CVEs classified under CWE-405, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (41)
CVE-2025-53633 — CVSS 9.8 (critical): Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario (i.e. a zip archive)…
CVE-2021-38447 — CVSS 8.6 (high): OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted…
CVE-2025-42874 — CVSS 7.9 (high): SAP NetWeaver remote service for Xcelsius allows an attacker with network access and high privileges to execute arbitrary code on the…
CVE-2026-47774 — CVSS 7.5 (high): Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.35.11, 1.36.7, 1.37.3, and…
CVE-2026-25611 — CVSS 7.5 (high): A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server.
CVE-2026-0485 — CVSS 7.5 (high): SAP BusinessObjects BI Platform allows an unauthenticated attacker to send specially crafted requests that could cause the Content…
CVE-2026-22775 — CVSS 7.5 (high): Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.1.0 to…
CVE-2026-22774 — CVSS 7.5 (high): Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.3.0 to…
CVE-2025-66564 — CVSS 7.5 (high): Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits…
CVE-2025-66506 — CVSS 7.5 (high): Fulcio is a free-to-use certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. Prior to 1.8.3…
CVE-2025-8677 — CVSS 7.5 (high): Querying for records within a specially crafted zone containing certain malformed DNSKEY records can lead to CPU exhaustion. This issue…
CVE-2025-22166 — CVSS 7.5 (high): This High severity DoS (Denial of Service) vulnerability was introduced in version 2.0 of Confluence Data Center. This DoS (Denial of…
CVE-2025-30204 — CVSS 7.5 (high): golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function…
CVE-2024-11187 — CVSS 7.5 (high): It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional…
CVE-2025-24356 — CVSS 7.5 (high): fastd is a VPN daemon which tunnels IP packets and Ethernet frames over UDP. When receiving a data packet from an unknown IP address/port…
CVE-2024-55628 — CVSS 7.5 (high): Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version…
CVE-2024-45590 — CVSS 7.5 (high): body-parser is Node.js body parsing middleware. body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A…
CVE-2024-34703 — CVSS 7.5 (high): Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit…
CVE-2023-2992 — CVSS 7.5 (high): An unauthenticated denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under…
CVE-2018-15492 — CVSS 7.5 (high): A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification.
CVE-2024-49363 — CVSS 7.4 (high): Misskey is an open source, federated social media platform. In affected versions FileServerService (media proxy) in github.com/misskey-dev/m…
CVE-2026-54224: UBB.threads is vulnerable to Denial of Service (DoS). By sending multiple concurrent requests to view any user profile on instances with…
CVE-2025-42876 — CVSS 7.1 (high): Due to a Missing Authorization Check vulnerability in SAP S/4 HANA Private Cloud (Financials General Ledger), an authenticated attacker…
CVE-2026-24324 — CVSS 6.5 (medium): SAP BusinessObjects Business Intelligence Platform (AdminTools) allows an authenticated attacker with user privileges to execute a specific…
CVE-2025-49643 — CVSS 6.5 (medium): An authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by sending specially crafted…
CVE-2024-40705 — CVSS 6.5 (medium): IBM InfoSphere Information Server could allow an authenticated user to consume file space resources due to unrestricted file uploads. IBM…
CVE-2026-8594 — CVSS 6.2 (medium): Text::LineFold versions through 2019.001 for Perl duplicate the output based on the number of special break characters. Text::LineFold…
CVE-2024-0450 — CVSS 6.2 (medium): An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile…
CVE-2025-42873 — CVSS 5.9 (medium): SAPUI5 (and OpenUI5) packages use outdated 3rd party libraries with known security vulnerabilities. When markdown-it encounters special…
CVE-2024-39743 — CVSS 5.9 (medium): IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerable to denial of service caused by incorrect…
CVE-2021-21359 — CVSS 5.9 (medium): TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.25, 10.4.14, 11.1.1 requesting invalid or…
CVE-2026-45557 — CVSS 5.8 (medium): Technitium DNS Server aggressively tries to fetch missing RRSIG records or mismatched DNSKEY records. An attacker in control of a domain…
CVE-2025-32394: AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.32…
CVE-2026-35665 — CVSS 5.3 (medium): OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-32011 where the Feishu webhook handler accepts request bodies with…
CVE-2026-35626 — CVSS 5.3 (medium): OpenClaw before 2026.3.22 contains an unauthenticated resource exhaustion vulnerability in voice call webhook handling that buffers request…
CVE-2025-68480 — CVSS 5.3 (medium): Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to…
CVE-2025-26516 — CVSS 5.3 (medium): StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are susceptible to a Denial of Service vulnerability…
CVE-2024-34702 — CVSS 5.3 (medium): Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit…
CVE-2025-31987 — CVSS 4.8 (medium): HCL Connections Docs may mishandle validation of certain uploaded documents leading to denial of service due to resource exhaustion.
CVE-2024-28214 — CVSS 2.7 (low): nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial of Service by remote attacker.