Monthly
Remote denial-of-service in Juniper Networks Junos OS and Junos OS Evolved 25.2 (before 25.2R2 / 25.2R2-EVO) lets an adjacent, unauthenticated BGP peer crash the routing protocol daemon (RPD) by sending a single malformed non-inet/inet6 unicast BGP update over an already-established session. The RPD crash-and-restart produces a full routing outage until reconvergence completes, though the crash occurs before the update is readvertised so there is no downstream propagation to other routers. CVSS 4.0 base score is 7.1; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Denial-of-service in Juniper Junos OS Evolved on PTX Series routers lets an unauthenticated network attacker crash the advanced forwarding toolkit process (evo-aftmand) on the Packet Forwarding Engine by driving continuous routing updates that produce unified-list (unilist) ECMP routes. The resulting internal state corruption generates an evo-aftmand-bx core and halts forwarding, requiring a manual FPC restart or system reboot to recover. No public exploit identified at time of analysis; the vendor (Juniper SIRT) notes successful exploitation depends on a sequence of events outside the attacker's direct control, so this is a high-CVSS availability issue rather than a trivially reproducible one.
Ingress firewall filter bypass in Juniper Networks Junos OS on MX Series hardware (MPC10/11, LC4800/9600/4802, MX304) allows adjacent subscribers on static interfaces to evade configured protocol-level access controls and upstream bandwidth limitations. The Packet Forwarding Engine (PFE) fails to enforce ingress filters for these subscriber configurations, meaning neither protocol restrictions nor rate-limiting policies take effect. No public exploit code has been identified and the vulnerability is absent from CISA KEV, though the CVSS 4.0 AU:Y (Automatable) supplemental metric indicates exploitation could be scripted at scale against affected broadband aggregation deployments.
Denial-of-service in the Packet Forwarding Engine (PFE) of Juniper Junos OS on MX (with SPC3) and SRX-series firewalls lets an unauthenticated, network-based attacker crash and restart the PFE, dropping all traffic-forwarding services until automatic recovery. Exploitation is indirect: the attacker must lure or wait for the affected device to initiate an outbound TCP connection to an attacker-controlled system, which then replies with a crafted packet that trips an unhandled exceptional condition (CWE-754). Juniper-reported with CVSS 4.0 8.2; no public exploit identified at time of analysis and it is not in CISA KEV.
Denial-of-service in Juniper Networks Junos OS on QFX10000 Series switches allows an unauthenticated, adjacent (Layer 2) attacker to saturate data-center links by injecting IPv6 multicast traffic in an EVPN-VxLAN fabric. When such packets reach a non-IRB interface of a spine switch, the packet-forwarding engine floods them to other spines and all ESI leaf switches, creating an endless forwarding loop that starves legitimate traffic. No public exploit identified at time of analysis and it is not listed in CISA KEV; the vendor-assigned CVSS 4.0 base score is 7.1.
Denial of service conditions in Palo Alto Networks PAN-OS allow unauthenticated network attackers to crash firewall dataplane processes by sending specially crafted traffic to or through a dataplane interface. Repeated exploitation escalates the impact: the firewall is forced into maintenance mode, effectively taking the security appliance offline and disrupting all traffic enforcement. No public exploit code has been identified at time of analysis, and Panorama management infrastructure is explicitly confirmed unaffected.
Phoenix Framework's Presence JavaScript client allows any user with ordinary channel access to permanently break presence synchronization for all other viewers of an affected channel topic. By joining a channel using a key name that collides with an Object.prototype property (such as '__proto__', 'constructor', or 'toString'), an attacker causes an uncaught TypeError inside Presence.syncState and Presence.syncDiff that halts all further presence updates for every connected viewer until the attacker disconnects. This is not in CISA KEV, no public exploit has been identified, and the CVSS 4.0 score of 6.3 reflects the limited but persistent client-side availability impact with no server-side exposure.
FOSSBilling's PayPalEmail payment adapter prior to version 0.8.0 fails to validate IPN-supplied payment amounts against invoice totals, enabling authenticated clients to underpay invoices while having them marked as fully paid. The PayPal IPN field `mc_gross` is credited directly to the client balance without cross-checking the corresponding invoice amount, and a pre-existing $0.05 floating-point epsilon in the credit-payment logic expands the exploitable gap to $0.04 per invoice. No public exploit code exists and the vulnerability is not in CISA KEV; however, the attack is trivially executable by any registered client on a system with the PayPalEmail adapter enabled.
Heap buffer overflow in ImageMagick's MVG decoder allows remote unauthenticated attackers to trigger an out-of-bounds write by supplying a specially crafted image file, resulting in denial of service. Affected are all ImageMagick deployments prior to versions 6.9.13-51 (legacy v6 branch) and 7.1.2-26 (current v7 branch). No public exploit code or active exploitation has been identified at time of analysis; however, the network-accessible vector and zero-privilege requirement make this relevant for any service that accepts and processes user-supplied images.
Unauthenticated denial-of-service in Typesense search engine versions prior to 29.1 and 30.2 allows remote attackers to terminate the server process by sending a crafted request to the /multi_search endpoint. The flaw triggers an unhandled exception during request processing, causing complete service unavailability for the duration of restart and dataset reload. No public exploit identified at time of analysis, and the low EPSS score (0.10%) suggests limited current exploitation interest despite the high CVSS 4.0 score of 8.7.
Remote denial-of-service in Juniper Networks Junos OS and Junos OS Evolved 25.2 (before 25.2R2 / 25.2R2-EVO) lets an adjacent, unauthenticated BGP peer crash the routing protocol daemon (RPD) by sending a single malformed non-inet/inet6 unicast BGP update over an already-established session. The RPD crash-and-restart produces a full routing outage until reconvergence completes, though the crash occurs before the update is readvertised so there is no downstream propagation to other routers. CVSS 4.0 base score is 7.1; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Denial-of-service in Juniper Junos OS Evolved on PTX Series routers lets an unauthenticated network attacker crash the advanced forwarding toolkit process (evo-aftmand) on the Packet Forwarding Engine by driving continuous routing updates that produce unified-list (unilist) ECMP routes. The resulting internal state corruption generates an evo-aftmand-bx core and halts forwarding, requiring a manual FPC restart or system reboot to recover. No public exploit identified at time of analysis; the vendor (Juniper SIRT) notes successful exploitation depends on a sequence of events outside the attacker's direct control, so this is a high-CVSS availability issue rather than a trivially reproducible one.
Ingress firewall filter bypass in Juniper Networks Junos OS on MX Series hardware (MPC10/11, LC4800/9600/4802, MX304) allows adjacent subscribers on static interfaces to evade configured protocol-level access controls and upstream bandwidth limitations. The Packet Forwarding Engine (PFE) fails to enforce ingress filters for these subscriber configurations, meaning neither protocol restrictions nor rate-limiting policies take effect. No public exploit code has been identified and the vulnerability is absent from CISA KEV, though the CVSS 4.0 AU:Y (Automatable) supplemental metric indicates exploitation could be scripted at scale against affected broadband aggregation deployments.
Denial-of-service in the Packet Forwarding Engine (PFE) of Juniper Junos OS on MX (with SPC3) and SRX-series firewalls lets an unauthenticated, network-based attacker crash and restart the PFE, dropping all traffic-forwarding services until automatic recovery. Exploitation is indirect: the attacker must lure or wait for the affected device to initiate an outbound TCP connection to an attacker-controlled system, which then replies with a crafted packet that trips an unhandled exceptional condition (CWE-754). Juniper-reported with CVSS 4.0 8.2; no public exploit identified at time of analysis and it is not in CISA KEV.
Denial-of-service in Juniper Networks Junos OS on QFX10000 Series switches allows an unauthenticated, adjacent (Layer 2) attacker to saturate data-center links by injecting IPv6 multicast traffic in an EVPN-VxLAN fabric. When such packets reach a non-IRB interface of a spine switch, the packet-forwarding engine floods them to other spines and all ESI leaf switches, creating an endless forwarding loop that starves legitimate traffic. No public exploit identified at time of analysis and it is not listed in CISA KEV; the vendor-assigned CVSS 4.0 base score is 7.1.
Denial of service conditions in Palo Alto Networks PAN-OS allow unauthenticated network attackers to crash firewall dataplane processes by sending specially crafted traffic to or through a dataplane interface. Repeated exploitation escalates the impact: the firewall is forced into maintenance mode, effectively taking the security appliance offline and disrupting all traffic enforcement. No public exploit code has been identified at time of analysis, and Panorama management infrastructure is explicitly confirmed unaffected.
Phoenix Framework's Presence JavaScript client allows any user with ordinary channel access to permanently break presence synchronization for all other viewers of an affected channel topic. By joining a channel using a key name that collides with an Object.prototype property (such as '__proto__', 'constructor', or 'toString'), an attacker causes an uncaught TypeError inside Presence.syncState and Presence.syncDiff that halts all further presence updates for every connected viewer until the attacker disconnects. This is not in CISA KEV, no public exploit has been identified, and the CVSS 4.0 score of 6.3 reflects the limited but persistent client-side availability impact with no server-side exposure.
FOSSBilling's PayPalEmail payment adapter prior to version 0.8.0 fails to validate IPN-supplied payment amounts against invoice totals, enabling authenticated clients to underpay invoices while having them marked as fully paid. The PayPal IPN field `mc_gross` is credited directly to the client balance without cross-checking the corresponding invoice amount, and a pre-existing $0.05 floating-point epsilon in the credit-payment logic expands the exploitable gap to $0.04 per invoice. No public exploit code exists and the vulnerability is not in CISA KEV; however, the attack is trivially executable by any registered client on a system with the PayPalEmail adapter enabled.
Heap buffer overflow in ImageMagick's MVG decoder allows remote unauthenticated attackers to trigger an out-of-bounds write by supplying a specially crafted image file, resulting in denial of service. Affected are all ImageMagick deployments prior to versions 6.9.13-51 (legacy v6 branch) and 7.1.2-26 (current v7 branch). No public exploit code or active exploitation has been identified at time of analysis; however, the network-accessible vector and zero-privilege requirement make this relevant for any service that accepts and processes user-supplied images.
Unauthenticated denial-of-service in Typesense search engine versions prior to 29.1 and 30.2 allows remote attackers to terminate the server process by sending a crafted request to the /multi_search endpoint. The flaw triggers an unhandled exception during request processing, causing complete service unavailability for the duration of restart and dataset reload. No public exploit identified at time of analysis, and the low EPSS score (0.10%) suggests limited current exploitation interest despite the high CVSS 4.0 score of 8.7.