Skip to main content

Denial Of Service

36508 CVEs technique

Monthly

CVE-2026-0043 MEDIUM This Month

Persistent denial of service and local privilege escalation in Google Android's UBSan runtime component affect Android 14, 15, 16-qpr2, and 16, stemming from an integer overflow in multiple functions of ubsan_throwing_runtime.cpp. An authenticated local attacker with low-level privileges and no required user interaction can exploit this overflow to trigger persistent availability loss and, per the description, possible privilege escalation. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.

Privilege Escalation Denial Of Service Integer Overflow
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-0042 MEDIUM This Month

Persistent local denial of service in Google Android affects multiple functions within ubsan_throwing_runtime.cpp, where uncontrolled resource exhaustion can render a device or process permanently unavailable without requiring elevated privileges. Confirmed affected versions span Android 14, 15, 16-qpr2, and 16 per the June 2026 Android Security Bulletin. No public exploit code has been identified at time of analysis, and this is not listed in CISA KEV; however, the 'persistent' nature of the denial of service - implying state survives process restart or requires manual intervention - elevates practical impact beyond a typical availability disruption.

Denial Of Service
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-0041 MEDIUM This Month

Remote denial of service in Google Android 14, 15, 16, and 16-qpr2 stems from an integer overflow in multiple functions of ubsan_throwing_runtime.cpp, the runtime component of Android's Undefined Behavior Sanitizer (UBSan). An authenticated low-privileged attacker over the network can trigger the overflow to crash the affected component, resulting in high availability impact with no user interaction required. No public exploit has been identified at time of analysis, and this vulnerability is not listed in CISA KEV.

Denial Of Service Integer Overflow
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-0040 MEDIUM This Month

Remote denial of service in Google Android 14, 15, 16, and 16-qpr2 is possible via an integer overflow in multiple functions of ubsan_throwing_runtime.cpp, a component of Android's UndefinedBehaviorSanitizer runtime. Network-accessible, low-privileged attackers (CVSS PR:L, AV:N, AC:L) can crash affected devices without requiring user interaction, resulting in availability loss with no confidentiality or integrity impact. No public exploit code and no CISA KEV listing have been identified at time of analysis.

Denial Of Service Integer Overflow
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-0039 MEDIUM This Month

Persistent denial of service in Google Android's UBSAN throwing runtime allows a remote low-privileged attacker to crash affected devices via an integer overflow in multiple functions of ubsan_throwing_runtime.cpp. Affected versions span Android 14, 15, 16-qpr2, and 16, indicating broad exposure across the current supported Android ecosystem. No public exploit code or active exploitation has been identified at time of analysis; patches are available via the June 2026 Android Security Bulletin.

Denial Of Service Integer Overflow
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-0018 MEDIUM This Month

Persistent denial of service in Google Android's AccessibilityManagerService affects Android 15, Android 16, and Android 16-qpr2, allowing a local low-privileged attacker to permanently disrupt the accessibility subsystem without user interaction. The CVSS vector (AV:L/AC:L/PR:L/UI:N/A:H) confirms low-complexity local exploitation requiring only a standard app execution context. No public exploit has been identified and the vulnerability is not listed in CISA KEV at time of analysis.

Denial Of Service
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-48648 MEDIUM This Month

Persistent denial of service in Google Android's NotificationManagerService allows a local unprivileged application to exhaust system resources via the isSameApp method, rendering the device's notification subsystem - and potentially broader system stability - unavailable. Affected versions include Android 14, 15, and 16 as disclosed in the June 2026 Android Security Bulletin. No public exploit code has been identified at time of analysis, and the vulnerability has not been added to the CISA KEV catalog.

Denial Of Service
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-10291 npm MEDIUM PATCH This Month

Regular expression denial of service in Enderfga claw-orchestrator 3.7.0 and earlier allows authenticated remote attackers to degrade service availability by submitting crafted patterns to the Session Grep Endpoint. The validateRegex function in claw-orchestrator/src/embedded-server.ts passes user-supplied body.pattern directly to the V8 JavaScript regex engine, which uses backtracking and can be forced into exponential-time evaluation via patterns like (a+)+$. No public exploit is identified at time of analysis, and the CVSS score of 4.3 (A:L) reflects limited - but real - availability impact via Node.js event loop exhaustion.

Denial Of Service Claw Orchestrator
NVD VulDB GitHub
CVSS 4.0
5.3
EPSS
0.1%
CVE-2026-49140 MEDIUM PATCH This Month

Nanobot's Matrix channel media download handler exhausts process memory and bandwidth when authenticated room members submit media events carrying missing or invalid declared size metadata. All versions of Nanobot prior to 0.2.1 are affected (CPE: cpe:2.3:a:hkuds:nanobot:*:*:*:*:*:*:*:*). An authenticated Matrix room member can send multiple concurrent malformed media events, causing the handler to fully materialize response bodies before performing post-download size validation, consuming process resources until service availability degrades. No public exploit code or CISA KEV listing exists at time of analysis; a vendor-released patch is available in v0.2.1.

Denial Of Service Nanobot
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-40990 Maven MEDIUM PATCH This Month

Denial-of-service in Spring Cloud Function allows a low-privileged actor with physical access and required user interaction to exhaust JVM heap memory by registering an unbounded number of functions into the Function Registry, triggering an Out-of-Memory (OOM) crash. Five actively maintained release lines (3.2.x through 5.0.x) plus all unsupported versions are affected. No public exploit code exists and the vulnerability is not listed in CISA KEV at time of analysis; the CVSS score of 5.7 reflects the physical access vector and user interaction dependency that substantially constrain real-world exploitability compared to the High availability impact alone.

Java Denial Of Service
NVD HeroDevs VulDB
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-43958 HIGH PATCH This Week

Stack-based buffer overflow in rrdcached (the caching daemon for rrdtool) allows a local attacker with socket access to crash the daemon or potentially execute arbitrary code by sending an oversized CREATE request. The flaw is tracked under CWE-121 with a CVSS 3.1 base score of 7.8 (AV:L/AC:L/PR:L), reported by Red Hat against RHEL 6 through 10, and there is no public exploit identified at time of analysis.

Buffer Overflow RCE Denial Of Service Stack Overflow Red Hat Enterprise Linux 10 +4
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-45729 MEDIUM PATCH This Month

Null pointer dereference in ThorVG's SVG loader crashes any process that passes untrusted SVG content through Picture::load(), enabling remote denial-of-service with a trivial 6-byte payload. All ThorVG releases prior to 1.0.5 are affected (CPE: cpe:2.3:a:thorvg:thorvg:*:*:*:*:*:*:*:*). No public exploit identified at time of analysis and no CISA KEV listing, but the fix-confirming PR diff (PR #4387) exposes the exact null-check omissions, substantially lowering the bar for independent exploit development.

Null Pointer Dereference Denial Of Service Thorvg
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-10118 HIGH PATCH This Week

Local code execution in Poppler's Splash rendering backend allows attackers to compromise applications that open attacker-supplied PDFs by triggering an integer overflow in tilingPatternFill that produces an undersized heap allocation and a subsequent out-of-bounds write. The flaw affects Poppler as shipped across Red Hat Enterprise Linux 6 through 10 and Red Hat Hardened Images, with impact including arbitrary code execution, information disclosure, or denial of service in the rendering process. No public exploit identified at time of analysis, and the CVSS 7.8 vector requires user interaction to open a malicious PDF.

Information Disclosure RCE Buffer Overflow Denial Of Service Integer Overflow +6
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-37221 HIGH This Week

Remote denial of service in FlexRIC v2.0.0 allows unauthenticated attackers to crash the near-RT RIC by sending a forged RIC_SUBSCRIPTION_RESPONSE message to TCP port 36421 with an unknown ric_id that has no corresponding pending event. The vulnerability stems from an assert() check in the response handler that causes SIGABRT in Debug builds or a NULL pointer dereference (SIGSEGV) in Release builds. No public exploit identified at time of analysis, though the trivially low complexity and unauthenticated network reach make weaponization straightforward.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-37220 HIGH This Week

Remote denial-of-service in FlexRIC v2.0.0 near-RT RIC allows unauthenticated attackers to crash the controller (port 36421) by completing an SCTP handshake and immediately disconnecting without sending any E2AP message. The cleanup path triggers a reachable assert() because the code assumes an SCTP-association-to-E2-node mapping always exists. No public exploit identified at time of analysis, but the trigger is trivial and the CVSS vector (AV:N/AC:L/PR:N/UI:N, A:H) reflects a low-effort network attack with high availability impact.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-10533 MEDIUM This Month

OpenShift Container Platform exposes a resource exhaustion path where low-privileged authenticated users with pod creation rights can trigger cluster-wide API server degradation by exploiting two quota enforcement gaps: completed pods with restartPolicy:Never are excluded from ResourceQuota pod limits, and Kubernetes events are not quota-scoped. By repeatedly creating such short-lived pods, an attacker causes Kubernetes events to accumulate unboundedly in etcd, degrading API server performance across the entire cluster - a scope change (CVSS S:C) that extends impact well beyond the attacker's own namespace. No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Denial Of Service Kubernetes
NVD VulDB
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-60495 MEDIUM POC This Month

Null pointer dereference in GPAC MP4Box before version 26.02.0 crashes the process when parsing crafted MP4 files, resulting in a Denial of Service. The vulnerable function gf_media_get_color_info in src/media_tools/isom_tools.c fails to validate pointers to AVC (avcc) and HEVC (hvcc) configuration boxes before dereferencing them, causing a segmentation fault when a malformed file omits these structures. No public exploit is confirmed as actively exploited (not in CISA KEV), but publicly available exploit code exists and the attack requires only that a user open a crafted file.

Null Pointer Dereference Denial Of Service
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-60486 MEDIUM POC This Month

Heap use-after-free in GPAC MP4Box's dasher filter allows local attackers to crash the application by supplying a crafted MPEG-2 file. The flaw exists in dasher_configure_pid within src/filters/dasher.c, where a freed GF_DashStream object can still be referenced via muxed_base pointers held by other stream structures, resulting in a dangling pointer dereference. Impact is limited to Denial of Service (A:H, C:N, I:N); a publicly available proof-of-concept confirms reproducibility, though no confirmed active exploitation (CISA KEV) has been identified at time of analysis.

Use After Free Denial Of Service Memory Corruption
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-60485 MEDIUM POC This Month

Segmentation violation in GPAC MP4Box before version 26.02.0 crashes the application when processing crafted MP4 files, enabling denial of service against any user or pipeline invoking the tool on attacker-supplied input. The root cause is a null pointer dereference (CWE-476) in gf_isom_apple_set_tag_ex within isom_write.c, where custom iTunes-style tag pointers are dereferenced without prior null validation. A publicly available proof-of-concept exploit exists, though no public exploit identified at time of analysis correlates to confirmed active exploitation - the local attack vector (AV:L/UI:R) limits exposure primarily to media processing workflows that ingest untrusted MP4 files.

Null Pointer Dereference Denial Of Service
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-60483 MEDIUM POC This Month

NULL pointer dereference in MP4Box's AC4 audio parser crashes the process when parsing a maliciously crafted AC4 file, enabling a local Denial of Service. Affected versions are all GPAC/MP4Box releases prior to 26.02.0, with the root cause in gf_ac4_pres_b_4_back_channels_present() and related AC4 presentation parsing routines in av_parsers.c. A publicly available proof-of-concept exists, though no public exploit confirmed active exploitation is in CISA KEV at time of analysis.

Null Pointer Dereference Denial Of Service
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-60481 MEDIUM POC This Month

NULL pointer dereference in GPAC MP4Box's AC4 audio DSI parser crashes the application when processing a crafted AC4 file, resulting in denial of service. All GPAC MP4Box versions before 26.02.0 are affected; the CVSS vector (AV:L/UI:R) confirms exploitation requires a victim to locally open a malicious file. A publicly available proof-of-concept exploit exists at a referenced GitHub repository, though no public exploit identified at time of analysis has been confirmed as actively exploited in the wild (not listed in CISA KEV).

Null Pointer Dereference Denial Of Service
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-55664 MEDIUM This Month

Heap buffer overflow in GPAC MP4Box v2.4's MPEG-2 TS demuxer crashes the application when processing a specially crafted MP4 file, resulting in a Denial of Service. The vulnerable function `m2tsdmx_send_packet` in `filters/dmx_m2ts.c` lacked a minimum packet-length guard before performing heap operations on M2TS packet data. No active exploitation has been identified (not in CISA KEV), and impact is limited to availability - no code execution or data exposure is achievable via this path.

Heap Overflow Denial Of Service Buffer Overflow
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-49361 Maven HIGH PATCH GHSA This Week

Denial of service in Apache Fluss (incubating) versions 0.8.0 and 0.9.0 allows unauthenticated remote attackers to exhaust JVM heap memory on TabletServer and CoordinatorServer components by sending specially crafted Netty frame headers. The flaw stems from a misconfigured LengthFieldBasedFrameDecoder accepting Integer.MAX_VALUE (~2GB) as the maximum frame length, enabling memory exhaustion with minimal attacker effort. No public exploit identified at time of analysis, and EPSS scores exploitation probability at only 0.05% (17th percentile), suggesting limited current attacker interest despite the network-reachable attack surface.

Apache Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-10232 LOW POC Monitor

Use-after-free in Assimp's ASE File Parser - specifically the `aiNode::~aiNode` destructor in `scene.cpp` - allows a local, low-privileged attacker to corrupt heap memory, potentially causing denial of service or achieving arbitrary code execution in applications that load 3D model files. All Assimp versions through 6.0.4 are affected. A public proof-of-concept exploit (poc.zip) has been disclosed via GitHub, reducing the skill barrier for exploitation in environments where untrusted ASE-format files can be submitted for processing. No public exploit identified as confirmed actively exploited (CISA KEV) at time of analysis.

Use After Free Denial Of Service Memory Corruption Assimp
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-10224 MEDIUM POC This Month

Uncontrolled resource consumption in NousResearch hermes-agent (all versions through 2026.4.30) allows remote unauthenticated attackers to degrade service availability by sending crafted requests to the Feishu webhook endpoint. The vulnerable function `_handle_webhook_request` in `gateway/platforms/feishu.py` fails to bound resource usage during webhook processing, enabling denial-of-service conditions. A publicly available proof-of-concept exploit exists (hosted on GitHub), the vendor did not respond to responsible disclosure, and no patch has been released - leaving all deployments with active Feishu integration exposed with no official remediation path.

Denial Of Service Hermes Agent
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-48187 MEDIUM This Month

Uncontrolled resource allocation in OTRS's e-mail handling subsystem allows a low-privileged authenticated user to trigger unbounded memory or resource consumption, ultimately aborting the webserver and causing a denial of service against the entire OTRS interface. Affected versions span OTRS 8.0.X through 2026.X prior to 2026.4.X, and the ((OTRS)) Community Edition 6.x and OTRS 7.x branches are noted by the vendor as very likely affected as well. No public exploit has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.

Denial Of Service Otrs Otrs Community Edition
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-48208 MEDIUM This Month

SVG content injection in OTRS ticket article rendering enables unauthenticated remote attackers to deliver browser-side denial of service against agents and customers who open affected tickets. Specially crafted SVG payloads submitted via inbound email trigger uncontrolled resource exhaustion during rendering, without requiring JavaScript execution, and the attack vector is not blocked by the application's configured Content Security Policy - making CSP-based mitigations ineffective. No public exploit code or active exploitation has been identified at time of analysis, but the low-complexity, no-authentication-required delivery mechanism (via email) lowers the barrier to abuse significantly.

Denial Of Service Otrs Otrs Community Edition
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-20456 MEDIUM This Month

Out-of-bounds write in the MediaTek WLAN STA (Station mode) driver enables local denial of service across six MediaTek Wi-Fi chipset families, confirmed by MediaTek in their June 2026 Product Security Bulletin. A low-privileged local user can crash the system without any user interaction by triggering the missing bounds check in the driver, exploiting CWE-787 memory corruption. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog at time of analysis.

Memory Corruption Denial Of Service Buffer Overflow Mediatek Chipset
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-70099 HIGH POC This Week

Denial of service in lwext4 1.0.0 allows remote attackers to crash applications by supplying a malformed EXT4 filesystem image that triggers a NULL pointer dereference in ext4_dir_en_get_name_len during directory iteration. The flaw affects the 2016-era lwext4 codebase commonly embedded in IoT, bootloaders, and forensic tools that mount untrusted EXT4 images. Publicly available exploit code exists, though EPSS rates real-world exploitation probability as very low (0.02%, 4th percentile).

Null Pointer Dereference Denial Of Service N A
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-37225 HIGH This Week

Remote denial-of-service in FlexRIC v2.0.0 allows unauthenticated network attackers to crash the iApp process listening on TCP port 36422 by sending a malformed E42_RIC_SUBSCRIPTION_REQUEST containing an empty ricEventTriggerDefinition field. The bug stems from inconsistent validation between the E42 decoder and the downstream E2AP encoder, which aborts via SIGABRT on the missing constraint. No public exploit identified at time of analysis, but the trivial trigger condition (single crafted message, no authentication) makes opportunistic disruption of O-RAN near-RT RIC deployments realistic.

Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-37230 HIGH This Week

Remote denial-of-service in FlexRIC v2.0.0 near-RT RIC allows unauthenticated attackers to crash the controller process by sending a RIC_INDICATION message containing an unregistered ran_func_id, which causes the registry lookup to return NULL and trigger either an assertion failure (SIGABRT in Debug builds) or a NULL pointer dereference (SIGSEGV in Release builds). The flaw is reachable over the network on port 36421 with no authentication or user interaction, though EPSS remains low at 0.04% and there is no public exploit identified at time of analysis. KEV does not list this issue.

Null Pointer Dereference Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-37231 HIGH This Week

Remote denial-of-service in FlexRIC v2.0.0 allows unauthenticated attackers to crash the iApp component (TCP/36422) by exhausting a 16-bit xapp_id counter through repeated E42_SETUP_REQUEST messages. The integer wraparound produces duplicate xApp identifiers that violate internal data-structure invariants, terminating the RIC service. No public exploit identified at time of analysis, and EPSS estimates exploitation probability at just 0.05%, though the attack is conceptually trivial to script.

Denial Of Service Integer Overflow
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-37232 HIGH This Week

Denial of service in OpenAirInterface5G 2.4.0 (nr-softmodem) allows unauthenticated remote attackers to crash an entire 5G base station by triggering a divide-by-zero in the E2SM-KPM RAN Function's PRB utilization calculation. By flooding E42 subscription requests through the FlexRIC iApp on port 36422/SCTP, an attacker forces consecutive identical PRB aggregate samples that produce a zero divisor, raising SIGFPE and interrupting service for all connected UEs. No public exploit identified at time of analysis, and EPSS probability is very low at 0.03%, but the unauthenticated network vector and total cell outage make this a high-impact availability flaw.

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
8.6
EPSS
0.0%
CVE-2026-37234 HIGH This Week

Resource exhaustion and stale-state accumulation in FlexRIC v2.0.0 allows unauthenticated remote attackers to bind multiple xApp identifiers to a single SCTP connection via repeated E42_SETUP_REQUEST messages, where only the first xapp_id is cleaned up on disconnect. The remaining orphaned registrations and their subscriptions persist in the iApp, enabling progressive memory/state corruption that maps to the CVSS 8.2 (AV:N/AC:L/PR:N/UI:N) high-availability impact. No public exploit identified at time of analysis and EPSS is very low (0.05%, 17th percentile), but the unauthenticated network reachability of the E2 termination makes this a meaningful availability risk for O-RAN testbeds running this build.

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-37226 HIGH This Week

Remote denial of service in FlexRIC v2.0.0 allows unauthenticated network attackers to crash the iApp process by sending an E42_RIC_SUBSCRIPTION_REQUEST referencing a non-existent E2 Node, triggering either a SIGABRT (Debug builds via assert) or SIGSEGV (Release builds via NULL pointer dereference) on TCP port 36422. No public exploit identified at time of analysis, and EPSS is very low (0.04%, 12th percentile), but the CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) and trivial trigger conditions make this a meaningful availability risk for any exposed FlexRIC RAN Intelligent Controller deployment.

Null Pointer Dereference Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-37227 HIGH This Week

Remote denial of service in FlexRIC v2.0.0 allows unauthenticated attackers to crash the near-RT RIC process by sending a decodable E2AP PDU (such as E2nodeConfigurationUpdate) to port 36421, triggering an unconditional assert(0) in stub handlers for whitelisted-but-unimplemented message types. CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) with SSVC indicating automatable exploitation and partial technical impact; no public exploit identified at time of analysis and the vulnerability is not in CISA KEV.

Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-37229 HIGH This Week

Remote denial of service in FlexRIC v2.0.0 allows unauthenticated attackers to crash the near-RT RIC or iApp process by sending a single malformed byte over SCTP to ports 36421 or 36422. The flaw is a reachable assertion in e2ap_create_pdu() that fires before any protocol validation, affecting all three E2AP protocol versions (v1.01, v2.03, v3.01). No public exploit identified at time of analysis and EPSS is low (0.03%), but the trigger is trivial enough that public PoC could appear quickly.

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-37224 HIGH This Week

Remote denial of service in FlexRIC v2.0.0 allows unauthenticated attackers to crash the iApp process on TCP/36421 by sending two E2_SETUP_REQUEST messages reusing the same E2 node configuration, abusing an assert()-based uniqueness check that triggers SIGABRT. The flaw affects FlexRIC, the open-source Near-RT RIC implementation from Eurecom's Mosaic5G project, with CVSS 7.5 reflecting high availability impact and no public exploit identified at time of analysis.

Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-37222 HIGH This Week

Remote denial of service in FlexRIC v2.0.0 allows unauthenticated attackers to crash the near-RT RIC (port 36421) or iApp (port 36422) by sending a valid E2AP PDU containing an unexpected number of Information Elements, triggering a SIGABRT via overly strict hardcoded assertions. The flaw affects open-source O-RAN near-real-time RAN Intelligent Controller deployments used in 5G research and testbeds, and no public exploit has been identified at time of analysis. The CVSS 7.5 reflects high availability impact with no confidentiality or integrity loss.

Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-37223 HIGH This Week

Remote unauthenticated denial of service in FlexRIC v2.0.0 allows attackers to crash the entire near-RT RIC service by sending any decodable E2AP PDU with a message type outside the 9-entry whitelist to TCP port 36422. The iApp dispatcher uses assert() for validation, so an unexpected message type triggers SIGABRT in the shared iApp/RIC process, disconnecting all E2 Nodes and xApps. No public exploit identified at time of analysis, but the trivial attack complexity (AV:N/AC:L/PR:N/UI:N) and high availability impact make this a credible operational risk for O-RAN testbeds and lab deployments.

Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-10199 LOW POC PATCH Monitor

Null pointer dereference in Assimp's glTF2 importer (versions up to 6.0.4) allows a local low-privileged attacker to crash any application that processes attacker-supplied 3D model files via the library. The flaw resides in the `ImportAnimations()` function, where `glTF2::LazyDict::operator[]` is invoked with animation channel node indices that are never validated for validity before dereferencing, producing a CWE-476 null pointer dereference and denial-of-service. A public proof-of-concept exploit (poc.zip) has been disclosed and an upstream patch commit is available, though no active exploitation is confirmed by CISA KEV.

Null Pointer Dereference Denial Of Service Assimp
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-10197 LOW POC Monitor

Null pointer dereference in Assimp's glTF2 importer (versions up to 6.0.4) allows a local attacker to crash any application embedding the library by supplying a malformed glTF2 asset. The vulnerable function `ImportEmbeddedTextures` performs pointer arithmetic on the return value of `strchr()` before checking for null, meaning a glTF2 embedded texture with a MIME type lacking a '/' character triggers undefined behavior and a process crash. A public POC is available; no active exploitation has been confirmed by CISA KEV. CVSS 4.0 scores this at 1.9, reflecting the local-only, availability-only impact.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-10198 LOW POC Monitor

Null pointer dereference in Assimp's glTF mesh importer (versions up to and including 6.0.4) allows a locally authenticated attacker with low privileges to crash any application that uses the library to process a crafted 3D model file. The flaw resides specifically in the Assimp::glTFImporter::ImportMeshes function within glTFImporter.cpp, meaning only applications that invoke the glTF import pipeline are exposed. A publicly available proof-of-concept exploit (poc.zip) has been released, though no active exploitation has been confirmed and the CVSS score of 3.3 (Low) reflects the constrained local-only, availability-only impact.

Null Pointer Dereference Denial Of Service Assimp
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-10190 MEDIUM POC This Month

Denial of service in Tenda W12 firmware 3.0.0.7(4763) allows a low-privileged remote attacker to crash the web management daemon by sending a crafted value for the 'web_over_time' argument to the cgiSysWebTimeoutSet handler in /bin/httpd. The availability impact is rated High (A:H), meaning successful exploitation renders the router's management interface - and potentially the device itself - unresponsive. A proof-of-concept exploit archive has been publicly released, lowering the barrier to exploitation, though this vulnerability is not currently listed in the CISA Known Exploited Vulnerabilities catalog.

Denial Of Service Tenda
NVD VulDB
CVSS 4.0
5.7
EPSS
0.1%
CVE-2026-10156 LOW Monitor

Uncontrolled resource consumption in Open5GS up to version 2.7.7 allows remote low-privileged attackers to degrade availability of the NRF (Network Repository Function) component by sending crafted requests to the nf-instances SBI endpoint. The vulnerability triggers runaway resource allocation through the nf_info_pool argument in the handle_amf_info function, resulting in a denial-of-service condition against the NRF's NF instance registration and discovery services. A publicly available proof-of-concept exploit exists (E:P in CVSS 4.0 vector), though no public exploit identified at time of analysis has been confirmed by CISA KEV; the upstream issue is flagged as already-fixed.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-8594 MEDIUM PATCH This Month

Resource amplification in Text::LineFold (Unicode-LineBreak Perl distribution, versions through 2019.001) causes output to be duplicated proportionally to the number of Unicode special line break characters present in the input string. The fold() method incorrectly passes the entire input string to the break() function on each segment iteration, rather than passing only the current segment, producing amplified output that grows with each VT, FF, or similar line break character encountered. No public exploit has been identified at time of analysis and EPSS sits at the 0th percentile, but any application accepting untrusted input and passing it through fold() is exposed to potential denial of service.

Denial Of Service Text
NVD GitHub VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2018-25426 HIGH POC This Week

WinMTR 0.91 contains a denial of service vulnerability that allows attackers to crash the application by sending a malformed payload file containing a large buffer of repeated characters. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Winmtr
NVD Exploit-DB VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2018-25423 MEDIUM POC This Month

Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized input string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Arm Whois
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-48711 Awaiting Data

Pre-NVD disclosure via oss-security: oss-security mailing list - 2026/05/30. ist] oss-security mailing list - 2026/05/30 CVE-2026-48827: Apache MINA SSHD: Path traversal in org.apache.sshd:sshd-git (Thomas Wolf <twolf@...che.org>) CVE-2025-70116: NULL Pointer Dereference in GPAC/MP4Box via gf_media_map_esd on truncated MP4 input (Alexander <shvedov@....com>) CVE-2026-47187, CVE-2026-48711: sshfs <= 3.7.5 symlink escape (local file read/write) and ssh argument injection (local… (Abhinav Agarwal <abhinavagarwal1996@gma…) 3 messages Powered by blists - more mailing lists Please check out the Open Source Software Security Wiki , which is counterpart to this mailing list . Confused about

Apache Denial Of Service Path Traversal
NVD
EPSS
0.0%
CVE-2026-48827 Maven HIGH PATCH GHSA This Week

Path traversal in the org.apache.sshd:sshd-git component of Apache MINA SSHD allows authenticated remote attackers to read files outside the intended Git repository directory by supplying crafted path references over SSH. The flaw was disclosed pre-NVD on the oss-security mailing list on 2026-05-30 by Apache maintainer Thomas Wolf, with no public exploit identified at time of analysis and no CISA KEV listing.

Apache Path Traversal Denial Of Service Suse Red Hat
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-47187 Awaiting Data

Pre-NVD disclosure via oss-security: oss-security mailing list - 2026/05/30. month] [year] [list] oss-security mailing list - 2026/05/30 CVE-2026-48827: Apache MINA SSHD: Path traversal in org.apache.sshd:sshd-git (Thomas Wolf <twolf@...che.org>) CVE-2025-70116: NULL Pointer Dereference in GPAC/MP4Box via gf_media_map_esd on truncated MP4 input (Alexander <shvedov@....com>) CVE-2026-47187, CVE-2026-48711: sshfs <= 3.7.5 symlink escape (local file read/write) and ssh argument injection (local… (Abhinav Agarwal <abhinavagarwal1996@gma…) 3 messages Powered by blists - more mailing lists Please check out the Open Source Software Security Wiki , which is counterpart to this mailing list

Apache Denial Of Service Path Traversal
NVD
EPSS
0.0%
CVE-2026-10117 LOW POC Monitor

Denial of service in Open5GS up to version 2.7.7 is triggerable by a low-privileged remote attacker via the `ogs_pool_id_calloc` function in the SBI nghttp2-server library, causing availability degradation of 5G core network functions. The CVSS temporal modifiers confirm both a public proof-of-concept (E:P) and an official remedy (RL:O). No public exploit identified at time of analysis as confirmed by CISA KEV, but the publicly available PoC on GitHub (issue #4474) materially lowers the exploitation barrier for actors with access to SBI endpoints.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-10116 LOW POC PATCH Monitor

Timer pool exhaustion in Open5GS up to 2.7.7 allows an authenticated remote attacker with low privileges to crash the UE authentication service via rapid HTTP/2 stream resets against the ue-authentications SBI endpoint. The root cause is CWE-404: response timers for outbound SBI transactions are not released when the originating inbound HTTP/2 stream closes prematurely (via RST_STREAM or connection drop), causing the timer pool to exhaust when a peer resets streams rapidly while upstream network functions are slow or unresponsive. No public exploit identified at time of analysis as KEV status, but a publicly available exploit code exists via GitHub issue #4473, and an upstream fix is available in PR #4578.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-10115 LOW POC PATCH Monitor

Denial-of-service via reachable assertion in Open5GS NRF (Network Repository Function) up to version 2.7.7 allows an authenticated low-privilege network peer to crash the NRF process with SIGABRT by submitting a crafted NFProfile registration payload with oversized inner-list arrays in SMF or AMF info sections. The NRF is a critical singleton service registry in 5G Service-Based Architecture - crashing it disrupts NF discovery for the entire 5G core, making the practical operational impact greater than the A:L CVSS impact rating alone suggests. Publicly available exploit code exists (GitHub issue #4469 and CVSS temporal E:P), though no confirmed active exploitation via CISA KEV has been recorded at time of analysis.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-10113 LOW POC PATCH Monitor

Denial of service in Open5GS NRF (Network Repository Function) through version 2.7.7 allows an authenticated network peer to crash the NRF process with SIGABRT by submitting a crafted SMF or AMF NF-profile registration containing oversized inner-loop arrays. The NRF's shared NF-profile parser in lib/sbi/nnrf-handler.c used reachable ogs_assert() calls - rather than graceful bounds checks - to enforce limits on DNN entries per S-NSSAI slice and TAC range entries per TAI range, making them triggerable by peer-supplied payloads. Publicly available exploit code exists (GitHub issue #4467); the CVSSv4 score of 2.1 reflects scoped low-availability impact but understates operational risk given the NRF's central role in 5G core service discovery.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-47391 PyPI CRITICAL PATCH GHSA Act Now

Remote code execution in PraisonAI's first-party A2A server example (pip package <= 4.6.39) allows unauthenticated network attackers to execute arbitrary Python on the server process by sending a JSON-RPC message/send request to /a2a that drives the LLM-backed agent into invoking an eval()-based calculate tool. The chain combines three first-party defaults - no auth_token, 0.0.0.0 bind, and an eval()-backed example tool - and was confirmed end-to-end against a real Gemini model with a canary marker file write. No public exploit identified at time of analysis beyond the proof-of-concept in the advisory itself, and the issue is not in CISA KEV.

Denial Of Service RCE Code Injection Python
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-47213 PyPI MEDIUM GHSA This Month

Timeout enforcement in BoxLite sandbox service fails to kill processes because the implementation sends the catchable SIGALRM signal (signal 14) instead of the uncatchable SIGKILL signal (signal 9) in guest/src/service/exec/timeout.rs. All BoxLite versions up to and including 0.8.2 (pip/boxlite) are affected. A low-privileged attacker who can submit workloads to the BoxLite API can register a SIGALRM handler or set it to SIG_IGN with a single call, surviving past any configured execution timeout and exhausting VM resources to degrade availability for all BoxLite users. Publicly available exploit code exists in GitHub advisory GHSA-xjhv-pp2r-6f82; no patch has been released as of time of analysis.

Denial Of Service Python
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-47184 PyPI MEDIUM PATCH GHSA This Month

Memory exhaustion in python-zeroconf's DNSCache component allows any unauthenticated host on the same Layer-2 segment to OOM-kill or severely degrade processes that consume mDNS/DNS-SD services (CVSS 6.5, AV:A/PR:N). The DNSCache._async_add method imposed no upper bound on cache entries, permitting a local-link attacker to multicast valid mDNS responses with unique names that accumulate across all four internal data structures faster than the 10-second cleanup interval can purge them. A second distinct variant exploits TTL re-advertisement to bloat the internal _expire_heap independently of the cache entry counter, providing a second unbounded growth path that bypasses any entry-count monitoring. No public exploit is identified at time of analysis; a vendor-released patch is available as of zeroconf 0.149.6 or 0.149.7 (minor version discrepancy between sources - see confidence notes).

Canonical Python Denial Of Service
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-47183 PyPI MEDIUM PATCH GHSA This Month

Memory exhaustion in python-zeroconf's exception deduplication logic allows any unauthenticated LAN-adjacent host to permanently pin approximately 9 KB of heap memory per unique malformed mDNS packet, enabling denial of service against zeroconf-dependent applications. The flaw affects all versions of the pip package `zeroconf` prior to 0.149.6; the unbounded `_seen_logs` dict in `QuietLogger` and `DNSIncoming._log_exception_debug` retained full Python traceback objects - and thus raw inbound packet buffers - keyed by attacker-influenced exception strings derived from ephemeral source ports, byte offsets, and pointer links. No public exploit or CISA KEV listing exists at time of analysis, but the attack is mechanistically straightforward and particularly severe on memory-constrained deployments such as Home Assistant on Raspberry Pi-class hardware, where sustained flood traffic can OOM-kill the process and disable HomeKit, Chromecast/Matter, and AirPlay discovery.

Canonical Python Denial Of Service
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-46702 Cargo HIGH PATCH GHSA This Week

Remote denial-of-service in russh, a Rust implementation of the SSH protocol, allows unauthenticated remote attackers to exhaust server memory by sending small compressed SSH packets that inflate to massive sizes post-decompression. Affecting all versions from 0.34.0 through 0.61.0, the flaw stems from missing post-decompression size enforcement in Decompress::decompress(), allowing payloads under the 256 KiB wire cap to expand beyond 128 MiB. No public exploit identified at time of analysis, but the advisory includes a detailed PoC demonstrating pre-authentication exploitation against default server configurations.

Microsoft SSH Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-46599 Go HIGH POC PATCH GHSA This Week

Denial-of-service in the Go golang.org/x/image/tiff package (versions before 0.41.0) allows remote attackers to exhaust memory or CPU by submitting a small, maliciously-crafted TIFF image whose PackBits-compressed stream decodes to disproportionately large output. Any Go service that parses untrusted TIFF input via this library is exposed; no public exploit identified at time of analysis and EPSS exploitation probability is very low (0.02%, 5th percentile).

Denial Of Service Golang Org X Image Tiff
NVD VulDB GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-45151 LOW Monitor

Null pointer dereference in NanoMQ MQTT Broker 0.24.8 and earlier causes a denial-of-service condition via the QUIC transport layer. The function quic_stream_recv fails to return after completing an asynchronous I/O operation with an error when a substream is in reopen state, proceeding to lock c->mtx against a null substream pointer. An unauthenticated remote attacker can crash the broker process, disrupting edge messaging services. No public exploit identified at time of analysis beyond proof-of-concept code reflected in the CVSS 4.0 E:P metric; not listed in CISA KEV.

Null Pointer Dereference Denial Of Service Nanomq
NVD GitHub VulDB
CVSS 4.0
2.9
EPSS
0.0%
CVE-2026-44640 MEDIUM PATCH This Month

Type confusion in NanoMQ MQTT Broker's QUIC dialer close path allows a local attacker with high complexity to cause the broker process to hang or crash. Versions prior to 0.24.14 store a pointer as `nni_quic_conn*` during dialing but later misread that same memory location as `ex_quic_conn*` during dialer close, producing invalid object interpretation across mismatched struct layouts. No public exploit code or active exploitation has been identified at time of analysis; the vendor-released fix is available in version 0.24.14.

Memory Corruption Denial Of Service Nanomq
NVD GitHub VulDB
CVSS 3.1
4.5
EPSS
0.0%
CVE-2026-46527 HIGH PATCH This Week

Denial of service in cpp-httplib (C++ header-only HTTP/HTTPS library) versions prior to 0.44.0 allows remote unauthenticated attackers to crash server processes by sending an HTTP request with a malformed X-Forwarded-For header. The flaw is reachable only when the application has configured a non-empty trusted-proxy list via Server::set_trusted_proxies(). CVSS 4.0 scores this 8.7 (high) due to network reachability and high availability impact; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Null Pointer Dereference Denial Of Service Suse
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-45352 MEDIUM PATCH This Month

Unbounded memory allocation in cpp-httplib prior to 0.43.4 allows remote unauthenticated attackers to crash the hosting process via a crafted HTTP request using chunked Transfer-Encoding with a negative chunk-size value. The root cause is a silent unsigned wrap-around in strtoul() that bypasses the library's incomplete size guard, causing chunk_remaining to be set to a near-maximum 64-bit value and forcing the server's read loop to attempt consuming that many bytes from the network. No active exploitation has been confirmed (no CISA KEV listing); no public exploit identified at time of analysis.

Denial Of Service Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-46344 MEDIUM PATCH This Month

Out-of-bounds read in liboqs prior to 0.16.0 affects the XMSS and XMSS^MT stateful signature verification routines, exploitable by any unauthenticated remote attacker who can supply a crafted public key to a verifying process. The flaw arises when a correctly-sized signature buffer is paired with a public key whose OID bytes reference a different XMSS parameter set, causing the library to derive a larger sig_bytes value and index past the end of the caller-supplied buffer, with the primary observable effect being a process crash. No active exploitation is confirmed (not in CISA KEV) and no independently published exploit has been identified at time of analysis, though a proof-of-concept scenario is embedded in the upstream fix commit's test suite.

Denial Of Service Information Disclosure Oracle Buffer Overflow Red Hat +1
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-44518 MEDIUM PATCH This Month

Out-of-bounds read in liboqs prior to 0.16.0 allows a remote unauthenticated attacker to crash the verifying process by supplying a truncated signature buffer to the XMSS or XMSS^MT stateful signature verification function. The missing caller-supplied length validation causes the implementation to read past the end of the buffer; the overread bytes feed into an internal hash computation only and are not returned to the caller, eliminating any data-leakage oracle. The primary real-world impact is a denial-of-service crash if the overread crosses an unmapped memory page. No public exploit or CISA KEV listing is identified at time of analysis.

Denial Of Service Oracle Buffer Overflow Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-45742 Go HIGH PATCH GHSA This Week

Remote denial of service in Gotenberg v8.10.0 through v8.32.0 allows unauthenticated attackers to crash the process by sending a single multipart request with multiple downloadFrom entries that trigger concurrent writes to unsynchronized Go maps. Because the default deployment enables downloadFrom and disables authentication, any internet-exposed instance can be terminated remotely without credentials, and publicly available exploit code exists in the upstream GitHub Security Advisory GHSA-vp73-vjw8-8f32. No public exploit identified in CISA KEV at time of analysis, but the PoC is fully reproducible and the fix is shipped in v8.33.0.

Race Condition Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-10069 HIGH This Week

Remote denial-of-service in Shibby Tomato 1.28 firmware allows unauthenticated network attackers to exhaust resources via the miniupnpd UPnP daemon at usr/sbin/miniupnpd. The affected project is end-of-life and superseded by FreshTomato, meaning no upstream fix will be issued. No public exploit identified at time of analysis, but the CVSS 4.0 score of 8.7 reflects high availability impact with no authentication or user interaction required.

Denial Of Service
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-44495 npm HIGH PATCH GHSA This Week

Prototype-pollution gadget in Axios (npm) before 1.15.2 and 0.31.1 allows an attacker who has already polluted Object.prototype.transformResponse in the same JavaScript process to hijack response handling, exfiltrate request config (URL, headers, auth credentials), and tamper with returned data. The flaw lives in mergeConfig() and transformData(), which read config via prototype-chain lookups, so any helper library prototype pollution becomes a credential-theft and DoS primitive for every Axios request. No public exploit identified at time of analysis beyond the advisory's PoC, and the issue is not in CISA KEV.

Denial Of Service RCE Code Injection
NVD GitHub
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-44490 npm HIGH PATCH GHSA This Week

Denial-of-service and HTTP header injection in the axios npm package (>=1.0.0,<1.16.0 and <=0.31.1) arise from two read-side prototype-pollution gadgets in lib/utils.js merge() and lib/core/mergeConfig.js, allowing a polluted Object.prototype (typically from an upstream dependency such as lodash CVE-2018-16487) to inject arbitrary outbound headers or crash every axios call with a synchronous TypeError. Publicly available exploit code exists in the GHSA advisory PoC, but EPSS is only 0.04% (13th percentile) and SSVC marks Automatable=no with partial technical impact, so this is a credible secondary-gadget risk rather than a mass-exploitation target.

Denial Of Service Prototype Pollution Red Hat
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-45615 HIGH This Week

Heap out-of-bounds read in mouse07410/asn1c versions 1.4 and earlier allows remote attackers to crash applications or corrupt integer parsing logic by sending a zero-length OER payload for a variable-length non-negative INTEGER type. The generated INTEGER_oer.c skeleton extracts the Most Significant Bit without validating input length, and because asn1c-generated parsers are commonly deployed in V2X, 5G telecom, and X.509 stacks, the impact extends into safety- and identity-critical pipelines. No public exploit identified at time of analysis, but the trivial trigger condition makes weaponization straightforward.

Denial Of Service Asn1C
NVD GitHub
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-49324 MEDIUM This Month

Permanent denial-of-service against the 2025 Indian Motorcycle Scout Bobber + Tech's Wireless Control Module (WCM) allows an adjacent-network attacker with write access to the in-vehicle network to irreversibly immobilize the motorcycle by deliberately tripping an immobilizer lockout counter that persists across power cycles. The WCM's lockout counter accepts increments from any unauthenticated message without session binding, meaning a small number of crafted in-vehicle network frames is sufficient to trigger a permanent lockout condition requiring dealer intervention to resolve. No public exploit code has been identified at time of analysis, and this vulnerability has not been added to the CISA KEV catalog, though the attack technique is straightforward given adjacent network access.

Denial Of Service Scout Bobber Tech
NVD VulDB
CVSS 4.0
4.1
EPSS
0.0%
CVE-2026-9509 HIGH PATCH This Week

Unauthenticated denial of service in Suprema BioStar 2 Server versions 2.9.8, 2.9.10, and 2.9.11 allows remote attackers to halt critical processes by sending HTTP POST requests to the '/api/migration' endpoint, taking access control readers offline until manual service or server restart. No public exploit identified at time of analysis, though SSVC flags the attack as automatable with partial technical impact. Because BioStar 2 governs physical access control, the outage cascades to door readers and downstream third-party integrations, elevating real-world impact beyond a typical web-app DoS.

Denial Of Service Biostar 2 Server
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-10028 MEDIUM PATCH This Month

Denial of service in glib-networking allows a remote unauthenticated attacker to exhaust CPU resources in any application using the library's GnuTLS backend for certificate verification. By presenting a TLS certificate chain containing circular issuer relationships, the attacker triggers an unbounded loop (CWE-835) in the verification logic that never terminates. EPSS data was not provided; no public exploit code and no CISA KEV listing exist at time of analysis, placing this firmly in the 'monitor and patch' tier rather than emergency response.

Denial Of Service Red Hat Suse
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-10016 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.216 allows attackers to run arbitrary code inside the browser's renderer sandbox through a crafted HTML page that triggers a use-after-free condition in the DOM implementation. The flaw, rated High severity by Chromium and carrying a CVSS 8.8 score, requires only that a victim visit a malicious or compromised webpage, making it well-suited for drive-by attacks despite no public exploit identified at time of analysis.

Use After Free RCE Memory Corruption Google Denial Of Service +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-10014 HIGH PATCH This Week

Sandbox escape in Google Chrome on Android prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers a use-after-free in the WebMIDI component. Chromium rates the severity High, and a vendor patch is available; no public exploit is identified at time of analysis and EPSS is very low at 0.03%.

Google Use After Free Denial Of Service Memory Corruption Chrome
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-10013 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free flaw in the WebCodecs component, allowing a remote attacker to run arbitrary code within the renderer sandbox by luring a victim to a malicious HTML page. The issue is rated High severity by Chromium with a CVSS 3.1 score of 8.8, and a vendor patch is available, though no public exploit has been identified at time of analysis and the CVE is not currently listed in CISA KEV. Successful exploitation requires user interaction (visiting a crafted page), and code execution is constrained to the Chrome sandbox unless chained with a sandbox-escape bug.

Use After Free RCE Memory Corruption Google Denial Of Service +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-10012 HIGH PATCH This Week

Sandbox escape in Google Chrome's Skia graphics library prior to version 148.0.7778.216 allows remote attackers who have already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw is a use-after-free memory corruption issue rated High by Chromium, with a patch shipped through the Stable channel and no public exploit identified at time of analysis. EPSS probability is very low (0.03%) and the CVE is not on the CISA KEV list, indicating no observed in-the-wild exploitation despite the serious technical impact.

Google Use After Free Denial Of Service Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-10007 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free flaw in the SVG rendering component, allowing remote attackers to execute arbitrary code within the renderer sandbox by luring a user to a crafted HTML page. Rated High severity by the Chromium project with a CVSS score of 8.8, the issue requires user interaction (visiting a malicious page) but no authentication. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Use After Free RCE Memory Corruption Google Denial Of Service +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-10005 HIGH PATCH This Week

Remote code execution in Google Chrome on macOS prior to 148.0.7778.216 stems from a use-after-free condition in the WebAppInstalls component, enabling a remote attacker to execute arbitrary code in the renderer context when a victim is lured to a malicious page and performs specific UI gestures. Chromium rates the severity as High, and while no public exploit identified at time of analysis, the bug class (UAF) is historically a favored target for Chrome exploit chains. The high attack complexity and required user interaction lower the practical exploitability compared to one-click bugs.

Use After Free RCE Memory Corruption Google Denial Of Service +1
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-10003 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free condition in the Views UI component, allowing a remote attacker to execute arbitrary code if they can convince a user to perform specific UI gestures on a crafted HTML page. Chromium rates this as High severity and a vendor patch is available, but no public exploit has been identified at time of analysis.

Use After Free RCE Memory Corruption Google Denial Of Service +1
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-10002 HIGH PATCH This Week

Heap corruption in Google Chrome's PDFium component (versions prior to 148.0.7778.216) allows a remote attacker to potentially achieve code execution by tricking a user into opening a crafted PDF file. The flaw is a use-after-free condition rated High severity by Chromium, with no public exploit identified at time of analysis and a low EPSS score (0.03%) suggesting limited near-term mass exploitation despite a CVSS of 8.8. A vendor patch has been released via the Chrome Stable channel update.

Google Use After Free Denial Of Service Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-10001 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free in the PerformanceManager component triggered by a crafted HTML page. Exploitation requires user interaction (visiting a malicious page) and a pre-existing renderer compromise, and while no public exploit has been identified at time of analysis, EPSS rates exploitation probability as low (0.03%, 11th percentile). The flaw is rated High severity by Chromium and carries a CVSS 3.1 score of 8.3 due to the scope-changing nature of a sandbox escape.

Google Use After Free Denial Of Service Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-10000 HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out via a use-after-free in the Passwords component, delivered through a crafted HTML page. Exploitation requires user interaction and high attack complexity, and no public exploit identified at time of analysis, though Google rates the underlying Chromium severity as High and a vendor patch is available.

Use After Free Memory Corruption Google Microsoft Denial Of Service +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-9997 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers a use-after-free in the Input component. Chromium rates the severity as High and CVSS scores it 8.3, but EPSS estimates exploitation probability at only 0.03% (11th percentile) and no public exploit identified at time of analysis. The flaw is a chained-exploitation primitive rather than a standalone RCE, requiring an attacker to first achieve renderer code execution before leveraging this bug.

Google Use After Free Denial Of Service Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-9995 HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free flaw in the WebXR component, allowing a remote attacker to run arbitrary code within the browser's renderer sandbox by enticing a victim to visit a crafted HTML page. Google rates the underlying Chromium severity as High, and a vendor patch has been released; no public exploit identified at time of analysis.

Use After Free RCE Memory Corruption Google Denial Of Service +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-9994 HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers a use-after-free in the Core component. Google rates this Chromium severity as High, and a vendor patch is available; no public exploit identified at time of analysis, and EPSS is very low (0.03%, 11th percentile). Exploitation requires a chained renderer compromise plus user interaction, so it is a meaningful second-stage primitive rather than a one-shot drive-by RCE.

Use After Free Memory Corruption Google Microsoft Denial Of Service +3
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-9993 HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox by serving a crafted PDF file that triggers a use-after-free in the Views component. Chromium rates the severity as High and Google has shipped a fixed Stable channel build, but no public exploit is identified at time of analysis and EPSS exploitation probability is very low (0.03%, 11th percentile). The bug is a second-stage primitive - it requires an existing renderer compromise plus user interaction with a malicious PDF, which is the typical shape of a Chrome exploit chain.

Google Use After Free Denial Of Service Memory Corruption Red Hat +2
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-9992 HIGH PATCH This Week

Remote code execution in Google Chrome's Network component prior to version 148.0.7778.216 allows a remote attacker to execute arbitrary code within the renderer sandbox by enticing a user to visit a crafted HTML page. The flaw is a use-after-free memory corruption issue rated High severity by the Chromium team, and while no public exploit is identified at time of analysis, browser memory-corruption bugs of this class are historically attractive targets when chained with a sandbox escape.

Use After Free RCE Memory Corruption Google Denial Of Service +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
EPSS 0% CVSS 5.5
MEDIUM This Month

Persistent denial of service and local privilege escalation in Google Android's UBSan runtime component affect Android 14, 15, 16-qpr2, and 16, stemming from an integer overflow in multiple functions of ubsan_throwing_runtime.cpp. An authenticated local attacker with low-level privileges and no required user interaction can exploit this overflow to trigger persistent availability loss and, per the description, possible privilege escalation. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.

Privilege Escalation Denial Of Service Integer Overflow
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Persistent local denial of service in Google Android affects multiple functions within ubsan_throwing_runtime.cpp, where uncontrolled resource exhaustion can render a device or process permanently unavailable without requiring elevated privileges. Confirmed affected versions span Android 14, 15, 16-qpr2, and 16 per the June 2026 Android Security Bulletin. No public exploit code has been identified at time of analysis, and this is not listed in CISA KEV; however, the 'persistent' nature of the denial of service - implying state survives process restart or requires manual intervention - elevates practical impact beyond a typical availability disruption.

Denial Of Service
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Remote denial of service in Google Android 14, 15, 16, and 16-qpr2 stems from an integer overflow in multiple functions of ubsan_throwing_runtime.cpp, the runtime component of Android's Undefined Behavior Sanitizer (UBSan). An authenticated low-privileged attacker over the network can trigger the overflow to crash the affected component, resulting in high availability impact with no user interaction required. No public exploit has been identified at time of analysis, and this vulnerability is not listed in CISA KEV.

Denial Of Service Integer Overflow
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Remote denial of service in Google Android 14, 15, 16, and 16-qpr2 is possible via an integer overflow in multiple functions of ubsan_throwing_runtime.cpp, a component of Android's UndefinedBehaviorSanitizer runtime. Network-accessible, low-privileged attackers (CVSS PR:L, AV:N, AC:L) can crash affected devices without requiring user interaction, resulting in availability loss with no confidentiality or integrity impact. No public exploit code and no CISA KEV listing have been identified at time of analysis.

Denial Of Service Integer Overflow
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Persistent denial of service in Google Android's UBSAN throwing runtime allows a remote low-privileged attacker to crash affected devices via an integer overflow in multiple functions of ubsan_throwing_runtime.cpp. Affected versions span Android 14, 15, 16-qpr2, and 16, indicating broad exposure across the current supported Android ecosystem. No public exploit code or active exploitation has been identified at time of analysis; patches are available via the June 2026 Android Security Bulletin.

Denial Of Service Integer Overflow
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Persistent denial of service in Google Android's AccessibilityManagerService affects Android 15, Android 16, and Android 16-qpr2, allowing a local low-privileged attacker to permanently disrupt the accessibility subsystem without user interaction. The CVSS vector (AV:L/AC:L/PR:L/UI:N/A:H) confirms low-complexity local exploitation requiring only a standard app execution context. No public exploit has been identified and the vulnerability is not listed in CISA KEV at time of analysis.

Denial Of Service
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Persistent denial of service in Google Android's NotificationManagerService allows a local unprivileged application to exhaust system resources via the isSameApp method, rendering the device's notification subsystem - and potentially broader system stability - unavailable. Affected versions include Android 14, 15, and 16 as disclosed in the June 2026 Android Security Bulletin. No public exploit code has been identified at time of analysis, and the vulnerability has not been added to the CISA KEV catalog.

Denial Of Service
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Regular expression denial of service in Enderfga claw-orchestrator 3.7.0 and earlier allows authenticated remote attackers to degrade service availability by submitting crafted patterns to the Session Grep Endpoint. The validateRegex function in claw-orchestrator/src/embedded-server.ts passes user-supplied body.pattern directly to the V8 JavaScript regex engine, which uses backtracking and can be forced into exponential-time evaluation via patterns like (a+)+$. No public exploit is identified at time of analysis, and the CVSS score of 4.3 (A:L) reflects limited - but real - availability impact via Node.js event loop exhaustion.

Denial Of Service Claw Orchestrator
NVD VulDB GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Nanobot's Matrix channel media download handler exhausts process memory and bandwidth when authenticated room members submit media events carrying missing or invalid declared size metadata. All versions of Nanobot prior to 0.2.1 are affected (CPE: cpe:2.3:a:hkuds:nanobot:*:*:*:*:*:*:*:*). An authenticated Matrix room member can send multiple concurrent malformed media events, causing the handler to fully materialize response bodies before performing post-download size validation, consuming process resources until service availability degrades. No public exploit code or CISA KEV listing exists at time of analysis; a vendor-released patch is available in v0.2.1.

Denial Of Service Nanobot
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

Denial-of-service in Spring Cloud Function allows a low-privileged actor with physical access and required user interaction to exhaust JVM heap memory by registering an unbounded number of functions into the Function Registry, triggering an Out-of-Memory (OOM) crash. Five actively maintained release lines (3.2.x through 5.0.x) plus all unsupported versions are affected. No public exploit code exists and the vulnerability is not listed in CISA KEV at time of analysis; the CVSS score of 5.7 reflects the physical access vector and user interaction dependency that substantially constrain real-world exploitability compared to the High availability impact alone.

Java Denial Of Service
NVD HeroDevs VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Stack-based buffer overflow in rrdcached (the caching daemon for rrdtool) allows a local attacker with socket access to crash the daemon or potentially execute arbitrary code by sending an oversized CREATE request. The flaw is tracked under CWE-121 with a CVSS 3.1 base score of 7.8 (AV:L/AC:L/PR:L), reported by Red Hat against RHEL 6 through 10, and there is no public exploit identified at time of analysis.

Buffer Overflow RCE Denial Of Service +6
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Null pointer dereference in ThorVG's SVG loader crashes any process that passes untrusted SVG content through Picture::load(), enabling remote denial-of-service with a trivial 6-byte payload. All ThorVG releases prior to 1.0.5 are affected (CPE: cpe:2.3:a:thorvg:thorvg:*:*:*:*:*:*:*:*). No public exploit identified at time of analysis and no CISA KEV listing, but the fix-confirming PR diff (PR #4387) exposes the exact null-check omissions, substantially lowering the bar for independent exploit development.

Null Pointer Dereference Denial Of Service Thorvg
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local code execution in Poppler's Splash rendering backend allows attackers to compromise applications that open attacker-supplied PDFs by triggering an integer overflow in tilingPatternFill that produces an undersized heap allocation and a subsequent out-of-bounds write. The flaw affects Poppler as shipped across Red Hat Enterprise Linux 6 through 10 and Red Hat Hardened Images, with impact including arbitrary code execution, information disclosure, or denial of service in the rendering process. No public exploit identified at time of analysis, and the CVSS 7.8 vector requires user interaction to open a malicious PDF.

Information Disclosure RCE Buffer Overflow +8
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Remote denial of service in FlexRIC v2.0.0 allows unauthenticated attackers to crash the near-RT RIC by sending a forged RIC_SUBSCRIPTION_RESPONSE message to TCP port 36421 with an unknown ric_id that has no corresponding pending event. The vulnerability stems from an assert() check in the response handler that causes SIGABRT in Debug builds or a NULL pointer dereference (SIGSEGV) in Release builds. No public exploit identified at time of analysis, though the trivially low complexity and unauthenticated network reach make weaponization straightforward.

Denial Of Service
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Remote denial-of-service in FlexRIC v2.0.0 near-RT RIC allows unauthenticated attackers to crash the controller (port 36421) by completing an SCTP handshake and immediately disconnecting without sending any E2AP message. The cleanup path triggers a reachable assert() because the code assumes an SCTP-association-to-E2-node mapping always exists. No public exploit identified at time of analysis, but the trigger is trivial and the CVSS vector (AV:N/AC:L/PR:N/UI:N, A:H) reflects a low-effort network attack with high availability impact.

Denial Of Service
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM This Month

OpenShift Container Platform exposes a resource exhaustion path where low-privileged authenticated users with pod creation rights can trigger cluster-wide API server degradation by exploiting two quota enforcement gaps: completed pods with restartPolicy:Never are excluded from ResourceQuota pod limits, and Kubernetes events are not quota-scoped. By repeatedly creating such short-lived pods, an attacker causes Kubernetes events to accumulate unboundedly in etcd, degrading API server performance across the entire cluster - a scope change (CVSS S:C) that extends impact well beyond the attacker's own namespace. No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Denial Of Service Kubernetes
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Null pointer dereference in GPAC MP4Box before version 26.02.0 crashes the process when parsing crafted MP4 files, resulting in a Denial of Service. The vulnerable function gf_media_get_color_info in src/media_tools/isom_tools.c fails to validate pointers to AVC (avcc) and HEVC (hvcc) configuration boxes before dereferencing them, causing a segmentation fault when a malformed file omits these structures. No public exploit is confirmed as actively exploited (not in CISA KEV), but publicly available exploit code exists and the attack requires only that a user open a crafted file.

Null Pointer Dereference Denial Of Service
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Heap use-after-free in GPAC MP4Box's dasher filter allows local attackers to crash the application by supplying a crafted MPEG-2 file. The flaw exists in dasher_configure_pid within src/filters/dasher.c, where a freed GF_DashStream object can still be referenced via muxed_base pointers held by other stream structures, resulting in a dangling pointer dereference. Impact is limited to Denial of Service (A:H, C:N, I:N); a publicly available proof-of-concept confirms reproducibility, though no confirmed active exploitation (CISA KEV) has been identified at time of analysis.

Use After Free Denial Of Service Memory Corruption
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Segmentation violation in GPAC MP4Box before version 26.02.0 crashes the application when processing crafted MP4 files, enabling denial of service against any user or pipeline invoking the tool on attacker-supplied input. The root cause is a null pointer dereference (CWE-476) in gf_isom_apple_set_tag_ex within isom_write.c, where custom iTunes-style tag pointers are dereferenced without prior null validation. A publicly available proof-of-concept exploit exists, though no public exploit identified at time of analysis correlates to confirmed active exploitation - the local attack vector (AV:L/UI:R) limits exposure primarily to media processing workflows that ingest untrusted MP4 files.

Null Pointer Dereference Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

NULL pointer dereference in MP4Box's AC4 audio parser crashes the process when parsing a maliciously crafted AC4 file, enabling a local Denial of Service. Affected versions are all GPAC/MP4Box releases prior to 26.02.0, with the root cause in gf_ac4_pres_b_4_back_channels_present() and related AC4 presentation parsing routines in av_parsers.c. A publicly available proof-of-concept exists, though no public exploit confirmed active exploitation is in CISA KEV at time of analysis.

Null Pointer Dereference Denial Of Service
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

NULL pointer dereference in GPAC MP4Box's AC4 audio DSI parser crashes the application when processing a crafted AC4 file, resulting in denial of service. All GPAC MP4Box versions before 26.02.0 are affected; the CVSS vector (AV:L/UI:R) confirms exploitation requires a victim to locally open a malicious file. A publicly available proof-of-concept exploit exists at a referenced GitHub repository, though no public exploit identified at time of analysis has been confirmed as actively exploited in the wild (not listed in CISA KEV).

Null Pointer Dereference Denial Of Service
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

Heap buffer overflow in GPAC MP4Box v2.4's MPEG-2 TS demuxer crashes the application when processing a specially crafted MP4 file, resulting in a Denial of Service. The vulnerable function `m2tsdmx_send_packet` in `filters/dmx_m2ts.c` lacked a minimum packet-length guard before performing heap operations on M2TS packet data. No active exploitation has been identified (not in CISA KEV), and impact is limited to availability - no code execution or data exposure is achievable via this path.

Heap Overflow Denial Of Service Buffer Overflow
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in Apache Fluss (incubating) versions 0.8.0 and 0.9.0 allows unauthenticated remote attackers to exhaust JVM heap memory on TabletServer and CoordinatorServer components by sending specially crafted Netty frame headers. The flaw stems from a misconfigured LengthFieldBasedFrameDecoder accepting Integer.MAX_VALUE (~2GB) as the maximum frame length, enabling memory exhaustion with minimal attacker effort. No public exploit identified at time of analysis, and EPSS scores exploitation probability at only 0.05% (17th percentile), suggesting limited current attacker interest despite the network-reachable attack surface.

Apache Denial Of Service
NVD
EPSS 0% CVSS 1.9
LOW POC Monitor

Use-after-free in Assimp's ASE File Parser - specifically the `aiNode::~aiNode` destructor in `scene.cpp` - allows a local, low-privileged attacker to corrupt heap memory, potentially causing denial of service or achieving arbitrary code execution in applications that load 3D model files. All Assimp versions through 6.0.4 are affected. A public proof-of-concept exploit (poc.zip) has been disclosed via GitHub, reducing the skill barrier for exploitation in environments where untrusted ASE-format files can be submitted for processing. No public exploit identified as confirmed actively exploited (CISA KEV) at time of analysis.

Use After Free Denial Of Service Memory Corruption +1
NVD VulDB GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Uncontrolled resource consumption in NousResearch hermes-agent (all versions through 2026.4.30) allows remote unauthenticated attackers to degrade service availability by sending crafted requests to the Feishu webhook endpoint. The vulnerable function `_handle_webhook_request` in `gateway/platforms/feishu.py` fails to bound resource usage during webhook processing, enabling denial-of-service conditions. A publicly available proof-of-concept exploit exists (hosted on GitHub), the vendor did not respond to responsible disclosure, and no patch has been released - leaving all deployments with active Feishu integration exposed with no official remediation path.

Denial Of Service Hermes Agent
NVD VulDB GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Uncontrolled resource allocation in OTRS's e-mail handling subsystem allows a low-privileged authenticated user to trigger unbounded memory or resource consumption, ultimately aborting the webserver and causing a denial of service against the entire OTRS interface. Affected versions span OTRS 8.0.X through 2026.X prior to 2026.4.X, and the ((OTRS)) Community Edition 6.x and OTRS 7.x branches are noted by the vendor as very likely affected as well. No public exploit has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.

Denial Of Service Otrs Otrs Community Edition
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

SVG content injection in OTRS ticket article rendering enables unauthenticated remote attackers to deliver browser-side denial of service against agents and customers who open affected tickets. Specially crafted SVG payloads submitted via inbound email trigger uncontrolled resource exhaustion during rendering, without requiring JavaScript execution, and the attack vector is not blocked by the application's configured Content Security Policy - making CSP-based mitigations ineffective. No public exploit code or active exploitation has been identified at time of analysis, but the low-complexity, no-authentication-required delivery mechanism (via email) lowers the barrier to abuse significantly.

Denial Of Service Otrs Otrs Community Edition
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Out-of-bounds write in the MediaTek WLAN STA (Station mode) driver enables local denial of service across six MediaTek Wi-Fi chipset families, confirmed by MediaTek in their June 2026 Product Security Bulletin. A low-privileged local user can crash the system without any user interaction by triggering the missing bounds check in the driver, exploiting CWE-787 memory corruption. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog at time of analysis.

Memory Corruption Denial Of Service Buffer Overflow +1
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

Denial of service in lwext4 1.0.0 allows remote attackers to crash applications by supplying a malformed EXT4 filesystem image that triggers a NULL pointer dereference in ext4_dir_en_get_name_len during directory iteration. The flaw affects the 2016-era lwext4 codebase commonly embedded in IoT, bootloaders, and forensic tools that mount untrusted EXT4 images. Publicly available exploit code exists, though EPSS rates real-world exploitation probability as very low (0.02%, 4th percentile).

Null Pointer Dereference Denial Of Service N A
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Remote denial-of-service in FlexRIC v2.0.0 allows unauthenticated network attackers to crash the iApp process listening on TCP port 36422 by sending a malformed E42_RIC_SUBSCRIPTION_REQUEST containing an empty ricEventTriggerDefinition field. The bug stems from inconsistent validation between the E42 decoder and the downstream E2AP encoder, which aborts via SIGABRT on the missing constraint. No public exploit identified at time of analysis, but the trivial trigger condition (single crafted message, no authentication) makes opportunistic disruption of O-RAN near-RT RIC deployments realistic.

Denial Of Service N A
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Remote denial-of-service in FlexRIC v2.0.0 near-RT RIC allows unauthenticated attackers to crash the controller process by sending a RIC_INDICATION message containing an unregistered ran_func_id, which causes the registry lookup to return NULL and trigger either an assertion failure (SIGABRT in Debug builds) or a NULL pointer dereference (SIGSEGV in Release builds). The flaw is reachable over the network on port 36421 with no authentication or user interaction, though EPSS remains low at 0.04% and there is no public exploit identified at time of analysis. KEV does not list this issue.

Null Pointer Dereference Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Remote denial-of-service in FlexRIC v2.0.0 allows unauthenticated attackers to crash the iApp component (TCP/36422) by exhausting a 16-bit xapp_id counter through repeated E42_SETUP_REQUEST messages. The integer wraparound produces duplicate xApp identifiers that violate internal data-structure invariants, terminating the RIC service. No public exploit identified at time of analysis, and EPSS estimates exploitation probability at just 0.05%, though the attack is conceptually trivial to script.

Denial Of Service Integer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 8.6
HIGH This Week

Denial of service in OpenAirInterface5G 2.4.0 (nr-softmodem) allows unauthenticated remote attackers to crash an entire 5G base station by triggering a divide-by-zero in the E2SM-KPM RAN Function's PRB utilization calculation. By flooding E42 subscription requests through the FlexRIC iApp on port 36422/SCTP, an attacker forces consecutive identical PRB aggregate samples that produce a zero divisor, raising SIGFPE and interrupting service for all connected UEs. No public exploit identified at time of analysis, and EPSS probability is very low at 0.03%, but the unauthenticated network vector and total cell outage make this a high-impact availability flaw.

Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 8.2
HIGH This Week

Resource exhaustion and stale-state accumulation in FlexRIC v2.0.0 allows unauthenticated remote attackers to bind multiple xApp identifiers to a single SCTP connection via repeated E42_SETUP_REQUEST messages, where only the first xapp_id is cleaned up on disconnect. The remaining orphaned registrations and their subscriptions persist in the iApp, enabling progressive memory/state corruption that maps to the CVSS 8.2 (AV:N/AC:L/PR:N/UI:N) high-availability impact. No public exploit identified at time of analysis and EPSS is very low (0.05%, 17th percentile), but the unauthenticated network reachability of the E2 termination makes this a meaningful availability risk for O-RAN testbeds running this build.

Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Remote denial of service in FlexRIC v2.0.0 allows unauthenticated network attackers to crash the iApp process by sending an E42_RIC_SUBSCRIPTION_REQUEST referencing a non-existent E2 Node, triggering either a SIGABRT (Debug builds via assert) or SIGSEGV (Release builds via NULL pointer dereference) on TCP port 36422. No public exploit identified at time of analysis, and EPSS is very low (0.04%, 12th percentile), but the CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) and trivial trigger conditions make this a meaningful availability risk for any exposed FlexRIC RAN Intelligent Controller deployment.

Null Pointer Dereference Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Remote denial of service in FlexRIC v2.0.0 allows unauthenticated attackers to crash the near-RT RIC process by sending a decodable E2AP PDU (such as E2nodeConfigurationUpdate) to port 36421, triggering an unconditional assert(0) in stub handlers for whitelisted-but-unimplemented message types. CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) with SSVC indicating automatable exploitation and partial technical impact; no public exploit identified at time of analysis and the vulnerability is not in CISA KEV.

Denial Of Service N A
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Remote denial of service in FlexRIC v2.0.0 allows unauthenticated attackers to crash the near-RT RIC or iApp process by sending a single malformed byte over SCTP to ports 36421 or 36422. The flaw is a reachable assertion in e2ap_create_pdu() that fires before any protocol validation, affecting all three E2AP protocol versions (v1.01, v2.03, v3.01). No public exploit identified at time of analysis and EPSS is low (0.03%), but the trigger is trivial enough that public PoC could appear quickly.

Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Remote denial of service in FlexRIC v2.0.0 allows unauthenticated attackers to crash the iApp process on TCP/36421 by sending two E2_SETUP_REQUEST messages reusing the same E2 node configuration, abusing an assert()-based uniqueness check that triggers SIGABRT. The flaw affects FlexRIC, the open-source Near-RT RIC implementation from Eurecom's Mosaic5G project, with CVSS 7.5 reflecting high availability impact and no public exploit identified at time of analysis.

Denial Of Service N A
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Remote denial of service in FlexRIC v2.0.0 allows unauthenticated attackers to crash the near-RT RIC (port 36421) or iApp (port 36422) by sending a valid E2AP PDU containing an unexpected number of Information Elements, triggering a SIGABRT via overly strict hardcoded assertions. The flaw affects open-source O-RAN near-real-time RAN Intelligent Controller deployments used in 5G research and testbeds, and no public exploit has been identified at time of analysis. The CVSS 7.5 reflects high availability impact with no confidentiality or integrity loss.

Denial Of Service N A
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Remote unauthenticated denial of service in FlexRIC v2.0.0 allows attackers to crash the entire near-RT RIC service by sending any decodable E2AP PDU with a message type outside the 9-entry whitelist to TCP port 36422. The iApp dispatcher uses assert() for validation, so an unexpected message type triggers SIGABRT in the shared iApp/RIC process, disconnecting all E2 Nodes and xApps. No public exploit identified at time of analysis, but the trivial attack complexity (AV:N/AC:L/PR:N/UI:N) and high availability impact make this a credible operational risk for O-RAN testbeds and lab deployments.

Denial Of Service N A
NVD GitHub
EPSS 0% CVSS 1.9
LOW POC PATCH Monitor

Null pointer dereference in Assimp's glTF2 importer (versions up to 6.0.4) allows a local low-privileged attacker to crash any application that processes attacker-supplied 3D model files via the library. The flaw resides in the `ImportAnimations()` function, where `glTF2::LazyDict::operator[]` is invoked with animation channel node indices that are never validated for validity before dereferencing, producing a CWE-476 null pointer dereference and denial-of-service. A public proof-of-concept exploit (poc.zip) has been disclosed and an upstream patch commit is available, though no active exploitation is confirmed by CISA KEV.

Null Pointer Dereference Denial Of Service Assimp
NVD VulDB GitHub
EPSS 0% CVSS 1.9
LOW POC Monitor

Null pointer dereference in Assimp's glTF2 importer (versions up to 6.0.4) allows a local attacker to crash any application embedding the library by supplying a malformed glTF2 asset. The vulnerable function `ImportEmbeddedTextures` performs pointer arithmetic on the return value of `strchr()` before checking for null, meaning a glTF2 embedded texture with a MIME type lacking a '/' character triggers undefined behavior and a process crash. A public POC is available; no active exploitation has been confirmed by CISA KEV. CVSS 4.0 scores this at 1.9, reflecting the local-only, availability-only impact.

Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW POC Monitor

Null pointer dereference in Assimp's glTF mesh importer (versions up to and including 6.0.4) allows a locally authenticated attacker with low privileges to crash any application that uses the library to process a crafted 3D model file. The flaw resides specifically in the Assimp::glTFImporter::ImportMeshes function within glTFImporter.cpp, meaning only applications that invoke the glTF import pipeline are exposed. A publicly available proof-of-concept exploit (poc.zip) has been released, though no active exploitation has been confirmed and the CVSS score of 3.3 (Low) reflects the constrained local-only, availability-only impact.

Null Pointer Dereference Denial Of Service Assimp
NVD VulDB GitHub
EPSS 0% CVSS 5.7
MEDIUM POC This Month

Denial of service in Tenda W12 firmware 3.0.0.7(4763) allows a low-privileged remote attacker to crash the web management daemon by sending a crafted value for the 'web_over_time' argument to the cgiSysWebTimeoutSet handler in /bin/httpd. The availability impact is rated High (A:H), meaning successful exploitation renders the router's management interface - and potentially the device itself - unresponsive. A proof-of-concept exploit archive has been publicly released, lowering the barrier to exploitation, though this vulnerability is not currently listed in the CISA Known Exploited Vulnerabilities catalog.

Denial Of Service Tenda
NVD VulDB
EPSS 0% CVSS 2.1
LOW Monitor

Uncontrolled resource consumption in Open5GS up to version 2.7.7 allows remote low-privileged attackers to degrade availability of the NRF (Network Repository Function) component by sending crafted requests to the nf-instances SBI endpoint. The vulnerability triggers runaway resource allocation through the nf_info_pool argument in the handle_amf_info function, resulting in a denial-of-service condition against the NRF's NF instance registration and discovery services. A publicly available proof-of-concept exploit exists (E:P in CVSS 4.0 vector), though no public exploit identified at time of analysis has been confirmed by CISA KEV; the upstream issue is flagged as already-fixed.

Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Resource amplification in Text::LineFold (Unicode-LineBreak Perl distribution, versions through 2019.001) causes output to be duplicated proportionally to the number of Unicode special line break characters present in the input string. The fold() method incorrectly passes the entire input string to the break() function on each segment iteration, rather than passing only the current segment, producing amplified output that grows with each VT, FF, or similar line break character encountered. No public exploit has been identified at time of analysis and EPSS sits at the 0th percentile, but any application accepting untrusted input and passing it through fold() is exposed to potential denial of service.

Denial Of Service Text
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH POC This Week

WinMTR 0.91 contains a denial of service vulnerability that allows attackers to crash the application by sending a malformed payload file containing a large buffer of repeated characters. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Winmtr
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized input string. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Arm Whois
NVD Exploit-DB VulDB
EPSS 0%
Awaiting Data

Pre-NVD disclosure via oss-security: oss-security mailing list - 2026/05/30. ist] oss-security mailing list - 2026/05/30 CVE-2026-48827: Apache MINA SSHD: Path traversal in org.apache.sshd:sshd-git (Thomas Wolf <twolf@...che.org>) CVE-2025-70116: NULL Pointer Dereference in GPAC/MP4Box via gf_media_map_esd on truncated MP4 input (Alexander <shvedov@....com>) CVE-2026-47187, CVE-2026-48711: sshfs <= 3.7.5 symlink escape (local file read/write) and ssh argument injection (local… (Abhinav Agarwal <abhinavagarwal1996@gma…) 3 messages Powered by blists - more mailing lists Please check out the Open Source Software Security Wiki , which is counterpart to this mailing list . Confused about

Apache Denial Of Service Path Traversal
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Path traversal in the org.apache.sshd:sshd-git component of Apache MINA SSHD allows authenticated remote attackers to read files outside the intended Git repository directory by supplying crafted path references over SSH. The flaw was disclosed pre-NVD on the oss-security mailing list on 2026-05-30 by Apache maintainer Thomas Wolf, with no public exploit identified at time of analysis and no CISA KEV listing.

Apache Path Traversal Denial Of Service +2
NVD VulDB
EPSS 0%
Awaiting Data

Pre-NVD disclosure via oss-security: oss-security mailing list - 2026/05/30. month] [year] [list] oss-security mailing list - 2026/05/30 CVE-2026-48827: Apache MINA SSHD: Path traversal in org.apache.sshd:sshd-git (Thomas Wolf <twolf@...che.org>) CVE-2025-70116: NULL Pointer Dereference in GPAC/MP4Box via gf_media_map_esd on truncated MP4 input (Alexander <shvedov@....com>) CVE-2026-47187, CVE-2026-48711: sshfs <= 3.7.5 symlink escape (local file read/write) and ssh argument injection (local… (Abhinav Agarwal <abhinavagarwal1996@gma…) 3 messages Powered by blists - more mailing lists Please check out the Open Source Software Security Wiki , which is counterpart to this mailing list

Apache Denial Of Service Path Traversal
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

Denial of service in Open5GS up to version 2.7.7 is triggerable by a low-privileged remote attacker via the `ogs_pool_id_calloc` function in the SBI nghttp2-server library, causing availability degradation of 5G core network functions. The CVSS temporal modifiers confirm both a public proof-of-concept (E:P) and an official remedy (RL:O). No public exploit identified at time of analysis as confirmed by CISA KEV, but the publicly available PoC on GitHub (issue #4474) materially lowers the exploitation barrier for actors with access to SBI endpoints.

Denial Of Service Open5gs
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW POC PATCH Monitor

Timer pool exhaustion in Open5GS up to 2.7.7 allows an authenticated remote attacker with low privileges to crash the UE authentication service via rapid HTTP/2 stream resets against the ue-authentications SBI endpoint. The root cause is CWE-404: response timers for outbound SBI transactions are not released when the originating inbound HTTP/2 stream closes prematurely (via RST_STREAM or connection drop), causing the timer pool to exhaust when a peer resets streams rapidly while upstream network functions are slow or unresponsive. No public exploit identified at time of analysis as KEV status, but a publicly available exploit code exists via GitHub issue #4473, and an upstream fix is available in PR #4578.

Denial Of Service Open5gs
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW POC PATCH Monitor

Denial-of-service via reachable assertion in Open5GS NRF (Network Repository Function) up to version 2.7.7 allows an authenticated low-privilege network peer to crash the NRF process with SIGABRT by submitting a crafted NFProfile registration payload with oversized inner-list arrays in SMF or AMF info sections. The NRF is a critical singleton service registry in 5G Service-Based Architecture - crashing it disrupts NF discovery for the entire 5G core, making the practical operational impact greater than the A:L CVSS impact rating alone suggests. Publicly available exploit code exists (GitHub issue #4469 and CVSS temporal E:P), though no confirmed active exploitation via CISA KEV has been recorded at time of analysis.

Denial Of Service Open5gs
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW POC PATCH Monitor

Denial of service in Open5GS NRF (Network Repository Function) through version 2.7.7 allows an authenticated network peer to crash the NRF process with SIGABRT by submitting a crafted SMF or AMF NF-profile registration containing oversized inner-loop arrays. The NRF's shared NF-profile parser in lib/sbi/nnrf-handler.c used reachable ogs_assert() calls - rather than graceful bounds checks - to enforce limits on DNN entries per S-NSSAI slice and TAC range entries per TAI range, making them triggerable by peer-supplied payloads. Publicly available exploit code exists (GitHub issue #4467); the CVSSv4 score of 2.1 reflects scoped low-availability impact but understates operational risk given the NRF's central role in 5G core service discovery.

Denial Of Service Open5gs
NVD VulDB GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Remote code execution in PraisonAI's first-party A2A server example (pip package <= 4.6.39) allows unauthenticated network attackers to execute arbitrary Python on the server process by sending a JSON-RPC message/send request to /a2a that drives the LLM-backed agent into invoking an eval()-based calculate tool. The chain combines three first-party defaults - no auth_token, 0.0.0.0 bind, and an eval()-backed example tool - and was confirmed end-to-end against a real Gemini model with a canary marker file write. No public exploit identified at time of analysis beyond the proof-of-concept in the advisory itself, and the issue is not in CISA KEV.

Denial Of Service RCE Code Injection +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Timeout enforcement in BoxLite sandbox service fails to kill processes because the implementation sends the catchable SIGALRM signal (signal 14) instead of the uncatchable SIGKILL signal (signal 9) in guest/src/service/exec/timeout.rs. All BoxLite versions up to and including 0.8.2 (pip/boxlite) are affected. A low-privileged attacker who can submit workloads to the BoxLite API can register a SIGALRM handler or set it to SIG_IGN with a single call, surviving past any configured execution timeout and exhausting VM resources to degrade availability for all BoxLite users. Publicly available exploit code exists in GitHub advisory GHSA-xjhv-pp2r-6f82; no patch has been released as of time of analysis.

Denial Of Service Python
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Memory exhaustion in python-zeroconf's DNSCache component allows any unauthenticated host on the same Layer-2 segment to OOM-kill or severely degrade processes that consume mDNS/DNS-SD services (CVSS 6.5, AV:A/PR:N). The DNSCache._async_add method imposed no upper bound on cache entries, permitting a local-link attacker to multicast valid mDNS responses with unique names that accumulate across all four internal data structures faster than the 10-second cleanup interval can purge them. A second distinct variant exploits TTL re-advertisement to bloat the internal _expire_heap independently of the cache entry counter, providing a second unbounded growth path that bypasses any entry-count monitoring. No public exploit is identified at time of analysis; a vendor-released patch is available as of zeroconf 0.149.6 or 0.149.7 (minor version discrepancy between sources - see confidence notes).

Canonical Python Denial Of Service
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Memory exhaustion in python-zeroconf's exception deduplication logic allows any unauthenticated LAN-adjacent host to permanently pin approximately 9 KB of heap memory per unique malformed mDNS packet, enabling denial of service against zeroconf-dependent applications. The flaw affects all versions of the pip package `zeroconf` prior to 0.149.6; the unbounded `_seen_logs` dict in `QuietLogger` and `DNSIncoming._log_exception_debug` retained full Python traceback objects - and thus raw inbound packet buffers - keyed by attacker-influenced exception strings derived from ephemeral source ports, byte offsets, and pointer links. No public exploit or CISA KEV listing exists at time of analysis, but the attack is mechanistically straightforward and particularly severe on memory-constrained deployments such as Home Assistant on Raspberry Pi-class hardware, where sustained flood traffic can OOM-kill the process and disable HomeKit, Chromecast/Matter, and AirPlay discovery.

Canonical Python Denial Of Service
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote denial-of-service in russh, a Rust implementation of the SSH protocol, allows unauthenticated remote attackers to exhaust server memory by sending small compressed SSH packets that inflate to massive sizes post-decompression. Affecting all versions from 0.34.0 through 0.61.0, the flaw stems from missing post-decompression size enforcement in Decompress::decompress(), allowing payloads under the 256 KiB wire cap to expand beyond 128 MiB. No public exploit identified at time of analysis, but the advisory includes a detailed PoC demonstrating pre-authentication exploitation against default server configurations.

Microsoft SSH Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Denial-of-service in the Go golang.org/x/image/tiff package (versions before 0.41.0) allows remote attackers to exhaust memory or CPU by submitting a small, maliciously-crafted TIFF image whose PackBits-compressed stream decodes to disproportionately large output. Any Go service that parses untrusted TIFF input via this library is exposed; no public exploit identified at time of analysis and EPSS exploitation probability is very low (0.02%, 5th percentile).

Denial Of Service Golang Org X Image Tiff
NVD VulDB GitHub
EPSS 0% CVSS 2.9
LOW Monitor

Null pointer dereference in NanoMQ MQTT Broker 0.24.8 and earlier causes a denial-of-service condition via the QUIC transport layer. The function quic_stream_recv fails to return after completing an asynchronous I/O operation with an error when a substream is in reopen state, proceeding to lock c->mtx against a null substream pointer. An unauthenticated remote attacker can crash the broker process, disrupting edge messaging services. No public exploit identified at time of analysis beyond proof-of-concept code reflected in the CVSS 4.0 E:P metric; not listed in CISA KEV.

Null Pointer Dereference Denial Of Service Nanomq
NVD GitHub VulDB
EPSS 0% CVSS 4.5
MEDIUM PATCH This Month

Type confusion in NanoMQ MQTT Broker's QUIC dialer close path allows a local attacker with high complexity to cause the broker process to hang or crash. Versions prior to 0.24.14 store a pointer as `nni_quic_conn*` during dialing but later misread that same memory location as `ex_quic_conn*` during dialer close, producing invalid object interpretation across mismatched struct layouts. No public exploit code or active exploitation has been identified at time of analysis; the vendor-released fix is available in version 0.24.14.

Memory Corruption Denial Of Service Nanomq
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Denial of service in cpp-httplib (C++ header-only HTTP/HTTPS library) versions prior to 0.44.0 allows remote unauthenticated attackers to crash server processes by sending an HTTP request with a malformed X-Forwarded-For header. The flaw is reachable only when the application has configured a non-empty trusted-proxy list via Server::set_trusted_proxies(). CVSS 4.0 scores this 8.7 (high) due to network reachability and high availability impact; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Null Pointer Dereference Denial Of Service Suse
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Unbounded memory allocation in cpp-httplib prior to 0.43.4 allows remote unauthenticated attackers to crash the hosting process via a crafted HTTP request using chunked Transfer-Encoding with a negative chunk-size value. The root cause is a silent unsigned wrap-around in strtoul() that bypasses the library's incomplete size guard, causing chunk_remaining to be set to a near-maximum 64-bit value and forcing the server's read loop to attempt consuming that many bytes from the network. No active exploitation has been confirmed (no CISA KEV listing); no public exploit identified at time of analysis.

Denial Of Service Suse
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Out-of-bounds read in liboqs prior to 0.16.0 affects the XMSS and XMSS^MT stateful signature verification routines, exploitable by any unauthenticated remote attacker who can supply a crafted public key to a verifying process. The flaw arises when a correctly-sized signature buffer is paired with a public key whose OID bytes reference a different XMSS parameter set, causing the library to derive a larger sig_bytes value and index past the end of the caller-supplied buffer, with the primary observable effect being a process crash. No active exploitation is confirmed (not in CISA KEV) and no independently published exploit has been identified at time of analysis, though a proof-of-concept scenario is embedded in the upstream fix commit's test suite.

Denial Of Service Information Disclosure Oracle +3
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Out-of-bounds read in liboqs prior to 0.16.0 allows a remote unauthenticated attacker to crash the verifying process by supplying a truncated signature buffer to the XMSS or XMSS^MT stateful signature verification function. The missing caller-supplied length validation causes the implementation to read past the end of the buffer; the overread bytes feed into an internal hash computation only and are not returned to the caller, eliminating any data-leakage oracle. The primary real-world impact is a denial-of-service crash if the overread crosses an unmapped memory page. No public exploit or CISA KEV listing is identified at time of analysis.

Denial Of Service Oracle Buffer Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote denial of service in Gotenberg v8.10.0 through v8.32.0 allows unauthenticated attackers to crash the process by sending a single multipart request with multiple downloadFrom entries that trigger concurrent writes to unsynchronized Go maps. Because the default deployment enables downloadFrom and disables authentication, any internet-exposed instance can be terminated remotely without credentials, and publicly available exploit code exists in the upstream GitHub Security Advisory GHSA-vp73-vjw8-8f32. No public exploit identified in CISA KEV at time of analysis, but the PoC is fully reproducible and the fix is shipped in v8.33.0.

Race Condition Denial Of Service
NVD GitHub
EPSS 0% CVSS 8.7
HIGH This Week

Remote denial-of-service in Shibby Tomato 1.28 firmware allows unauthenticated network attackers to exhaust resources via the miniupnpd UPnP daemon at usr/sbin/miniupnpd. The affected project is end-of-life and superseded by FreshTomato, meaning no upstream fix will be issued. No public exploit identified at time of analysis, but the CVSS 4.0 score of 8.7 reflects high availability impact with no authentication or user interaction required.

Denial Of Service
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Prototype-pollution gadget in Axios (npm) before 1.15.2 and 0.31.1 allows an attacker who has already polluted Object.prototype.transformResponse in the same JavaScript process to hijack response handling, exfiltrate request config (URL, headers, auth credentials), and tamper with returned data. The flaw lives in mergeConfig() and transformData(), which read config via prototype-chain lookups, so any helper library prototype pollution becomes a credential-theft and DoS primitive for every Axios request. No public exploit identified at time of analysis beyond the advisory's PoC, and the issue is not in CISA KEV.

Denial Of Service RCE Code Injection
NVD GitHub
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Denial-of-service and HTTP header injection in the axios npm package (>=1.0.0,<1.16.0 and <=0.31.1) arise from two read-side prototype-pollution gadgets in lib/utils.js merge() and lib/core/mergeConfig.js, allowing a polluted Object.prototype (typically from an upstream dependency such as lodash CVE-2018-16487) to inject arbitrary outbound headers or crash every axios call with a synchronous TypeError. Publicly available exploit code exists in the GHSA advisory PoC, but EPSS is only 0.04% (13th percentile) and SSVC marks Automatable=no with partial technical impact, so this is a credible secondary-gadget risk rather than a mass-exploitation target.

Denial Of Service Prototype Pollution Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 8.2
HIGH This Week

Heap out-of-bounds read in mouse07410/asn1c versions 1.4 and earlier allows remote attackers to crash applications or corrupt integer parsing logic by sending a zero-length OER payload for a variable-length non-negative INTEGER type. The generated INTEGER_oer.c skeleton extracts the Most Significant Bit without validating input length, and because asn1c-generated parsers are commonly deployed in V2X, 5G telecom, and X.509 stacks, the impact extends into safety- and identity-critical pipelines. No public exploit identified at time of analysis, but the trivial trigger condition makes weaponization straightforward.

Denial Of Service Asn1C
NVD GitHub
EPSS 0% CVSS 4.1
MEDIUM This Month

Permanent denial-of-service against the 2025 Indian Motorcycle Scout Bobber + Tech's Wireless Control Module (WCM) allows an adjacent-network attacker with write access to the in-vehicle network to irreversibly immobilize the motorcycle by deliberately tripping an immobilizer lockout counter that persists across power cycles. The WCM's lockout counter accepts increments from any unauthenticated message without session binding, meaning a small number of crafted in-vehicle network frames is sufficient to trigger a permanent lockout condition requiring dealer intervention to resolve. No public exploit code has been identified at time of analysis, and this vulnerability has not been added to the CISA KEV catalog, though the attack technique is straightforward given adjacent network access.

Denial Of Service Scout Bobber Tech
NVD VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Unauthenticated denial of service in Suprema BioStar 2 Server versions 2.9.8, 2.9.10, and 2.9.11 allows remote attackers to halt critical processes by sending HTTP POST requests to the '/api/migration' endpoint, taking access control readers offline until manual service or server restart. No public exploit identified at time of analysis, though SSVC flags the attack as automatable with partial technical impact. Because BioStar 2 governs physical access control, the outage cascades to door readers and downstream third-party integrations, elevating real-world impact beyond a typical web-app DoS.

Denial Of Service Biostar 2 Server
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Denial of service in glib-networking allows a remote unauthenticated attacker to exhaust CPU resources in any application using the library's GnuTLS backend for certificate verification. By presenting a TLS certificate chain containing circular issuer relationships, the attacker triggers an unbounded loop (CWE-835) in the verification logic that never terminates. EPSS data was not provided; no public exploit code and no CISA KEV listing exist at time of analysis, placing this firmly in the 'monitor and patch' tier rather than emergency response.

Denial Of Service Red Hat Suse
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.216 allows attackers to run arbitrary code inside the browser's renderer sandbox through a crafted HTML page that triggers a use-after-free condition in the DOM implementation. The flaw, rated High severity by Chromium and carrying a CVSS 8.8 score, requires only that a victim visit a malicious or compromised webpage, making it well-suited for drive-by attacks despite no public exploit identified at time of analysis.

Use After Free RCE Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on Android prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers a use-after-free in the WebMIDI component. Chromium rates the severity High, and a vendor patch is available; no public exploit is identified at time of analysis and EPSS is very low at 0.03%.

Google Use After Free Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free flaw in the WebCodecs component, allowing a remote attacker to run arbitrary code within the renderer sandbox by luring a victim to a malicious HTML page. The issue is rated High severity by Chromium with a CVSS 3.1 score of 8.8, and a vendor patch is available, though no public exploit has been identified at time of analysis and the CVE is not currently listed in CISA KEV. Successful exploitation requires user interaction (visiting a crafted page), and code execution is constrained to the Chrome sandbox unless chained with a sandbox-escape bug.

Use After Free RCE Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome's Skia graphics library prior to version 148.0.7778.216 allows remote attackers who have already compromised the renderer process to break out of the browser sandbox via a crafted HTML page. The flaw is a use-after-free memory corruption issue rated High by Chromium, with a patch shipped through the Stable channel and no public exploit identified at time of analysis. EPSS probability is very low (0.03%) and the CVE is not on the CISA KEV list, indicating no observed in-the-wild exploitation despite the serious technical impact.

Google Use After Free Denial Of Service +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free flaw in the SVG rendering component, allowing remote attackers to execute arbitrary code within the renderer sandbox by luring a user to a crafted HTML page. Rated High severity by the Chromium project with a CVSS score of 8.8, the issue requires user interaction (visiting a malicious page) but no authentication. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Use After Free RCE Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote code execution in Google Chrome on macOS prior to 148.0.7778.216 stems from a use-after-free condition in the WebAppInstalls component, enabling a remote attacker to execute arbitrary code in the renderer context when a victim is lured to a malicious page and performs specific UI gestures. Chromium rates the severity as High, and while no public exploit identified at time of analysis, the bug class (UAF) is historically a favored target for Chrome exploit chains. The high attack complexity and required user interaction lower the practical exploitability compared to one-click bugs.

Use After Free RCE Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free condition in the Views UI component, allowing a remote attacker to execute arbitrary code if they can convince a user to perform specific UI gestures on a crafted HTML page. Chromium rates this as High severity and a vendor patch is available, but no public exploit has been identified at time of analysis.

Use After Free RCE Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap corruption in Google Chrome's PDFium component (versions prior to 148.0.7778.216) allows a remote attacker to potentially achieve code execution by tricking a user into opening a crafted PDF file. The flaw is a use-after-free condition rated High severity by Chromium, with no public exploit identified at time of analysis and a low EPSS score (0.03%) suggesting limited near-term mass exploitation despite a CVSS of 8.8. A vendor patch has been released via the Chrome Stable channel update.

Google Use After Free Denial Of Service +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox via a use-after-free in the PerformanceManager component triggered by a crafted HTML page. Exploitation requires user interaction (visiting a malicious page) and a pre-existing renderer compromise, and while no public exploit has been identified at time of analysis, EPSS rates exploitation probability as low (0.03%, 11th percentile). The flaw is rated High severity by Chromium and carries a CVSS 3.1 score of 8.3 due to the scope-changing nature of a sandbox escape.

Google Use After Free Denial Of Service +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out via a use-after-free in the Passwords component, delivered through a crafted HTML page. Exploitation requires user interaction and high attack complexity, and no public exploit identified at time of analysis, though Google rates the underlying Chromium severity as High and a vendor patch is available.

Use After Free Memory Corruption Google +3
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers a use-after-free in the Input component. Chromium rates the severity as High and CVSS scores it 8.3, but EPSS estimates exploitation probability at only 0.03% (11th percentile) and no public exploit identified at time of analysis. The flaw is a chained-exploitation primitive rather than a standalone RCE, requiring an attacker to first achieve renderer code execution before leveraging this bug.

Google Use After Free Denial Of Service +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free flaw in the WebXR component, allowing a remote attacker to run arbitrary code within the browser's renderer sandbox by enticing a victim to visit a crafted HTML page. Google rates the underlying Chromium severity as High, and a vendor patch has been released; no public exploit identified at time of analysis.

Use After Free RCE Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on Windows prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers a use-after-free in the Core component. Google rates this Chromium severity as High, and a vendor patch is available; no public exploit identified at time of analysis, and EPSS is very low (0.03%, 11th percentile). Exploitation requires a chained renderer compromise plus user interaction, so it is a meaningful second-stage primitive rather than a one-shot drive-by RCE.

Use After Free Memory Corruption Google +5
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome versions prior to 148.0.7778.216 allows a remote attacker who has already compromised the renderer process to break out of the browser sandbox by serving a crafted PDF file that triggers a use-after-free in the Views component. Chromium rates the severity as High and Google has shipped a fixed Stable channel build, but no public exploit is identified at time of analysis and EPSS exploitation probability is very low (0.03%, 11th percentile). The bug is a second-stage primitive - it requires an existing renderer compromise plus user interaction with a malicious PDF, which is the typical shape of a Chrome exploit chain.

Google Use After Free Denial Of Service +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's Network component prior to version 148.0.7778.216 allows a remote attacker to execute arbitrary code within the renderer sandbox by enticing a user to visit a crafted HTML page. The flaw is a use-after-free memory corruption issue rated High severity by the Chromium team, and while no public exploit is identified at time of analysis, browser memory-corruption bugs of this class are historically attractive targets when chained with a sandbox escape.

Use After Free RCE Memory Corruption +5
NVD VulDB
Prev Page 20 of 406 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy