Total
172 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-20664 | 1 Mediatek | 7 Mt7915, Mt7916, Mt7981 and 4 more | 2025-04-11 | 7.5 High |
| In wlan AP driver, there is a possible information disclosure due to an uncaught exception. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00406217; Issue ID: MSV-2773. | ||||
| CVE-2023-0158 | 1 Nlnetlabs | 1 Krill | 2025-04-04 | 7.5 High |
| NLnet Labs Krill supports direct access to the RRDP repository content through its built-in web server at the "/rrdp" endpoint. Prior to 0.12.1 a direct query for any existing directory under "/rrdp/", rather than an RRDP file such as "/rrdp/notification.xml" as would be expected, causes Krill to crash. If the built-in "/rrdp" endpoint is exposed directly to the internet, then malicious remote parties can cause the publication server to crash. The repository content is not affected by this, but the availability of the server and repository can cause issues if this attack is persistent and is not mitigated. | ||||
| CVE-2025-3083 | 1 Mongodb | 1 Mongodb | 2025-04-01 | 7.5 High |
| Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31, MongoDB v6.0 versions prior to 6.0.20 and MongoDB v7.0 versions prior to 7.0.16 | ||||
| CVE-2023-0790 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-03-21 | 7.6 High |
| Uncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | ||||
| CVE-2024-8249 | 2025-03-20 | N/A | ||
| mintplex-labs/anything-llm version git 6dc3642 contains an unauthenticated Denial of Service (DoS) vulnerability in the API for the embeddable chat functionality. An attacker can exploit this vulnerability by sending a malformed JSON payload to the API endpoint, causing a server crash due to an uncaught exception. This issue is fixed in version 1.2.2. | ||||
| CVE-2024-11173 | 2025-03-20 | N/A | ||
| An unhandled exception in the danny-avila/librechat repository, version git 600d217, can cause the server to crash, leading to a full denial of service. This issue occurs when certain API endpoints receive malformed input, resulting in an uncaught exception. Although a valid JWT is required to exploit this vulnerability, LibreChat allows open registration, enabling unauthenticated attackers to create an account and perform the attack. The issue is fixed in version 0.7.6. | ||||
| CVE-2025-20637 | 1 Mediatek | 3 Mt7981, Mt7986, Software Development Kit | 2025-03-17 | 7.5 High |
| In network HW, there is a possible system hang due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00399035; Issue ID: MSV-2380. | ||||
| CVE-2023-22477 | 1 Mercurius Project | 1 Mercurius | 2025-03-10 | 5.3 Medium |
| Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius until version 10.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to `/graphql`. This issue was patched in #940. As a workaround, users can disable subscriptions. | ||||
| CVE-2023-23932 | 1 Objectcomputing | 1 Opendds | 2025-03-10 | 5.3 Medium |
| OpenDDS is an open source C++ implementation of the Object Management Group (OMG) Data Distribution Service (DDS). OpenDDS applications that are exposed to untrusted RTPS network traffic may crash when parsing badly-formed input. This issue has been patched in version 3.23.1. | ||||
| CVE-2023-20628 | 2 Google, Mediatek | 42 Android, Mt6580, Mt6739 and 39 more | 2025-03-05 | 6.7 Medium |
| In thermal, there is a possible memory corruption due to an uncaught exception. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494460; Issue ID: ALPS07494460. | ||||
| CVE-2023-22941 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-02-28 | 6.5 Medium |
| In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted ‘INGEST_EVAL’ parameter in a Field Transformation crashes the Splunk daemon (splunkd). | ||||
| CVE-2025-0158 | 2025-02-22 | 5.5 Medium | ||
| IBM EntireX 11.1 could allow a local user to cause a denial of service due to an unhandled error and fault isolation. | ||||
| CVE-2024-13417 | 2025-02-21 | 4.6 Medium | ||
| Specifically crafted payloads sent to the RFID reader could cause DoS of RFID reader. After the device is restarted, it gets back to fully working state. 2N has released an updated version 2.46 of 2N OS, where this vulnerability is mitigated. It is recommended that all customers update their devices to the latest 2N OS. | ||||
| CVE-2025-0648 | 2025-02-17 | N/A | ||
| Unexpected server crash in database driver in M-Files Server before 25.1.14445.5 and before 24.8 LTS SR3 allows a highly privileged attacker to cause denial of service via configuration change. | ||||
| CVE-2025-24836 | 2025-02-14 | 7.1 High | ||
| With a specially crafted Python script, an attacker could send continuous startMeasurement commands over an unencrypted Bluetooth connection to the affected device. This would prevent the device from connecting to a clinician's app to take patient readings and ostensibly flood it with requests, resulting in a denial-of-service condition. | ||||
| CVE-2025-20097 | 2025-02-13 | 4.3 Medium | ||
| Uncaught exception in OpenBMC Firmware for the Intel(R) Server M50FCP Family and Intel(R) Server D50DNP Family before version R01.02.0002 may allow an authenticated user to potentially enable denial of service via network access. | ||||
| CVE-2023-39948 | 2 Debian, Eprosima | 2 Debian Linux, Fast Dds | 2025-02-13 | 7.5 High |
| eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0 and 2.6.5, the `BadParamException` thrown by Fast CDR is not caught in Fast DDS. This can remotely crash any Fast DDS process. Versions 2.10.0 and 2.6.5 contain a patch for this issue. | ||||
| CVE-2023-31125 | 1 Socket | 1 Engine.io | 2025-02-13 | 6.5 Medium |
| Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. An uncaught exception vulnerability was introduced in version 5.1.0 and included in version 4.1.0 of the `socket.io` parent package. Older versions are not impacted. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the `engine.io` package, including those who use depending packages like `socket.io`. This issue was fixed in version 6.4.2 of Engine.IO. There is no known workaround except upgrading to a safe version. | ||||
| CVE-2023-39945 | 2 Debian, Eprosima | 2 Debian Linux, Fast Dds | 2025-02-13 | 8.2 High |
| eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5, a data submessage sent to PDP port raises unhandled `BadParamException` in fastcdr, which in turn crashes fastdds. Versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5 contain a patch for this issue. | ||||
| CVE-2023-6533 | 1 Silabs | 1 Z-wave Pc-based Controller | 2025-02-12 | 6.5 Medium |
| Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the controller to assume the end device has left the network. After this, frames sent by the end device will not be acknowledged by the controller. This vulnerability exists in PC Controller v5.54.0, and earlier. | ||||