Monthly
OpenClaw before version 2026.3.24 permits authenticated local attackers to trigger improper process termination via the !stop chat command, which uses an unpatched killProcessTree function that sends SIGKILL without graceful SIGTERM shutdown. This incomplete fix for CVE-2026-27486 enables attackers to corrupt data, leak resources, and skip security-sensitive cleanup operations, resulting in integrity compromise and denial of service.
Denial of service in Free5GC 4.2.0 NGSetupRequest Handler allows unauthenticated remote attackers to crash the AMF (Access and Mobility Management Function) component via malformed requests. The vulnerability has a publicly available exploit and a vendor-released patch, with EPSS score of 5.3 indicating moderate but real exploitation risk despite low CVSS scoring.
Denial of service vulnerability in Nothings stb image library (stb_image.h) affecting GIF decoder function stbi__gif_load_next allows remote attackers to trigger application crashes through specially crafted GIF files. The vulnerability impacts stb versions up to 2.30, requires user interaction to open a malicious GIF, and has publicly available exploit code with no vendor patch available despite early disclosure.
Denial of service in Open5GS 2.7.6 via malformed CCA (Credit-Control-Answer) messages in the SMF (Session Management Function) component allows remote attackers to crash the service without authentication. The vulnerability affects the smf_gx_cca_cb, smf_gy_cca_cb, and smf_s6b functions in the CCA Message Handler, with publicly available exploit code demonstrating the attack despite high complexity requirements. CVSS 6.3 reflects the availability impact and remote attack vector, though exploitation requires crafted network conditions.
Free5GC 4.1.0's AMF component is susceptible to a denial of service attack in the HandleRegistrationComplete function that can be exploited remotely without authentication. An attacker can manipulate the registration process to crash or disable the affected service. A patch is available and should be applied to restore normal operation.
Denial of service in Open5GS through version 2.7.6 affects the CCA Handler component's callback functions, allowing unauthenticated remote attackers to crash the service. Public exploit code is available for this vulnerability. Upgrading to version 2.7.7 resolves the issue.
CWE-404 Improper Resource Shutdown or Release vulnerability exists that could cause partial Denial of Service on Machine Expert protocol when an unauthenticated attacker sends malicious payload to occupy active communication channels.
DefectDojo versions up to 2.55.4 contain a denial of service vulnerability in the SonarQubeParser and MSDefenderParser components where improper handling of ZIP file input allows authenticated remote attackers to crash the service. Public exploit code exists for this vulnerability, and administrators should upgrade to version 2.56.0 or later to remediate the issue.
A vulnerability was identified in xlnt-community xlnt up to 1.6.1. The affected element is the function xlnt::detail::xlsx_consumer::read_office_document of the file source/detail/serialization/xlsx_consumer.cpp of the component XLSX File Parser. [CVSS 3.3 LOW]
Repeated denial of service attacks against Netmaker versions prior to 1.2.0 are possible when authenticated users invoke the /api/server/shutdown endpoint to forcibly terminate the server process. An attacker with valid credentials can cyclically crash the Netmaker service, causing intermittent unavailability with approximately 3-second restart intervals. No patch is currently available for affected deployments.
OpenClaw before version 2026.3.24 permits authenticated local attackers to trigger improper process termination via the !stop chat command, which uses an unpatched killProcessTree function that sends SIGKILL without graceful SIGTERM shutdown. This incomplete fix for CVE-2026-27486 enables attackers to corrupt data, leak resources, and skip security-sensitive cleanup operations, resulting in integrity compromise and denial of service.
Denial of service in Free5GC 4.2.0 NGSetupRequest Handler allows unauthenticated remote attackers to crash the AMF (Access and Mobility Management Function) component via malformed requests. The vulnerability has a publicly available exploit and a vendor-released patch, with EPSS score of 5.3 indicating moderate but real exploitation risk despite low CVSS scoring.
Denial of service vulnerability in Nothings stb image library (stb_image.h) affecting GIF decoder function stbi__gif_load_next allows remote attackers to trigger application crashes through specially crafted GIF files. The vulnerability impacts stb versions up to 2.30, requires user interaction to open a malicious GIF, and has publicly available exploit code with no vendor patch available despite early disclosure.
Denial of service in Open5GS 2.7.6 via malformed CCA (Credit-Control-Answer) messages in the SMF (Session Management Function) component allows remote attackers to crash the service without authentication. The vulnerability affects the smf_gx_cca_cb, smf_gy_cca_cb, and smf_s6b functions in the CCA Message Handler, with publicly available exploit code demonstrating the attack despite high complexity requirements. CVSS 6.3 reflects the availability impact and remote attack vector, though exploitation requires crafted network conditions.
Free5GC 4.1.0's AMF component is susceptible to a denial of service attack in the HandleRegistrationComplete function that can be exploited remotely without authentication. An attacker can manipulate the registration process to crash or disable the affected service. A patch is available and should be applied to restore normal operation.
Denial of service in Open5GS through version 2.7.6 affects the CCA Handler component's callback functions, allowing unauthenticated remote attackers to crash the service. Public exploit code is available for this vulnerability. Upgrading to version 2.7.7 resolves the issue.
CWE-404 Improper Resource Shutdown or Release vulnerability exists that could cause partial Denial of Service on Machine Expert protocol when an unauthenticated attacker sends malicious payload to occupy active communication channels.
DefectDojo versions up to 2.55.4 contain a denial of service vulnerability in the SonarQubeParser and MSDefenderParser components where improper handling of ZIP file input allows authenticated remote attackers to crash the service. Public exploit code exists for this vulnerability, and administrators should upgrade to version 2.56.0 or later to remediate the issue.
A vulnerability was identified in xlnt-community xlnt up to 1.6.1. The affected element is the function xlnt::detail::xlsx_consumer::read_office_document of the file source/detail/serialization/xlsx_consumer.cpp of the component XLSX File Parser. [CVSS 3.3 LOW]
Repeated denial of service attacks against Netmaker versions prior to 1.2.0 are possible when authenticated users invoke the /api/server/shutdown endpoint to forcibly terminate the server process. An attacker with valid credentials can cyclically crash the Netmaker service, causing intermittent unavailability with approximately 3-second restart intervals. No patch is currently available for affected deployments.