Skip to main content

CWE-408

Incorrect Behavior Order: Early Amplification

6 CVEs Avg CVSS 7.1 MITRE
0
CRITICAL
3
HIGH
3
MEDIUM
0
LOW
1
POC
0
KEV

Monthly

CVE-2026-3592 MEDIUM PATCH This Month

Amplified resource exhaustion in ISC BIND 9 resolvers enables remote unauthenticated attackers to cause disproportionate resource consumption by directing a victim resolver to query a specially crafted authoritative DNS zone. All major BIND 9 resolver branches are affected, spanning versions 9.11.x through 9.21.x including BIND 9 Supported (S1) variants, representing a broad deployment footprint across enterprise and ISP resolver infrastructure. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV; ISC has released patched versions.

Information Disclosure Suse Red Hat
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-41405 npm HIGH PATCH This Week

Resource exhaustion in OpenClaw before 2026.3.31 allows remote unauthenticated attackers to crash servers by sending malicious Microsoft Teams webhook payloads. The application parses request bodies before performing JWT validation, enabling attackers to bypass authentication and trigger denial-of-service conditions. A vendor patch is available via GitHub commit 3834d47, with no evidence of active exploitation (not in CISA KEV) and no public POC identified at time of analysis.

Denial Of Service Openclaw
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-41374 npm MEDIUM PATCH This Month

OpenClaw before version 2026.3.31 performs Discord audio preflight transcription without validating member authorization, allowing unauthenticated remote attackers to trigger resource-intensive audio processing and cause denial of service through resource exhaustion.

Denial Of Service Openclaw
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-41331 npm MEDIUM PATCH This Month

OpenClaw before version 2026.3.31 allows unauthenticated remote attackers to trigger resource-intensive audio transcription processing via Telegram without proper authorization, enabling denial-of-service through billing or infrastructure exhaustion. The vulnerability stems from insufficient allowlist enforcement that permits unauthorized group senders to initiate preflight transcription operations before authentication is validated, and no public exploit code has been identified at the time of analysis.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2022-2576 Maven HIGH POC PATCH This Week

In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Californium
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2020-1657 HIGH This Week

On SRX Series devices, a vulnerability in the key-management-daemon (kmd) daemon of Juniper Networks Junos OS allows an attacker to spoof packets targeted to IPSec peers before a security association. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
7.5
EPSS
1.3%
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Amplified resource exhaustion in ISC BIND 9 resolvers enables remote unauthenticated attackers to cause disproportionate resource consumption by directing a victim resolver to query a specially crafted authoritative DNS zone. All major BIND 9 resolver branches are affected, spanning versions 9.11.x through 9.21.x including BIND 9 Supported (S1) variants, representing a broad deployment footprint across enterprise and ISP resolver infrastructure. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV; ISC has released patched versions.

Information Disclosure Suse Red Hat
NVD VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Resource exhaustion in OpenClaw before 2026.3.31 allows remote unauthenticated attackers to crash servers by sending malicious Microsoft Teams webhook payloads. The application parses request bodies before performing JWT validation, enabling attackers to bypass authentication and trigger denial-of-service conditions. A vendor patch is available via GitHub commit 3834d47, with no evidence of active exploitation (not in CISA KEV) and no public POC identified at time of analysis.

Denial Of Service Openclaw
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

OpenClaw before version 2026.3.31 performs Discord audio preflight transcription without validating member authorization, allowing unauthenticated remote attackers to trigger resource-intensive audio processing and cause denial of service through resource exhaustion.

Denial Of Service Openclaw
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

OpenClaw before version 2026.3.31 allows unauthenticated remote attackers to trigger resource-intensive audio transcription processing via Telegram without proper authorization, enabling denial-of-service through billing or infrastructure exhaustion. The vulnerability stems from insufficient allowlist enforcement that permits unauthorized group senders to initiate preflight transcription operations before authentication is validated, and no public exploit code has been identified at the time of analysis.

Authentication Bypass Openclaw
NVD GitHub VulDB
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Californium
NVD
EPSS 1% CVSS 7.5
HIGH This Week

On SRX Series devices, a vulnerability in the key-management-daemon (kmd) daemon of Juniper Networks Junos OS allows an attacker to spoof packets targeted to IPSec peers before a security association. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy