Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (71 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-24946 1 Privateoctopus 1 Picoquic 2025-07-12 5.3 Medium
The hash table used to manage connections in picoquic before b80fd3f uses a weak hash function, allowing remote attackers to cause a considerable CPU load on the server (a Hash DoS attack) by initiating connections with colliding Source Connection IDs (SCIDs).
CVE-2025-24947 1 Litespeedtech 1 Lsquic 2025-07-12 5.3 Medium
A hash collision vulnerability (in the hash table used to manage connections) in LSQUIC (aka LiteSpeed QUIC) before 4.2.0 allows remote attackers to cause a considerable CPU load on the server (a Hash DoS attack) by initiating connections with colliding Source Connection IDs (SCIDs). This is caused by XXH32 usage.
CVE-2024-8233 1 Gitlab 1 Gitlab 2025-07-11 7.5 High
An issue has been discovered in GitLab CE/EE affecting all versions from 9.4 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could cause a denial of service with requests for diff files on a commit or merge request.
CVE-2024-43485 4 Apple, Linux, Microsoft and 1 more 10 Macos, Linux Kernel, .net and 7 more 2025-07-08 7.5 High
.NET and Visual Studio Denial of Service Vulnerability
CVE-2024-43484 4 Apple, Linux, Microsoft and 1 more 26 Macos, Linux Kernel, .net and 23 more 2025-07-08 7.5 High
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
CVE-2024-43483 4 Apple, Linux, Microsoft and 1 more 26 Macos, Linux Kernel, .net and 23 more 2025-07-08 7.5 High
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
CVE-2023-38285 1 Owasp 1 Modsecurity 2025-07-03 7.5 High
Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity.
CVE-2022-40188 3 Debian, Fedoraproject, Nic 3 Debian Linux, Fedora, Knot Resolver 2025-05-27 7.5 High
Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets.
CVE-2022-32149 2 Golang, Redhat 10 Text, Acm, Container Native Virtualization and 7 more 2025-05-15 7.5 High
An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.
CVE-2022-39209 2 Fedoraproject, Github 2 Fedora, Cmark-gfm 2025-04-23 7.5 High
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior to 0.29.0.gfm.6 a polynomial time complexity issue in cmark-gfm's autolink extension may lead to unbounded resource exhaustion and subsequent denial of service. Users may verify the patch by running `python3 -c 'print("![l"* 100000 + "\n")' | ./cmark-gfm -e autolink`, which will resource exhaust on unpatched cmark-gfm but render correctly on patched cmark-gfm. This vulnerability has been patched in 0.29.0.gfm.6. Users are advised to upgrade. Users unable to upgrade should disable the use of the autolink extension.
CVE-2016-10396 1 Ipsec-tools 1 Ipsec-tools 2025-04-20 N/A
The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable computational-complexity attack when parsing and storing ISAKMP fragments. The implementation permits a remote attacker to exhaust computational resources on the remote endpoint by repeatedly sending ISAKMP fragment packets in a particular order such that the worst-case computational complexity is realized in the algorithm utilized to determine if reassembly of the fragments can take place.
CVE-2017-11343 1 Call-cc 1 Chicken 2025-04-20 N/A
Due to an incomplete fix for CVE-2012-6125, all versions of CHICKEN Scheme up to and including 4.12.0 are vulnerable to an algorithmic complexity attack. An attacker can provide crafted input which, when inserted into the symbol table, will result in O(n) lookup time.
CVE-2012-0881 1 Apache 1 Xerces2 Java 2025-04-20 N/A
Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions.
CVE-2012-0880 1 Apache 1 Xerces-c\+\+ 2025-04-20 N/A
Apache Xerces-C++ allows remote attackers to cause a denial of service (CPU consumption) via a crafted message sent to an XML service that causes hash table collisions.
CVE-2015-7686 1 Email-address Project 1 Email-address 2025-04-12 N/A
Algorithmic complexity vulnerability in Address.pm in the Email-Address module 1.908 and earlier for Perl allows remote attackers to cause a denial of service (CPU consumption) via a crafted string containing a list of e-mail addresses in conjunction with parenthesis characters that can be associated with nested comments. NOTE: the default configuration in 1.908 mitigates this vulnerability but misparses certain realistic comments.
CVE-2013-7345 4 Christos Zoulas, Debian, Php and 1 more 5 File, Debian Linux, Php and 2 more 2025-04-12 N/A
The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters.
CVE-2014-3638 3 D-bus Project, Freedesktop, Opensuse 3 D-bus, Dbus, Opensuse 2025-04-12 N/A
The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.
CVE-2014-0237 3 Debian, Php, Redhat 4 Debian Linux, Php, Enterprise Linux and 1 more 2025-04-12 N/A
The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls.
CVE-2015-4803 2 Oracle, Redhat 7 Jdk, Jre, Jrockit and 4 more 2025-04-12 N/A
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4893 and CVE-2015-4911.
CVE-2015-4024 5 Apple, Hp, Oracle and 2 more 13 Mac Os X, System Management Homepage, Linux and 10 more 2025-04-12 N/A
Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome.