Monthly
Amplified resource exhaustion in ISC BIND 9 resolvers enables remote unauthenticated attackers to cause disproportionate resource consumption by directing a victim resolver to query a specially crafted authoritative DNS zone. All major BIND 9 resolver branches are affected, spanning versions 9.11.x through 9.21.x including BIND 9 Supported (S1) variants, representing a broad deployment footprint across enterprise and ISP resolver infrastructure. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV; ISC has released patched versions.
Resource exhaustion in OpenClaw before 2026.3.31 allows remote unauthenticated attackers to crash servers by sending malicious Microsoft Teams webhook payloads. The application parses request bodies before performing JWT validation, enabling attackers to bypass authentication and trigger denial-of-service conditions. A vendor patch is available via GitHub commit 3834d47, with no evidence of active exploitation (not in CISA KEV) and no public POC identified at time of analysis.
OpenClaw before version 2026.3.31 performs Discord audio preflight transcription without validating member authorization, allowing unauthenticated remote attackers to trigger resource-intensive audio processing and cause denial of service through resource exhaustion.
OpenClaw before version 2026.3.31 allows unauthenticated remote attackers to trigger resource-intensive audio transcription processing via Telegram without proper authorization, enabling denial-of-service through billing or infrastructure exhaustion. The vulnerability stems from insufficient allowlist enforcement that permits unauthorized group senders to initiate preflight transcription operations before authentication is validated, and no public exploit code has been identified at the time of analysis.
Amplified resource exhaustion in ISC BIND 9 resolvers enables remote unauthenticated attackers to cause disproportionate resource consumption by directing a victim resolver to query a specially crafted authoritative DNS zone. All major BIND 9 resolver branches are affected, spanning versions 9.11.x through 9.21.x including BIND 9 Supported (S1) variants, representing a broad deployment footprint across enterprise and ISP resolver infrastructure. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV; ISC has released patched versions.
Resource exhaustion in OpenClaw before 2026.3.31 allows remote unauthenticated attackers to crash servers by sending malicious Microsoft Teams webhook payloads. The application parses request bodies before performing JWT validation, enabling attackers to bypass authentication and trigger denial-of-service conditions. A vendor patch is available via GitHub commit 3834d47, with no evidence of active exploitation (not in CISA KEV) and no public POC identified at time of analysis.
OpenClaw before version 2026.3.31 performs Discord audio preflight transcription without validating member authorization, allowing unauthenticated remote attackers to trigger resource-intensive audio processing and cause denial of service through resource exhaustion.
OpenClaw before version 2026.3.31 allows unauthenticated remote attackers to trigger resource-intensive audio transcription processing via Telegram without proper authorization, enabling denial-of-service through billing or infrastructure exhaustion. The vulnerability stems from insufficient allowlist enforcement that permits unauthorized group senders to initiate preflight transcription operations before authentication is validated, and no public exploit code has been identified at the time of analysis.