ReportizFlow
Filtered by vendor
Subscriptions
Total
3830 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-60753 | 1 Libarchive | 1 Libarchive | 2026-02-05 | 5.5 Medium |
| An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash). | ||||
| CVE-2023-47150 | 2 Ibm, Linux | 4 Aix, Common Cryptographic Architecture, I and 1 more | 2026-02-05 | 7.5 High |
| IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 could allow a remote user to cause a denial of service due to incorrect data handling for certain types of AES operations. IBM X-Force ID: 270602. | ||||
| CVE-2025-63560 | 1 Kiloview | 3 E3, E3 Firmware, Video Encoder Firmware | 2026-02-05 | 7.5 High |
| An issue in KiloView Dual Channel 4k HDMI & 3G-SDI HEVC Video Encoder Firmware v.1.20.0006 allows a remote attacker to cause a denial of service via the systemctrl API System/reFactory component. | ||||
| CVE-2025-65886 | 1 Oneflow | 1 Oneflow | 2026-02-03 | 7.5 High |
| A shape mismatch vulnerability in OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via supplying crafted tensor shapes. | ||||
| CVE-2025-65888 | 1 Oneflow | 1 Oneflow | 2026-02-03 | 7.5 High |
| A dimension validation flaw in the flow.empty() component of OneFlow 0.9.0 allows attackers to cause a Denial of Service (DoS) via a negative or excessively large dimension value. | ||||
| CVE-2025-65889 | 1 Oneflow | 1 Oneflow | 2026-02-03 | 7.5 High |
| A type validation flaw in the flow.dstack() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2025-65890 | 1 Oneflow | 1 Oneflow | 2026-02-03 | 7.5 High |
| A device-ID validation flaw in OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) by calling flow.cuda.synchronize() with an invalid or out-of-range GPU device index. | ||||
| CVE-2025-65891 | 1 Oneflow | 1 Oneflow | 2026-02-03 | 7.5 High |
| A GPU device-ID validation flaw in OneFlow v0.9.0 allows attackers to trigger a Denial of Dervice (DoS) by invoking flow.cuda.get_device_properties() with an invalid or negative device index. | ||||
| CVE-2025-70999 | 1 Oneflow | 1 Oneflow | 2026-02-03 | 7.5 High |
| A GPU device-ID validation flaw in the flow.cuda.get_device_capability() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted device ID. | ||||
| CVE-2025-71000 | 1 Oneflow | 1 Oneflow | 2026-02-03 | 7.5 High |
| An issue in the flow.cuda.BoolTensor component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2025-30160 | 1 Redlib | 1 Redlib | 2026-02-03 | 7.5 High |
| Redlib is an alternative private front-end to Reddit. A vulnerability has been identified in Redlib where an attacker can cause a denial-of-service (DOS) condition by submitting a specially crafted base2048-encoded DEFLATE decompression bomb to the restore_preferences form. This leads to excessive memory consumption and potential system instability, which can be exploited to disrupt Redlib instances. This vulnerability is fixed in 0.36.0. | ||||
| CVE-2025-69198 | 1 Pterodactyl | 1 Panel | 2026-02-02 | 6.5 Medium |
| Pterodactyl is a free, open-source game server management panel. Pterodactyl implements rate limits that are applied to the total number of resources (e.g. databases, port allocations, or backups) that can exist for an individual server. These resource limits are applied on a per-server basis, and validated during the request cycle. However, in versions prior to 1.12.0, it is possible for a malicious user to send a massive volume of requests at the same time that would create more resources than the server is allotted. This is because the validation occurs early in the request cycle and does not lock the target resource while it is processing. As a result sending a large volume of requests at the same time would lead all of those requests to validate as not using any of the target resources, and then all creating the resources at the same time. As a result a server would be able to create more databases, allocations, or backups than configured. A malicious user is able to deny resources to other users on the system, and may be able to excessively consume the limited allocations for a node, or fill up backup space faster than is allowed by the system. Version 1.12.0 fixes the issue. | ||||
| CVE-2025-69199 | 1 Pterodactyl | 2 Panel, Wings | 2026-02-02 | 6.5 Medium |
| Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.0, websockets within wings lack proper rate limiting and throttling. As a result a malicious user can open a large number of connections and then request data through these sockets, causing an excessive volume of data over the network and overloading the host system memory and cpu. Additionally, there is not a limit applied to the total size of messages being sent or received, allowing a malicious user to open thousands of websocket connections and then send massive volumes of information over the socket, overloading the host network, and causing increased CPU and memory load within Wings. Version 1.12.0 patches the issue. | ||||
| CVE-2025-9278 | 1 Rockwellautomation | 2 Armorstart Lt, Armorstart Lt Firmware | 2026-02-02 | 7.5 High |
| A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. After running a Burp Suite active scan, the device loses ICMP connectivity, causing the web application to become inaccessible. | ||||
| CVE-2025-9279 | 1 Rockwellautomation | 2 Armorstart Lt, Armorstart Lt Firmware | 2026-02-02 | 7.5 High |
| A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles EtherNet/IP Step Limit Storm tests, the device reboots unexpectedly, causing the Link State Monitor to go down for several seconds. | ||||
| CVE-2025-9281 | 1 Rockwellautomation | 2 Armorstart Lt, Armorstart Lt Firmware | 2026-02-02 | 7.5 High |
| A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles Comprehensive step limit storm tests, the device reboots | ||||
| CVE-2025-9280 | 1 Rockwellautomation | 2 Armorstart Lt, Armorstart Lt Firmware | 2026-02-02 | 7.5 High |
| A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. Fuzzing performed using Defensics causes the device to become unresponsive, requiring a reboot. | ||||
| CVE-2025-9282 | 1 Rockwellautomation | 2 Armorstart Lt, Armorstart Lt Firmware | 2026-02-02 | 7.5 High |
| A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles Comprehensive limited storm tests, the device reboots unexpectedly, causing the Link State Monitor to go down for several seconds. | ||||
| CVE-2025-9283 | 1 Rockwellautomation | 2 Armorstart Lt, Armorstart Lt Firmware | 2026-02-02 | 7.5 High |
| A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles EtherNet/IP Step Limits Storms tests, the device reboots unexpectedly, causing the Link State Monitor to go down for several seconds. | ||||
| CVE-2025-9464 | 1 Rockwellautomation | 2 Armorstart Lt, Armorstart Lt Firmware | 2026-02-02 | 7.5 High |
| A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. This vulnerability is triggered during fuzzing of multiple CIP classes, which causes the CIP port to become unresponsive. | ||||