CVE & Exploit Intelligence Database

CVE-2025-34226 1 PoC Analysis EPSS 0.00

OpenPLC Runtime v3 contains an input validation flaw in the /upload-program-action endpoint: the epoch_time field supplied during program uploads is not validated and can be crafted to induce corruption of the programs database. After a successful malformed upload the runtime continues to operate until a restart; on restart the runtime can fail to start because of corrupted database entries, resulting in persistent denial of service requiring complete rebase of the product to recover. This vulnerability was remediated by commit 095ee09.

CWE-20 Oct 03, 2025

CVE-2025-54621 5.3 MEDIUM EPSS 0.00

Iterator failure issue in the WantAgent module. Impact: Successful exploitation of this vulnerability may cause memory release failures.

CWE-664 Aug 06, 2025

CVE-2025-54619 5.3 MEDIUM EPSS 0.00

Iterator failure issue in the multi-mode input module. Impact: Successful exploitation of this vulnerability may cause iterator failures and affect availability.

CWE-664 Aug 06, 2025

CVE-2025-54613 5.9 MEDIUM EPSS 0.00

Iterator failure vulnerability in the card management module. Impact: Successful exploitation of this vulnerability may affect function stability.

CWE-664 Aug 06, 2025

CVE-2025-54612 5.9 MEDIUM EPSS 0.00

Iterator failure vulnerability in the card management module. Impact: Successful exploitation of this vulnerability may affect function stability.

CWE-664 Aug 06, 2025

CVE-2024-41169 7.5 HIGH EPSS 0.00

The attacker can use the raft server protocol in an unauthenticated way. The attacker can see the server's resources, including directories and files. This issue affects Apache Zeppelin: from 0.10.1 up to 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue by removing the Cluster Interpreter.

CWE-664 Jul 12, 2025

CVE-2025-21593 6.5 MEDIUM EPSS 0.00

An Improper Control of a Resource Through its Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial-of-Service (DoS). On devices with SRv6 (Segment Routing over IPv6) enabled, an attacker can send a malformed BGP UPDATE packet which will cause the rpd to crash and restart. Continued receipt of these UPDATE packets will cause a sustained DoS condition.  This issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability.This issue affects Junos OS:  * All versions before 21.2R3-S9,  * from 21.4 before 21.4R3-S10,  * from 22.2 before 22.2R3-S5,  * from 22.3 before 22.3R3-S4,  * from 22.4 before 22.4R3-S3,  * from 23.2 before 23.2R2-S2,  * from 23.4 before 23.4R2; and Junos OS Evolved:  * All versions before 21.2R3-S9-EVO,  * from 21.4-EVO before 21.4R3-S10-EVO,  * from 22.2-EVO before 22.2R3-S5-EVO,  * from 22.3-EVO before 22.3R3-S4-EVO,  * from 22.4-EVO before 22.4R3-S3-EVO, * from 23.2-EVO before 23.2R2-S2-EVO,  * from 23.4-EVO before 23.4R2-EVO.

CWE-664 Jan 09, 2025

CVE-2024-45383 5.0 MEDIUM 1 PoC Analysis EPSS 0.09

A mishandling of IRP requests vulnerability exists in the HDAudBus_DMA interface of Microsoft High Definition Audio Bus Driver 10.0.19041.3636 (WinBuild.160101.0800). A specially crafted application can issue multiple IRP Complete requests which leads to a local denial-of-service. An attacker can execute malicious script/application to trigger this vulnerability.

CWE-664 Sep 12, 2024

CVE-2024-7889 7.3 HIGH EPSS 0.00

Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows

CWE-664 Sep 11, 2024

CVE-2024-37139 6.5 MEDIUM EPSS 0.01

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an Improper Control of a Resource Through its Lifetime vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to temporary resource constraint of system application. Exploitation may lead to denial of service of the application.

CWE-664 Jun 26, 2024

CVE-2020-36774 5.5 MEDIUM EPSS 0.00

plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a denial of service (application crash).

CWE-664 Feb 19, 2024

CVE-2023-52387 7.5 HIGH EPSS 0.00

Resource reuse vulnerability in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality.

CWE-664 Feb 18, 2024

CVE-2024-23639 5.1 MEDIUM EPSS 0.00

Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical of a production application, these attacks may have more impact on a development environment where such endpoints may be flipped on without much thought. A malicious/compromised website can make HTTP requests to `localhost`. Normally, such requests would trigger a CORS preflight check which would prevent the request; however, some requests are "simple" and do not require a preflight check. These endpoints, if enabled and not secured, are vulnerable to being triggered. Production environments typically disable unused endpoints and secure/restrict access to needed endpoints. A more likely victim is the developer in their local development host, who has enabled endpoints without security for the sake of easing development. This issue has been addressed in version 3.8.3. Users are advised to upgrade.

CWE-15 Feb 09, 2024

CVE-2024-22365 5.5 MEDIUM 1 Writeup EPSS 0.00

linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.

CWE-664 Feb 06, 2024

CVE-2023-44295 6.3 MEDIUM EPSS 0.00

Dell PowerScale OneFS versions 8.2.2.x through 9.6.0.x contains an improper control of a resource through its lifetime vulnerability. A low privilege attacker could potentially exploit this vulnerability, leading to loss of information, and information disclosure.

CWE-664 Dec 05, 2023

CVE-2023-44288 7.5 HIGH EPSS 0.00

Dell PowerScale OneFS, 8.2.2.x through 9.6.0.x, contains an improper control of a resource through its lifetime vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, leading to denial of service.

CWE-664 Dec 05, 2023

CVE-2023-25942 6.5 MEDIUM EPSS 0.00

Dell PowerScale OneFS versions 8.2.x-9.4.x contain an uncontrolled resource consumption vulnerability. A malicious network user with low privileges could potentially exploit this vulnerability in SMB, leading to a potential denial of service.

CWE-664 Apr 04, 2023

CVE-2022-32846 7.5 HIGH EPSS 0.00

A logic issue was addressed with improved state management. This issue is fixed in Apple Music 3.9.10 for Android. An app may be able to access user-sensitive data.

CWE-664 Feb 27, 2023

CVE-2022-28287 6.5 MEDIUM EPSS 0.00

In unusual circumstances, selecting text could cause text selection caching to behave incorrectly, leading to a crash. This vulnerability affects Firefox < 99.

CWE-664 Dec 22, 2022

CVE-2022-27518 9.8 CRITICAL KEV 1 PoC Analysis EPSS 0.23

Unauthenticated remote arbitrary code execution

CWE-664 Dec 13, 2022