Monthly
Technitium DNS Server performs amplified outbound DNS traffic when processing domains with missing RRSIG records or mismatched DNSKEY records - an attacker who controls any domain can exploit this behavior to force the resolver into generating excessive network queries against third-party infrastructure. All versions prior to 15.0 are affected per the vendor CPE listing (cpe:2.3:a:technitium:dns_server:*:*:*:*:*:*:*:*). The CVSS Changed Scope (S:C) confirms that impact extends beyond the vulnerable server itself, affecting downstream network resources and other systems. No public exploit code has been identified at time of analysis, and this vulnerability is not currently listed in the CISA KEV catalog.
OpenClaw before version 2026.3.24 allows unauthenticated remote denial of service via the Feishu webhook handler, which accepts request bodies up to 1MB with a 30-second timeout before verifying the request signature. An attacker can exhaust server connection resources by sending concurrent slow HTTP POST requests, blocking legitimate webhook deliveries and degrading service availability. This is an incomplete remediation of the earlier CVE-2026-32011.
Unauthenticated resource exhaustion in OpenClaw before 2026.3.22 allows remote attackers to cause denial of service by sending large or malicious webhook requests to the voice call handler, which buffers request bodies before validating provider signatures. The vulnerability requires only network access (AV:N, PR:N) and can be exploited with low complexity, making it a practical attack vector for disrupting service availability.
Bitcoin Core versions through 29.0 contain a denial of service vulnerability that can be triggered by a specially crafted transaction. An attacker with network access can send a malicious transaction to cause the affected Bitcoin Core node to become unresponsive or crash, disrupting normal operation of the node. No CVSS score, EPSS data, or active exploitation in the wild has been disclosed, but the vulnerability has been formally disclosed by the Bitcoin Core project.
MongoDB instances are vulnerable to denial of service attacks when processing specially crafted unauthenticated messages that trigger memory exhaustion and server crashes. An unauthenticated remote attacker can exploit this vulnerability to disable MongoDB availability without requiring valid credentials or user interaction. No patch is currently available for this vulnerability.
Businessobjects Business Intelligence Platform versions up to 430 contains a security vulnerability (CVSS 6.5).
Businessobjects Business Intelligence Platform versions up to 430 contains a security vulnerability (CVSS 7.5).
Denial of service in Svelte devalue library versions 5.1.0 through 5.6.1 allows remote attackers to exhaust CPU and memory resources by supplying malformed input to the parse function, affecting applications that process untrusted serialized data. The vulnerability stems from insufficient validation of ArrayBuffer inputs during deserialization. Applications should upgrade to version 5.6.2 or later.
Denial of service in Svelte devalue versions 5.3.0 through 5.6.1 allows remote attackers to exhaust CPU and memory resources by supplying malformed input to the parse function, affecting applications that process untrusted data. The vulnerability stems from insufficient validation of typed array inputs before hydration, enabling attackers to trigger excessive resource consumption. Update to version 5.6.2 or later to remediate.
Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps.
Technitium DNS Server performs amplified outbound DNS traffic when processing domains with missing RRSIG records or mismatched DNSKEY records - an attacker who controls any domain can exploit this behavior to force the resolver into generating excessive network queries against third-party infrastructure. All versions prior to 15.0 are affected per the vendor CPE listing (cpe:2.3:a:technitium:dns_server:*:*:*:*:*:*:*:*). The CVSS Changed Scope (S:C) confirms that impact extends beyond the vulnerable server itself, affecting downstream network resources and other systems. No public exploit code has been identified at time of analysis, and this vulnerability is not currently listed in the CISA KEV catalog.
OpenClaw before version 2026.3.24 allows unauthenticated remote denial of service via the Feishu webhook handler, which accepts request bodies up to 1MB with a 30-second timeout before verifying the request signature. An attacker can exhaust server connection resources by sending concurrent slow HTTP POST requests, blocking legitimate webhook deliveries and degrading service availability. This is an incomplete remediation of the earlier CVE-2026-32011.
Unauthenticated resource exhaustion in OpenClaw before 2026.3.22 allows remote attackers to cause denial of service by sending large or malicious webhook requests to the voice call handler, which buffers request bodies before validating provider signatures. The vulnerability requires only network access (AV:N, PR:N) and can be exploited with low complexity, making it a practical attack vector for disrupting service availability.
Bitcoin Core versions through 29.0 contain a denial of service vulnerability that can be triggered by a specially crafted transaction. An attacker with network access can send a malicious transaction to cause the affected Bitcoin Core node to become unresponsive or crash, disrupting normal operation of the node. No CVSS score, EPSS data, or active exploitation in the wild has been disclosed, but the vulnerability has been formally disclosed by the Bitcoin Core project.
MongoDB instances are vulnerable to denial of service attacks when processing specially crafted unauthenticated messages that trigger memory exhaustion and server crashes. An unauthenticated remote attacker can exploit this vulnerability to disable MongoDB availability without requiring valid credentials or user interaction. No patch is currently available for this vulnerability.
Businessobjects Business Intelligence Platform versions up to 430 contains a security vulnerability (CVSS 6.5).
Businessobjects Business Intelligence Platform versions up to 430 contains a security vulnerability (CVSS 7.5).
Denial of service in Svelte devalue library versions 5.1.0 through 5.6.1 allows remote attackers to exhaust CPU and memory resources by supplying malformed input to the parse function, affecting applications that process untrusted serialized data. The vulnerability stems from insufficient validation of ArrayBuffer inputs during deserialization. Applications should upgrade to version 5.6.2 or later.
Denial of service in Svelte devalue versions 5.3.0 through 5.6.1 allows remote attackers to exhaust CPU and memory resources by supplying malformed input to the parse function, affecting applications that process untrusted data. The vulnerability stems from insufficient validation of typed array inputs before hydration, enabling attackers to trigger excessive resource consumption. Update to version 5.6.2 or later to remediate.
Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps.