Skip to main content

Denial Of Service

36503 CVEs technique

Monthly

CVE-2026-12199 HIGH This Week

Unauthenticated remote denial of service in NLTK's WordNet Browser HTTP server (nltk.app.wordnet_app) through version 3.9.3 allows any network-reachable attacker to terminate the server process by sending a single GET request to /SHUTDOWN%20THE%20SERVER. The server binds to all interfaces by default and invokes os._exit(0) on receipt, with no public exploit identified at time of analysis but exploitation is trivial given the documented endpoint.

Authentication Bypass Denial Of Service Nltk Nltk Red Hat
NVD VulDB
CVSS 3.0
7.5
EPSS
0.5%
CVE-2026-28575 CRITICAL Act Now

Local denial of service in Android's PackageInstaller subsystem stems from a logic error in PackageInstallerSession.transfer() that allows a local app to trigger memory exhaustion of the system package installer. The flaw, addressed in the Android Security Bulletin for Android 17, can be triggered without user interaction and without elevated privileges, but its impact is confined to denial of service rather than code execution. No public exploit identified at time of analysis.

Google Java Denial Of Service
NVD
CVSS 4.0
10.0
EPSS
0.2%
CVE-2026-0064 CRITICAL Act Now

Persistent denial of service in Google Android allows local attackers to exhaust device resources in multiple code paths, rendering functionality unavailable until manual intervention. The flaw requires no privileges and no user interaction, and is addressed in the Android Security Bulletin for android-17. No public exploit identified at time of analysis and no EPSS or KEV signal is provided.

Denial Of Service
NVD VulDB
CVSS 4.0
10.0
EPSS
0.2%
CVE-2026-12467 HIGH PATCH This Week

Use after free in Extensions in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Google Use After Free Denial Of Service Memory Corruption Red Hat +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.3%
CVE-2026-12464 HIGH PATCH This Week

Use after free in Browser in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Google Use After Free Denial Of Service Memory Corruption Red Hat +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.3%
CVE-2026-12462 HIGH PATCH This Week

Use after free in Media in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Google Use After Free RCE Memory Corruption Denial Of Service +2
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-12455 HIGH PATCH This Week

Use after free in Tab Strip in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Google Use After Free Memory Corruption Denial Of Service Red Hat +1
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-12452 HIGH PATCH This Week

Use after free in Downloads in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Google Use After Free Memory Corruption Denial Of Service Red Hat +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-12451 HIGH PATCH This Week

Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Google Use After Free Denial Of Service Memory Corruption Red Hat +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.3%
CVE-2026-12449 HIGH PATCH This Week

Use after free in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)

Google Microsoft Use After Free Privilege Escalation Memory Corruption +3
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-12445 HIGH PATCH This Week

Use after free in Extensions in Google Chrome prior to 149.0.7827.155 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)

Google Use After Free Memory Corruption Denial Of Service Red Hat +1
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-12443 HIGH PATCH This Week

Use after free in Web Authentication in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Google Use After Free RCE Memory Corruption Denial Of Service +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-12442 HIGH PATCH This Week

Use after free in Passwords in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Google Use After Free RCE Memory Corruption Denial Of Service +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-12441 HIGH PATCH This Week

Use after free in File Input in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Google Use After Free Memory Corruption Denial Of Service Red Hat +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-12440 CRITICAL PATCH Act Now

Use after free in DigitalCredentials in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Google Microsoft Use After Free Memory Corruption Denial Of Service +2
NVD VulDB
CVSS 3.1
9.6
EPSS
0.3%
CVE-2026-12439 HIGH PATCH This Week

Heap corruption in Google Chrome's Digital Credentials component (versions prior to 149.0.7827.155) allows remote attackers to trigger a use-after-free condition by enticing a user to visit a crafted HTML page, potentially leading to arbitrary code execution within the renderer process. Chromium rates this issue as Critical severity, and Google has released a patched stable-channel build; no public exploit identified at time of analysis and EPSS sits at 0.31% (23rd percentile), indicating low predicted near-term exploitation pressure despite the high CVSS of 8.8.

Google Use After Free Memory Corruption Denial Of Service Red Hat +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-12437 HIGH PATCH This Week

Use after free in WebShare in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Google Use After Free Microsoft Memory Corruption Denial Of Service +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.3%
CVE-2026-36849 HIGH This Week

Denial of service in libtiff v4.7.1 and prior allows processing of a crafted TIFF file containing an abnormally large SamplesPerPixel tag value to crash or hang the affected process. Any application or service that passes attacker-controlled TIFF files through libtiff is potentially vulnerable, including web-based image processors, document converters, and media ingestion pipelines. No active exploitation has been confirmed by CISA KEV, and no public exploit code has been identified at the time of this analysis.

Gitlab Denial Of Service Suse
NVD
CVE-2026-39199 LOW Monitor

Out-of-bounds write in snes9x 1.63's UPS patch file parser allows a crafted .ups ROM patch file to trigger memory corruption and a denial-of-service crash. The flaw resides in the ReadUPSPatch loop in memmap.cpp, where the loop iterator `relative` was not bounded against CMemory::MAX_ROM_SIZE, permitting writes past the end of the allocated ROM buffer. Impact is limited to availability (crash) per the CVSS vector, though the underlying CWE-787 out-of-bounds write class carries broader memory-safety implications. No public exploit identified at time of analysis, and CVSS rates this Low (2.9) due to local attack vector and high complexity.

Denial Of Service Memory Corruption Buffer Overflow Snes9X
NVD GitHub VulDB
CVSS 3.1
2.9
EPSS
0.1%
CVE-2026-52797 Go HIGH PATCH GHSA This Week

Authenticated path traversal in Gogs self-hosted Git service (versions <= 0.13.4) allows any user with repository edit permissions to overwrite arbitrary files on the host filesystem via the diff preview endpoint, resulting in denial of service. By abusing the `git diff --output=<file>` flag through the `POST /:user/:repo/_preview/:branch/:path_to_file` handler and bypassing the standard library `path.Clean` filter, an attacker can corrupt critical files such as `gogs.db` or `app.ini`. Publicly available exploit code exists in the form of a detailed researcher write-up with payload examples, though no CISA KEV listing or active exploitation has been reported.

Path Traversal Denial Of Service
NVD GitHub
CVSS 3.1
8.5
EPSS
0.4%
CVE-2026-46932 HIGH This Week

Information disclosure and partial denial of service in Oracle E-Business Suite Enterprise Asset Management (versions 12.2.3 through 12.2.15) allows a low-privileged authenticated attacker with HTTP network access to read all data accessible to the Enterprise Asset Management module and degrade its availability. Oracle rates the issue 7.1 CVSS 3.1 and describes it as easily exploitable. No public exploit identified at time of analysis and the CVE is not currently listed in CISA KEV.

Authentication Bypass Denial Of Service Oracle Oracle Enterprise Asset Management
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2026-46901 CRITICAL Act Now

Scope-changing compromise in Oracle Enterprise Command Center Framework V15 and V16 (a component of Oracle E-Business Suite) allows a low-privileged remote attacker to read, modify, or delete all framework-accessible data and partially disrupt service via HTTP. Because CVSS scope is Changed, exploitation impacts additional Oracle E-Business Suite products beyond the Framework itself, driving the 9.9 base score. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Authentication Bypass Denial Of Service Oracle Oracle Enterprise Command Center Framework
NVD
CVSS 3.1
9.9
EPSS
0.4%
CVE-2026-46897 CRITICAL Act Now

Privileged data manipulation and disclosure in Oracle Enterprise Command Center Framework V15 and V16 allows a low-privileged remote attacker over HTTP to gain unauthorized read, modify, and delete access to all framework-accessible data, with scope change extending impact to other Oracle E-Business Suite products. The CVSS 9.9 score reflects low attack complexity, low privileges required, and the scope change that crosses security boundaries into adjacent products. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Authentication Bypass Denial Of Service Oracle Oracle Enterprise Command Center Framework
NVD VulDB
CVSS 3.1
9.9
EPSS
0.4%
CVE-2026-46872 CRITICAL Act Now

Privileged remote tampering in Oracle Enterprise Manager Base Platform 13.5 and 24.1 (Install component) allows an authenticated, high-privileged attacker over HTTPS to modify or destroy critical data, read a subset of data, and trigger a complete denial of service, with scope change extending impact to additional products. Oracle rates the issue CVSS 3.1 9.0 and there is no public exploit identified at time of analysis, but the scope-change behavior and broad impact warrant prompt patching during the next Oracle CPU window.

Denial Of Service Oracle Oracle Enterprise Manager Base Platform
NVD
CVSS 3.1
9.0
EPSS
0.4%
CVE-2026-46866 HIGH This Week

Remote denial-of-service and data tampering in Oracle Enterprise Manager Base Platform 13.5 and 24.1 allows unauthenticated network attackers to crash or hang the management console and to perform unauthorized modifications to a subset of accessible data via the Agent Next Gen component over HTTPS. Oracle rates the issue CVSS 8.2 and notes the flaw is easily exploitable; no public exploit identified at time of analysis, and it is not listed on the CISA KEV catalog.

Denial Of Service Oracle Oracle Enterprise Manager Base Platform
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2026-46863 HIGH PATCH This Week

Remote unauthenticated denial-of-service in Oracle MySQL Server and MySQL Cluster (8.0.x, 8.4.x, and 9.0.0-9.7.0) allows network attackers to trigger a hang or repeatable crash of the database via the Server Connection Handling component. Oracle rates the issue as easily exploitable over multiple protocols with no authentication or user interaction, producing a complete availability loss (CVSS 7.5, A:H only). No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Denial Of Service Oracle Mysql Server Mysql Cluster
NVD VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2026-46862 HIGH PATCH This Week

Denial of service in Oracle MySQL Router 8.4.0-8.4.9 and 9.0.0-9.7.0 allows unauthenticated remote attackers to hang or repeatedly crash the routing service over TLS-enabled network connections, producing a complete DOS of the affected component. CVSS 3.1 scores this 7.5 with availability-only impact, and no public exploit identified at time of analysis. Because MySQL Router brokers application traffic to InnoDB Cluster/ReplicaSet backends, an outage cascades into downstream application unavailability even when the database servers themselves remain healthy.

Denial Of Service Oracle Mysql Router
NVD VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2026-46776 HIGH This Week

Unauthenticated LDAP-based compromise of Oracle Unified Directory 12.2.1.4.0 and 14.1.2.1.0 allows remote attackers to create, delete, or modify critical directory data, read a subset of directory data, and trigger a partial denial of service. The flaw resides in the OUD Core component and was disclosed in Oracle's June 2026 Critical Patch Update with a CVSS 3.1 base score of 8.6; no public exploit identified at time of analysis and the issue is not in CISA KEV.

Denial Of Service Oracle Oracle Unified Directory Authentication Bypass
NVD
CVSS 3.1
8.6
EPSS
0.4%
CVE-2026-35314 HIGH This Week

Remote unauthenticated compromise of Oracle Access Manager 12.2.1.4.0 and 14.1.2.1.0 is possible via the Web Server Plugin component over HTTP, allowing attackers to alter or read subsets of OAM data and trigger partial denial of service. The flaw carries a CVSS 3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N) and is rated easily exploitable by Oracle. No public exploit identified at time of analysis, and the CVE is not currently listed in CISA KEV.

Denial Of Service Oracle Oracle Access Manager Authentication Bypass
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2026-35262 HIGH This Week

Authenticated tampering and data exposure in Oracle Data Integrator 12.2.1.4.0 and 14.1.2.0.0 (Market Place component) allows a low-privileged attacker with HTTP network access to read, modify, or delete all data accessible to the product and induce a partial denial of service. Oracle assigns a CVSS 3.1 base score of 8.3 (AV:N/AC:L/PR:L/UI:N/C:H/I:H/A:L), and no public exploit identified at time of analysis. The flaw is described by Oracle as easily exploitable, raising the priority for any externally reachable ODI deployment.

Authentication Bypass Denial Of Service Oracle Oracle Data Integrator
NVD
CVSS 3.1
8.3
EPSS
0.4%
CVE-2026-0156 HIGH This Week

Remote denial of service in Android (Pixel) RTP stack arises from a missing null check in checkSsrcCollisionOnRcv within RtpSession.cpp, allowing unauthenticated attackers to crash the affected media component over the network. The flaw carries CVSS 7.5 with availability-only impact, and at the time of analysis there is no public exploit identified and the EPSS exploitation probability is very low (0.14%, 4th percentile).

Denial Of Service Null Pointer Dereference
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-0144 Awaiting Data

In writeAocCommand of AocAudioCodec.cpp, there is a possible memory safety issue due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-0143 Awaiting Data

In lwis_device_external_event_emit of lwis_event.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation Buffer Overflow Denial Of Service
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-0137 Awaiting Data

In edgetpu_sync_fence_group_shutdown() of edgetpu-dmabuf.c, there is a possible elevation of privilege due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation Denial Of Service
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-0136 MEDIUM This Month

In Modem, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Denial Of Service Buffer Overflow
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-0127 Awaiting Data

In NrmmMsgCodec::DecodeUPUTransparentContext of cn_NrmmDecoder.cpp, there is a possible out-of-bounds read due to memory corruption. This could lead to remote denial of service causing a communication processor crash with no additional execution privileges needed. User interaction is not needed for exploitation.

Denial Of Service Buffer Overflow
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-0125 Awaiting Data

In multiple functions of vpu_ioctl.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation Denial Of Service
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2026-10649 HIGH This Week

Denial of service in Pacemaker's CIB remote listener allows unauthenticated remote attackers to crash the cluster service by sending a specially crafted compressed message. The vulnerability is an integer overflow (CWE-190) triggered during pre-authentication message decompression, leading to memory corruption. No public exploit identified at time of analysis, but the pre-auth attack vector and high availability impact on cluster-management infrastructure make this a meaningful risk for exposed deployments.

Denial Of Service Buffer Overflow Integer Overflow
NVD GitHub VulDB
CVSS 3.1
8.6
EPSS
0.5%
CVE-2026-54288 npm MEDIUM PATCH GHSA This Month

Body Limit Middleware bypass in Hono (npm/hono < 4.12.25) allows unauthenticated remote clients to send payloads exceeding the configured size limit when the application is deployed on AWS Lambda. By understating the `Content-Length` request header, attackers exploit the Lambda adapter's trust of client-declared header values to slip oversized bodies - large JSON, multipart uploads, etc. - past the middleware check, forcing handlers to process payloads larger than intended and inflating per-request CPU and memory consumption. No public exploit has been identified at time of analysis; the issue is fixed in hono 4.12.25.

Denial Of Service
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-54531 PyPI MEDIUM PATCH GHSA This Month

Processing crafted PDF outlines in pypdf versions prior to 6.13.0 triggers an infinite loop during writer merge operations, causing a denial of service. Applications that accept user-supplied PDFs and merge them using PdfWriter are affected - specifically any code path that calls merge() on a PDF whose /Outlines or /Parent hierarchy contains circular references. No public exploit has been identified at time of analysis and this is not listed in CISA KEV; a vendor-released patch is available as pypdf 6.13.0.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-54530 PyPI MEDIUM PATCH GHSA This Month

Infinite loop denial-of-service in pypdf allows an attacker to hang any Python application that processes a crafted PDF using layout-mode text extraction. The vulnerability arises because the `/Parent` hierarchy traversal in `_layout_mode_fonts()` lacked cycle detection, so a circular reference structure in a malicious PDF causes the parser to loop indefinitely. No active exploitation is confirmed (not in CISA KEV) and no public exploit code has been identified, but the attack surface is broad: any service accepting user-supplied PDFs and passing them to pypdf's layout-mode extraction is potentially affected.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-49461 PyPI MEDIUM PATCH GHSA This Month

Uncontrolled resource consumption in pypdf versions before 6.12.2 allows any attacker who can cause an application to call `extract_text()` on a crafted PDF to trigger unbounded memory growth, resulting in denial of service. The vulnerability arises specifically during form XObject traversal: a PDF containing a self-referencing XObject resource dictionary causes the extraction code to recurse infinitely without cycle detection. No public exploit code has been identified at time of analysis, and this vulnerability does not appear in the CISA KEV catalog.

Denial Of Service Red Hat
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-10640 HIGH PATCH This Week

Denial of service (and potential limited memory corruption) in the Zephyr RTOS IPv6 networking stack (versions 3.3.0 through 4.4.0) stems from a use-after-free in the IPv6 Neighbor Discovery send paths, where per-interface ICMP statistics are updated by reading from a network packet after the stack has already freed it. Any unauthenticated on-link node can trigger the Neighbor Advertisement path simply by sending ICMPv6 Neighbor Solicitations to a Zephyr node with native IPv6 and CONFIG_NET_STATISTICS_PER_INTERFACE enabled, causing a freed slab block to be dereferenced. There is no public exploit identified at time of analysis and EPSS is low (0.14%, 4th percentile); a vendor patch is available, and impact is largely limited to crashes/DoS with only theoretical limited memory corruption.

Denial Of Service Use After Free Memory Corruption Buffer Overflow Zephyr
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2026-10639 MEDIUM PATCH This Month

Use-after-free in Zephyr RTOS's ICMPv4 echo handler allows any unauthenticated remote host to trigger memory corruption or a crash by sending a standard ICMP ping to an affected device. The defect exists in all versions from v1.14 (2019) through v4.4.0, where `icmpv4_handle_echo_request()` reads from a freed `net_pkt` struct after transferring packet ownership to the TX path - violating a contract explicitly documented in `net_core.c`. No public exploit code exists and this CVE does not appear in CISA KEV, but the zero-privilege, network-reachable attack surface makes it a meaningful risk for internet-exposed embedded and IoT deployments running Zephyr with ICMP statistics enabled.

Use After Free Memory Corruption Denial Of Service Zephyr
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.2%
CVE-2026-10638 HIGH PATCH This Week

Use-after-free in Zephyr RTOS's ICMPv6 stack (v4.2.0-v4.4.0) allows an unauthenticated remote attacker to crash the networking stack and potentially corrupt memory by sending a standard ICMPv6 Echo Request or any IPv6 packet that elicits an ICMPv6 error response. Both `icmpv6_handle_echo_request()` and `net_icmpv6_send_error()` call `net_pkt_iface()` on a packet after transferring it to `net_try_send_data()`, which may synchronously or asynchronously free the packet's memory slab before the statistics update executes. When `CONFIG_NET_STATISTICS_PER_INTERFACE` is enabled, the stale interface pointer is written through (`iface->stats.icmp.sent++`), escalating the read UAF into an attacker-influenced memory write; no public exploit has been identified at time of analysis, but the trigger is a universally available IPv6 primitive.

Denial Of Service Use After Free Memory Corruption Buffer Overflow Zephyr
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-10637 HIGH PATCH This Week

Remotely triggerable denial of service in the Zephyr RTOS networking stack (versions 1.12.0 through 4.4.x) arises from a use-after-free in the IPv6 MLD code path, where mld_send() reads net_pkt_iface(pkt) after net_send_data() has already transferred packet ownership and the L2 driver freed it back to its memory slab. An unauthenticated attacker on the local link can elicit the vulnerable path by sending a crafted MLDv2 General Query, causing a NULL-pointer dereference crash or, in a narrow race, memory corruption via a stray statistics increment. There is no public exploit identified at time of analysis, EPSS is low (0.18%), and the issue is not in CISA KEV; a vendor patch is available.

Denial Of Service Use After Free Memory Corruption Buffer Overflow Zephyr
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.2%
CVE-2026-10636 LOW PATCH Monitor

Use-after-free in Zephyr's IPv4 IGMP implementation (igmp_send(), subsys/net/ip/igmp.c) allows a remote unauthenticated attacker to trigger undefined behavior and sporadic denial-of-service crashes on devices running Zephyr v2.6.0 through v4.4.0. The flaw arises because the network packet's interface pointer is re-read via net_pkt_iface(pkt) after net_send_data() may have already released the packet's last reference, returning the slab block to the free list. No public exploit code exists and the vulnerability is not in CISA KEV; however, the remote trigger path via IGMP membership queries (224.0.0.1) requires no authentication, and the analogous IPv6 MLD path (mld_send) carries the same unpatched pattern.

Use After Free Memory Corruption Denial Of Service Zephyr
NVD GitHub VulDB
CVSS 3.1
3.7
EPSS
0.3%
CVE-2026-11317 HIGH CISA This Week

Remote denial of service in Rockwell Automation CompactLogix and ControlLogix programmable automation controllers allows unauthenticated attackers on the network to crash the device by sending a single crafted Common Industrial Protocol (CIP) message. The fault produces a Major Non-Recoverable Fault (MNRF) that requires a full program download to recover, meaning an outage continues until an engineer physically intervenes. No public exploit identified at time of analysis, but the CVSS 4.0 base score of 8.7 and OT impact make this a priority patch for affected plant floors.

Denial Of Service Compactlogix Controllogix
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2026-12325 MEDIUM PATCH This Month

Uncontrolled resource consumption in Mozilla Firefox's Graphics: ImageLib component allows remote attackers to crash or hang the browser by serving specially crafted image content to an unsuspecting user. All Firefox release-channel versions prior to 152 and both ESR tracks (prior to 140.12 and 115.37) are affected, exposing a broad install base across consumer and enterprise environments. No public exploit has been identified, SSVC rates exploitation as none with a non-automatable attack path, and KEV listing is absent - signals that collectively place this vulnerability at lower real-world priority despite a CVSS 6.5 score.

Mozilla Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-12319 MEDIUM PATCH This Month

Denial-of-service in Mozilla Firefox's Audio/Video Playback component allows a remote attacker to crash or render the browser unresponsive by delivering crafted media content to a victim. All Firefox releases prior to version 152 are affected per CPE coverage. No public exploit has been identified at time of analysis, and SSVC rates exploitation as none with partial technical impact, placing this in the moderate-priority tier rather than an emergency response category.

Mozilla Denial Of Service Suse Red Hat
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-10635 MEDIUM PATCH This Month

Use-after-free in Zephyr RTOS v4.4.0 on Xtensa/MMU targets allows privileged kernel code to corrupt page tables or trigger a fatal MMU exception by destroying a memory domain without unlinking it from the global xtensa_domain_list. The dangling list node persists after arch_mem_domain_deinit() sets domain->arch.ptables to NULL, so any subsequent arch_mem_map() or arch_mem_unmap() call traverses the stale entry and dereferences the freed pointer - producing at minimum a denial-of-service kernel crash (NULL pointer deref) and at worst page-table memory corruption that undermines userspace process isolation. No public exploit code exists and no CISA KEV listing is present; however the integrity and availability impact (I:H, A:H) in a real-time OS kernel elevates practical severity beyond the 6.3 base score for affected embedded deployments.

Denial Of Service Use After Free Memory Corruption Buffer Overflow Zephyr
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2026-1767 HIGH PATCH This Week

Heap buffer overflow in GNOME localsearch (formerly tracker-miners) tracker-extract-mp3 component on Red Hat Enterprise Linux 8/9/10, Ubuntu, Debian, and SUSE allows remote attackers to trigger an out-of-bounds heap read by delivering a malformed MP3 file with crafted ID3 performer tags, leading to crashes (DoS) or disclosure of process memory contents. No public exploit identified at time of analysis, and the EPSS score of 0.19% (9th percentile) plus CISA SSVC 'Exploitation: none' indicate low real-world exploitation activity despite the 8.1 CVSS rating. Vendor patches are available across Red Hat (RHSA), Ubuntu USN-8019-1, Debian, and SUSE-SU-2026:0780/21854.

Denial Of Service Information Disclosure Buffer Overflow Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 8 +1
NVD VulDB
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-1766 MEDIUM PATCH This Month

Heap buffer overflow in GNOME localsearch's tracker-extract-mp3 component enables a local attacker to crash the metadata extraction daemon and potentially disclose heap memory contents by supplying a specially crafted MP3 file with malformed ID3v2.3 COMM tags. Affected platforms confirmed by Red Hat include RHEL 8, 9, and 10, where GNOME localsearch (formerly tracker-miners) runs as a background desktop search indexing service. No public exploit code and no active exploitation (CISA KEV) have been identified at time of analysis; exploitation is further constrained by the requirement for local access, low privileges, and user interaction.

Denial Of Service Buffer Overflow Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 9
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-1765 MEDIUM PATCH This Month

Out-of-bounds read in the tracker-extract-mp3 component of GNOME localsearch (formerly tracker-miners) allows a low-privileged local user to trigger an application crash or leak sensitive process memory when the indexer parses a specially crafted MP3 file. Affected deployments include Red Hat Enterprise Linux 8, 9, and 10 running the GNOME desktop stack. No public exploit or active exploitation has been identified at time of analysis, though the file-based delivery mechanism - providing a malicious MP3 to a system where localsearch auto-indexes media - keeps realistic attacker reach higher than the AV:L vector alone implies.

Denial Of Service Information Disclosure Buffer Overflow Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 8 +1
NVD VulDB
CVSS 3.1
5.6
EPSS
0.2%
CVE-2026-1764 MEDIUM PATCH This Month

Heap out-of-bounds read in GNOME localsearch (formerly tracker-miners) MP3 Extractor affects Red Hat Enterprise Linux 8, 9, and 10, exploitable when a local user triggers indexing of a specially crafted MP3 file containing malformed ID3v2.4 tags. The missing bounds check in the `extract_performers_tags` function can cause a Denial of Service via an unmapped memory read, and in certain heap layout scenarios may also leak fragments of heap memory, resulting in limited information disclosure. No public exploit code has been identified at time of analysis and this vulnerability is not listed in the CISA KEV catalog.

Denial Of Service Information Disclosure Buffer Overflow Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 8 +1
NVD VulDB
CVSS 3.1
5.6
EPSS
0.2%
CVE-2026-53430 HIGH PATCH This Week

Denial of service in the elixir-grpc library (versions 0.4.0 through 0.x) allows unauthenticated remote attackers to crash BEAM nodes via a gzip decompression bomb. The GRPC.Compressor.Gzip module calls :zlib.gunzip/1 directly on attacker-controlled bytes without size limits, ratio checks, or incremental decoding, so a single small frame carrying the grpc-encoding: gzip header expands to multi-gigabyte allocations and triggers OOM kills. No public exploit identified at time of analysis, but a vendor patch is available in version 1.0.0.

Denial Of Service Grpc
NVD GitHub
CVSS 4.0
8.7
EPSS
0.3%
CVE-2026-48854 HIGH PATCH This Week

Unauthenticated denial of service in the elixir-grpc library (versions 0.3.1 up to but not including 1.0.0) allows a single remote attacker to crash an Erlang/BEAM node by streaming an oversized or slow-trickle unary gRPC request body. The Cowboy handler's read_full_body/3 accumulates every chunk into one unbounded binary, and when no grpc-timeout header is sent the per-chunk read timeout collapses to :infinity, so memory grows without bound until the VM dies. No public exploit identified at time of analysis, but the fix is upstream in commit 49e18c3 and the issue is trivial to trigger.

Denial Of Service Grpc
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.3%
CVE-2026-5064 HIGH PATCH This Week

Local privilege escalation and denial of service in HP One Agent software on HP PC products allow authenticated low-privileged users to gain elevated rights or disrupt the agent. HP has acknowledged the issue and is releasing software updates as mitigation. No public exploit identified at time of analysis, and the flaw is not listed on CISA KEV.

Privilege Escalation HP Denial Of Service Hp One Agent Software
NVD VulDB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2026-48714 npm CRITICAL PATCH GHSA Act Now

Remote prototype pollution in i18next-http-middleware before 3.9.7 allows unauthenticated attackers to write to Object.prototype by submitting dotted request-body keys such as '__proto__.polluted' to the missingKeyHandler. The 3.9.3 denylist blocked only literal unsafe keys; downstream backends (notably i18next-fs-backend ≤ 2.6.5) that split missing-key strings on the configured keySeparator then walked these segments into an unguarded setPath(). No public exploit identified at time of analysis, but PoC payloads are embedded in the upstream security test suite.

Prototype Pollution Node.js Denial Of Service I18Next Http Middleware
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.4%
CVE-2026-48988 npm MEDIUM PATCH GHSA This Month

Denial of service in the markdown-it npm library (≤ 14.1.1) stems from a quadratic O(n²) CPU complexity bug in the smartquotes processing rule, exploitable only when `typographer: true` is explicitly enabled. An unauthenticated remote attacker can submit approximately 160KB of consecutive quotation marks to a server-side markdown rendering endpoint and consume over 21 seconds of CPU per request; flooding the endpoint with concurrent payloads can fully exhaust server CPU and prevent legitimate users from being served. No confirmed active exploitation (not in CISA KEV), but a detailed proof-of-concept with timing measurements is publicly documented in the upstream GitHub Security Advisory GHSA-6v5v-wf23-fmfq, and a vendor-released patch is available in version 14.2.0.

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.4%
CVE-2026-54283 PyPI HIGH PATCH GHSA This Week

Denial of service in Starlette (and downstream FastAPI applications) versions 0.4.1 through 1.3.0 allows remote unauthenticated attackers to exhaust CPU or memory by sending crafted application/x-www-form-urlencoded request bodies. The max_fields and max_part_size limits accepted by request.form() are silently ignored for urlencoded content, so a sub-10MB body can block the event loop for seconds or force unbounded memory allocation. No public exploit identified at time of analysis, but the bug is documented in detail in the upstream GHSA advisory.

Denial Of Service Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-54285 npm MEDIUM PATCH GHSA This Month

Unbounded memory allocation in @opentelemetry/core affects the W3CBaggagePropagator.extract() method, which fails to enforce W3C Baggage specification size limits (8,192 bytes, 180 entries) on the inbound parsing path - only the outbound inject() path was protected. Unauthenticated remote attackers can exploit this to cause partial availability degradation by sending oversized baggage headers, with elevated risk in non-HTTP transport contexts (messaging systems, custom TextMapGetter implementations) where Node.js's native 16 KB header cap does not apply. No public exploit code or CISA KEV listing exists; the CVSS 5.3 Medium score reflects the real-world constraint imposed by Node.js defaults on the dominant HTTP deployment pattern.

Node.js Java Denial Of Service
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-48713 npm CRITICAL PATCH GHSA Act Now

Prototype pollution in i18next-fs-backend versions prior to 2.6.6 allows remote attackers to write arbitrary properties onto Object.prototype by submitting crafted missing-translation keys such as '__proto__.polluted' to applications that expose i18next-http-middleware's missingKeyHandler to untrusted input. Backend.writeFile() split keys on the configured keySeparator (default '.') and the getLastOfPath walker in lib/utils.js did not filter unsafe segments before traversing the target object. No public exploit identified at time of analysis, but a coordinated-disclosure advisory (GHSA-2933-q333-qg83) and a fixing commit are public, and downstream impact can include denial of service, configuration poisoning, and bypass of property-based security checks.

Prototype Pollution Denial Of Service I18Next Fs Backend
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2026-53539 PyPI HIGH PATCH GHSA This Week

Uncontrolled CPU consumption in python-multipart's QuerystringParser (versions <0.0.30) allows remote unauthenticated attackers to cause denial of service by submitting small crafted application/x-www-form-urlencoded bodies using semicolons as field separators. The two-step separator lookup degenerates into O(B²) byte comparisons, letting a ~1 MiB body burn seconds of CPU per request and exhaust workers in Starlette/FastAPI applications that call request.form(). No public exploit identified at time of analysis, though a clear proof-of-concept payload pattern (a;a;a;...) is described in the GHSA advisory.

Python Denial Of Service Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-53540 PyPI LOW PATCH GHSA Monitor

Memory exhaustion in python-multipart's parse_form() function allows a remote attacker to force unbounded body buffering by supplying a negative Content-Length header, degrading server availability under concurrent load. Affected deployments are narrowly scoped: only bespoke WSGI or http.server handlers that pass raw, unvalidated client-supplied Content-Length values directly into parse_form(). Mainstream consumers such as Starlette, FastAPI, and Werkzeug are not affected. No public exploit code exists and this vulnerability is not listed in the CISA KEV catalog, consistent with the low CVSS base score of 3.7.

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
3.7
EPSS
0.2%
CVE-2026-48125 npm MEDIUM PATCH GHSA This Month

Unbounded input in ua-parser-js v2.0.1–2.0.9's Client Hints API enables remote denial-of-service via catastrophic regex backtracking. Any server-side Node.js application calling `UAParser(headers).withClientHints()` is vulnerable to CPU exhaustion when an attacker supplies an oversized `Sec-CH-UA-Model` header — a single ~32,000-character request consumes over 400ms of CPU with polynomial growth. A functional proof-of-concept exploit is publicly available in the GitHub Security Advisory (GHSA-9h5v-pfqq-x599); no active exploitation in CISA KEV has been confirmed at time of analysis.

Google Denial Of Service
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2026-54270 npm MEDIUM PATCH GHSA This Month

Memory amplification in protobufjs 8.2.0-8.4.2 enables remote unauthenticated attackers to exhaust heap memory in Node.js services by submitting crafted protobuf binary payloads densely packed with field numbers absent from the application's schema. The library's unknown-field retention feature - introduced in 8.2.0 - stores these wire elements in `message.$unknowns` with no decode-time cap or discard mechanism, allowing payloads to consume memory far exceeding their wire size. No public exploit code is identified at time of analysis, and this vulnerability is not listed in CISA KEV; however, the attack requires no privileges and is accessible over the network against any service that decodes untrusted protobuf binary input.

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-54274 PyPI MEDIUM PATCH GHSA This Month

Denial-of-service in aiohttp (all versions up to and including 3.14.0) allows remote attackers to exhaust server memory by sending large, incomplete WebSocket frame payloads that bypass the library's configured memory size limits. Any Python web application exposing WebSocket endpoints via aiohttp is affected - no authentication is implied as a prerequisite at the protocol layer. No public exploit code has been identified at time of analysis, but the attack primitive is straightforward and the fix is available in 3.14.1.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.6
EPSS
0.3%
CVE-2026-54273 PyPI MEDIUM PATCH GHSA This Month

Unbounded HTTP/1 pipelined request queuing in aiohttp server allows a remote, unauthenticated attacker to exhaust process memory and cause denial of service by sending pipelined requests faster than the server can handle them. All aiohttp server deployments at version 3.14.0 and earlier are affected; the client library is not impacted. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog, though the attack requires no special tooling beyond a standard HTTP/1.1 client capable of pipelining.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.6
EPSS
0.3%
CVE-2026-54277 PyPI MEDIUM PATCH GHSA This Month

Memory exhaustion in aiohttp's optimised C HTTP parser allows remote unauthenticated attackers to bypass the max_line_size guard by fragmenting oversized request targets or response reason phrases across multiple TCP reads, potentially causing denial of service against any server using the default pre-built wheel configuration. The flaw is specific to the Cython-compiled C parser (the default in pre-built PyPI wheels); the pure-Python fallback correctly accumulated fragment lengths and is unaffected. No public exploit code has been identified at time of analysis, and a vendor-released patch is available in aiohttp 3.14.1.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
6.6
EPSS
0.3%
CVE-2026-52718 MEDIUM PATCH This Month

Denial of service in GStreamer's AV1 codec parser (gst-plugins-bad) allows a remote unauthenticated attacker to crash any application using GStreamer for AV1 media playback by delivering a specially crafted AV1 file. The root cause is a unit mismatch in the gst_av1_parser_parse_tile_list_obu() function, which feeds a byte count to an API expecting a bit count, desynchronizing the parser and triggering an assertion abort. No public exploit has been identified at time of analysis, and exploitation requires user interaction; however, the vulnerability affects Red Hat Enterprise Linux 6 through 10 where GStreamer is a core multimedia component.

Denial Of Service Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 +1
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2026-53704 HIGH This Week

Out-of-bounds read and denial-of-service in GStreamer's RealMedia demuxer (gst-plugins-ugly) allows remote attackers to crash, hang, or potentially leak limited adjacent memory when a victim opens a maliciously crafted RealMedia (.rm) file. The flaw stems from unvalidated offsets in re_skip_pascal_string() and an attacker-controlled loop counter in the FILEINFO metadata parser. No public exploit identified at time of analysis, and the CVE is not on the CISA KEV list.

Denial Of Service Information Disclosure Buffer Overflow Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 7 +2
NVD VulDB
CVSS 3.1
7.1
EPSS
0.2%
CVE-2026-41708 HIGH PATCH This Week

Denial-of-service in Spring Cloud Sleuth 3.1.0 through 3.1.13 allows remote unauthenticated attackers to exhaust application availability by sending specially crafted calls processed by the spring-cloud-sleuth-instrumentation library when Spring TX (transaction) instrumentation is enabled. The flaw is network-reachable with low attack complexity and no user interaction (CVSS 7.5, AV:N/AC:L/PR:N), but there is no public exploit identified at time of analysis and no CISA KEV listing. Impact is limited to availability - no confidentiality or integrity compromise is possible.

Java Denial Of Service Spring Cloud Sleuth
NVD HeroDevs
CVSS 3.1
7.5
EPSS
0.5%
CVE-2026-48712 npm HIGH PATCH GHSA This Week

{json:true}), or JSON.stringify(), unbounded recursion exhausts the JavaScript call stack. No public exploit identified at time of analysis, but the GitHub Security Advisory GHSA-wcpc-wj8m-hjx6 provides full technical detail and patched versions are available.

Google Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-54269 npm MEDIUM POC PATCH GHSA This Month

Schema-name shadowing in protobufjs (npm packages protobufjs and protobufjs-cli) enables denial of service when an attacker can supply or influence protobuf schemas containing field or service method names that collide with JavaScript runtime-significant identifiers used by the protobufjs runtime. Affected names - specifically a field named `hasOwnProperty`, a field or oneof named `$type` via JSON/reflection descriptors, and service methods whose generated helper resolves to `rpcCall` - cause the runtime to read schema-controlled data in place of expected internal helpers, producing deterministic exceptions or uncontrolled recursion (CWE-674) across decode, verification, serialization, and RPC invocation paths. No public exploit has been identified and no active exploitation is confirmed; the misleading 'RCE' tag in the intelligence metadata is directly contradicted by the vendor advisory, which explicitly states the issue is not known to allow code execution.

Denial Of Service RCE
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-54268 npm HIGH PATCH GHSA This Week

Denial of service in @angular/common's formatDate function (and the DatePipe that wraps it) allows remote attackers to exhaust CPU and memory by supplying an excessively long, attacker-controlled date format string. On Server-Side Rendered Angular apps this triggers a JavaScript heap out-of-memory crash that takes down the application for all users; on Client-Side Rendered apps it freezes the victim's browser tab. No public exploit identified at time of analysis, but the upstream patch and regression tests are public in angular/angular#69197.

Denial Of Service
NVD GitHub VulDB HeroDevs
CVSS 4.0
8.2
EPSS
0.3%
CVE-2026-53550 npm MEDIUM PATCH GHSA This Month

Quadratic CPU exhaustion in js-yaml (npm) versions 4.1.1 and earlier allows unauthenticated remote attackers to block a Node.js event loop for multiple seconds using a crafted YAML payload under 100 KB, resulting in denial of service. The flaw lies in the merge-key parser's failure to deduplicate repeated alias references before invoking per-key processing, producing O(K×M) work from O(K+M) input. A detailed proof-of-concept with reproducible timing benchmarks is publicly available via GitHub Security Advisory GHSA-h67p-54hq-rp68; no active exploitation is confirmed in CISA KEV at time of analysis.

Denial Of Service Apple Node.js
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-50171 npm HIGH PATCH GHSA This Week

Denial of service in Angular's @angular/common package allows attackers to exhaust CPU and memory by passing crafted digitsInfo strings (e.g., '1.200000000-200000000') to formatNumber, DecimalPipe, PercentPipe, or CurrencyPipe. On SSR deployments this crashes the Node.js process with a heap-out-of-memory error, while client-side rendering freezes the browser tab. No public exploit identified at time of analysis, though the patched code and triggering input strings are documented in PR #68840.

Node.js Google Denial Of Service
NVD GitHub HeroDevs VulDB
CVSS 4.0
8.2
EPSS
0.3%
CVE-2026-48779 npm HIGH POC PATCH GHSA This Week

Memory exhaustion denial of service in the npm 'ws' WebSocket library allows a remote unauthenticated peer to crash a Node.js process by streaming many tiny WebSocket fragments that force the receiver to allocate structural wrappers far exceeding the documented maxPayload limit, ultimately triggering an out-of-memory termination. The flaw affects ws versions prior to 5.2.5, 6.2.4, 7.5.11, and 8.21.0, and publicly available exploit code exists in the GitHub Security Advisory GHSA-96hv-2xvq-fx4p.

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2026-5038 npm HIGH PATCH GHSA This Week

Denial of service in Multer versions 2.0.0-alpha.1 through 2.1.1 and 3.0.0-alpha.1 allows remote unauthenticated attackers to exhaust server disk space when the library is configured with diskStorage. Aborted or malformed multipart uploads leave orphaned partial files because stream destruction is not propagated to the underlying fs.WriteStream, enabling resource exhaustion at scale with no public exploit identified at time of analysis. EPSS probability is low at 0.25% but SSVC marks the issue automatable with partial technical impact.

Denial Of Service Multer
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-10634 MEDIUM PATCH This Month

Use-after-free in Zephyr RTOS's native TCP2 stack allows a concurrent connection teardown - triggered by ordinary TCP traffic from an adjacent-network peer - to invalidate a cached iterator pointer in net_tcp_foreach(), crashing the system or causing the iterator callback to operate on attacker-influenced reallocated memory. All Zephyr releases from the TCP2 stack introduction in 2020 through v4.4.0 (inclusive) are affected. No public exploit has been identified at time of analysis and no CISA KEV listing exists; the primary real-world risk is denial of service against embedded or IoT devices with TCP networking and shell access exposed on an adjacent network segment.

Use After Free Memory Corruption Information Disclosure Denial Of Service Zephyr
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-8683 MEDIUM This Month

Denial of service in Mattermost Desktop App (versions ≤6.1 and ≤5.5.13.0) allows a malicious Mattermost server owner to crash client applications by injecting a script that calls window.open() with an excessively large URL, exploiting a missing resource limit on URL length processing. Exploitation requires user interaction - the victim must actively connect their Desktop App to an attacker-controlled server - and impact is strictly limited to application availability with no confidentiality or integrity exposure. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog at time of analysis.

Mattermost Denial Of Service
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-5079 npm HIGH PATCH GHSA This Week

Denial of service in the Express.js multer middleware (versions 1.0.0 through 2.1.1 and 3.0.0-alpha.1) allows unauthenticated remote attackers to exhaust CPU and memory by sending a single multipart form request with deeply nested bracket-notation field names. The flaw lives in the append-field dependency, which parses nesting depth without any cap, so one crafted POST can degrade or crash Node.js services. No public exploit identified at time of analysis, but the issue is trivially reproducible against any default multer deployment exposed on the network.

Denial Of Service Multer
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-50889 HIGH This Week

Denial of service in LLDAP v0.6.2 allows remote unauthenticated attackers to disrupt the authentication service by sending a crafted refresh-token header to the HTTP refresh endpoint. The flaw is a CWE-400 resource handling defect with CVSS 7.5 (availability-only impact); no public exploit is identified, though a referenced gist may contain proof-of-concept material. EPSS is low at 0.18% (8th percentile) and the issue is not on CISA KEV.

Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-50882 HIGH This Week

Denial of service in anna-is-cute paste v0.1.1 allows remote unauthenticated attackers to disrupt service availability by sending a crafted POST request to the /api/v0/pastes endpoint. The flaw is categorized under CWE-400 (Uncontrolled Resource Consumption) and carries a CVSS 3.1 score of 7.5 with availability-only impact; no public exploit identified at time of analysis, and EPSS is low at 0.15% (4th percentile), suggesting minimal observed interest. The vulnerability is not listed in CISA KEV.

Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-39197 MEDIUM This Month

Uncontrolled resource consumption in Datadog Vector v0.54.0 allows authenticated remote attackers to crash or degrade the observability pipeline by sending crafted HTTP requests to the /util/http/prelude.rs handler. The vulnerability is classified as CWE-400 and carries a CVSS 3.1 score of 6.5 (Medium), requiring low-privilege network access with no user interaction. No public exploit identified at time of analysis beyond a GitHub gist that may contain proof-of-concept material; EPSS sits at 0.15% (4th percentile), indicating very low observed exploitation probability in the broader threat landscape.

Denial Of Service N A
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-55652 MEDIUM This Month

Heap buffer overflow in GPAC MP4Box v2.4 crashes the application when parsing a maliciously crafted MP4 file containing an invalid VP codec configuration. The vulnerable function, gf_isom_vp_config_new in isomedia/avc_ext.c, fails to safely handle attacker-controlled input during ISO Base Media File Format parsing, resulting in a Denial of Service condition. No active exploitation has been confirmed by CISA KEV and no public exploit code has been identified at time of analysis, placing this in a low-urgency remediation tier per SSVC signals.

Denial Of Service Heap Overflow Buffer Overflow N A
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2025-55645 MEDIUM This Month

Heap buffer overflow in GPAC MP4Box v2.4 crashes the application when processing a maliciously crafted MP4 file, triggering a DoS condition in the CENC DRM sample handler. The vulnerable code path resides in gf_cenc_set_pssh (isomedia/drm_sample.c), which processes Protection System Specific Header data embedded in MP4 containers. SSVC confirms no active exploitation, no public exploit exists, and the CVSS local-vector/user-interaction requirement significantly constrains real-world attack surface.

Denial Of Service Heap Overflow Buffer Overflow N A
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2025-68713 HIGH This Week

An issue was discovered in Rakuten Send Anywhere (File Transfer) for Android (com.estmob.android.sendanywhere) 23.2.9. The vulnerability allows untrusted applications (with no permissions) to force arbitrary file downloads into the app's scoped storage. The resulting files appear in the application's trusted Received interface. These conditions establish a vector for arbitrary code execution if the payload is an APK file, or a denial-of-service condition through resource exhaustion from oversized transfers.

Denial Of Service Google RCE N A
NVD GitHub
CVSS 3.1
8.0
EPSS
0.2%
CVE-2025-55643 MEDIUM This Month

NULL pointer dereference in GPAC MP4Box v2.4 crashes the application when processing a specially crafted MP4 file, delivering a denial of service against any user or automated pipeline invoking the tool. The flaw is isolated to the TrackWriter handling component in filters/mux_isom.c, triggered by malformed MP4 input that causes an unvalidated pointer dereference. No public exploit code has been identified and this CVE does not appear in CISA KEV; SSVC rates exploitation status as none with no automation potential, consistent with a limited, file-delivery-dependent attack surface.

Denial Of Service Null Pointer Dereference N A
NVD
CVSS 3.1
5.5
EPSS
0.2%
EPSS 0% CVSS 7.5
HIGH This Week

Unauthenticated remote denial of service in NLTK's WordNet Browser HTTP server (nltk.app.wordnet_app) through version 3.9.3 allows any network-reachable attacker to terminate the server process by sending a single GET request to /SHUTDOWN%20THE%20SERVER. The server binds to all interfaces by default and invokes os._exit(0) on receipt, with no public exploit identified at time of analysis but exploitation is trivial given the documented endpoint.

Authentication Bypass Denial Of Service Nltk Nltk +1
NVD VulDB
EPSS 0% CVSS 10.0
CRITICAL Act Now

Local denial of service in Android's PackageInstaller subsystem stems from a logic error in PackageInstallerSession.transfer() that allows a local app to trigger memory exhaustion of the system package installer. The flaw, addressed in the Android Security Bulletin for Android 17, can be triggered without user interaction and without elevated privileges, but its impact is confined to denial of service rather than code execution. No public exploit identified at time of analysis.

Google Java Denial Of Service
NVD
EPSS 0% CVSS 10.0
CRITICAL Act Now

Persistent denial of service in Google Android allows local attackers to exhaust device resources in multiple code paths, rendering functionality unavailable until manual intervention. The flaw requires no privileges and no user interaction, and is addressed in the Android Security Bulletin for android-17. No public exploit identified at time of analysis and no EPSS or KEV signal is provided.

Denial Of Service
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in Extensions in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Google Use After Free Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in Browser in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Google Use After Free Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Use after free in Media in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Google Use After Free RCE +4
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Use after free in Tab Strip in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Google Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Downloads in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Google Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Google Use After Free Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use after free in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)

Google Microsoft Use After Free +5
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Use after free in Extensions in Google Chrome prior to 149.0.7827.155 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)

Google Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Web Authentication in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Google Use After Free RCE +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Passwords in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Google Use After Free RCE +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in File Input in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Google Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Use after free in DigitalCredentials in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Google Microsoft Use After Free +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap corruption in Google Chrome's Digital Credentials component (versions prior to 149.0.7827.155) allows remote attackers to trigger a use-after-free condition by enticing a user to visit a crafted HTML page, potentially leading to arbitrary code execution within the renderer process. Chromium rates this issue as Critical severity, and Google has released a patched stable-channel build; no public exploit identified at time of analysis and EPSS sits at 0.31% (23rd percentile), indicating low predicted near-term exploitation pressure despite the high CVSS of 8.8.

Google Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in WebShare in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Google Use After Free Microsoft +4
NVD VulDB
HIGH This Week

Denial of service in libtiff v4.7.1 and prior allows processing of a crafted TIFF file containing an abnormally large SamplesPerPixel tag value to crash or hang the affected process. Any application or service that passes attacker-controlled TIFF files through libtiff is potentially vulnerable, including web-based image processors, document converters, and media ingestion pipelines. No active exploitation has been confirmed by CISA KEV, and no public exploit code has been identified at the time of this analysis.

Gitlab Denial Of Service Suse
NVD
EPSS 0% CVSS 2.9
LOW Monitor

Out-of-bounds write in snes9x 1.63's UPS patch file parser allows a crafted .ups ROM patch file to trigger memory corruption and a denial-of-service crash. The flaw resides in the ReadUPSPatch loop in memmap.cpp, where the loop iterator `relative` was not bounded against CMemory::MAX_ROM_SIZE, permitting writes past the end of the allocated ROM buffer. Impact is limited to availability (crash) per the CVSS vector, though the underlying CWE-787 out-of-bounds write class carries broader memory-safety implications. No public exploit identified at time of analysis, and CVSS rates this Low (2.9) due to local attack vector and high complexity.

Denial Of Service Memory Corruption Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Authenticated path traversal in Gogs self-hosted Git service (versions <= 0.13.4) allows any user with repository edit permissions to overwrite arbitrary files on the host filesystem via the diff preview endpoint, resulting in denial of service. By abusing the `git diff --output=<file>` flag through the `POST /:user/:repo/_preview/:branch/:path_to_file` handler and bypassing the standard library `path.Clean` filter, an attacker can corrupt critical files such as `gogs.db` or `app.ini`. Publicly available exploit code exists in the form of a detailed researcher write-up with payload examples, though no CISA KEV listing or active exploitation has been reported.

Path Traversal Denial Of Service
NVD GitHub
EPSS 0% CVSS 7.1
HIGH This Week

Information disclosure and partial denial of service in Oracle E-Business Suite Enterprise Asset Management (versions 12.2.3 through 12.2.15) allows a low-privileged authenticated attacker with HTTP network access to read all data accessible to the Enterprise Asset Management module and degrade its availability. Oracle rates the issue 7.1 CVSS 3.1 and describes it as easily exploitable. No public exploit identified at time of analysis and the CVE is not currently listed in CISA KEV.

Authentication Bypass Denial Of Service Oracle +1
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Scope-changing compromise in Oracle Enterprise Command Center Framework V15 and V16 (a component of Oracle E-Business Suite) allows a low-privileged remote attacker to read, modify, or delete all framework-accessible data and partially disrupt service via HTTP. Because CVSS scope is Changed, exploitation impacts additional Oracle E-Business Suite products beyond the Framework itself, driving the 9.9 base score. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Authentication Bypass Denial Of Service Oracle +1
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Privileged data manipulation and disclosure in Oracle Enterprise Command Center Framework V15 and V16 allows a low-privileged remote attacker over HTTP to gain unauthorized read, modify, and delete access to all framework-accessible data, with scope change extending impact to other Oracle E-Business Suite products. The CVSS 9.9 score reflects low attack complexity, low privileges required, and the scope change that crosses security boundaries into adjacent products. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Authentication Bypass Denial Of Service Oracle +1
NVD VulDB
EPSS 0% CVSS 9.0
CRITICAL Act Now

Privileged remote tampering in Oracle Enterprise Manager Base Platform 13.5 and 24.1 (Install component) allows an authenticated, high-privileged attacker over HTTPS to modify or destroy critical data, read a subset of data, and trigger a complete denial of service, with scope change extending impact to additional products. Oracle rates the issue CVSS 3.1 9.0 and there is no public exploit identified at time of analysis, but the scope-change behavior and broad impact warrant prompt patching during the next Oracle CPU window.

Denial Of Service Oracle Oracle Enterprise Manager Base Platform
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Remote denial-of-service and data tampering in Oracle Enterprise Manager Base Platform 13.5 and 24.1 allows unauthenticated network attackers to crash or hang the management console and to perform unauthorized modifications to a subset of accessible data via the Agent Next Gen component over HTTPS. Oracle rates the issue CVSS 8.2 and notes the flaw is easily exploitable; no public exploit identified at time of analysis, and it is not listed on the CISA KEV catalog.

Denial Of Service Oracle Oracle Enterprise Manager Base Platform
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote unauthenticated denial-of-service in Oracle MySQL Server and MySQL Cluster (8.0.x, 8.4.x, and 9.0.0-9.7.0) allows network attackers to trigger a hang or repeatable crash of the database via the Server Connection Handling component. Oracle rates the issue as easily exploitable over multiple protocols with no authentication or user interaction, producing a complete availability loss (CVSS 7.5, A:H only). No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Denial Of Service Oracle Mysql Server +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in Oracle MySQL Router 8.4.0-8.4.9 and 9.0.0-9.7.0 allows unauthenticated remote attackers to hang or repeatedly crash the routing service over TLS-enabled network connections, producing a complete DOS of the affected component. CVSS 3.1 scores this 7.5 with availability-only impact, and no public exploit identified at time of analysis. Because MySQL Router brokers application traffic to InnoDB Cluster/ReplicaSet backends, an outage cascades into downstream application unavailability even when the database servers themselves remain healthy.

Denial Of Service Oracle Mysql Router
NVD VulDB
EPSS 0% CVSS 8.6
HIGH This Week

Unauthenticated LDAP-based compromise of Oracle Unified Directory 12.2.1.4.0 and 14.1.2.1.0 allows remote attackers to create, delete, or modify critical directory data, read a subset of directory data, and trigger a partial denial of service. The flaw resides in the OUD Core component and was disclosed in Oracle's June 2026 Critical Patch Update with a CVSS 3.1 base score of 8.6; no public exploit identified at time of analysis and the issue is not in CISA KEV.

Denial Of Service Oracle Oracle Unified Directory +1
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Remote unauthenticated compromise of Oracle Access Manager 12.2.1.4.0 and 14.1.2.1.0 is possible via the Web Server Plugin component over HTTP, allowing attackers to alter or read subsets of OAM data and trigger partial denial of service. The flaw carries a CVSS 3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N) and is rated easily exploitable by Oracle. No public exploit identified at time of analysis, and the CVE is not currently listed in CISA KEV.

Denial Of Service Oracle Oracle Access Manager +1
NVD
EPSS 0% CVSS 8.3
HIGH This Week

Authenticated tampering and data exposure in Oracle Data Integrator 12.2.1.4.0 and 14.1.2.0.0 (Market Place component) allows a low-privileged attacker with HTTP network access to read, modify, or delete all data accessible to the product and induce a partial denial of service. Oracle assigns a CVSS 3.1 base score of 8.3 (AV:N/AC:L/PR:L/UI:N/C:H/I:H/A:L), and no public exploit identified at time of analysis. The flaw is described by Oracle as easily exploitable, raising the priority for any externally reachable ODI deployment.

Authentication Bypass Denial Of Service Oracle +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Remote denial of service in Android (Pixel) RTP stack arises from a missing null check in checkSsrcCollisionOnRcv within RtpSession.cpp, allowing unauthenticated attackers to crash the affected media component over the network. The flaw carries CVSS 7.5 with availability-only impact, and at the time of analysis there is no public exploit identified and the EPSS exploitation probability is very low (0.14%, 4th percentile).

Denial Of Service Null Pointer Dereference
NVD VulDB
EPSS 0% CVSS 6.5
Awaiting Data

In writeAocCommand of AocAudioCodec.cpp, there is a possible memory safety issue due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Denial Of Service
NVD
EPSS 0% CVSS 7.8
Awaiting Data

In lwis_device_external_event_emit of lwis_event.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation Buffer Overflow Denial Of Service
NVD
EPSS 0% CVSS 7.8
Awaiting Data

In edgetpu_sync_fence_group_shutdown() of edgetpu-dmabuf.c, there is a possible elevation of privilege due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation Denial Of Service
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

In Modem, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Denial Of Service Buffer Overflow
NVD
EPSS 0% CVSS 6.5
Awaiting Data

In NrmmMsgCodec::DecodeUPUTransparentContext of cn_NrmmDecoder.cpp, there is a possible out-of-bounds read due to memory corruption. This could lead to remote denial of service causing a communication processor crash with no additional execution privileges needed. User interaction is not needed for exploitation.

Denial Of Service Buffer Overflow
NVD
EPSS 0% CVSS 7.0
Awaiting Data

In multiple functions of vpu_ioctl.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation Denial Of Service
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Denial of service in Pacemaker's CIB remote listener allows unauthenticated remote attackers to crash the cluster service by sending a specially crafted compressed message. The vulnerability is an integer overflow (CWE-190) triggered during pre-authentication message decompression, leading to memory corruption. No public exploit identified at time of analysis, but the pre-auth attack vector and high availability impact on cluster-management infrastructure make this a meaningful risk for exposed deployments.

Denial Of Service Buffer Overflow Integer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Body Limit Middleware bypass in Hono (npm/hono < 4.12.25) allows unauthenticated remote clients to send payloads exceeding the configured size limit when the application is deployed on AWS Lambda. By understating the `Content-Length` request header, attackers exploit the Lambda adapter's trust of client-declared header values to slip oversized bodies - large JSON, multipart uploads, etc. - past the middleware check, forcing handlers to process payloads larger than intended and inflating per-request CPU and memory consumption. No public exploit has been identified at time of analysis; the issue is fixed in hono 4.12.25.

Denial Of Service
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Processing crafted PDF outlines in pypdf versions prior to 6.13.0 triggers an infinite loop during writer merge operations, causing a denial of service. Applications that accept user-supplied PDFs and merge them using PdfWriter are affected - specifically any code path that calls merge() on a PDF whose /Outlines or /Parent hierarchy contains circular references. No public exploit has been identified at time of analysis and this is not listed in CISA KEV; a vendor-released patch is available as pypdf 6.13.0.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Infinite loop denial-of-service in pypdf allows an attacker to hang any Python application that processes a crafted PDF using layout-mode text extraction. The vulnerability arises because the `/Parent` hierarchy traversal in `_layout_mode_fonts()` lacked cycle detection, so a circular reference structure in a malicious PDF causes the parser to loop indefinitely. No active exploitation is confirmed (not in CISA KEV) and no public exploit code has been identified, but the attack surface is broad: any service accepting user-supplied PDFs and passing them to pypdf's layout-mode extraction is potentially affected.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Uncontrolled resource consumption in pypdf versions before 6.12.2 allows any attacker who can cause an application to call `extract_text()` on a crafted PDF to trigger unbounded memory growth, resulting in denial of service. The vulnerability arises specifically during form XObject traversal: a PDF containing a self-referencing XObject resource dictionary causes the extraction code to recurse infinitely without cycle detection. No public exploit code has been identified at time of analysis, and this vulnerability does not appear in the CISA KEV catalog.

Denial Of Service Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Denial of service (and potential limited memory corruption) in the Zephyr RTOS IPv6 networking stack (versions 3.3.0 through 4.4.0) stems from a use-after-free in the IPv6 Neighbor Discovery send paths, where per-interface ICMP statistics are updated by reading from a network packet after the stack has already freed it. Any unauthenticated on-link node can trigger the Neighbor Advertisement path simply by sending ICMPv6 Neighbor Solicitations to a Zephyr node with native IPv6 and CONFIG_NET_STATISTICS_PER_INTERFACE enabled, causing a freed slab block to be dereferenced. There is no public exploit identified at time of analysis and EPSS is low (0.14%, 4th percentile); a vendor patch is available, and impact is largely limited to crashes/DoS with only theoretical limited memory corruption.

Denial Of Service Use After Free Memory Corruption +2
NVD GitHub VulDB
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Use-after-free in Zephyr RTOS's ICMPv4 echo handler allows any unauthenticated remote host to trigger memory corruption or a crash by sending a standard ICMP ping to an affected device. The defect exists in all versions from v1.14 (2019) through v4.4.0, where `icmpv4_handle_echo_request()` reads from a freed `net_pkt` struct after transferring packet ownership to the TX path - violating a contract explicitly documented in `net_core.c`. No public exploit code exists and this CVE does not appear in CISA KEV, but the zero-privilege, network-reachable attack surface makes it a meaningful risk for internet-exposed embedded and IoT deployments running Zephyr with ICMP statistics enabled.

Use After Free Memory Corruption Denial Of Service +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Use-after-free in Zephyr RTOS's ICMPv6 stack (v4.2.0-v4.4.0) allows an unauthenticated remote attacker to crash the networking stack and potentially corrupt memory by sending a standard ICMPv6 Echo Request or any IPv6 packet that elicits an ICMPv6 error response. Both `icmpv6_handle_echo_request()` and `net_icmpv6_send_error()` call `net_pkt_iface()` on a packet after transferring it to `net_try_send_data()`, which may synchronously or asynchronously free the packet's memory slab before the statistics update executes. When `CONFIG_NET_STATISTICS_PER_INTERFACE` is enabled, the stale interface pointer is written through (`iface->stats.icmp.sent++`), escalating the read UAF into an attacker-influenced memory write; no public exploit has been identified at time of analysis, but the trigger is a universally available IPv6 primitive.

Denial Of Service Use After Free Memory Corruption +2
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Remotely triggerable denial of service in the Zephyr RTOS networking stack (versions 1.12.0 through 4.4.x) arises from a use-after-free in the IPv6 MLD code path, where mld_send() reads net_pkt_iface(pkt) after net_send_data() has already transferred packet ownership and the L2 driver freed it back to its memory slab. An unauthenticated attacker on the local link can elicit the vulnerable path by sending a crafted MLDv2 General Query, causing a NULL-pointer dereference crash or, in a narrow race, memory corruption via a stray statistics increment. There is no public exploit identified at time of analysis, EPSS is low (0.18%), and the issue is not in CISA KEV; a vendor patch is available.

Denial Of Service Use After Free Memory Corruption +2
NVD GitHub VulDB
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Use-after-free in Zephyr's IPv4 IGMP implementation (igmp_send(), subsys/net/ip/igmp.c) allows a remote unauthenticated attacker to trigger undefined behavior and sporadic denial-of-service crashes on devices running Zephyr v2.6.0 through v4.4.0. The flaw arises because the network packet's interface pointer is re-read via net_pkt_iface(pkt) after net_send_data() may have already released the packet's last reference, returning the slab block to the free list. No public exploit code exists and the vulnerability is not in CISA KEV; however, the remote trigger path via IGMP membership queries (224.0.0.1) requires no authentication, and the analogous IPv6 MLD path (mld_send) carries the same unpatched pattern.

Use After Free Memory Corruption Denial Of Service +1
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH This Week

Remote denial of service in Rockwell Automation CompactLogix and ControlLogix programmable automation controllers allows unauthenticated attackers on the network to crash the device by sending a single crafted Common Industrial Protocol (CIP) message. The fault produces a Major Non-Recoverable Fault (MNRF) that requires a full program download to recover, meaning an outage continues until an engineer physically intervenes. No public exploit identified at time of analysis, but the CVSS 4.0 base score of 8.7 and OT impact make this a priority patch for affected plant floors.

Denial Of Service Compactlogix Controllogix
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Uncontrolled resource consumption in Mozilla Firefox's Graphics: ImageLib component allows remote attackers to crash or hang the browser by serving specially crafted image content to an unsuspecting user. All Firefox release-channel versions prior to 152 and both ESR tracks (prior to 140.12 and 115.37) are affected, exposing a broad install base across consumer and enterprise environments. No public exploit has been identified, SSVC rates exploitation as none with a non-automatable attack path, and KEV listing is absent - signals that collectively place this vulnerability at lower real-world priority despite a CVSS 6.5 score.

Mozilla Denial Of Service Red Hat +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Denial-of-service in Mozilla Firefox's Audio/Video Playback component allows a remote attacker to crash or render the browser unresponsive by delivering crafted media content to a victim. All Firefox releases prior to version 152 are affected per CPE coverage. No public exploit has been identified at time of analysis, and SSVC rates exploitation as none with partial technical impact, placing this in the moderate-priority tier rather than an emergency response category.

Mozilla Denial Of Service Suse +1
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Use-after-free in Zephyr RTOS v4.4.0 on Xtensa/MMU targets allows privileged kernel code to corrupt page tables or trigger a fatal MMU exception by destroying a memory domain without unlinking it from the global xtensa_domain_list. The dangling list node persists after arch_mem_domain_deinit() sets domain->arch.ptables to NULL, so any subsequent arch_mem_map() or arch_mem_unmap() call traverses the stale entry and dereferences the freed pointer - producing at minimum a denial-of-service kernel crash (NULL pointer deref) and at worst page-table memory corruption that undermines userspace process isolation. No public exploit code exists and no CISA KEV listing is present; however the integrity and availability impact (I:H, A:H) in a real-time OS kernel elevates practical severity beyond the 6.3 base score for affected embedded deployments.

Denial Of Service Use After Free Memory Corruption +2
NVD GitHub VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Heap buffer overflow in GNOME localsearch (formerly tracker-miners) tracker-extract-mp3 component on Red Hat Enterprise Linux 8/9/10, Ubuntu, Debian, and SUSE allows remote attackers to trigger an out-of-bounds heap read by delivering a malformed MP3 file with crafted ID3 performer tags, leading to crashes (DoS) or disclosure of process memory contents. No public exploit identified at time of analysis, and the EPSS score of 0.19% (9th percentile) plus CISA SSVC 'Exploitation: none' indicate low real-world exploitation activity despite the 8.1 CVSS rating. Vendor patches are available across Red Hat (RHSA), Ubuntu USN-8019-1, Debian, and SUSE-SU-2026:0780/21854.

Denial Of Service Information Disclosure Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Heap buffer overflow in GNOME localsearch's tracker-extract-mp3 component enables a local attacker to crash the metadata extraction daemon and potentially disclose heap memory contents by supplying a specially crafted MP3 file with malformed ID3v2.3 COMM tags. Affected platforms confirmed by Red Hat include RHEL 8, 9, and 10, where GNOME localsearch (formerly tracker-miners) runs as a background desktop search indexing service. No public exploit code and no active exploitation (CISA KEV) have been identified at time of analysis; exploitation is further constrained by the requirement for local access, low privileges, and user interaction.

Denial Of Service Buffer Overflow Red Hat Enterprise Linux 10 +2
NVD VulDB
EPSS 0% CVSS 5.6
MEDIUM PATCH This Month

Out-of-bounds read in the tracker-extract-mp3 component of GNOME localsearch (formerly tracker-miners) allows a low-privileged local user to trigger an application crash or leak sensitive process memory when the indexer parses a specially crafted MP3 file. Affected deployments include Red Hat Enterprise Linux 8, 9, and 10 running the GNOME desktop stack. No public exploit or active exploitation has been identified at time of analysis, though the file-based delivery mechanism - providing a malicious MP3 to a system where localsearch auto-indexes media - keeps realistic attacker reach higher than the AV:L vector alone implies.

Denial Of Service Information Disclosure Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 5.6
MEDIUM PATCH This Month

Heap out-of-bounds read in GNOME localsearch (formerly tracker-miners) MP3 Extractor affects Red Hat Enterprise Linux 8, 9, and 10, exploitable when a local user triggers indexing of a specially crafted MP3 file containing malformed ID3v2.4 tags. The missing bounds check in the `extract_performers_tags` function can cause a Denial of Service via an unmapped memory read, and in certain heap layout scenarios may also leak fragments of heap memory, resulting in limited information disclosure. No public exploit code has been identified at time of analysis and this vulnerability is not listed in the CISA KEV catalog.

Denial Of Service Information Disclosure Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Denial of service in the elixir-grpc library (versions 0.4.0 through 0.x) allows unauthenticated remote attackers to crash BEAM nodes via a gzip decompression bomb. The GRPC.Compressor.Gzip module calls :zlib.gunzip/1 directly on attacker-controlled bytes without size limits, ratio checks, or incremental decoding, so a single small frame carrying the grpc-encoding: gzip header expands to multi-gigabyte allocations and triggers OOM kills. No public exploit identified at time of analysis, but a vendor patch is available in version 1.0.0.

Denial Of Service Grpc
NVD GitHub
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Unauthenticated denial of service in the elixir-grpc library (versions 0.3.1 up to but not including 1.0.0) allows a single remote attacker to crash an Erlang/BEAM node by streaming an oversized or slow-trickle unary gRPC request body. The Cowboy handler's read_full_body/3 accumulates every chunk into one unbounded binary, and when no grpc-timeout header is sent the per-chunk read timeout collapses to :infinity, so memory grows without bound until the VM dies. No public exploit identified at time of analysis, but the fix is upstream in commit 49e18c3 and the issue is trivial to trigger.

Denial Of Service Grpc
NVD GitHub VulDB
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Local privilege escalation and denial of service in HP One Agent software on HP PC products allow authenticated low-privileged users to gain elevated rights or disrupt the agent. HP has acknowledged the issue and is releasing software updates as mitigation. No public exploit identified at time of analysis, and the flaw is not listed on CISA KEV.

Privilege Escalation HP Denial Of Service +1
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Remote prototype pollution in i18next-http-middleware before 3.9.7 allows unauthenticated attackers to write to Object.prototype by submitting dotted request-body keys such as '__proto__.polluted' to the missingKeyHandler. The 3.9.3 denylist blocked only literal unsafe keys; downstream backends (notably i18next-fs-backend ≤ 2.6.5) that split missing-key strings on the configured keySeparator then walked these segments into an unguarded setPath(). No public exploit identified at time of analysis, but PoC payloads are embedded in the upstream security test suite.

Prototype Pollution Node.js Denial Of Service +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Denial of service in the markdown-it npm library (≤ 14.1.1) stems from a quadratic O(n²) CPU complexity bug in the smartquotes processing rule, exploitable only when `typographer: true` is explicitly enabled. An unauthenticated remote attacker can submit approximately 160KB of consecutive quotation marks to a server-side markdown rendering endpoint and consume over 21 seconds of CPU per request; flooding the endpoint with concurrent payloads can fully exhaust server CPU and prevent legitimate users from being served. No confirmed active exploitation (not in CISA KEV), but a detailed proof-of-concept with timing measurements is publicly documented in the upstream GitHub Security Advisory GHSA-6v5v-wf23-fmfq, and a vendor-released patch is available in version 14.2.0.

Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in Starlette (and downstream FastAPI applications) versions 0.4.1 through 1.3.0 allows remote unauthenticated attackers to exhaust CPU or memory by sending crafted application/x-www-form-urlencoded request bodies. The max_fields and max_part_size limits accepted by request.form() are silently ignored for urlencoded content, so a sub-10MB body can block the event loop for seconds or force unbounded memory allocation. No public exploit identified at time of analysis, but the bug is documented in detail in the upstream GHSA advisory.

Denial Of Service Suse
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Unbounded memory allocation in @opentelemetry/core affects the W3CBaggagePropagator.extract() method, which fails to enforce W3C Baggage specification size limits (8,192 bytes, 180 entries) on the inbound parsing path - only the outbound inject() path was protected. Unauthenticated remote attackers can exploit this to cause partial availability degradation by sending oversized baggage headers, with elevated risk in non-HTTP transport contexts (messaging systems, custom TextMapGetter implementations) where Node.js's native 16 KB header cap does not apply. No public exploit code or CISA KEV listing exists; the CVSS 5.3 Medium score reflects the real-world constraint imposed by Node.js defaults on the dominant HTTP deployment pattern.

Node.js Java Denial Of Service
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Prototype pollution in i18next-fs-backend versions prior to 2.6.6 allows remote attackers to write arbitrary properties onto Object.prototype by submitting crafted missing-translation keys such as '__proto__.polluted' to applications that expose i18next-http-middleware's missingKeyHandler to untrusted input. Backend.writeFile() split keys on the configured keySeparator (default '.') and the getLastOfPath walker in lib/utils.js did not filter unsafe segments before traversing the target object. No public exploit identified at time of analysis, but a coordinated-disclosure advisory (GHSA-2933-q333-qg83) and a fixing commit are public, and downstream impact can include denial of service, configuration poisoning, and bypass of property-based security checks.

Prototype Pollution Denial Of Service I18Next Fs Backend
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Uncontrolled CPU consumption in python-multipart's QuerystringParser (versions <0.0.30) allows remote unauthenticated attackers to cause denial of service by submitting small crafted application/x-www-form-urlencoded bodies using semicolons as field separators. The two-step separator lookup degenerates into O(B²) byte comparisons, letting a ~1 MiB body burn seconds of CPU per request and exhaust workers in Starlette/FastAPI applications that call request.form(). No public exploit identified at time of analysis, though a clear proof-of-concept payload pattern (a;a;a;...) is described in the GHSA advisory.

Python Denial Of Service Suse
NVD GitHub VulDB
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Memory exhaustion in python-multipart's parse_form() function allows a remote attacker to force unbounded body buffering by supplying a negative Content-Length header, degrading server availability under concurrent load. Affected deployments are narrowly scoped: only bespoke WSGI or http.server handlers that pass raw, unvalidated client-supplied Content-Length values directly into parse_form(). Mainstream consumers such as Starlette, FastAPI, and Werkzeug are not affected. No public exploit code exists and this vulnerability is not listed in the CISA KEV catalog, consistent with the low CVSS base score of 3.7.

Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Unbounded input in ua-parser-js v2.0.1–2.0.9's Client Hints API enables remote denial-of-service via catastrophic regex backtracking. Any server-side Node.js application calling `UAParser(headers).withClientHints()` is vulnerable to CPU exhaustion when an attacker supplies an oversized `Sec-CH-UA-Model` header — a single ~32,000-character request consumes over 400ms of CPU with polynomial growth. A functional proof-of-concept exploit is publicly available in the GitHub Security Advisory (GHSA-9h5v-pfqq-x599); no active exploitation in CISA KEV has been confirmed at time of analysis.

Google Denial Of Service
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Memory amplification in protobufjs 8.2.0-8.4.2 enables remote unauthenticated attackers to exhaust heap memory in Node.js services by submitting crafted protobuf binary payloads densely packed with field numbers absent from the application's schema. The library's unknown-field retention feature - introduced in 8.2.0 - stores these wire elements in `message.$unknowns` with no decode-time cap or discard mechanism, allowing payloads to consume memory far exceeding their wire size. No public exploit code is identified at time of analysis, and this vulnerability is not listed in CISA KEV; however, the attack requires no privileges and is accessible over the network against any service that decodes untrusted protobuf binary input.

Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

Denial-of-service in aiohttp (all versions up to and including 3.14.0) allows remote attackers to exhaust server memory by sending large, incomplete WebSocket frame payloads that bypass the library's configured memory size limits. Any Python web application exposing WebSocket endpoints via aiohttp is affected - no authentication is implied as a prerequisite at the protocol layer. No public exploit code has been identified at time of analysis, but the attack primitive is straightforward and the fix is available in 3.14.1.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

Unbounded HTTP/1 pipelined request queuing in aiohttp server allows a remote, unauthenticated attacker to exhaust process memory and cause denial of service by sending pipelined requests faster than the server can handle them. All aiohttp server deployments at version 3.14.0 and earlier are affected; the client library is not impacted. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog, though the attack requires no special tooling beyond a standard HTTP/1.1 client capable of pipelining.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

Memory exhaustion in aiohttp's optimised C HTTP parser allows remote unauthenticated attackers to bypass the max_line_size guard by fragmenting oversized request targets or response reason phrases across multiple TCP reads, potentially causing denial of service against any server using the default pre-built wheel configuration. The flaw is specific to the Cython-compiled C parser (the default in pre-built PyPI wheels); the pure-Python fallback correctly accumulated fragment lengths and is unaffected. No public exploit code has been identified at time of analysis, and a vendor-released patch is available in aiohttp 3.14.1.

Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Denial of service in GStreamer's AV1 codec parser (gst-plugins-bad) allows a remote unauthenticated attacker to crash any application using GStreamer for AV1 media playback by delivering a specially crafted AV1 file. The root cause is a unit mismatch in the gst_av1_parser_parse_tile_list_obu() function, which feeds a byte count to an API expecting a bit count, desynchronizing the parser and triggering an assertion abort. No public exploit has been identified at time of analysis, and exploitation requires user interaction; however, the vulnerability affects Red Hat Enterprise Linux 6 through 10 where GStreamer is a core multimedia component.

Denial Of Service Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 +3
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

Out-of-bounds read and denial-of-service in GStreamer's RealMedia demuxer (gst-plugins-ugly) allows remote attackers to crash, hang, or potentially leak limited adjacent memory when a victim opens a maliciously crafted RealMedia (.rm) file. The flaw stems from unvalidated offsets in re_skip_pascal_string() and an attacker-controlled loop counter in the FILEINFO metadata parser. No public exploit identified at time of analysis, and the CVE is not on the CISA KEV list.

Denial Of Service Information Disclosure Buffer Overflow +4
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial-of-service in Spring Cloud Sleuth 3.1.0 through 3.1.13 allows remote unauthenticated attackers to exhaust application availability by sending specially crafted calls processed by the spring-cloud-sleuth-instrumentation library when Spring TX (transaction) instrumentation is enabled. The flaw is network-reachable with low attack complexity and no user interaction (CVSS 7.5, AV:N/AC:L/PR:N), but there is no public exploit identified at time of analysis and no CISA KEV listing. Impact is limited to availability - no confidentiality or integrity compromise is possible.

Java Denial Of Service Spring Cloud Sleuth
NVD HeroDevs
EPSS 0% CVSS 7.5
HIGH PATCH This Week

{json:true}), or JSON.stringify(), unbounded recursion exhausts the JavaScript call stack. No public exploit identified at time of analysis, but the GitHub Security Advisory GHSA-wcpc-wj8m-hjx6 provides full technical detail and patched versions are available.

Google Denial Of Service
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

Schema-name shadowing in protobufjs (npm packages protobufjs and protobufjs-cli) enables denial of service when an attacker can supply or influence protobuf schemas containing field or service method names that collide with JavaScript runtime-significant identifiers used by the protobufjs runtime. Affected names - specifically a field named `hasOwnProperty`, a field or oneof named `$type` via JSON/reflection descriptors, and service methods whose generated helper resolves to `rpcCall` - cause the runtime to read schema-controlled data in place of expected internal helpers, producing deterministic exceptions or uncontrolled recursion (CWE-674) across decode, verification, serialization, and RPC invocation paths. No public exploit has been identified and no active exploitation is confirmed; the misleading 'RCE' tag in the intelligence metadata is directly contradicted by the vendor advisory, which explicitly states the issue is not known to allow code execution.

Denial Of Service RCE
NVD GitHub
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Denial of service in @angular/common's formatDate function (and the DatePipe that wraps it) allows remote attackers to exhaust CPU and memory by supplying an excessively long, attacker-controlled date format string. On Server-Side Rendered Angular apps this triggers a JavaScript heap out-of-memory crash that takes down the application for all users; on Client-Side Rendered apps it freezes the victim's browser tab. No public exploit identified at time of analysis, but the upstream patch and regression tests are public in angular/angular#69197.

Denial Of Service
NVD GitHub VulDB HeroDevs
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Quadratic CPU exhaustion in js-yaml (npm) versions 4.1.1 and earlier allows unauthenticated remote attackers to block a Node.js event loop for multiple seconds using a crafted YAML payload under 100 KB, resulting in denial of service. The flaw lies in the merge-key parser's failure to deduplicate repeated alias references before invoking per-key processing, producing O(K×M) work from O(K+M) input. A detailed proof-of-concept with reproducible timing benchmarks is publicly available via GitHub Security Advisory GHSA-h67p-54hq-rp68; no active exploitation is confirmed in CISA KEV at time of analysis.

Denial Of Service Apple Node.js
NVD GitHub VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Denial of service in Angular's @angular/common package allows attackers to exhaust CPU and memory by passing crafted digitsInfo strings (e.g., '1.200000000-200000000') to formatNumber, DecimalPipe, PercentPipe, or CurrencyPipe. On SSR deployments this crashes the Node.js process with a heap-out-of-memory error, while client-side rendering freezes the browser tab. No public exploit identified at time of analysis, though the patched code and triggering input strings are documented in PR #68840.

Node.js Google Denial Of Service
NVD GitHub HeroDevs VulDB
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Memory exhaustion denial of service in the npm 'ws' WebSocket library allows a remote unauthenticated peer to crash a Node.js process by streaming many tiny WebSocket fragments that force the receiver to allocate structural wrappers far exceeding the documented maxPayload limit, ultimately triggering an out-of-memory termination. The flaw affects ws versions prior to 5.2.5, 6.2.4, 7.5.11, and 8.21.0, and publicly available exploit code exists in the GitHub Security Advisory GHSA-96hv-2xvq-fx4p.

Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in Multer versions 2.0.0-alpha.1 through 2.1.1 and 3.0.0-alpha.1 allows remote unauthenticated attackers to exhaust server disk space when the library is configured with diskStorage. Aborted or malformed multipart uploads leave orphaned partial files because stream destruction is not propagated to the underlying fs.WriteStream, enabling resource exhaustion at scale with no public exploit identified at time of analysis. EPSS probability is low at 0.25% but SSVC marks the issue automatable with partial technical impact.

Denial Of Service Multer
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Use-after-free in Zephyr RTOS's native TCP2 stack allows a concurrent connection teardown - triggered by ordinary TCP traffic from an adjacent-network peer - to invalidate a cached iterator pointer in net_tcp_foreach(), crashing the system or causing the iterator callback to operate on attacker-influenced reallocated memory. All Zephyr releases from the TCP2 stack introduction in 2020 through v4.4.0 (inclusive) are affected. No public exploit has been identified at time of analysis and no CISA KEV listing exists; the primary real-world risk is denial of service against embedded or IoT devices with TCP networking and shell access exposed on an adjacent network segment.

Use After Free Memory Corruption Information Disclosure +2
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Denial of service in Mattermost Desktop App (versions ≤6.1 and ≤5.5.13.0) allows a malicious Mattermost server owner to crash client applications by injecting a script that calls window.open() with an excessively large URL, exploiting a missing resource limit on URL length processing. Exploitation requires user interaction - the victim must actively connect their Desktop App to an attacker-controlled server - and impact is strictly limited to application availability with no confidentiality or integrity exposure. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog at time of analysis.

Mattermost Denial Of Service
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in the Express.js multer middleware (versions 1.0.0 through 2.1.1 and 3.0.0-alpha.1) allows unauthenticated remote attackers to exhaust CPU and memory by sending a single multipart form request with deeply nested bracket-notation field names. The flaw lives in the append-field dependency, which parses nesting depth without any cap, so one crafted POST can degrade or crash Node.js services. No public exploit identified at time of analysis, but the issue is trivially reproducible against any default multer deployment exposed on the network.

Denial Of Service Multer
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in LLDAP v0.6.2 allows remote unauthenticated attackers to disrupt the authentication service by sending a crafted refresh-token header to the HTTP refresh endpoint. The flaw is a CWE-400 resource handling defect with CVSS 7.5 (availability-only impact); no public exploit is identified, though a referenced gist may contain proof-of-concept material. EPSS is low at 0.18% (8th percentile) and the issue is not on CISA KEV.

Denial Of Service N A
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in anna-is-cute paste v0.1.1 allows remote unauthenticated attackers to disrupt service availability by sending a crafted POST request to the /api/v0/pastes endpoint. The flaw is categorized under CWE-400 (Uncontrolled Resource Consumption) and carries a CVSS 3.1 score of 7.5 with availability-only impact; no public exploit identified at time of analysis, and EPSS is low at 0.15% (4th percentile), suggesting minimal observed interest. The vulnerability is not listed in CISA KEV.

Denial Of Service N A
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Uncontrolled resource consumption in Datadog Vector v0.54.0 allows authenticated remote attackers to crash or degrade the observability pipeline by sending crafted HTTP requests to the /util/http/prelude.rs handler. The vulnerability is classified as CWE-400 and carries a CVSS 3.1 score of 6.5 (Medium), requiring low-privilege network access with no user interaction. No public exploit identified at time of analysis beyond a GitHub gist that may contain proof-of-concept material; EPSS sits at 0.15% (4th percentile), indicating very low observed exploitation probability in the broader threat landscape.

Denial Of Service N A
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

Heap buffer overflow in GPAC MP4Box v2.4 crashes the application when parsing a maliciously crafted MP4 file containing an invalid VP codec configuration. The vulnerable function, gf_isom_vp_config_new in isomedia/avc_ext.c, fails to safely handle attacker-controlled input during ISO Base Media File Format parsing, resulting in a Denial of Service condition. No active exploitation has been confirmed by CISA KEV and no public exploit code has been identified at time of analysis, placing this in a low-urgency remediation tier per SSVC signals.

Denial Of Service Heap Overflow Buffer Overflow +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Heap buffer overflow in GPAC MP4Box v2.4 crashes the application when processing a maliciously crafted MP4 file, triggering a DoS condition in the CENC DRM sample handler. The vulnerable code path resides in gf_cenc_set_pssh (isomedia/drm_sample.c), which processes Protection System Specific Header data embedded in MP4 containers. SSVC confirms no active exploitation, no public exploit exists, and the CVSS local-vector/user-interaction requirement significantly constrains real-world attack surface.

Denial Of Service Heap Overflow Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 8.0
HIGH This Week

An issue was discovered in Rakuten Send Anywhere (File Transfer) for Android (com.estmob.android.sendanywhere) 23.2.9. The vulnerability allows untrusted applications (with no permissions) to force arbitrary file downloads into the app's scoped storage. The resulting files appear in the application's trusted Received interface. These conditions establish a vector for arbitrary code execution if the payload is an APK file, or a denial-of-service condition through resource exhaustion from oversized transfers.

Denial Of Service Google RCE +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

NULL pointer dereference in GPAC MP4Box v2.4 crashes the application when processing a specially crafted MP4 file, delivering a denial of service against any user or automated pipeline invoking the tool. The flaw is isolated to the TrackWriter handling component in filters/mux_isom.c, triggered by malformed MP4 input that causes an unvalidated pointer dereference. No public exploit code has been identified and this CVE does not appear in CISA KEV; SSVC rates exploitation status as none with no automation potential, consistent with a limited, file-delivery-dependent attack surface.

Denial Of Service Null Pointer Dereference N A
NVD
Prev Page 13 of 406 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy