

CVE-2026-22541 describes a denial-of-service issue caused by massive ICMP traffic targeting a board in the EVCharger system that controls EV interfaces. Multiple sources (NVD, Red Hat, CIRCL, CVE list, CNNVD, EUVD, vulnrichment) attribute the problem to ICMP flood leading to DoS and potential los...

CVE-2026-22540

CVE-2026-22540 describes a denial-of-service in EFACEC EV chargers caused by a flood of ARP requests. The attack targets a charger board that controls the EV interface, and the charger’s operation depends on that board. Impact is denial of service affecting availability of the charger and EV inte...

CVE-2026-22540 DENIAL OF SERVICE VIA ARP PACKETS

The massive sending of ARP requests causes a denial of service on one board of the charger that allows control of the EV interfaces. Since the board must be operating correctly for the charger to also function correctly...