Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the processing of malicious JSON payloads in the request handling process. An attacker can exhaust system memory and CPU resources by sending specially crafted JSON objects that, when deserialized, consume...

CVE-2025-56571

Finance.js v4.1.0 is affected by a DoS via the IRR() function (depth parameter) and via seekZero(), causing excessive CPU usage that can stall or crash applications. The root cause is improper handling of recursion/iteration limits. Exploitation status is not detailed in the provided documents. R...

Smart Medical IoT Security Vulnerabilities: Real-Time MITM Attack Analysis, Lightweight Encryption Implementation, and Practitioner Perceptions in Underdeveloped Nigerian Healthcare Systems

The growing use of Internet of Things IoT technologies in Nigerian healthcare offers potential improvements in remote monitoring and data-driven care, but unsecured wireless communication in medical IoT mIoT devices exposes patient data to cyber threats. This study investigates such vulnerabiliti...

Rack 安全漏洞

Rack is a modular Ruby web server interface open-sourced by Rack. A security vulnerability exists in Rack versions prior to 2.2.18, which stems from the fact that Rack::QueryParser enforces the paramslimit restriction only on parameters separated by &, but still accepts both & and ; as separators...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via user-supplied regex query. An attacker can cause excessive CPU consumption by submitting crafted regular expressions. Details Denial of Service DoS describes a family of attacks, all aimed ...

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release after establishing a TLS session. An attacker can cause excessive CPU utilization by initiating a half-shutdown of the connection during the handshake, leading the peer to enter a spin loop on socke...

GHSA-8F82-53H8-2P34 HashiCorp Vault Community Edition Denial of Service Though Complex JSON Payloads

A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine, potentially resulting in the Vault server to become...

CVE-2025-57810

CVE-2025-57810 affects the jsPDF library. The issue arises when user control of the first argument to addImage allows untrusted image data/URLs to trigger high CPU usage, leading to denial of service. This vulnerability is present in versions prior to 3.0.2 and was fixed in jsPDF 3.0.2. Impact is...

Regular Expression Denial Of Service (ReDoS)

Hugging Face Transformers is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to the use of a regex pattern /^/^// in the converttfweightnametoptweightname function, which allows attackers to craft malicious input strings causing catastrophic backtracking and...

CVE-2025-57751 Denial-of-Service attack in pyLoad CNL Blueprint using dukpy.evaljs

pyLoad is the free and open-source Download Manager written in pure Python. The jk parameter is received in pyLoad CNL Blueprint. Due to the lack of jk parameter verification, the jk parameter input by the user is directly determined as dykpy.evaljs, resulting in the server CPU being fully occupi...

pyLoad 资源管理错误漏洞

pyLoad is a free open source download manager written in Python by pyLoad Open Source. A resource management error vulnerability exists in pyLoad that stems from insufficient validation of the jk parameter, which could lead to excessive server CPU usage...

CLSA-2025-1753374470 dovecot: Fix of CVE-2024-23184

CVE-2024-23184: restrict address headers to mitigate excessive CPU usage and prevent potential DoS attacks...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the listNames function. An attacker can cause significant CPU consumption and degrade server performance by supplying a crafted regular expression and influencing the set of resource names...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the listNames function. An attacker can cause significant CPU consumption and degrade server performance by supplying a crafted regular expression and influencing the set of resource names...

CVE-2023-28428

PDFio is a C library for reading and writing PDF files. In versions 1.1.0 and prior, a denial of service vulnerability exists in the pdfio parser. Crafted pdf files can cause the program to run at 100% utilization and never terminate. This is different from CVE-2023-24808. A patch for this issue ...

cpython: python: Uncontrolled CPU resource consumption when in http.cookies module

A flaw was found in the http.cookies module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption...

ChuanhuChatGPT 资源管理错误漏洞

ChuanhuChatGPT is an application that provides a lightweight and easy-to-use web GUI and many additional features for a wide range of LLMs such as ChatGPT. ChuanhuChatGPT suffers from a denial of service vulnerability that stems from the use of an insecure regular expression. An attacker can...

F5 BIG-IP AFM 安全漏洞

F5 BIG-IP AFM is an advanced firewall product from F5 USA for protection against DDos attacks. A denial of service vulnerability exists in F5 BIG-IP AFM, which stems from a misconfiguration of protocol checks and can be exploited by an attacker to cause an increase in CPU resource utilization...

bind9: Parsing large DNS messages may cause excessive CPU load

A flaw was found in the bind package. This issue may allow a remote attacker with no specific privileges to craft a specially long DNS message leading to an excessive and uncontrolled CPU usage, the server being unavailable, and a Denial of Service...

PT-2025-49261

Name of the Vulnerable Software and Affected Versions urllib3 versions 1.0 through 2.5.16 Description urllib3 is a Python HTTP client library. Versions prior to 2.6.0 have an issue in the Streaming API where it improperly handles highly compressed data. The decompression logic can cause excessive...