Skip to main content

Denial Of Service

36508 CVEs technique

Monthly

CVE-2026-36806 HIGH This Week

Denial of service in Tenda W15E router firmware v15.11.0.10 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack buffer overflow in the webAuthUserPwd parameter of the formModifyWebAuthUser function. No public exploit identified at time of analysis, and EPSS scoring places exploitation probability at just 0.01% (2nd percentile), suggesting low near-term mass-exploitation likelihood despite the network-reachable attack surface. The flaw is not listed in CISA KEV.

Denial Of Service Buffer Overflow Stack Overflow Tenda N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36783 HIGH This Week

Denial-of-service via stack buffer overflow affects the Tenda O3 wireless router firmware v1.0.0.5(4180), where the fromNetToolGet handler fails to bound-check the domain parameter supplied in HTTP requests. Remote attackers can crash the router's web management service by sending a crafted request, disrupting network connectivity for downstream clients. SSVC flags the issue as proof-of-concept with automatable exploitation and partial technical impact, though EPSS remains low at 0.01% and no in-the-wild exploitation has been confirmed.

Tenda Denial Of Service Stack Overflow Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-55651 MEDIUM This Month

NULL pointer dereference in GPAC MP4Box v2.4 crashes the application when parsing a maliciously crafted MP4 file, enabling a Denial of Service against any user or pipeline that processes untrusted media with this tool. The flaw resides in gf_isom_get_user_data_count within isomedia/isom_read.c, where an unvalidated pointer is dereferenced during user-data atom counting. Publicly available exploit code exists as a crafted MP4 PoC, though no public exploit identified at time of analysis in CISA KEV and EPSS sits at the 5th percentile, suggesting minimal observed exploitation activity.

Denial Of Service Null Pointer Dereference N A
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-36777 MEDIUM This Month

Stack-based buffer overflow in the Tenda W3 Wireless Router v1.0.0.3(2204) enables adjacent-network unauthenticated attackers to crash the device via the formSetCfm HTTP endpoint. The vulnerability resides in the param_1 parameter of the formSetCfm function, where insufficient input validation allows a crafted HTTP request to overflow a stack buffer, resulting in a Denial of Service. A public GitHub repository linked in the references (xhh0124/SemVulLLM) appears to document or demonstrate the issue; no public exploit identified at time of analysis beyond that reference, and the EPSS score of 0.01% (2nd percentile) reflects very low exploitation probability.

Denial Of Service Buffer Overflow Stack Overflow Tenda N A
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-36778 MEDIUM This Month

Stack-based buffer overflow in Tenda O3 Wireless Router firmware v1.0.0.5(4180) enables authenticated remote attackers to crash the device by submitting an oversized username value to the R7WebsSecurityHandler HTTP handler. The CVSS vector (PR:H) confirms that exploitation requires high-privilege authentication, constraining the attack surface to compromised admin credentials or insider threat scenarios. No public exploit identified at time of analysis and EPSS sits at the 2nd percentile (0.01%), reflecting low observed exploitation interest.

Denial Of Service Buffer Overflow Stack Overflow Tenda N A
NVD GitHub
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-36802 HIGH This Week

Denial of service in Tenda PW201A v1.0.5 routers allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a buffer overflow in the page parameter of the SafeMacFilter function. EPSS scores exploitation probability at just 0.02% (4th percentile), and no public exploit identified at time of analysis, though a research repository on GitHub references the vulnerable function.

Denial Of Service Buffer Overflow Tenda N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36794 HIGH This Week

Denial of service in Tenda W3 Wireless Router firmware v1.0.0.3(2204) allows unauthenticated remote attackers to crash the device by sending crafted HTTP requests with oversized username or password parameters that overflow stack buffers in the R7WebsSecurityHandler function. The flaw affects the router's web management interface and carries a CVSS 7.5 (availability-only impact); no public exploit identified at time of analysis and EPSS exploitation probability is very low at 0.01%.

Denial Of Service Buffer Overflow Stack Overflow Tenda N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-52293 HIGH This Week

Denial of service in GPAC MP4Box v2.4 allows remote attackers to crash the application by supplying a crafted HEVC Sequence Parameter Set (SPS), triggering a segmentation violation in the gf_hevc_read_sps_bs_internal function within media_tools/av_parsers.c. No public exploit identified at time of analysis, though the bug is reachable without authentication or user interaction per the CVSS vector. Real-world impact is limited to availability of the parsing process, with no integrity or confidentiality consequences.

Denial Of Service N A
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36771 HIGH This Week

Denial-of-service in the Tenda W3 Wireless Router (firmware v1.0.0.3(2204)) allows remote unauthenticated attackers to crash the device by sending crafted input to the wl_radio parameter of the formwrlSSIDset function, triggering a stack-based buffer overflow. Publicly available exploit research exists in a GitHub repository, but no public exploit identified for weaponized use at time of analysis and the issue is not listed in CISA KEV. The CVSS 7.5 score reflects high availability impact without confidentiality or integrity loss.

Denial Of Service Tenda Stack Overflow Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36800 HIGH This Week

Denial of service in Tenda G0 router firmware v15.11.0.5 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a buffer overflow in the IPMacBindIndex parameter handler of the formIPMacBindDel function. No public exploit identified at time of analysis, and EPSS exploitation probability is very low (0.01%, 2nd percentile), but the network-reachable, no-auth attack surface on an edge networking device warrants attention from operators of affected hardware.

Tenda Denial Of Service Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36819 HIGH This Week

Denial of service in Tenda W20E router firmware v15.11.0.6 allows unauthenticated remote attackers to crash the device by sending a crafted HTTP request that triggers a stack buffer overflow in the bindMACAddr parameter of the fromSetDhcpRules function. The CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) reflects easy network-based exploitation with high availability impact but no confidentiality or integrity loss, and no public exploit identified at time of analysis beyond a research repository reference.

Denial Of Service Tenda Stack Overflow Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-36801 HIGH This Week

Denial of service in Tenda G0 router firmware v15.11.0.5 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request to the formIPMacBindAdd handler with an oversized IPMacBindRule parameter. The flaw is a classic stack/heap buffer overflow (CWE-120) reachable over the network without authentication or user interaction, but its impact is limited to availability (CVSS 7.5, A:H only). No public exploit identified at time of analysis and EPSS exploitation probability is negligible at 0.01%.

Denial Of Service Buffer Overflow Tenda N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36823 HIGH This Week

Denial of service in Tenda W20E router firmware v15.11.0.6 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack buffer overflow in the webAuthUserInfo parameter of the formAddWebAuthUser function. No public exploit identified at time of analysis, though a researcher-published proof-of-concept repository on GitHub documents the issue. EPSS and KEV data are not provided, but the network-reachable, no-auth, no-interaction CVSS vector makes this a credible risk for any exposed management interface.

Denial Of Service Tenda Stack Overflow Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-36822 HIGH This Week

Denial of service in Tenda W20E router firmware v15.11.0.6 allows unauthenticated remote attackers to crash the device by sending a crafted HTTP request containing an oversized macAddr parameter to the formDelStaState handler. The flaw is a stack-based buffer overflow with high availability impact and no confidentiality/integrity loss per CVSS, and no public exploit identified at time of analysis beyond a research repository on GitHub.

Denial Of Service Tenda Stack Overflow Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-36821 HIGH This Week

Denial of service in Tenda W20E router firmware v15.11.0.6 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack-based buffer overflow in the picCropName parameter of the formCropAndSetWewifiPic function. No public exploit identified at time of analysis, though a research write-up referencing the vulnerable function exists in a public GitHub repository. The combination of network-reachable attack surface, no authentication requirement, and low complexity makes opportunistic abuse against exposed admin interfaces realistic.

Denial Of Service Tenda Stack Overflow Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-36820 HIGH This Week

Denial of service in Tenda W20E router firmware v15.11.0.6 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack-based buffer overflow in the webAuthWhiteUserInfo parameter of the formAddWebAuthWhiteUser function. No public exploit identified at time of analysis, though a research repository documenting the flaw is referenced. The CVSS 7.5 (High) score reflects pure availability impact with no confidentiality or integrity loss.

Denial Of Service Tenda Stack Overflow Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-43686 MEDIUM This Month

An issue was discovered in Malwarebytes 4.x and 5.x (and Nebula 2020-10-21 and later). Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-36770 HIGH This Week

Remote denial of service in Tenda US_W3V1.0BR router firmware v1.0.0.3 allows unauthenticated network attackers to crash the device by sending a crafted value in the 'Go' parameter to the ask_to_reboot function, triggering a stack-based buffer overflow. No public exploit identified at time of analysis, though a third-party research repository on GitHub references the vulnerable function.

Denial Of Service Tenda Stack Overflow Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36724 MEDIUM This Month

{id} endpoint. The root cause is an uncaught exception (CWE-400) that propagates unhandled through the job scheduling subsystem, making availability the sole impact with no confidentiality or integrity loss. A public vulnerability disclosure repository exists, lowering the bar for exploitation by any attacker who already holds the required permission.

Denial Of Service
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-55659 MEDIUM This Month

NULL pointer dereference in GPAC MP4Box v2.4 allows unauthenticated remote attackers to crash the application by delivering a crafted MP4 file that a user opens. The vulnerable function ctts_box_write in isomedia/box_code_base.c fails to validate a pointer before dereferencing it when processing a malformed Composition Time to Sample (ctts) box, resulting in a denial-of-service condition. No public exploit code or active exploitation has been identified; SSVC rates exploitation status as none, though delivery is rated automatable.

Denial Of Service Null Pointer Dereference N A
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-47736 Ruby HIGH PATCH GHSA This Week

Remote denial-of-service in Puma Ruby web server versions 5.5.0 through 7.2.0 and 8.0.0 through 8.0.1 allows unauthenticated attackers to exhaust process memory by opening a TCP connection and sending data without CRLF terminators when PROXY protocol v1 support is enabled. The vulnerability lives in the PROXY v1 pre-parse buffer, which grows without bound while Puma waits for the '\r\n' delimiter, leading to OOM kills or container restarts. No public exploit identified at time of analysis, and the issue only affects servers explicitly opting into the non-default `set_remote_address proxy_protocol: :v1` configuration.

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-47734 PyPI MEDIUM PATCH GHSA This Month

Memory exhaustion denial-of-service in Dulwich's git-receive-pack handler allows any client with push access to crash the server by sending a ~174-byte crafted thin pack. The pack's delta header declares an arbitrarily large dest_size value, causing dulwich's add_thin_pack/apply_delta code to allocate hundreds of megabytes of memory with no relationship to the actual bytes received. No public exploit code and no CISA KEV listing exist at time of analysis; the CVSS 5.7 Medium score reflects the low-privilege network vector but is bounded by the requirement that the attacker hold push credentials.

Denial Of Service Red Hat Suse
NVD GitHub
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-47244 Maven MEDIUM PATCH GHSA This Month

Unbounded HTTP/2 stream creation in Netty's netty-codec-http2 library exposes any Netty HTTP/2 server running on default configuration to memory exhaustion from a single TCP connection. Because DefaultHttp2Connection.DefaultEndpoint initializes stream limits to Integer.MAX_VALUE and Http2Settings never advertises SETTINGS_MAX_CONCURRENT_STREAMS unless the application explicitly calls initialSettings().maxConcurrentStreams(n), a remote unauthenticated attacker can sustain hundreds of thousands of simultaneous streams, each forcing JVM heap allocations for DefaultStream objects, PropertyMap slots, flow-controller state, and IntObjectHashMap entries. This misconfiguration is also the structural precondition for CVE-2023-44487-style HTTP/2 Rapid Reset amplification. No public exploit has been identified at time of analysis; vendor-released patches are available in 4.1.135.Final and 4.2.15.Final.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-46340 Maven HIGH PATCH GHSA This Week

Memory exhaustion denial-of-service in Netty's netty-transport-sctp module (versions <= 4.1.134.Final and 4.2.0.Final through 4.2.14.Final) allows remote unauthenticated attackers to crash JVM processes by sending unbounded SCTP DATA fragments that never set the complete flag. The flaw stems from the SCTP reassembly handler wrapping each new fragment into a fresh CompositeByteBuf around the prior accumulator, producing an N-deep recursive buffer chain that consumes memory and CPU per access, with no public exploit identified at time of analysis.

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-45416 Maven HIGH PATCH GHSA This Week

Remote denial-of-service in Netty's netty-handler component allows unauthenticated attackers to exhaust server memory by sending a crafted TLS ClientHello with an attacker-controlled 24-bit handshake length field, triggering an immediate ~16 MiB unpooled heap allocation per connection. Affects Netty 4.1.x through 4.1.134.Final and 4.2.x through 4.2.14.Final when using the default SniHandler/AbstractSniHandler constructors, which disable both the length guard and handshake timeout. No public exploit identified at time of analysis, but the trivial nine-byte trigger and CVSS 7.5 (AV:N/AC:L/PR:N/UI:N/A:H) make weaponization straightforward.

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-44892 Maven HIGH PATCH GHSA This Week

Remote denial-of-service in Netty's HTTP/3 codec (io.netty:netty-codec-http3, versions 4.2.0.Final through 4.2.14.Final) allows an unauthenticated attacker to exhaust server memory by streaming an unbounded number of HTTP/3 headers over a single connection until the JVM throws an OutOfMemoryError. The flaw stems from an insecure default in Http3ConnectionHandler that follows RFC 9114's unlimited HTTP3_SETTINGS_MAX_FIELD_SECTION_SIZE rather than mirroring the 8192-byte cap Netty applies to HTTP/1.1 and HTTP/2. No public exploit identified at time of analysis and the issue is not on the CISA KEV list, but the vendor advisory (GHSA-c2rx-5r8w-8xr2) rates the issue high severity and a fix is shipped in 4.2.15.Final.

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-44890 Maven HIGH PATCH GHSA This Week

Remote denial of service in Netty's netty-codec-redis module (versions <= 4.1.134.Final and 4.2.0.Final through 4.2.14.Final) allows unauthenticated attackers to exhaust direct memory by sending crafted RESP protocol payloads lacking the required \r\n terminator across multiple concurrent connections. The RedisDecoder buffers digit streams indefinitely while awaiting a line terminator, eventually triggering OutOfDirectMemoryError and preventing legitimate connections from being processed. No public exploit identified at time of analysis, but the vendor advisory GHSA-6ghj-frrj-jjj3 confirms the issue and patched releases are available.

Denial Of Service Redis
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-44250 Maven HIGH PATCH GHSA This Week

Denial of service in Netty's netty-codec-redis module (versions <= 4.1.134.Final and 4.2.0.Final through 4.2.14.Final) allows remote unauthenticated attackers to exhaust JVM heap memory by sending Redis payloads with unbounded nested array headers. The RedisArrayAggregator allocates a new AggregateState and ArrayList for every nested array header without enforcing a depth limit, so a continuous stream of `*1\r\n` headers triggers an OutOfMemoryError. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Denial Of Service Redis
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-52778 PHP CRITICAL POC PATCH GHSA Act Now

Remote code execution in YesWiki prior to 4.6.6 allows unauthenticated attackers to inject arbitrary PHP via the Bazar CalcField formula evaluator, which sanitizes input with a recursive regex before passing it to eval(). The same flawed regex is also vulnerable to ReDoS/stack overflow, enabling denial of service against the server. No public exploit identified at time of analysis, but the commit diff in 4.6.6 fully documents the vulnerable code path, lowering the bar for exploit development.

PHP Code Injection Denial Of Service RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-11611 MEDIUM This Month

Denial of service in Red Hat 389 Directory Server's Content Synchronization persistent search plugin enables authenticated network clients to exhaust server memory by initiating a sync operation and halting consumption of responses, causing unbounded queue growth until the server becomes unavailable. Compounding this, race conditions in the plugin's thread lifecycle management can independently trigger server crashes during connection teardown or graceful shutdown. Affected across Red Hat Directory Server 11, 12, and 13 as well as the bundled 389-ds-base package on RHEL 6 through 10. No public exploit identified at time of analysis and no CISA KEV listing.

Denial Of Service Red Hat Directory Server 11 Red Hat Directory Server 12 Red Hat Directory Server 13 Red Hat Enterprise Linux 10 +4
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-46314 MEDIUM PATCH This Month

Infinite loop denial-of-service in the Linux kernel's drm/v3d GPU driver allows a local low-privileged user to permanently peg a CPU core by submitting a crafted self-referential ioctl extension structure. The vulnerability exists in v3d_get_extensions(), which traverses a userspace-controlled linked list without bounding chain length; when both in_sync_count and out_sync_count are zero, the duplicate-extension guard silently passes on every iteration, trapping the kernel thread indefinitely. No public exploit or active exploitation has been identified at time of analysis; EPSS stands at 0.02%, consistent with the local-access-only attack surface.

Linux Denial Of Service
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46313 MEDIUM PATCH This Month

Error pointer dereference in the Linux kernel's Intel IPU6 media driver crashes the kernel during a failed probe, resulting in local denial of service. The flaw resides in `ipu6_pci_probe()` at `drivers/media/pci/intel/ipu6/ipu6.c:690`, where `isp->psys` holds an ERR_PTR value rather than NULL in a specific error path, causing it to be dereferenced during cleanup rather than handled safely. No public exploit exists and EPSS sits at 0.02% (5th percentile), reflecting negligible real-world exploitation interest.

Linux Denial Of Service Intel Null Pointer Dereference
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46310 MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel's Renesas VSP1 media driver crashes the kernel during module unload on Generation 4 Renesas SoC hardware. The defect exists because the cleanup path unconditionally invokes vsp1_drm_cleanup() rather than vsp1_vspx_cleanup() for gen 4 IP versions, while the initialization path correctly checks the IP version - an asymmetry introduced when gen 4 support was added. With an EPSS of 0.02% (4th percentile), no KEV listing, and no public exploit code, real-world exploitation risk is very low and confined to niche embedded and automotive platforms; vendor-released patches are available in stable kernel branches.

Linux Denial Of Service Null Pointer Dereference
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46305 MEDIUM PATCH This Month

NULL pointer dereference in the rtl8723bs staging WiFi driver crashes the Linux kernel when memory allocation fails in rtw_cbuf_alloc(). Systems running Linux 7.0 with an RTL8723BS chipset and the staging driver loaded are affected; a local low-privileged user can trigger a kernel panic resulting in denial of service. No public exploit exists and EPSS at 0.02% (5th percentile) reflects negligible real-world exploitation probability.

Linux Denial Of Service Null Pointer Dereference
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46296 MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel's s3c64xx SPI driver triggers a kernel crash on driver unbind, allowing a local low-privileged attacker to cause a denial of service. The flaw affects systems equipped with Samsung S3C64xx-series SoC hardware running unpatched kernel versions from 6.0 onward. No public exploit code exists and EPSS probability sits at 0.02%, but the crash is deterministic once the driver unbind sequence is triggered on vulnerable hardware. No active exploitation (CISA KEV) has been identified.

Linux Denial Of Service Null Pointer Dereference
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46292 MEDIUM PATCH This Month

Missing resource cleanup in the Linux kernel's generic power domain (genpd) subsystem causes runtime PM to remain enabled for virtual devices after detach, leading to a NULL pointer dereference in genpd_runtime_suspend() and local denial of service. The flaw affects systems where drivers use genpd_dev_pm_attach_by_id() - predominantly ARM and SoC-based platforms - since the balancing pm_runtime_disable() call is absent from genpd_dev_pm_detach(). No public exploit exists and EPSS at 0.02% (5th percentile) confirms negligible exploitation probability; this is not listed in CISA KEV.

Linux Denial Of Service
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46290 MEDIUM PATCH This Month

Linux kernel x86 EFI runtime service fault handling panics instead of recovering gracefully on systems with buggy EFI firmware, following the FPU softirq changes introduced in commit d02198550423. When kernel_fpu_begin() began using local_bh_disable() in place of preempt_disable(), SOFTIRQ_OFFSET is set in preempt_count for the duration of EFI runtime service calls, causing in_interrupt() to return true in normal task context - which causes efi_crash_gracefully_on_page_fault() to bail unconditionally, escalating to panic(). On hardware where EFI firmware (e.g., GetTime()) accesses unmapped memory, this produces an unrecoverable system freeze. No public exploit identified at time of analysis; EPSS is 0.02%, confirming no observed exploitation activity.

Linux Denial Of Service
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46287 MEDIUM PATCH This Month

Missing RTNL lock acquisition in the txgbe network driver causes a kernel assertion warning during module removal on systems with Wangxun copper NICs with external PHY. When `rmmod txgbe` is executed, `phylink_disconnect_phy()` fires an `ASSERT_RTNL()` check at `drivers/net/phy/phylink.c:2351` because the driver's remove path neglects to hold the RTNL mutex, producing a kernel WARNING and degrading system availability. No public exploit exists and EPSS is 0.02% (5th percentile); this is a stability regression rather than a remotely exploitable flaw, affecting a narrow hardware-specific code path.

Linux Denial Of Service
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46284 MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel's HugeTLB early boot parameter parser causes a system crash before the OS fully initializes. Specifically, `hugetlb_add_param()` in `mm/hugetlb` dereferences a NULL pointer via `strlen()` when `hugepages`, `hugepagesz`, or `default_hugepagesz` kernel command line parameters are supplied without a '=' separator, producing a boot-time kernel panic. The impact is a complete denial of service - the system fails to boot until the malformed parameter is corrected. No public exploit or CISA KEV listing exists; EPSS stands at 0.02% (5th percentile), reflecting very low observed exploitation activity. Patches are available in Linux 6.18.27, 7.0.4, and 7.1-rc1, with Ubuntu distributing fixes via USN-8489-1 and USN-8488-1.

Linux Denial Of Service Null Pointer Dereference
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46282 MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel's admv1013 IIO frequency driver crashes the kernel when device_property_read_string() fails during device initialization, leaving a garbage pointer subsequently passed to strcmp(). A local low-privileged user on a system with ADMV1013 microwave upconverter hardware can reliably trigger a kernel panic, resulting in a complete denial of service. No public exploit exists and EPSS sits at 0.02% (5th percentile), but vendor-released patches are available across multiple stable kernel branches including 6.12.86 and 7.0.4.

Linux Denial Of Service Null Pointer Dereference
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46278 MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel's drm/imagination (PowerVR GPU) driver crashes the kernel when a local user writes to the ftrace mask debugfs entry. Affected kernels range from the introduction of the drm/imagination driver at commit a331631496a0af9a6f4e7e1860983afd8b1bb013 through Linux 7.0, with fixes landed in 7.0.4 and 7.1-rc2. An attacker with local access and write permission to the debugfs interface can trigger a kernel Oops, resulting in a full system crash and denial of service. No public exploit exists and EPSS is 0.02%, consistent with the narrow hardware scope (Imagination Technologies PowerVR GPUs) and local-only attack surface.

Linux Denial Of Service Null Pointer Dereference
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46276 MEDIUM PATCH This Month

Kernel panic in the Linux amdgpu DRM driver exposes systems running RDNA4 hardware (e.g., AMD RX 9070 XT) to a denial-of-service condition during driver initialization, but only when the kernel is compiled with CONFIG_DRM_DEBUG_MM enabled. The RDNA4 architecture (GFX 12) removed the GDS, GWS, and OA on-chip memory resources entirely; however, amdgpu_ttm_init() unconditionally invokes amdgpu_ttm_init_on_chip() for these resources regardless of size, ultimately calling drm_mm_init(mm, 0, 0), which triggers DRM_MM_BUG_ON and crashes the kernel at modprobe time. No public exploit exists and EPSS sits at 0.02% (7th percentile), consistent with a hardware-specific, debug-config-dependent crash rather than a remotely triggerable attack surface.

Linux Denial Of Service
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-48913 HIGH PATCH This Week

Use-after-free in the mod_http2 module of Apache HTTP Server versions 2.4.55 through 2.4.67 allows remote attackers to trigger memory corruption when the server's file handle pool is exhausted. The flaw carries a CVSS 7.3 (low impact across confidentiality, integrity, and availability) and is reachable over the network without authentication or user interaction, though no public exploit identified at time of analysis. Tagging emphasizes denial-of-service and memory corruption as the primary realistic outcomes.

Denial Of Service Use After Free Memory Corruption Apache Suse +1
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-49755 HIGH PATCH This Week

Memory exhaustion in wojtekmach Req (Elixir HTTP client) versions 0.1.0 through 0.6.0 allows attacker-controlled HTTP servers to crash the BEAM process via decompression-bomb response bodies. Because Req enabled automatic body decompression and archive decoding by default with no size caps, a sub-megabyte response advertising gzip/zip/tar content can expand to multiple gigabytes in memory. No public exploit identified at time of analysis, but the fix and root cause are documented in the upstream advisory GHSA-655f-mp8p-96gv.

Denial Of Service Req
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-44186 HIGH PATCH This Week

Denial of service in Apache HTTP Server versions 2.4.0 through 2.4.67 stems from an infinite loop condition in the mod_proxy_ftp module when interacting with an attacker-controlled backend FTP server. Remote attackers can degrade availability and partially impact confidentiality and integrity without authentication, though exploitation requires a proxied request path to a malicious FTP backend. No public exploit identified at time of analysis, and EPSS is very low at 0.02%.

Denial Of Service Apache Apache HTTP Server
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-29167 CRITICAL PATCH Act Now

Remote code execution in Apache HTTP Server versions 2.4.0 through 2.4.67 is possible through a use-after-free condition in mod_ldap when LDAP authentication or authorization is configured in a per-directory context. The CVSS 9.8 rating reflects unauthenticated network exploitation with high impact across confidentiality, integrity, and availability, though no public exploit has been identified at time of analysis and EPSS exploitation probability remains very low at 0.02%. CISA SSVC assesses exploitation status as none but flags the issue as automatable with total technical impact.

Denial Of Service Use After Free Memory Corruption Apache Suse +1
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-46275 HIGH PATCH This Week

Use-After-Free and race conditions in the Linux kernel's Bluetooth hci_uart driver (drivers/bluetooth/hci_uart.c) enable a local low-privileged user to corrupt kernel heap memory, potentially escalating to root. The flaw stems from improper lifecycle management of the hci_uart struct and its associated workqueues: when a TTY hangup interrupts Bluetooth UART initialization before HCI_UART_PROTO_READY is set, teardown skips workqueue cancellation, leaving deferred work items to dereference freed memory. Three compounding sub-issues - a tx_skb double-free, a vendor callback UAF via premature hci_free_dev(), and proto_lock races during error paths - are all resolved in patched stable releases. No public exploit is known and EPSS at 0.02% (7th percentile) signals low near-term exploitation probability despite the CVSS 7.8 rating.

Linux Denial Of Service Race Condition
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43973 HIGH PATCH This Week

Memory exhaustion denial of service in Ninenines Gun (Erlang HTTP client) versions 1.0.0 through 2.3.x allows a malicious or compromised HTTP/1.1 server to crash the entire BEAM node by sending an unterminated response. The gun_http module accumulates incoming bytes into a per-connection buffer without any size ceiling, and since BEAM imposes no default per-process heap limit, a single connection can consume all node memory. No public exploit identified at time of analysis, though the upstream patch and accompanying test cases publicly demonstrate the triggering server behavior.

Denial Of Service Gun
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-43974 HIGH PATCH This Week

Denial-of-service in the Erlang HTTP client library Ninenines gun (versions 2.0.0 through 2.3.x) lets a malicious or compromised HTTP/1.1 server force any gun client into raw protocol mode by returning an unsolicited 101 Switching Protocols response, after which the server can flood the client owner process with unbounded gun_data messages and exhaust BEAM VM memory. No public exploit identified at time of analysis, but the fix is trivial and the issue is reachable from any plain HTTP/1.1 request to an attacker-controlled host. CVSS 4.0 8.7 reflects the unauthenticated, network-reachable, high-availability-only impact.

Denial Of Service Gun
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-49235 Cargo HIGH PATCH GHSA This Week

Denial of service in NLnet Labs Routinator allows remote attackers to crash the RPKI validator by serving a crafted Document Type Definition (DTD) inside RRDP repository content. Exploitation requires no authentication or user interaction (CVSS 4.0 8.7, VA:H), and no public exploit identified at time of analysis. A successful crash halts RPKI relying-party processing, which can degrade route origin validation for networks that depend on Routinator output.

Denial Of Service Routinator
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-49234 Cargo HIGH PATCH GHSA This Week

Denial of service in NLnet Labs Routinator (an RPKI Relying Party software) allows remote attackers to crash the daemon by sending a specifically crafted non-UTF-8 string in the select-asn query parameter to the /api/v1/origins HTTP endpoint. The flaw only impacts deployments that expose the API to untrusted networks, and no public exploit has been identified at time of analysis. CVSS 4.0 base score is 8.2 driven by high availability impact to both the vulnerable component and downstream RPKI consumers.

Denial Of Service Routinator
NVD VulDB
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-11478 LOW POC Monitor

ReDoS (Regular Expression Denial of Service) in kokke tiny-regex-c up to commit f2632c6d9ed25272987471cdb8b70395c2460bdb allows local low-privileged attackers to cause availability degradation by supplying crafted input to the `matchstar` function in `re.c`, triggering exponential backtracking in the pattern handler. A public proof-of-concept exploit (tiny-regex-c-redos-poc.zip) has been published, though no vendor patch exists and the project maintainer has not responded to the responsible disclosure. No active exploitation in the wild has been confirmed (not in CISA KEV), and real-world risk is constrained by the local-only attack vector and low availability impact.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-36786 HIGH This Week

Denial of service in Tenda FH451 router firmware V1.0.0.9 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack overflow in the list1 parameter of the fromDhcpListClient function. Publicly available exploit code exists in a GitHub research repository, though the vulnerability is not listed in CISA KEV and no EPSS score has been published at time of analysis. Impact is limited to availability - no confidentiality or integrity loss is indicated.

Denial Of Service Tenda Stack Overflow Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.8%
CVE-2026-36789 HIGH This Week

Denial of service in Tenda AC1206 routers (firmware v15.03.06.23) is triggered by stack-based buffer overflows in the fromGstDhcpSetSer function reachable through the username and password parameters of a crafted HTTP request. Remote attackers with network reach to the device's web management interface can crash the service without authentication, and no public exploit identified at time of analysis although proof-of-concept research material is hosted on GitHub.

Denial Of Service Tenda Stack Overflow Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-6241 MEDIUM PATCH This Month

Format string exploitation in TP-Link's Tapo C520WS v2 ONVIF management service allows an authenticated attacker on an adjacent network segment to crash the ONVIF service by injecting format specifiers into AddScopes scope parameters, resulting in a denial-of-service condition that disrupts normal camera operation. The vulnerability (CWE-134) is confined to availability impact only - no confidentiality or integrity compromise is possible. No public exploit code has been identified at time of analysis, and a vendor-released patch is available from TP-Link.

Denial Of Service Tapo C520Ws V2
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2026-11419 CRITICAL PATCH Act Now

Arbitrary file write in the Altium Enterprise Server Vault Service allows authenticated users to escape the configured storage root via the UploadController image upload endpoint and place content-controlled files anywhere the service account can write. The flaw (CVSS 4.0 base 9.4, CWE-22) escalates to remote code execution, service takeover, or denial of service by overwriting application binaries, configuration files, or dropping payloads in web-accessible directories. No public exploit identified at time of analysis, and Altium 365 cloud deployments are explicitly out of scope.

Denial Of Service Path Traversal Hashicorp RCE On Prem Enterprise Server
NVD VulDB
CVSS 4.0
9.4
EPSS
0.4%
CVE-2026-47731 PyPI CRITICAL PATCH GHSA Act Now

Path traversal in NASA AMMOS AIT-Core's Binary Stream Capture (BSC) component allows unauthenticated remote attackers to direct the ait-bsc process to append attacker-controlled binary data to arbitrary files on the host filesystem, limited only by the OS permissions of the running process. Affected are AIT-Core 3.1.0 and all 2.x versions before 2.6.1, exploitable via a direct HTTP request if the BSC port is network-accessible or via a browser-based CSRF attack that works even against localhost-bound deployments. Publicly available exploit code exists (python_poc.py, attacker_tcp.py, and test1.html), though no CISA KEV listing was identified at time of analysis.

Python Path Traversal RCE Canonical Denial Of Service
NVD GitHub
CVSS 3.1
9.1
EPSS
0.2%
CVE-2026-45290 HIGH PATCH This Week

Denial of service in Cloudburst Network (cloudburstmc/network) versions prior to 1.0.0.CR3-20260417.085727-30 allows remote attackers to stall the underlying Netty event loop, rendering network processing inoperable for any publicly accessible application that depends on the library. The flaw scores CVSS 7.5 with a fully remote, low-complexity, unauthenticated availability impact, and no public exploit identified at time of analysis.

Denial Of Service Network
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-49343 Go MEDIUM PATCH GHSA This Month

Throttler slot exhaustion in klever-go's account-data trie syncer enables unauthenticated remote attackers to permanently consume all `NumGoRoutinesThrottler` slots by causing repeated trie-node sync failures or timeouts during epoch bootstrap, halting node participation in consensus. Both `userAccountsSyncer.syncDataTrie()` and `kappAccountsSyncer.syncDataTrie()` call `StartProcessing()` but omit `EndProcessing()` on three distinct error paths, meaning each failed sync permanently leaks one slot for the lifetime of that throttler instance. A runtime proof-of-concept is publicly confirmed in GHSA-fw38-pc54-jvx9 showing that exactly N timeout failures exhaust a capacity-N throttler; no CISA KEV listing exists at time of analysis, but the operational impact on bootstrapping validators is severe.

Denial Of Service
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2026-48111 MEDIUM PATCH This Month

Off-by-one out-of-bounds read in 7-Zip's UEFI firmware image parser (versions 9.21-26.00) allows a network-adjacent attacker to trigger either a denial of service (application crash) or minor information disclosure of an adjacent static .rdata string literal into archive metadata, simply by convincing a user to open a crafted UEFI-containing archive. The vulnerability is reached automatically upon archive open with no special user action beyond opening the file, and affects default 7-Zip installations because the UEFI handler is enabled out-of-the-box. No public exploit code has been identified at time of analysis, no KEV listing exists, and the impact is bounded: there is no write primitive and no disclosure of heap data, secrets, or ASLR base addresses.

Denial Of Service Information Disclosure Buffer Overflow Suse
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-48104 MEDIUM PATCH This Month

Uninitialized heap read in 7-Zip's SquashFS archive handler (versions 9.18 through 26.00) can crash the application and leak raw heap memory contents when a user opens a specially crafted archive. The flaw originates in the `_blockToNode` array, which is allocated but never zero-initialized; an attacker-controlled `blockIndex` derived from the RootInode superblock field drives a binary search over uninitialized slots, producing a chained out-of-bounds read with no write primitive. No public exploit has been identified at time of analysis, and the description explicitly characterizes exploitation as heap-layout-dependent and not reliably triggerable, which is consistent with the CVSS AC:H rating and limits practical risk despite the network-deliverable attack surface.

Denial Of Service Information Disclosure Suse
NVD GitHub VulDB
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-5090 HIGH PATCH This Week

Denial of service in Arista CloudVision Exchange (CVX) allows an attacker with high-privilege access to a connected switch to crash CVX agents by sending malformed TCP packets, causing instability across the CVX cluster. The flaw stems from improper input validation (CWE-20) of messages received from connected switches, and no public exploit has been identified at time of analysis.

Denial Of Service Eos Cloudvision Exchange Cvx
NVD VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-48103 MEDIUM PATCH This Month

Off-by-one heap out-of-bounds read in 7-Zip's WIM archive handler (versions 9.34-26.00) allows a remote unauthenticated attacker to trigger denial of service - and potentially minor information disclosure - by delivering a crafted WIM file. The vulnerability is zero-click exploitable in the GUI: 7zFM.exe automatically calls GetRawProp(kpidNtSecure) for every listed item, triggering the OOB read without any additional user interaction beyond opening or navigating to the malicious archive. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Denial Of Service Information Disclosure Microsoft Buffer Overflow Suse
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-5089 HIGH PATCH This Week

Denial of service in Arista EOS switches and CloudVision Exchange (CVX) servers arises from improper input validation in the TCP messaging protocol that governs EOS-CVX cluster communication. Sending malformed messages in either direction - from a CVX server to an EOS switch, or vice versa - triggers a Sysdb agent crash on the EOS device (causing a soft reset) or agent crashes on the CVX server (causing cluster-wide instability). Exploitation requires the attacker to already hold high-privilege access on a device within the cluster, and no public exploit code or CISA KEV listing exists at time of analysis, making this a targeted insider or post-compromise threat rather than an opportunistic one.

Denial Of Service Eos Cloudvision Exchange Cvx
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-47249 Go HIGH PATCH GHSA This Week

Remote denial of service in klever-go v1.7.17 allows any connected P2P peer to send a 442-byte compressed RequestDataType_HashArrayType message that expands into 200,000 decoded hash entries, driving roughly 156 MiB of heap pressure and synchronous CPU work per request inside TxResolver and TrieNodeResolver. The flaw stems from antiflood logic that only counts compressed wire size, leaving validator nodes exposed to resource exhaustion from repeated or concurrent malicious requests. Publicly available exploit code exists (vendor-published PoC) but the issue is not in CISA KEV; EPSS data was not provided.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-45720 Go HIGH PATCH GHSA This Week

Authentication bypass via SAML session replay in Siderolabs Omni stems from a TOCTOU race condition in the SAML interceptor (internal/pkg/auth/interceptor/saml.go), where the SAMLAssertion 'Used' flag is checked and updated non-atomically. Concurrent requests bearing the same saml-session token can each observe Used==false, allowing an attacker who has intercepted a victim's token to authenticate multiple times as the victim and persist access by registering attacker-controlled public keys. No public exploit identified at time of analysis; the issue was reported by bugbunny.ai and fixed in Omni v1.6.6 and v1.7.3.

Denial Of Service
NVD GitHub
CVSS 3.1
7.0
EPSS
0.0%
CVE-2024-24769 PyPI LOW PATCH GHSA Monitor

### Impact Users can reset their MFA token via API routes that send them an email. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service
NVD GitHub
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-48102 LOW PATCH Monitor

Heap out-of-bounds read in 7-Zip versions 9.11 through 26.00 exposes up to 3 bytes of heap memory during UDF disc image parsing, triggering when a user opens or extracts a crafted .iso or .udf file. Impact is constrained to a 1-bit information-disclosure oracle per out-of-bounds byte (inferred from open/fail behavior) and potential denial of service under hardened allocators; no write primitive exists. No public exploit code or CISA KEV listing has been identified at time of analysis, and the CVSS Low score of 3.1 accurately reflects the limited real-world severity.

Denial Of Service Information Disclosure Oracle Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-48095 HIGH PATCH This Week

Remote code execution in 7-Zip versions 26.00 and earlier is achievable via a crafted NTFS image that triggers a heap buffer overflow in the archive handler, overwriting an adjacent C++ object's vtable pointer to hijack control flow. The flaw stems from an undefined-behavior shift in CInStream::GetCuSize() that under-allocates a buffer to just one byte, which is then written up to 256 MB of attacker-controlled data. Exploitation requires the victim to open or extract a malicious archive (UI:R), but the NTFS handler is enabled by default and is selected via signature matching regardless of file extension; no public exploit identified at time of analysis.

Denial Of Service Memory Corruption Buffer Overflow RCE Suse
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-25659 HIGH PATCH This Week

Denial of service in Ericsson Packet Core Gateway (PCG) versions prior to 1.30 allows an adjacent-network attacker to degrade telecom packet core service by continuously sending a specially crafted message that triggers improper handling of missing values (CWE-230). The condition persists only while the attack is sustained - the system self-recovers once traffic stops - and no public exploit identified at time of analysis, but the CVSS 4.0 score of 7.1 reflects high availability impact on a carrier-grade network function.

Ericsson Denial Of Service
NVD VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-25658 HIGH PATCH This Week

Denial of service in Ericsson Packet Core Gateway (PCG) versions prior to 1.30 allows adjacent network attackers to degrade service availability by continuously transmitting specially crafted messages that trigger improper handling of missing values (CWE-230). The affected PCG nodes crash repeatedly under sustained attack but self-recover once traffic stops, so impact is transient yet operationally significant for mobile core networks. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Ericsson Denial Of Service
NVD VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-25657 HIGH PATCH This Week

Denial of service in Ericsson Packet Core Gateway (PCG) versions prior to 1.30 allows an adjacent-network attacker to degrade service by continuously transmitting malformed messages that the gateway fails to parse safely. The condition causes recurring crashes that persist only while the attack is active, with automatic recovery once it stops, and no public exploit identified at time of analysis.

Ericsson Denial Of Service
NVD VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-7763 CRITICAL PATCH Act Now

Remote unauthenticated code execution and denial-of-service in Morse Micro HaLowLink 2 (versions prior to 2.11.13) allows attackers within radio range to corrupt kernel memory via a malformed 802.11ah beacon frame. The flaw resides in the morse.ko HaLow Wi-Fi kernel driver, which processes broadcast beacons during passive scanning, requiring no authentication or user interaction. No public exploit identified at time of analysis, but SSVC rates the technical impact as total and the issue as automatable, and a vendor patch is available.

Denial Of Service Buffer Overflow RCE Halowlink 2
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-7762 CRITICAL PATCH Act Now

Remote code execution and kernel-level denial of service in Morse Micro HaLowLink 2 devices running software prior to 2.11.13 allows any attacker within 802.11ah radio range to corrupt kernel heap memory by broadcasting a malformed S1G Capabilities IE in a beacon or probe response frame. The flaw sits in the dot11ah.ko HaLow Wi-Fi driver and triggers during normal passive scanning, requiring no authentication, association, or user interaction. A vendor patch exists, but no public exploit identified at time of analysis and EPSS sits at 0.05% despite the CVSS 9.8 rating.

Denial Of Service Buffer Overflow RCE Halowlink 2
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-11307 HIGH PATCH This Week

Remote code execution in Google Chrome's PDFium component prior to version 149.0.7827.53 allows a remote attacker to execute arbitrary code within the renderer sandbox by enticing a user to open a crafted PDF file. The flaw is a use-after-free memory corruption issue (CWE-416) carrying a CVSS 8.8 rating, though Chromium rated its security severity as Low and no public exploit has been identified at time of analysis. User interaction is required, and code execution is constrained to the Chrome sandbox absent a chained sandbox escape.

Google Memory Corruption RCE Use After Free Denial Of Service +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11306 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the PDFium component, allowing a remote attacker to execute arbitrary code within the renderer sandbox by serving a crafted PDF file. While exploitation is constrained to the sandbox and requires user interaction (visiting a page or opening a PDF), the CVSS score of 8.8 reflects the high impact on confidentiality, integrity, and availability if combined with a sandbox escape. No public exploit identified at time of analysis, and CISA SSVC indicates exploitation status of 'none'.

Google Memory Corruption RCE Use After Free Denial Of Service +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11305 HIGH PATCH This Week

Remote code execution in Google Chrome's PDFium component prior to version 149.0.7827.53 allows a remote attacker to execute arbitrary code within the renderer sandbox via a crafted PDF file. The flaw is a use-after-free memory corruption issue (CWE-416) requiring user interaction to open or render the malicious PDF, and no public exploit identified at time of analysis. Chromium rates the security severity as Low despite the CVSS 8.8 score, reflecting the sandbox containment of the resulting code execution.

Google Memory Corruption RCE Use After Free Denial Of Service +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11304 HIGH PATCH This Week

Heap corruption in Google Chrome's PDFium component before version 149.0.7827.53 allows remote attackers to potentially execute arbitrary code by tricking a user into opening a crafted PDF file. The flaw is a use-after-free (CWE-416) carrying a CVSS 8.8 rating, though no public exploit identified at time of analysis and EPSS exploitation probability is negligible at 0.03% (11th percentile). Google rates the Chromium severity as Low despite the high CVSS, reflecting the requirement for user interaction and absence of observed exploitation.

Denial Of Service Use After Free Memory Corruption Google Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-11303 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the PDFium component that parses PDF documents. A remote attacker who lures a user into opening a crafted PDF can execute arbitrary code, though execution is contained within Chrome's renderer sandbox. No public exploit is identified at time of analysis, and SSVC indicates no observed exploitation.

Google Memory Corruption RCE Use After Free Denial Of Service +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11293 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker to break out of the renderer sandbox via a use-after-free flaw in the Input component when a victim visits a crafted HTML page. The CVSS score of 9.6 reflects the scope change inherent to sandbox escapes, though Chromium rated the underlying severity as Low and EPSS estimates exploitation probability at only 0.03%. No public exploit identified at time of analysis, and the issue is not on the CISA KEV list.

Denial Of Service Use After Free Memory Corruption Google
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-11290 MEDIUM PATCH This Month

Integer overflow in the WebView component of Google Chrome on Android (prior to 149.0.7827.53) allows a local, low-privileged attacker to crash the application via a crafted malicious file, resulting in a denial of service. The attack requires user interaction - the victim must open or process the malicious file through a WebView-rendered surface. No public exploit code has been identified at time of analysis, and the EPSS score of 0.01% (1st percentile) indicates extremely low real-world exploitation probability; the vendor has rated this Low severity.

Denial Of Service Google
NVD VulDB
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-11262 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the TabStrip component, enabling a remote attacker who lures a victim to a crafted HTML page to corrupt memory and execute arbitrary code within the renderer context. Google rates the underlying Chromium severity as Low, but the CVSS base score of 8.8 reflects the potential impact when chained with a sandbox escape. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Google Memory Corruption RCE Use After Free Denial Of Service +3
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11249 MEDIUM PATCH This Month

Use-after-free in the Network component of Google Chrome prior to version 149.0.7827.53 enables an attacker who has already compromised the renderer process to read potentially sensitive data from process memory by delivering a crafted HTML page. The Changed scope (S:C) in the CVSS vector confirms the vulnerability crosses security boundaries - specifically from the renderer sandbox into the Network process - making this a secondary exploitation step rather than an initial access vector. No public exploit code exists and the vulnerability is not listed in the CISA KEV catalog; Google has released a patched stable channel build.

Denial Of Service Use After Free Memory Corruption Google Red Hat +2
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-36785 HIGH This Week

Denial of service in Tenda FH451 V1.0.0.9 routers allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack overflow in the page parameter handler of the fromDhcpListClient function. EPSS exploitation probability is very low (0.01%, 3rd percentile) and no public exploit identified at time of analysis, though proof-of-concept artifacts appear to be hosted in a public GitHub research repository. The flaw is not listed in CISA KEV.

Denial Of Service Tenda Stack Overflow Buffer Overflow N A
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36501 HIGH This Week

Denial of service in OpenDaylight Controller v12.0.5 allows remote unauthenticated attackers to crash or render the SDN controller unavailable by sending crafted input to the Externalizable.readExternal() deserialization component. No public exploit identified at time of analysis, but SSVC flags the flaw as automatable with partial technical impact, and the network attack vector with low complexity makes opportunistic abuse plausible despite a very low EPSS score (0.02%).

Denial Of Service N A
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-50589 PyPI HIGH PATCH This Week

Denial of service in OpenStack Ironic versions 32 through 35.0.1 allows remote unauthenticated attackers to crash the bare-metal provisioning service by submitting a crafted JSON payload to certain API or JSON-RPC endpoints. CVSS 7.5 reflects high availability impact with no authentication required, though EPSS is only 0.04% (12th percentile) and SSVC marks exploitation as 'none' - no public exploit identified at time of analysis. The flaw is tracked as a CWE-770 unbounded resource consumption issue and documented in OpenStack Security Note OSSN-0099.

Denial Of Service Ironic
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-11230 HIGH PATCH This Week

Remote code execution in Google Chrome prior to 149.0.7827.53 stems from a use-after-free flaw in the Extensions component, allowing a remote attacker who tricks a user into visiting a crafted HTML page to execute arbitrary code inside the browser's renderer sandbox. The issue is rated High by NVD (CVSS 8.8) despite Chromium's own Low severity tag, and no public exploit identified at time of analysis. A vendor patch is available via the June 2026 Stable Channel update.

Google Memory Corruption RCE Use After Free Denial Of Service
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-11224 HIGH PATCH This Week

Remote code execution in Google Chrome on Linux versions prior to 149.0.7827.53 allows a remote attacker to exploit a use-after-free condition in the Chromoting component via malicious network traffic. The flaw carries a CVSS 3.1 score of 8.1 (high) with no public exploit identified at time of analysis and an EPSS probability of 0.04%, though Google rates the Chromium severity as Low. The vendor has shipped a fix in the stable channel update for desktop.

Google Memory Corruption RCE Use After Free Denial Of Service +3
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-11208 MEDIUM PATCH This Month

Memory information disclosure in Google Chrome's Codecs component affects all desktop versions prior to 149.0.7827.53, enabling remote unauthenticated attackers to read potentially sensitive data from browser process memory when a user visits a specially crafted HTML page. The root cause is a use-after-free (CWE-416) in the media codec subsystem, yielding high confidentiality impact with no integrity or availability consequences per CVSS. EPSS is very low at 0.03% (11th percentile) and SSVC confirms no active exploitation, placing this firmly in the routine patch category despite its Medium severity score.

Denial Of Service Use After Free Memory Corruption Google Red Hat +2
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11201 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free condition in the ServiceWorker component that can be triggered by a malicious browser extension. An attacker who convinces a user to install a crafted Chrome Extension can achieve arbitrary code execution within the renderer context. No public exploit has been identified at time of analysis and EPSS exploitation probability is very low at 0.01%, but the high CVSS score (8.8) reflects the severe potential impact.

Google Memory Corruption RCE Use After Free Denial Of Service +3
NVD
CVSS 3.1
8.8
EPSS
0.0%
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda W15E router firmware v15.11.0.10 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack buffer overflow in the webAuthUserPwd parameter of the formModifyWebAuthUser function. No public exploit identified at time of analysis, and EPSS scoring places exploitation probability at just 0.01% (2nd percentile), suggesting low near-term mass-exploitation likelihood despite the network-reachable attack surface. The flaw is not listed in CISA KEV.

Denial Of Service Buffer Overflow Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial-of-service via stack buffer overflow affects the Tenda O3 wireless router firmware v1.0.0.5(4180), where the fromNetToolGet handler fails to bound-check the domain parameter supplied in HTTP requests. Remote attackers can crash the router's web management service by sending a crafted request, disrupting network connectivity for downstream clients. SSVC flags the issue as proof-of-concept with automatable exploitation and partial technical impact, though EPSS remains low at 0.01% and no in-the-wild exploitation has been confirmed.

Tenda Denial Of Service Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

NULL pointer dereference in GPAC MP4Box v2.4 crashes the application when parsing a maliciously crafted MP4 file, enabling a Denial of Service against any user or pipeline that processes untrusted media with this tool. The flaw resides in gf_isom_get_user_data_count within isomedia/isom_read.c, where an unvalidated pointer is dereferenced during user-data atom counting. Publicly available exploit code exists as a crafted MP4 PoC, though no public exploit identified at time of analysis in CISA KEV and EPSS sits at the 5th percentile, suggesting minimal observed exploitation activity.

Denial Of Service Null Pointer Dereference N A
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Stack-based buffer overflow in the Tenda W3 Wireless Router v1.0.0.3(2204) enables adjacent-network unauthenticated attackers to crash the device via the formSetCfm HTTP endpoint. The vulnerability resides in the param_1 parameter of the formSetCfm function, where insufficient input validation allows a crafted HTTP request to overflow a stack buffer, resulting in a Denial of Service. A public GitHub repository linked in the references (xhh0124/SemVulLLM) appears to document or demonstrate the issue; no public exploit identified at time of analysis beyond that reference, and the EPSS score of 0.01% (2nd percentile) reflects very low exploitation probability.

Denial Of Service Buffer Overflow Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM This Month

Stack-based buffer overflow in Tenda O3 Wireless Router firmware v1.0.0.5(4180) enables authenticated remote attackers to crash the device by submitting an oversized username value to the R7WebsSecurityHandler HTTP handler. The CVSS vector (PR:H) confirms that exploitation requires high-privilege authentication, constraining the attack surface to compromised admin credentials or insider threat scenarios. No public exploit identified at time of analysis and EPSS sits at the 2nd percentile (0.01%), reflecting low observed exploitation interest.

Denial Of Service Buffer Overflow Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda PW201A v1.0.5 routers allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a buffer overflow in the page parameter of the SafeMacFilter function. EPSS scores exploitation probability at just 0.02% (4th percentile), and no public exploit identified at time of analysis, though a research repository on GitHub references the vulnerable function.

Denial Of Service Buffer Overflow Tenda +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda W3 Wireless Router firmware v1.0.0.3(2204) allows unauthenticated remote attackers to crash the device by sending crafted HTTP requests with oversized username or password parameters that overflow stack buffers in the R7WebsSecurityHandler function. The flaw affects the router's web management interface and carries a CVSS 7.5 (availability-only impact); no public exploit identified at time of analysis and EPSS exploitation probability is very low at 0.01%.

Denial Of Service Buffer Overflow Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in GPAC MP4Box v2.4 allows remote attackers to crash the application by supplying a crafted HEVC Sequence Parameter Set (SPS), triggering a segmentation violation in the gf_hevc_read_sps_bs_internal function within media_tools/av_parsers.c. No public exploit identified at time of analysis, though the bug is reachable without authentication or user interaction per the CVSS vector. Real-world impact is limited to availability of the parsing process, with no integrity or confidentiality consequences.

Denial Of Service N A
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Denial-of-service in the Tenda W3 Wireless Router (firmware v1.0.0.3(2204)) allows remote unauthenticated attackers to crash the device by sending crafted input to the wl_radio parameter of the formwrlSSIDset function, triggering a stack-based buffer overflow. Publicly available exploit research exists in a GitHub repository, but no public exploit identified for weaponized use at time of analysis and the issue is not listed in CISA KEV. The CVSS 7.5 score reflects high availability impact without confidentiality or integrity loss.

Denial Of Service Tenda Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda G0 router firmware v15.11.0.5 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a buffer overflow in the IPMacBindIndex parameter handler of the formIPMacBindDel function. No public exploit identified at time of analysis, and EPSS exploitation probability is very low (0.01%, 2nd percentile), but the network-reachable, no-auth attack surface on an edge networking device warrants attention from operators of affected hardware.

Tenda Denial Of Service Buffer Overflow +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda W20E router firmware v15.11.0.6 allows unauthenticated remote attackers to crash the device by sending a crafted HTTP request that triggers a stack buffer overflow in the bindMACAddr parameter of the fromSetDhcpRules function. The CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) reflects easy network-based exploitation with high availability impact but no confidentiality or integrity loss, and no public exploit identified at time of analysis beyond a research repository reference.

Denial Of Service Tenda Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda G0 router firmware v15.11.0.5 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request to the formIPMacBindAdd handler with an oversized IPMacBindRule parameter. The flaw is a classic stack/heap buffer overflow (CWE-120) reachable over the network without authentication or user interaction, but its impact is limited to availability (CVSS 7.5, A:H only). No public exploit identified at time of analysis and EPSS exploitation probability is negligible at 0.01%.

Denial Of Service Buffer Overflow Tenda +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda W20E router firmware v15.11.0.6 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack buffer overflow in the webAuthUserInfo parameter of the formAddWebAuthUser function. No public exploit identified at time of analysis, though a researcher-published proof-of-concept repository on GitHub documents the issue. EPSS and KEV data are not provided, but the network-reachable, no-auth, no-interaction CVSS vector makes this a credible risk for any exposed management interface.

Denial Of Service Tenda Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda W20E router firmware v15.11.0.6 allows unauthenticated remote attackers to crash the device by sending a crafted HTTP request containing an oversized macAddr parameter to the formDelStaState handler. The flaw is a stack-based buffer overflow with high availability impact and no confidentiality/integrity loss per CVSS, and no public exploit identified at time of analysis beyond a research repository on GitHub.

Denial Of Service Tenda Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda W20E router firmware v15.11.0.6 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack-based buffer overflow in the picCropName parameter of the formCropAndSetWewifiPic function. No public exploit identified at time of analysis, though a research write-up referencing the vulnerable function exists in a public GitHub repository. The combination of network-reachable attack surface, no authentication requirement, and low complexity makes opportunistic abuse against exposed admin interfaces realistic.

Denial Of Service Tenda Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda W20E router firmware v15.11.0.6 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack-based buffer overflow in the webAuthWhiteUserInfo parameter of the formAddWebAuthWhiteUser function. No public exploit identified at time of analysis, though a research repository documenting the flaw is referenced. The CVSS 7.5 (High) score reflects pure availability impact with no confidentiality or integrity loss.

Denial Of Service Tenda Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 6.2
MEDIUM This Month

An issue was discovered in Malwarebytes 4.x and 5.x (and Nebula 2020-10-21 and later). Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Remote denial of service in Tenda US_W3V1.0BR router firmware v1.0.0.3 allows unauthenticated network attackers to crash the device by sending a crafted value in the 'Go' parameter to the ask_to_reboot function, triggering a stack-based buffer overflow. No public exploit identified at time of analysis, though a third-party research repository on GitHub references the vulnerable function.

Denial Of Service Tenda Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

{id} endpoint. The root cause is an uncaught exception (CWE-400) that propagates unhandled through the job scheduling subsystem, making availability the sole impact with no confidentiality or integrity loss. A public vulnerability disclosure repository exists, lowering the bar for exploitation by any attacker who already holds the required permission.

Denial Of Service
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

NULL pointer dereference in GPAC MP4Box v2.4 allows unauthenticated remote attackers to crash the application by delivering a crafted MP4 file that a user opens. The vulnerable function ctts_box_write in isomedia/box_code_base.c fails to validate a pointer before dereferencing it when processing a malformed Composition Time to Sample (ctts) box, resulting in a denial-of-service condition. No public exploit code or active exploitation has been identified; SSVC rates exploitation status as none, though delivery is rated automatable.

Denial Of Service Null Pointer Dereference N A
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote denial-of-service in Puma Ruby web server versions 5.5.0 through 7.2.0 and 8.0.0 through 8.0.1 allows unauthenticated attackers to exhaust process memory by opening a TCP connection and sending data without CRLF terminators when PROXY protocol v1 support is enabled. The vulnerability lives in the PROXY v1 pre-parse buffer, which grows without bound while Puma waits for the '\r\n' delimiter, leading to OOM kills or container restarts. No public exploit identified at time of analysis, and the issue only affects servers explicitly opting into the non-default `set_remote_address proxy_protocol: :v1` configuration.

Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

Memory exhaustion denial-of-service in Dulwich's git-receive-pack handler allows any client with push access to crash the server by sending a ~174-byte crafted thin pack. The pack's delta header declares an arbitrarily large dest_size value, causing dulwich's add_thin_pack/apply_delta code to allocate hundreds of megabytes of memory with no relationship to the actual bytes received. No public exploit code and no CISA KEV listing exist at time of analysis; the CVSS 5.7 Medium score reflects the low-privilege network vector but is bounded by the requirement that the attacker hold push credentials.

Denial Of Service Red Hat Suse
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Unbounded HTTP/2 stream creation in Netty's netty-codec-http2 library exposes any Netty HTTP/2 server running on default configuration to memory exhaustion from a single TCP connection. Because DefaultHttp2Connection.DefaultEndpoint initializes stream limits to Integer.MAX_VALUE and Http2Settings never advertises SETTINGS_MAX_CONCURRENT_STREAMS unless the application explicitly calls initialSettings().maxConcurrentStreams(n), a remote unauthenticated attacker can sustain hundreds of thousands of simultaneous streams, each forcing JVM heap allocations for DefaultStream objects, PropertyMap slots, flow-controller state, and IntObjectHashMap entries. This misconfiguration is also the structural precondition for CVE-2023-44487-style HTTP/2 Rapid Reset amplification. No public exploit has been identified at time of analysis; vendor-released patches are available in 4.1.135.Final and 4.2.15.Final.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Memory exhaustion denial-of-service in Netty's netty-transport-sctp module (versions <= 4.1.134.Final and 4.2.0.Final through 4.2.14.Final) allows remote unauthenticated attackers to crash JVM processes by sending unbounded SCTP DATA fragments that never set the complete flag. The flaw stems from the SCTP reassembly handler wrapping each new fragment into a fresh CompositeByteBuf around the prior accumulator, producing an N-deep recursive buffer chain that consumes memory and CPU per access, with no public exploit identified at time of analysis.

Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote denial-of-service in Netty's netty-handler component allows unauthenticated attackers to exhaust server memory by sending a crafted TLS ClientHello with an attacker-controlled 24-bit handshake length field, triggering an immediate ~16 MiB unpooled heap allocation per connection. Affects Netty 4.1.x through 4.1.134.Final and 4.2.x through 4.2.14.Final when using the default SniHandler/AbstractSniHandler constructors, which disable both the length guard and handshake timeout. No public exploit identified at time of analysis, but the trivial nine-byte trigger and CVSS 7.5 (AV:N/AC:L/PR:N/UI:N/A:H) make weaponization straightforward.

Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote denial-of-service in Netty's HTTP/3 codec (io.netty:netty-codec-http3, versions 4.2.0.Final through 4.2.14.Final) allows an unauthenticated attacker to exhaust server memory by streaming an unbounded number of HTTP/3 headers over a single connection until the JVM throws an OutOfMemoryError. The flaw stems from an insecure default in Http3ConnectionHandler that follows RFC 9114's unlimited HTTP3_SETTINGS_MAX_FIELD_SECTION_SIZE rather than mirroring the 8192-byte cap Netty applies to HTTP/1.1 and HTTP/2. No public exploit identified at time of analysis and the issue is not on the CISA KEV list, but the vendor advisory (GHSA-c2rx-5r8w-8xr2) rates the issue high severity and a fix is shipped in 4.2.15.Final.

Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote denial of service in Netty's netty-codec-redis module (versions <= 4.1.134.Final and 4.2.0.Final through 4.2.14.Final) allows unauthenticated attackers to exhaust direct memory by sending crafted RESP protocol payloads lacking the required \r\n terminator across multiple concurrent connections. The RedisDecoder buffers digit streams indefinitely while awaiting a line terminator, eventually triggering OutOfDirectMemoryError and preventing legitimate connections from being processed. No public exploit identified at time of analysis, but the vendor advisory GHSA-6ghj-frrj-jjj3 confirms the issue and patched releases are available.

Denial Of Service Redis
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in Netty's netty-codec-redis module (versions <= 4.1.134.Final and 4.2.0.Final through 4.2.14.Final) allows remote unauthenticated attackers to exhaust JVM heap memory by sending Redis payloads with unbounded nested array headers. The RedisArrayAggregator allocates a new AggregateState and ArrayList for every nested array header without enforcing a depth limit, so a continuous stream of `*1\r\n` headers triggers an OutOfMemoryError. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Denial Of Service Redis
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

Remote code execution in YesWiki prior to 4.6.6 allows unauthenticated attackers to inject arbitrary PHP via the Bazar CalcField formula evaluator, which sanitizes input with a recursive regex before passing it to eval(). The same flawed regex is also vulnerable to ReDoS/stack overflow, enabling denial of service against the server. No public exploit identified at time of analysis, but the commit diff in 4.6.6 fully documents the vulnerable code path, lowering the bar for exploit development.

PHP Code Injection Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Denial of service in Red Hat 389 Directory Server's Content Synchronization persistent search plugin enables authenticated network clients to exhaust server memory by initiating a sync operation and halting consumption of responses, causing unbounded queue growth until the server becomes unavailable. Compounding this, race conditions in the plugin's thread lifecycle management can independently trigger server crashes during connection teardown or graceful shutdown. Affected across Red Hat Directory Server 11, 12, and 13 as well as the bundled 389-ds-base package on RHEL 6 through 10. No public exploit identified at time of analysis and no CISA KEV listing.

Denial Of Service Red Hat Directory Server 11 Red Hat Directory Server 12 +6
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Infinite loop denial-of-service in the Linux kernel's drm/v3d GPU driver allows a local low-privileged user to permanently peg a CPU core by submitting a crafted self-referential ioctl extension structure. The vulnerability exists in v3d_get_extensions(), which traverses a userspace-controlled linked list without bounding chain length; when both in_sync_count and out_sync_count are zero, the duplicate-extension guard silently passes on every iteration, trapping the kernel thread indefinitely. No public exploit or active exploitation has been identified at time of analysis; EPSS stands at 0.02%, consistent with the local-access-only attack surface.

Linux Denial Of Service
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Error pointer dereference in the Linux kernel's Intel IPU6 media driver crashes the kernel during a failed probe, resulting in local denial of service. The flaw resides in `ipu6_pci_probe()` at `drivers/media/pci/intel/ipu6/ipu6.c:690`, where `isp->psys` holds an ERR_PTR value rather than NULL in a specific error path, causing it to be dereferenced during cleanup rather than handled safely. No public exploit exists and EPSS sits at 0.02% (5th percentile), reflecting negligible real-world exploitation interest.

Linux Denial Of Service Intel +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel's Renesas VSP1 media driver crashes the kernel during module unload on Generation 4 Renesas SoC hardware. The defect exists because the cleanup path unconditionally invokes vsp1_drm_cleanup() rather than vsp1_vspx_cleanup() for gen 4 IP versions, while the initialization path correctly checks the IP version - an asymmetry introduced when gen 4 support was added. With an EPSS of 0.02% (4th percentile), no KEV listing, and no public exploit code, real-world exploitation risk is very low and confined to niche embedded and automotive platforms; vendor-released patches are available in stable kernel branches.

Linux Denial Of Service Null Pointer Dereference
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

NULL pointer dereference in the rtl8723bs staging WiFi driver crashes the Linux kernel when memory allocation fails in rtw_cbuf_alloc(). Systems running Linux 7.0 with an RTL8723BS chipset and the staging driver loaded are affected; a local low-privileged user can trigger a kernel panic resulting in denial of service. No public exploit exists and EPSS at 0.02% (5th percentile) reflects negligible real-world exploitation probability.

Linux Denial Of Service Null Pointer Dereference
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel's s3c64xx SPI driver triggers a kernel crash on driver unbind, allowing a local low-privileged attacker to cause a denial of service. The flaw affects systems equipped with Samsung S3C64xx-series SoC hardware running unpatched kernel versions from 6.0 onward. No public exploit code exists and EPSS probability sits at 0.02%, but the crash is deterministic once the driver unbind sequence is triggered on vulnerable hardware. No active exploitation (CISA KEV) has been identified.

Linux Denial Of Service Null Pointer Dereference
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Missing resource cleanup in the Linux kernel's generic power domain (genpd) subsystem causes runtime PM to remain enabled for virtual devices after detach, leading to a NULL pointer dereference in genpd_runtime_suspend() and local denial of service. The flaw affects systems where drivers use genpd_dev_pm_attach_by_id() - predominantly ARM and SoC-based platforms - since the balancing pm_runtime_disable() call is absent from genpd_dev_pm_detach(). No public exploit exists and EPSS at 0.02% (5th percentile) confirms negligible exploitation probability; this is not listed in CISA KEV.

Linux Denial Of Service
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Linux kernel x86 EFI runtime service fault handling panics instead of recovering gracefully on systems with buggy EFI firmware, following the FPU softirq changes introduced in commit d02198550423. When kernel_fpu_begin() began using local_bh_disable() in place of preempt_disable(), SOFTIRQ_OFFSET is set in preempt_count for the duration of EFI runtime service calls, causing in_interrupt() to return true in normal task context - which causes efi_crash_gracefully_on_page_fault() to bail unconditionally, escalating to panic(). On hardware where EFI firmware (e.g., GetTime()) accesses unmapped memory, this produces an unrecoverable system freeze. No public exploit identified at time of analysis; EPSS is 0.02%, confirming no observed exploitation activity.

Linux Denial Of Service
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Missing RTNL lock acquisition in the txgbe network driver causes a kernel assertion warning during module removal on systems with Wangxun copper NICs with external PHY. When `rmmod txgbe` is executed, `phylink_disconnect_phy()` fires an `ASSERT_RTNL()` check at `drivers/net/phy/phylink.c:2351` because the driver's remove path neglects to hold the RTNL mutex, producing a kernel WARNING and degrading system availability. No public exploit exists and EPSS is 0.02% (5th percentile); this is a stability regression rather than a remotely exploitable flaw, affecting a narrow hardware-specific code path.

Linux Denial Of Service
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel's HugeTLB early boot parameter parser causes a system crash before the OS fully initializes. Specifically, `hugetlb_add_param()` in `mm/hugetlb` dereferences a NULL pointer via `strlen()` when `hugepages`, `hugepagesz`, or `default_hugepagesz` kernel command line parameters are supplied without a '=' separator, producing a boot-time kernel panic. The impact is a complete denial of service - the system fails to boot until the malformed parameter is corrected. No public exploit or CISA KEV listing exists; EPSS stands at 0.02% (5th percentile), reflecting very low observed exploitation activity. Patches are available in Linux 6.18.27, 7.0.4, and 7.1-rc1, with Ubuntu distributing fixes via USN-8489-1 and USN-8488-1.

Linux Denial Of Service Null Pointer Dereference
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel's admv1013 IIO frequency driver crashes the kernel when device_property_read_string() fails during device initialization, leaving a garbage pointer subsequently passed to strcmp(). A local low-privileged user on a system with ADMV1013 microwave upconverter hardware can reliably trigger a kernel panic, resulting in a complete denial of service. No public exploit exists and EPSS sits at 0.02% (5th percentile), but vendor-released patches are available across multiple stable kernel branches including 6.12.86 and 7.0.4.

Linux Denial Of Service Null Pointer Dereference
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel's drm/imagination (PowerVR GPU) driver crashes the kernel when a local user writes to the ftrace mask debugfs entry. Affected kernels range from the introduction of the drm/imagination driver at commit a331631496a0af9a6f4e7e1860983afd8b1bb013 through Linux 7.0, with fixes landed in 7.0.4 and 7.1-rc2. An attacker with local access and write permission to the debugfs interface can trigger a kernel Oops, resulting in a full system crash and denial of service. No public exploit exists and EPSS is 0.02%, consistent with the narrow hardware scope (Imagination Technologies PowerVR GPUs) and local-only attack surface.

Linux Denial Of Service Null Pointer Dereference
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Kernel panic in the Linux amdgpu DRM driver exposes systems running RDNA4 hardware (e.g., AMD RX 9070 XT) to a denial-of-service condition during driver initialization, but only when the kernel is compiled with CONFIG_DRM_DEBUG_MM enabled. The RDNA4 architecture (GFX 12) removed the GDS, GWS, and OA on-chip memory resources entirely; however, amdgpu_ttm_init() unconditionally invokes amdgpu_ttm_init_on_chip() for these resources regardless of size, ultimately calling drm_mm_init(mm, 0, 0), which triggers DRM_MM_BUG_ON and crashes the kernel at modprobe time. No public exploit exists and EPSS sits at 0.02% (7th percentile), consistent with a hardware-specific, debug-config-dependent crash rather than a remotely triggerable attack surface.

Linux Denial Of Service
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Use-after-free in the mod_http2 module of Apache HTTP Server versions 2.4.55 through 2.4.67 allows remote attackers to trigger memory corruption when the server's file handle pool is exhausted. The flaw carries a CVSS 7.3 (low impact across confidentiality, integrity, and availability) and is reachable over the network without authentication or user interaction, though no public exploit identified at time of analysis. Tagging emphasizes denial-of-service and memory corruption as the primary realistic outcomes.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Memory exhaustion in wojtekmach Req (Elixir HTTP client) versions 0.1.0 through 0.6.0 allows attacker-controlled HTTP servers to crash the BEAM process via decompression-bomb response bodies. Because Req enabled automatic body decompression and archive decoding by default with no size caps, a sub-megabyte response advertising gzip/zip/tar content can expand to multiple gigabytes in memory. No public exploit identified at time of analysis, but the fix and root cause are documented in the upstream advisory GHSA-655f-mp8p-96gv.

Denial Of Service Req
NVD GitHub VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Denial of service in Apache HTTP Server versions 2.4.0 through 2.4.67 stems from an infinite loop condition in the mod_proxy_ftp module when interacting with an attacker-controlled backend FTP server. Remote attackers can degrade availability and partially impact confidentiality and integrity without authentication, though exploitation requires a proxied request path to a malicious FTP backend. No public exploit identified at time of analysis, and EPSS is very low at 0.02%.

Denial Of Service Apache Apache HTTP Server
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Remote code execution in Apache HTTP Server versions 2.4.0 through 2.4.67 is possible through a use-after-free condition in mod_ldap when LDAP authentication or authorization is configured in a per-directory context. The CVSS 9.8 rating reflects unauthenticated network exploitation with high impact across confidentiality, integrity, and availability, though no public exploit has been identified at time of analysis and EPSS exploitation probability remains very low at 0.02%. CISA SSVC assesses exploitation status as none but flags the issue as automatable with total technical impact.

Denial Of Service Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-After-Free and race conditions in the Linux kernel's Bluetooth hci_uart driver (drivers/bluetooth/hci_uart.c) enable a local low-privileged user to corrupt kernel heap memory, potentially escalating to root. The flaw stems from improper lifecycle management of the hci_uart struct and its associated workqueues: when a TTY hangup interrupts Bluetooth UART initialization before HCI_UART_PROTO_READY is set, teardown skips workqueue cancellation, leaving deferred work items to dereference freed memory. Three compounding sub-issues - a tx_skb double-free, a vendor callback UAF via premature hci_free_dev(), and proto_lock races during error paths - are all resolved in patched stable releases. No public exploit is known and EPSS at 0.02% (7th percentile) signals low near-term exploitation probability despite the CVSS 7.8 rating.

Linux Denial Of Service Race Condition
NVD VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Memory exhaustion denial of service in Ninenines Gun (Erlang HTTP client) versions 1.0.0 through 2.3.x allows a malicious or compromised HTTP/1.1 server to crash the entire BEAM node by sending an unterminated response. The gun_http module accumulates incoming bytes into a per-connection buffer without any size ceiling, and since BEAM imposes no default per-process heap limit, a single connection can consume all node memory. No public exploit identified at time of analysis, though the upstream patch and accompanying test cases publicly demonstrate the triggering server behavior.

Denial Of Service Gun
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Denial-of-service in the Erlang HTTP client library Ninenines gun (versions 2.0.0 through 2.3.x) lets a malicious or compromised HTTP/1.1 server force any gun client into raw protocol mode by returning an unsolicited 101 Switching Protocols response, after which the server can flood the client owner process with unbounded gun_data messages and exhaust BEAM VM memory. No public exploit identified at time of analysis, but the fix is trivial and the issue is reachable from any plain HTTP/1.1 request to an attacker-controlled host. CVSS 4.0 8.7 reflects the unauthenticated, network-reachable, high-availability-only impact.

Denial Of Service Gun
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Denial of service in NLnet Labs Routinator allows remote attackers to crash the RPKI validator by serving a crafted Document Type Definition (DTD) inside RRDP repository content. Exploitation requires no authentication or user interaction (CVSS 4.0 8.7, VA:H), and no public exploit identified at time of analysis. A successful crash halts RPKI relying-party processing, which can degrade route origin validation for networks that depend on Routinator output.

Denial Of Service Routinator
NVD VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Denial of service in NLnet Labs Routinator (an RPKI Relying Party software) allows remote attackers to crash the daemon by sending a specifically crafted non-UTF-8 string in the select-asn query parameter to the /api/v1/origins HTTP endpoint. The flaw only impacts deployments that expose the API to untrusted networks, and no public exploit has been identified at time of analysis. CVSS 4.0 base score is 8.2 driven by high availability impact to both the vulnerable component and downstream RPKI consumers.

Denial Of Service Routinator
NVD VulDB
EPSS 0% CVSS 1.9
LOW POC Monitor

ReDoS (Regular Expression Denial of Service) in kokke tiny-regex-c up to commit f2632c6d9ed25272987471cdb8b70395c2460bdb allows local low-privileged attackers to cause availability degradation by supplying crafted input to the `matchstar` function in `re.c`, triggering exponential backtracking in the pattern handler. A public proof-of-concept exploit (tiny-regex-c-redos-poc.zip) has been published, though no vendor patch exists and the project maintainer has not responded to the responsible disclosure. No active exploitation in the wild has been confirmed (not in CISA KEV), and real-world risk is constrained by the local-only attack vector and low availability impact.

Denial Of Service
NVD GitHub VulDB
EPSS 1% CVSS 7.5
HIGH This Week

Denial of service in Tenda FH451 router firmware V1.0.0.9 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack overflow in the list1 parameter of the fromDhcpListClient function. Publicly available exploit code exists in a GitHub research repository, though the vulnerability is not listed in CISA KEV and no EPSS score has been published at time of analysis. Impact is limited to availability - no confidentiality or integrity loss is indicated.

Denial Of Service Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda AC1206 routers (firmware v15.03.06.23) is triggered by stack-based buffer overflows in the fromGstDhcpSetSer function reachable through the username and password parameters of a crafted HTTP request. Remote attackers with network reach to the device's web management interface can crash the service without authentication, and no public exploit identified at time of analysis although proof-of-concept research material is hosted on GitHub.

Denial Of Service Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Format string exploitation in TP-Link's Tapo C520WS v2 ONVIF management service allows an authenticated attacker on an adjacent network segment to crash the ONVIF service by injecting format specifiers into AddScopes scope parameters, resulting in a denial-of-service condition that disrupts normal camera operation. The vulnerability (CWE-134) is confined to availability impact only - no confidentiality or integrity compromise is possible. No public exploit code has been identified at time of analysis, and a vendor-released patch is available from TP-Link.

Denial Of Service Tapo C520Ws V2
NVD
EPSS 0% CVSS 9.4
CRITICAL PATCH Act Now

Arbitrary file write in the Altium Enterprise Server Vault Service allows authenticated users to escape the configured storage root via the UploadController image upload endpoint and place content-controlled files anywhere the service account can write. The flaw (CVSS 4.0 base 9.4, CWE-22) escalates to remote code execution, service takeover, or denial of service by overwriting application binaries, configuration files, or dropping payloads in web-accessible directories. No public exploit identified at time of analysis, and Altium 365 cloud deployments are explicitly out of scope.

Denial Of Service Path Traversal Hashicorp +2
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Path traversal in NASA AMMOS AIT-Core's Binary Stream Capture (BSC) component allows unauthenticated remote attackers to direct the ait-bsc process to append attacker-controlled binary data to arbitrary files on the host filesystem, limited only by the OS permissions of the running process. Affected are AIT-Core 3.1.0 and all 2.x versions before 2.6.1, exploitable via a direct HTTP request if the BSC port is network-accessible or via a browser-based CSRF attack that works even against localhost-bound deployments. Publicly available exploit code exists (python_poc.py, attacker_tcp.py, and test1.html), though no CISA KEV listing was identified at time of analysis.

Python Path Traversal RCE +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in Cloudburst Network (cloudburstmc/network) versions prior to 1.0.0.CR3-20260417.085727-30 allows remote attackers to stall the underlying Netty event loop, rendering network processing inoperable for any publicly accessible application that depends on the library. The flaw scores CVSS 7.5 with a fully remote, low-complexity, unauthenticated availability impact, and no public exploit identified at time of analysis.

Denial Of Service Network
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Throttler slot exhaustion in klever-go's account-data trie syncer enables unauthenticated remote attackers to permanently consume all `NumGoRoutinesThrottler` slots by causing repeated trie-node sync failures or timeouts during epoch bootstrap, halting node participation in consensus. Both `userAccountsSyncer.syncDataTrie()` and `kappAccountsSyncer.syncDataTrie()` call `StartProcessing()` but omit `EndProcessing()` on three distinct error paths, meaning each failed sync permanently leaks one slot for the lifetime of that throttler instance. A runtime proof-of-concept is publicly confirmed in GHSA-fw38-pc54-jvx9 showing that exactly N timeout failures exhaust a capacity-N throttler; no CISA KEV listing exists at time of analysis, but the operational impact on bootstrapping validators is severe.

Denial Of Service
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Off-by-one out-of-bounds read in 7-Zip's UEFI firmware image parser (versions 9.21-26.00) allows a network-adjacent attacker to trigger either a denial of service (application crash) or minor information disclosure of an adjacent static .rdata string literal into archive metadata, simply by convincing a user to open a crafted UEFI-containing archive. The vulnerability is reached automatically upon archive open with no special user action beyond opening the file, and affects default 7-Zip installations because the UEFI handler is enabled out-of-the-box. No public exploit code has been identified at time of analysis, no KEV listing exists, and the impact is bounded: there is no write primitive and no disclosure of heap data, secrets, or ASLR base addresses.

Denial Of Service Information Disclosure Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 4.2
MEDIUM PATCH This Month

Uninitialized heap read in 7-Zip's SquashFS archive handler (versions 9.18 through 26.00) can crash the application and leak raw heap memory contents when a user opens a specially crafted archive. The flaw originates in the `_blockToNode` array, which is allocated but never zero-initialized; an attacker-controlled `blockIndex` derived from the RootInode superblock field drives a binary search over uninitialized slots, producing a chained out-of-bounds read with no write primitive. No public exploit has been identified at time of analysis, and the description explicitly characterizes exploitation as heap-layout-dependent and not reliably triggerable, which is consistent with the CVSS AC:H rating and limits practical risk despite the network-deliverable attack surface.

Denial Of Service Information Disclosure Suse
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Denial of service in Arista CloudVision Exchange (CVX) allows an attacker with high-privilege access to a connected switch to crash CVX agents by sending malformed TCP packets, causing instability across the CVX cluster. The flaw stems from improper input validation (CWE-20) of messages received from connected switches, and no public exploit has been identified at time of analysis.

Denial Of Service Eos Cloudvision Exchange Cvx
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Off-by-one heap out-of-bounds read in 7-Zip's WIM archive handler (versions 9.34-26.00) allows a remote unauthenticated attacker to trigger denial of service - and potentially minor information disclosure - by delivering a crafted WIM file. The vulnerability is zero-click exploitable in the GUI: 7zFM.exe automatically calls GetRawProp(kpidNtSecure) for every listed item, triggering the OOB read without any additional user interaction beyond opening or navigating to the malicious archive. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Denial Of Service Information Disclosure Microsoft +2
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Denial of service in Arista EOS switches and CloudVision Exchange (CVX) servers arises from improper input validation in the TCP messaging protocol that governs EOS-CVX cluster communication. Sending malformed messages in either direction - from a CVX server to an EOS switch, or vice versa - triggers a Sysdb agent crash on the EOS device (causing a soft reset) or agent crashes on the CVX server (causing cluster-wide instability). Exploitation requires the attacker to already hold high-privilege access on a device within the cluster, and no public exploit code or CISA KEV listing exists at time of analysis, making this a targeted insider or post-compromise threat rather than an opportunistic one.

Denial Of Service Eos Cloudvision Exchange Cvx
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote denial of service in klever-go v1.7.17 allows any connected P2P peer to send a 442-byte compressed RequestDataType_HashArrayType message that expands into 200,000 decoded hash entries, driving roughly 156 MiB of heap pressure and synchronous CPU work per request inside TxResolver and TrieNodeResolver. The flaw stems from antiflood logic that only counts compressed wire size, leaving validator nodes exposed to resource exhaustion from repeated or concurrent malicious requests. Publicly available exploit code exists (vendor-published PoC) but the issue is not in CISA KEV; EPSS data was not provided.

Denial Of Service
NVD GitHub
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Authentication bypass via SAML session replay in Siderolabs Omni stems from a TOCTOU race condition in the SAML interceptor (internal/pkg/auth/interceptor/saml.go), where the SAMLAssertion 'Used' flag is checked and updated non-atomically. Concurrent requests bearing the same saml-session token can each observe Used==false, allowing an attacker who has intercepted a victim's token to authenticate multiple times as the victim and persist access by registering attacker-controlled public keys. No public exploit identified at time of analysis; the issue was reported by bugbunny.ai and fixed in Omni v1.6.6 and v1.7.3.

Denial Of Service
NVD GitHub
EPSS 0% CVSS 2.1
LOW PATCH Monitor

### Impact Users can reset their MFA token via API routes that send them an email. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service
NVD GitHub
EPSS 0% CVSS 3.1
LOW PATCH Monitor

Heap out-of-bounds read in 7-Zip versions 9.11 through 26.00 exposes up to 3 bytes of heap memory during UDF disc image parsing, triggering when a user opens or extracts a crafted .iso or .udf file. Impact is constrained to a 1-bit information-disclosure oracle per out-of-bounds byte (inferred from open/fail behavior) and potential denial of service under hardened allocators; no write primitive exists. No public exploit code or CISA KEV listing has been identified at time of analysis, and the CVSS Low score of 3.1 accurately reflects the limited real-world severity.

Denial Of Service Information Disclosure Oracle +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in 7-Zip versions 26.00 and earlier is achievable via a crafted NTFS image that triggers a heap buffer overflow in the archive handler, overwriting an adjacent C++ object's vtable pointer to hijack control flow. The flaw stems from an undefined-behavior shift in CInStream::GetCuSize() that under-allocates a buffer to just one byte, which is then written up to 256 MB of attacker-controlled data. Exploitation requires the victim to open or extract a malicious archive (UI:R), but the NTFS handler is enabled by default and is selected via signature matching regardless of file extension; no public exploit identified at time of analysis.

Denial Of Service Memory Corruption Buffer Overflow +2
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Denial of service in Ericsson Packet Core Gateway (PCG) versions prior to 1.30 allows an adjacent-network attacker to degrade telecom packet core service by continuously sending a specially crafted message that triggers improper handling of missing values (CWE-230). The condition persists only while the attack is sustained - the system self-recovers once traffic stops - and no public exploit identified at time of analysis, but the CVSS 4.0 score of 7.1 reflects high availability impact on a carrier-grade network function.

Ericsson Denial Of Service
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Denial of service in Ericsson Packet Core Gateway (PCG) versions prior to 1.30 allows adjacent network attackers to degrade service availability by continuously transmitting specially crafted messages that trigger improper handling of missing values (CWE-230). The affected PCG nodes crash repeatedly under sustained attack but self-recover once traffic stops, so impact is transient yet operationally significant for mobile core networks. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Ericsson Denial Of Service
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Denial of service in Ericsson Packet Core Gateway (PCG) versions prior to 1.30 allows an adjacent-network attacker to degrade service by continuously transmitting malformed messages that the gateway fails to parse safely. The condition causes recurring crashes that persist only while the attack is active, with automatic recovery once it stops, and no public exploit identified at time of analysis.

Ericsson Denial Of Service
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Remote unauthenticated code execution and denial-of-service in Morse Micro HaLowLink 2 (versions prior to 2.11.13) allows attackers within radio range to corrupt kernel memory via a malformed 802.11ah beacon frame. The flaw resides in the morse.ko HaLow Wi-Fi kernel driver, which processes broadcast beacons during passive scanning, requiring no authentication or user interaction. No public exploit identified at time of analysis, but SSVC rates the technical impact as total and the issue as automatable, and a vendor patch is available.

Denial Of Service Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Remote code execution and kernel-level denial of service in Morse Micro HaLowLink 2 devices running software prior to 2.11.13 allows any attacker within 802.11ah radio range to corrupt kernel heap memory by broadcasting a malformed S1G Capabilities IE in a beacon or probe response frame. The flaw sits in the dot11ah.ko HaLow Wi-Fi driver and triggers during normal passive scanning, requiring no authentication, association, or user interaction. A vendor patch exists, but no public exploit identified at time of analysis and EPSS sits at 0.05% despite the CVSS 9.8 rating.

Denial Of Service Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's PDFium component prior to version 149.0.7827.53 allows a remote attacker to execute arbitrary code within the renderer sandbox by enticing a user to open a crafted PDF file. The flaw is a use-after-free memory corruption issue (CWE-416) carrying a CVSS 8.8 rating, though Chromium rated its security severity as Low and no public exploit has been identified at time of analysis. User interaction is required, and code execution is constrained to the Chrome sandbox absent a chained sandbox escape.

Google Memory Corruption RCE +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the PDFium component, allowing a remote attacker to execute arbitrary code within the renderer sandbox by serving a crafted PDF file. While exploitation is constrained to the sandbox and requires user interaction (visiting a page or opening a PDF), the CVSS score of 8.8 reflects the high impact on confidentiality, integrity, and availability if combined with a sandbox escape. No public exploit identified at time of analysis, and CISA SSVC indicates exploitation status of 'none'.

Google Memory Corruption RCE +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's PDFium component prior to version 149.0.7827.53 allows a remote attacker to execute arbitrary code within the renderer sandbox via a crafted PDF file. The flaw is a use-after-free memory corruption issue (CWE-416) requiring user interaction to open or render the malicious PDF, and no public exploit identified at time of analysis. Chromium rates the security severity as Low despite the CVSS 8.8 score, reflecting the sandbox containment of the resulting code execution.

Google Memory Corruption RCE +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap corruption in Google Chrome's PDFium component before version 149.0.7827.53 allows remote attackers to potentially execute arbitrary code by tricking a user into opening a crafted PDF file. The flaw is a use-after-free (CWE-416) carrying a CVSS 8.8 rating, though no public exploit identified at time of analysis and EPSS exploitation probability is negligible at 0.03% (11th percentile). Google rates the Chromium severity as Low despite the high CVSS, reflecting the requirement for user interaction and absence of observed exploitation.

Denial Of Service Use After Free Memory Corruption +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the PDFium component that parses PDF documents. A remote attacker who lures a user into opening a crafted PDF can execute arbitrary code, though execution is contained within Chrome's renderer sandbox. No public exploit is identified at time of analysis, and SSVC indicates no observed exploitation.

Google Memory Corruption RCE +3
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome versions prior to 149.0.7827.53 allows a remote attacker to break out of the renderer sandbox via a use-after-free flaw in the Input component when a victim visits a crafted HTML page. The CVSS score of 9.6 reflects the scope change inherent to sandbox escapes, though Chromium rated the underlying severity as Low and EPSS estimates exploitation probability at only 0.03%. No public exploit identified at time of analysis, and the issue is not on the CISA KEV list.

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

Integer overflow in the WebView component of Google Chrome on Android (prior to 149.0.7827.53) allows a local, low-privileged attacker to crash the application via a crafted malicious file, resulting in a denial of service. The attack requires user interaction - the victim must open or process the malicious file through a WebView-rendered surface. No public exploit code has been identified at time of analysis, and the EPSS score of 0.01% (1st percentile) indicates extremely low real-world exploitation probability; the vendor has rated this Low severity.

Denial Of Service Google
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free flaw in the TabStrip component, enabling a remote attacker who lures a victim to a crafted HTML page to corrupt memory and execute arbitrary code within the renderer context. Google rates the underlying Chromium severity as Low, but the CVSS base score of 8.8 reflects the potential impact when chained with a sandbox escape. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Google Memory Corruption RCE +5
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Use-after-free in the Network component of Google Chrome prior to version 149.0.7827.53 enables an attacker who has already compromised the renderer process to read potentially sensitive data from process memory by delivering a crafted HTML page. The Changed scope (S:C) in the CVSS vector confirms the vulnerability crosses security boundaries - specifically from the renderer sandbox into the Network process - making this a secondary exploitation step rather than an initial access vector. No public exploit code exists and the vulnerability is not listed in the CISA KEV catalog; Google has released a patched stable channel build.

Denial Of Service Use After Free Memory Corruption +4
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda FH451 V1.0.0.9 routers allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack overflow in the page parameter handler of the fromDhcpListClient function. EPSS exploitation probability is very low (0.01%, 3rd percentile) and no public exploit identified at time of analysis, though proof-of-concept artifacts appear to be hosted in a public GitHub research repository. The flaw is not listed in CISA KEV.

Denial Of Service Tenda Stack Overflow +2
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in OpenDaylight Controller v12.0.5 allows remote unauthenticated attackers to crash or render the SDN controller unavailable by sending crafted input to the Externalizable.readExternal() deserialization component. No public exploit identified at time of analysis, but SSVC flags the flaw as automatable with partial technical impact, and the network attack vector with low complexity makes opportunistic abuse plausible despite a very low EPSS score (0.02%).

Denial Of Service N A
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in OpenStack Ironic versions 32 through 35.0.1 allows remote unauthenticated attackers to crash the bare-metal provisioning service by submitting a crafted JSON payload to certain API or JSON-RPC endpoints. CVSS 7.5 reflects high availability impact with no authentication required, though EPSS is only 0.04% (12th percentile) and SSVC marks exploitation as 'none' - no public exploit identified at time of analysis. The flaw is tracked as a CWE-770 unbounded resource consumption issue and documented in OpenStack Security Note OSSN-0099.

Denial Of Service Ironic
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome prior to 149.0.7827.53 stems from a use-after-free flaw in the Extensions component, allowing a remote attacker who tricks a user into visiting a crafted HTML page to execute arbitrary code inside the browser's renderer sandbox. The issue is rated High by NVD (CVSS 8.8) despite Chromium's own Low severity tag, and no public exploit identified at time of analysis. A vendor patch is available via the June 2026 Stable Channel update.

Google Memory Corruption RCE +2
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Remote code execution in Google Chrome on Linux versions prior to 149.0.7827.53 allows a remote attacker to exploit a use-after-free condition in the Chromoting component via malicious network traffic. The flaw carries a CVSS 3.1 score of 8.1 (high) with no public exploit identified at time of analysis and an EPSS probability of 0.04%, though Google rates the Chromium severity as Low. The vendor has shipped a fix in the stable channel update for desktop.

Google Memory Corruption RCE +5
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Memory information disclosure in Google Chrome's Codecs component affects all desktop versions prior to 149.0.7827.53, enabling remote unauthenticated attackers to read potentially sensitive data from browser process memory when a user visits a specially crafted HTML page. The root cause is a use-after-free (CWE-416) in the media codec subsystem, yielding high confidentiality impact with no integrity or availability consequences per CVSS. EPSS is very low at 0.03% (11th percentile) and SSVC confirms no active exploitation, placing this firmly in the routine patch category despite its Medium severity score.

Denial Of Service Use After Free Memory Corruption +4
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 149.0.7827.53 stems from a use-after-free condition in the ServiceWorker component that can be triggered by a malicious browser extension. An attacker who convinces a user to install a crafted Chrome Extension can achieve arbitrary code execution within the renderer context. No public exploit has been identified at time of analysis and EPSS exploitation probability is very low at 0.01%, but the high CVSS score (8.8) reflects the severe potential impact.

Google Memory Corruption RCE +5
NVD
Prev Page 17 of 406 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy