Skip to main content

Denial Of Service

36508 CVEs technique

Monthly

CVE-2025-71308 MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel's accel/amdxdna driver (AMD AI accelerator/NPU subsystem) allows a local low-privileged user to trigger a kernel crash and denial of service. The flaw arises during error-path execution in aie2_create_context(): when mailbox channel creation fails, the channel pointer remains NULL, yet aie_destroy_context() is unconditionally called assuming it is non-NULL. No public exploit code exists and EPSS probability is 0.02%, indicating very low exploitation activity. Vendor-released patches are available in Linux 6.19.4 and the 7.0 series.

Linux Denial Of Service Null Pointer Dereference Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71307 MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel's drm/panthor subsystem causes a kernel panic and denial of service during GPU firmware unplug operations. The `panthor_fw_unplug()` function incorrectly attempted MCU halt and wait procedures even when firmware was never loaded or fully initialized, dereferencing a NULL pointer in that code path. Systems running a Panthor-based ARM Mali GPU (using the Panthor DRM driver) are affected across kernel versions from the introduction of the driver up to the fixed stable commits; no public exploit exists and EPSS is at the 5th percentile, indicating negligible opportunistic exploitation probability.

Linux Denial Of Service Null Pointer Dereference Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45846 MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel bareudp driver crashes the kernel when Open vSwitch triggers `bareudp_fill_metadata_dst()` against a down IPv6 bareudp tunnel device. The socket pointer (`bareudp->sock`) is NULL between `bareudp_stop()` and `bareudp_open()`, and the IPv6 path passes it unsafely to `udp_tunnel6_dst_lookup()` at `sock->sk` offset 0x18. A local attacker with low privileges and access to OVS netlink commands can force a kernel panic, causing a denial of service. No public exploit code exists and no active exploitation has been identified; EPSS at 0.02% (5th percentile) confirms negligible observed exploitation.

Linux Denial Of Service Null Pointer Dereference Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45845 MEDIUM PATCH This Month

Kernel NULL pointer dereference in the Linux TAPRIO traffic scheduler allows a local user with namespace-scoped CAP_NET_ADMIN to trigger a kernel panic. On systems with unprivileged user namespaces enabled - the default on Ubuntu, Fedora, Debian, and most container-oriented distributions - any unprivileged local user can acquire namespace-scoped CAP_NET_ADMIN simply by creating a new network namespace, reducing the effective privilege bar to an ordinary user account. Patched stable releases exist (6.6.141, 6.12.91, 7.0.10, 6.18.33, 7.1-rc2), no active exploitation has been confirmed by CISA KEV, and EPSS is 0.02% (5th percentile), but the straightforward attack sequence and wide Linux footprint make this a priority patch on multi-tenant or container-hosting systems.

Linux Canonical Denial Of Service Null Pointer Dereference Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45842 MEDIUM PATCH This Month

Null pointer dereference in the Linux kernel SLIP header compression (slhc) subsystem crashes the kernel when a VJ-compressed frame is received on a PPP instance configured with zero receive slots. An unprivileged local user who can create a user namespace can invoke the PPPIOCSMAXCID ioctl with a crafted argument (0xffff0000) that exploits a signed-integer arithmetic shift to supply rslots=0 to slhc_init(), leaving comp->rstate NULL; any subsequent inbound VJ frame targeting slot 0 then dereferences that NULL pointer in softirq context, producing a kernel panic. No public exploit has been identified at time of analysis, and EPSS probability is negligible at 0.02%, but the attack path is fully reachable from unprivileged user namespaces, making the practical privilege bar lower than the PR:L label implies on systems where user namespaces are enabled.

Linux Canonical Denial Of Service Null Pointer Dereference Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45841 MEDIUM PATCH This Month

Divide-by-zero in the Linux kernel netfilter OSF module (nfnetlink_osf) allows a local user with CAP_NET_ADMIN to crash the kernel. By injecting a crafted OS fingerprint with a zero window scale value (wss.val=0) via nfnetlink, the attacker causes nf_osf_match_one() to execute an unguarded modulo operation when any subsequent matching TCP SYN packet is processed, resulting in a kernel panic and system-wide denial of service. No active exploitation is confirmed; EPSS sits at 0.02% (5th percentile), reflecting very low probability of widespread automated exploitation.

Linux Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45838 MEDIUM PATCH This Month

Incorrect end-of-list detection in the Linux kernel's BPF cgroup storage map subsystem allows a local low-privileged user with BPF syscall access to trigger a kernel crash (denial of service) via the `cgroup_storage_get_next_key()` function. The function uses `list_next_entry()`, which never returns NULL but wraps to the list head on the last element, causing the kernel to read `storage->key` from a bogus pointer aliasing internal map fields and copy the result to userspace - a condition that can provoke a kernel oops or panic. No public exploit exists and EPSS is 0.02% (5th percentile), consistent with the local-only attack surface and absence of CISA KEV listing.

Linux Denial Of Service Null Pointer Dereference Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-48961 HIGH PATCH This Week

Denial of service in the zipdetails CLI tool bundled with Perl's IO::Compress versions 2.207 through 2.219 causes the script to abort with status 255 when parsing a ZIP archive containing an Info-ZIP Unix Extra Field (tag 0x7875) that declares an 8-byte UID or GID size. The bug is a typo in the source (calling unpackValueQ instead of unpackValue_Q), and no public exploit is identified at time of analysis; library callers of IO::Compress/IO::Uncompress are unaffected. EPSS is negligible (0.02%) and impact is limited to crashing the inspection tool, not the consuming application.

Denial Of Service Io Suse Red Hat
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-9156 MEDIUM PATCH This Month

Authenticated network-accessible denial of service in Tanium Server affects three active release branches, patched in versions 7.6.4.2190, 7.7.3.8274, and 7.8.2.1176. The vulnerability stems from a CWE-772 resource leak - allocated resources are not released after their effective lifetime, enabling a low-privileged authenticated attacker to exhaust server resources. A notable conflict exists in the available data: the CVSS vector reports C:H/I:N/A:N (high confidentiality impact, no availability impact) while the CVE description, ENISA EUVD tags, and vendor advisory title all characterize this as a denial of service; defenders should treat both confidentiality and availability as potentially affected until Tanium clarifies. No public exploit is identified and EPSS is low at 0.03%.

Denial Of Service Server
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-7493 MEDIUM This Month

Uncontrolled resource consumption in the Simply Schedule Appointments WordPress plugin (all versions ≤ 1.6.11.5) enables unauthenticated remote attackers to exhaust PHP-FPM or mod_php worker processes, effectively rendering the WordPress site unavailable to legitimate users. The attack surface is a publicly accessible REST endpoint (/wp-json/ssa/v1/async) that directly passes a caller-controlled delay parameter into PHP's native sleep() function with no rate limiting or input sanitization. No public exploit code has been identified at time of analysis and EPSS is very low (0.05%, 15th percentile), suggesting limited opportunistic interest so far, though the trivially low attack complexity means any actor can attempt this with no tooling.

Denial Of Service WordPress PHP
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-49017 PyPI HIGH PATCH GHSA This Week

Denial of service in OpenStack Swift's s3api middleware allows an authenticated S3 API user to permanently hang proxy-server workers by sending a truncated aws-chunked PUT request body. Versions 2.36.0 through 2.36.1 and 2.37.0 through 2.37.1 are affected; the defect was introduced in 2.36.0 and fixed in 2.36.2 and 2.37.2. There is no public exploit identified at time of analysis, and EPSS is very low (0.04%, 12th percentile), but the high availability impact and low attack complexity make this a credible operational threat to S3-compatible Swift deployments.

Denial Of Service Swift Red Hat
NVD VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-44645 npm MEDIUM GHSA This Month

LiquidJS (npm package, versions through 10.25.7) has a complete bypass of its `renderLimit` time-budget defense when processing `{% for %}` or `{% tablerow %}` tags with empty bodies, enabling any low-privileged template author to stall a Node.js event-loop thread for an attacker-controlled duration. Because Node.js is single-threaded, a stall of 2-10+ seconds on one worker blocks all concurrent in-flight HTTP requests on that process, making this a practical denial-of-service vector in SaaS and multi-tenant platforms. A public proof-of-concept is included in the GitHub Security Advisory (GHSA-8xx9-69p8-7jp3) and was reproduced against liquidjs@10.25.7; no patch has been released as of this analysis.

Node.js Denial Of Service
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-42015 MEDIUM PATCH This Month

Memory corruption via an off-by-one error in GnuTLS PKCS#12 bag element handling exposes any application using GnuTLS to remote unauthenticated denial of service - and potentially unspecified further impact - when a crafted PKCS#12 structure is parsed. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms exploitation requires no authentication, no user interaction, and no elevated complexity, making internet-exposed services that parse client-supplied PKCS#12 inputs the primary risk surface. No public exploit code exists and the vulnerability is not listed in the CISA KEV catalog at time of analysis.

Buffer Overflow Denial Of Service Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 +4
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-48593 MEDIUM POC PATCH GHSA This Month

Memory exhaustion in Oban Web's cron expression rendering engine allows a low-privileged attacker who can schedule jobs to crash the BEAM VM node. By submitting a cron expression with an astronomically large range such as '0 0 1-100000000 * *', the attacker causes Elixir.Oban.Web.CronExpr.describe/1 to eagerly materialize the range into a list via Enum.to_list/1, allocating approximately 2.4 GB of memory and stalling or crashing the node when a dashboard user views the cron job list. No public exploit identified at time of analysis, but the attack requires no specialized tooling - the malicious expression is trivial to craft given knowledge of the unguarded parse path.

Denial Of Service Oban Web
NVD GitHub VulDB
CVSS 4.0
5.9
EPSS
0.0%
CVE-2026-9567 LOW POC Monitor

Null pointer dereference in GPAC's MP4Box tool (versions 2.0 through 2.4.0) allows a local, low-privileged attacker to crash the application by supplying a crafted MP4 file with a malformed Protection System Header Box (PSSH). The vulnerability resides in the MergeFragment function, which fails to validate the private_data pointer before passing it to memmove, resulting in a denial-of-service impact limited to the MP4Box process. A public proof-of-concept exploit exists (hosted on GitHub), though EPSS sits at 0.01% (2nd percentile) and the flaw is not listed in the CISA Known Exploited Vulnerabilities catalog, consistent with the low-severity, local-only nature of the issue.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-9170 CRITICAL PATCH Act Now

Remote code execution and denial of service in IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5 and 9.0 stem from improper input validation (CWE-444 HTTP Request Smuggling). Unauthenticated network attackers can send crafted requests that desynchronize the plug-in's request parsing, potentially achieving full compromise of the application tier. No public exploit identified at time of analysis, and EPSS remains low (0.06%), but the vendor confirms a patch and CISA SSVC rates the technical impact as total with automatable exploitation.

Denial Of Service IBM Request Smuggling RCE
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-33221 MEDIUM PATCH This Month

Incorrect permission assignment in the NVIDIA Display Driver kernel module on Windows and Linux allows a highly privileged local user to corrupt critical resource permissions, leading to denial of service and potentially data tampering. Affected product lines span GeForce (limited to Maxwell, Volta, and Pascal architectures on some branches), RTX/Quadro/NVS, Tesla, and Guest (vGPU) drivers across multiple version branches. No public exploit exists and no active exploitation has been identified; SSVC assessment rates exploitation as none and impact as partial, consistent with the moderate CVSS score of 4.4.

Denial Of Service Nvidia Microsoft Linux
NVD VulDB
CVSS 3.1
6.0
EPSS
0.0%
CVE-2026-24201 MEDIUM This Month

Out-of-bounds write in NVIDIA Virtual GPU Manager exposes virtualized GPU deployments to denial of service, data tampering, and information disclosure. A local, low-privileged attacker operating within a virtualized environment can trigger the memory corruption flaw in the host-side vGPU manager component across multiple affected driver branches (vGPU 16.x through 20.x). No public exploit code exists at time of analysis, and EPSS probability is at the 2nd percentile, but the high availability impact (A:H in CVSS) and the prevalence of vGPU in enterprise virtualization infrastructure warrant prompt patching.

Nvidia Memory Corruption Information Disclosure Buffer Overflow Denial Of Service +1
NVD VulDB
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-24200 HIGH This Week

Local privilege escalation and code execution in NVIDIA Virtual GPU Manager arises from a use-after-free on stack memory within the vGPU hypervisor component. Authenticated local attackers on the host or guest side of an affected vGPU deployment (vGPU branches 16.x through 20.x) can trigger memory corruption that may yield DoS, info disclosure, data tampering, or arbitrary code execution. No public exploit identified at time of analysis and EPSS is 0.01%, but SSVC rates technical impact as total.

Nvidia Memory Corruption RCE Information Disclosure Use After Free +2
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-24194 HIGH PATCH This Week

Local privilege escalation in NVIDIA Display Driver for Linux (GeForce, RTX/Quadro/NVS, Tesla, and vGPU guest drivers) allows an authenticated local user to abuse improper permission handling in a kernel mode layer handler, enabling code execution, privilege elevation, and data tampering. CVSS 7.8 reflects high impact across confidentiality, integrity, and availability, but the attack vector is local and authenticated. No public exploit identified at time of analysis and EPSS is 0.01%, but SSVC marks technical impact as total.

Nvidia RCE Linux Information Disclosure Denial Of Service
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-24191 HIGH This Week

Local privilege escalation in NVIDIA Display Driver for Windows (GeForce, RTX/Quadro/NVS, Tesla, and vGPU guest/manager components) stems from a time-of-check time-of-use (TOCTOU) race condition that can be abused by a low-privileged local user. Successful exploitation may yield code execution, privilege escalation, denial of service, information disclosure, or data tampering with scope change beyond the driver's security boundary. No public exploit identified at time of analysis; EPSS is 0.01% and SSVC exploitation status is 'none', so the practical risk is contingent on local access and winning a high-complexity race.

Nvidia RCE Information Disclosure Microsoft Denial Of Service
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-24190 HIGH PATCH This Week

Local privilege escalation in NVIDIA Display Driver for Windows and Linux allows authenticated low-privilege users to improperly access GPU resources via a kernel mode layer flaw, potentially leading to code execution, privilege escalation, information disclosure, data tampering, and denial of service. The issue affects GeForce, RTX/Quadro/NVS, and Tesla product lines across multiple driver branches and carries a CVSS 7.8 (High) score. No public exploit identified at time of analysis, and EPSS probability is very low (0.01%), but the breadth of affected hardware and total technical impact warrant prompt patching.

Nvidia RCE Linux Information Disclosure Microsoft +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-24193 HIGH PATCH This Week

Local privilege escalation in the NVIDIA Display Driver for Windows and Linux allows an authenticated low-privileged user to trigger an out-of-bounds write (CWE-787) in the kernel-mode driver, potentially leading to code execution, privilege escalation, information disclosure, data tampering, or denial of service. The flaw affects GeForce, RTX/Quadro/NVS, and Tesla product lines, with NVIDIA confirming the vulnerability and releasing patched driver versions. No public exploit identified at time of analysis, and EPSS rates exploitation probability at just 0.01%.

Nvidia Memory Corruption RCE Information Disclosure Microsoft +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-24196 HIGH PATCH This Week

Out-of-bounds read in NVIDIA Display Driver for Linux (GeForce, RTX/Quadro/NVS, Tesla, and vGPU Guest drivers) allows a locally authenticated user to trigger denial of service and information disclosure. The flaw carries a CVSS 3.1 score of 7.1 (AV:L/AC:L/PR:L), and per CISA SSVC there is no public exploit identified at time of analysis (Exploitation: none), with EPSS at 0.01% indicating negligible near-term exploitation likelihood. NVIDIA has published fixed driver versions across all affected branches in advisory ID 5821.

Denial Of Service Information Disclosure Nvidia Buffer Overflow
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-24197 MEDIUM PATCH This Month

NVIDIA Display Driver for Linux exposes a denial-of-service condition in the Multi-Instance GPU (MIG) partition management subsystem, rooted in insecure default initialization of memory subsystem routing resources (CWE-1188). A local authenticated user - with low privileges on a Linux system running MIG-enabled Tesla, GeForce, RTX/Quadro/NVS, or Virtual GPU Manager driver branches - can trigger a hang or data corruption during partition reconfiguration, potentially disrupting all GPU workloads sharing the affected physical GPU. No public exploit code exists and this vulnerability is not in CISA KEV; EPSS sits at 0.01% (2nd percentile), indicating no observed mass exploitation at time of analysis.

Denial Of Service Nvidia
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-24199 MEDIUM PATCH This Month

Race condition exploitation in NVIDIA Display Driver's Linux kernel module allows a local authenticated user to cause denial of service by manipulating compiler or processor memory instruction ordering. Affected product lines span GeForce, RTX/Quadro/NVS, Tesla, and vGPU Guest Driver across multiple driver branches up to the March 2026 release. No active exploitation has been confirmed - this is not listed in CISA KEV, EPSS is 0.01% (1st percentile), and SSVC assessment classifies exploitation status as none - placing this firmly in a patch-and-monitor category rather than emergency response.

Denial Of Service Nvidia Race Condition Linux Geforce +4
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-24198 MEDIUM PATCH This Month

Race condition in NVIDIA GPU Display Driver for Linux allows a high-privileged local attacker to leak sensitive kernel or process memory, producing limited information disclosure alongside potential data tampering and denial of service. Affected product lines span GeForce, RTX/Quadro/NVS, and Tesla GPU families running Linux driver branches prior to 580.159.03 or 595.71.05. No public exploit code exists and this vulnerability is absent from the CISA KEV catalog; an EPSS of 0.01% (1st percentile) and SSVC classification of Exploitation: none together place it at the lowest tier of real-world exploitation priority.

Denial Of Service Information Disclosure Nvidia Geforce Rtx Quadro Nvs +1
NVD
CVSS 3.1
5.6
EPSS
0.0%
CVE-2026-24182 MEDIUM PATCH This Month

Denial of service in NVIDIA Display Driver for Windows and Linux stems from improper lock management (CWE-667), where an attacker with local low-privilege access can leak held driver locks, potentially crashing or hanging the driver stack and denying GPU availability system-wide. Scope is changed (S:C), meaning the impact extends beyond the vulnerable component to the broader kernel or hypervisor layer. No public exploit identified at time of analysis and no CISA KEV listing; EPSS at 0.01% (1st percentile) and SSVC exploitation status of 'none' consistently signal low near-term exploitation likelihood.

Denial Of Service Nvidia Microsoft
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-24195 MEDIUM PATCH This Month

Denial of service in the NVIDIA Display Driver for Linux (UVM kernel module) allows a local user to crash or render the GPU subsystem unavailable through improper input validation. The flaw affects NVIDIA Guest drivers used in vGPU deployments (versions 580.126.09 and 595.58.03 across vGPU 19.4 and 20.0 branches) and carries a CVSS 7.1 with high availability impact and scope change. There is no public exploit identified at time of analysis, and EPSS is very low (0.01%, 2nd percentile), consistent with the local attack vector and DoS-only impact.

Denial Of Service Nvidia
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-24192 HIGH PATCH This Week

Local privilege escalation in NVIDIA Display Driver for Linux (GeForce, RTX/Quadro/NVS, Tesla, and Virtual GPU Manager branches) stems from an incorrect numeric type conversion (CWE-681) that produces a heap buffer overflow. A locally authenticated attacker with low privileges can trigger the flaw to achieve code execution, privilege escalation, information disclosure, data tampering, or denial of service. No public exploit identified at time of analysis, and EPSS is very low (0.01%, 1st percentile), but technical impact per SSVC is total.

Nvidia RCE Information Disclosure Buffer Overflow Denial Of Service
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-24187 HIGH PATCH This Week

Local privilege escalation and code execution in the NVIDIA Display Driver for Linux (GeForce, RTX/Quadro/NVS, Tesla, and vGPU Guest/Manager components) stems from a use-after-free memory corruption flaw (CWE-416) that a local low-privileged user can trigger to compromise the kernel-level driver. The scope-changed CVSS 8.8 score reflects that successful exploitation crosses a trust boundary, potentially yielding code execution, privilege escalation, information disclosure, data tampering, or denial of service. EPSS is 0.01% (1st percentile) and there is no public exploit identified at time of analysis, but a vendor patch is available across all affected branches.

Nvidia Memory Corruption RCE Information Disclosure Use After Free +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-8835 HIGH PATCH This Week

Invalid pointer dereference in IBM HTTP Server 8.5 and 9.0 allows an authenticated privileged user on the Administration Server to expose sensitive information or trigger a denial-of-service condition. The flaw requires adjacent network access and existing low-level privileges, and no public exploit identified at time of analysis. EPSS exploitation probability is negligible (0.01%) and CISA SSVC indicates no observed exploitation.

Denial Of Service IBM Http Server
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-8834 HIGH PATCH This Week

Heap-based buffer overflow in IBM HTTP Server 8.5 and 9.0 allows an attacker already authenticated to the Administration Server to execute arbitrary code or crash the service. The flaw requires adjacent network access and existing low-level privileges, and no public exploit identified at time of analysis despite the high CVSS 8.0 rating. EPSS probability is negligible (0.01%) and SSVC marks exploitation as 'none,' indicating the issue is currently a patch-and-move-on item rather than an emergency.

Denial Of Service Heap Overflow IBM Buffer Overflow Http Server
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2026-7450 MEDIUM PATCH This Month

NULL Pointer Dereference in Autodesk 3ds Max's PAR file parser allows a local attacker to crash the application by convincing a user to open a specially crafted PAR file, resulting in a denial-of-service condition. Affected versions span both the 2026 (prior to 2026.1) and 2027 (prior to 2027.1) release lines. No active exploitation has been identified - EPSS is 0.00% (0th percentile), SSVC exploitation status is 'none', and the vulnerability is not listed in CISA KEV - placing this squarely in a low-urgency, patch-and-monitor posture.

Denial Of Service Null Pointer Dereference 3ds Max
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-8855 HIGH PATCH This Week

Remote code execution and denial of service in IBM HTTP Server 8.5 and 9.0 affects deployments configured with TLS mutual (client certificate) authentication, where an attacker can trigger code injection (CWE-94) over the network without prior authentication. The flaw carries a CVSS 8.1 score with high attack complexity, and IBM has published a patch (advisory node/7274065); no public exploit has been identified at time of analysis and SSVC marks exploitation as 'none' with total technical impact.

Denial Of Service Code Injection IBM RCE Http Server
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-8854 HIGH PATCH This Week

Denial of service in IBM HTTP Server 8.5 and 9.0 allows remote unauthenticated attackers to crash or degrade the service when the optional mod_mem_cache module is loaded. The flaw carries a CVSS 7.5 (availability-only impact) and has no public exploit identified at time of analysis, though the SSVC framework rates exploitation as automatable. EPSS probability is very low (0.01%, 3rd percentile), suggesting limited near-term exploitation interest.

Denial Of Service IBM Http Server
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-8856 HIGH PATCH This Week

Denial of service in IBM HTTP Server 8.5 and 9.0 allows local attackers with write access to server configuration files to crash or render the web server unavailable. The CVSS vector (AV:L/PR:N) indicates a local attack vector with high integrity and availability impact, and no public exploit has been identified at time of analysis. EPSS exploitation probability is very low at 0.03% (9th percentile), and SSVC scores exploitation as 'none' with partial technical impact, suggesting limited real-world urgency.

Denial Of Service IBM Http Server
NVD
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-8852 MEDIUM PATCH This Month

Denial of service in IBM HTTP Server 8.5 and 9.0 is achievable by a local, unprivileged attacker through the optional mod_fastcgi module, which triggers a reachable assertion (CWE-617) causing the server process to abort. Affected versions span IBM HTTP Server 9.0 and IBM HTTP Server 8.5.0 through Interim Fix 002. No public exploit exists and CISA has not listed this in the KEV catalog; EPSS exploitation probability is extremely low at 0.03% (9th percentile), indicating minimal real-world threat at present.

Denial Of Service IBM Http Server
NVD VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-8850 HIGH PATCH This Week

Denial of service in IBM HTTP Server 8.5 and 9.0 allows remote unauthenticated attackers to crash the web server when the optional mod_ibm_upload module is loaded, triggering a null pointer dereference (CWE-476). No public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.02% (4th percentile), though SSVC flags the issue as automatable with partial technical impact. Affected deployments include HTTP Server 8.5 up to Interim Fix 002 and HTTP Server 9.0, with a vendor patch available via IBM support note 7274065.

Denial Of Service Null Pointer Dereference IBM Http Server
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-48864 HIGH PATCH This Week

Heap buffer overflow in libsolv allows local attackers to corrupt memory when a vulnerable application processes a maliciously crafted .solv repository metadata file. The flaw stems from insufficient input validation during decompression of attacker-controlled data, enabling information disclosure, control-flow alteration, or denial of service across multiple Red Hat Enterprise Linux releases and SUSE distributions. SSVC marks exploitation as PoC-level with total technical impact, while EPSS remains very low at 0.01%, indicating limited probability of widespread exploitation despite high severity.

Denial Of Service Information Disclosure Memory Corruption Buffer Overflow Red Hat Enterprise Linux 10 +7
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-45836 MEDIUM PATCH This Month

Null pointer dereference in the Linux kernel's Bluetooth L2CAP socket layer crashes the kernel when `l2cap_sock_get_sndtimeo_cb()` is invoked with a NULL socket context, resulting in a local denial-of-service (kernel panic). The flaw stems from an oversight where sibling callbacks `l2cap_sock_resume_cb()` and `l2cap_sock_ready_cb()` already carry the required NULL guard, but `l2cap_sock_get_sndtimeo_cb()` does not. With EPSS at 0.02% (5th percentile), no public exploit identified, and no CISA KEV listing, real-world exploitation risk is low - but the vulnerability has persisted since Linux 3.13 and affects every major stable branch until patched versions were released.

Linux Denial Of Service Null Pointer Dereference Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45835 MEDIUM PATCH This Month

Null pointer dereference in the Linux kernel's Bluetooth L2CAP socket layer crashes the kernel when `l2cap_sock_new_connection_cb()` is invoked without the NULL guard present in sibling callbacks. Local unprivileged users on systems with Bluetooth enabled can trigger a kernel oops or panic, resulting in a denial of service. No public exploit or CISA KEV listing exists; EPSS probability is near zero at 0.02% (5th percentile), indicating minimal active exploitation interest at time of analysis.

Linux Denial Of Service Null Pointer Dereference Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45834 MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel Bluetooth L2CAP subsystem causes a local denial-of-service via kernel panic when `l2cap_sock_state_change_cb()` is invoked with a NULL socket pointer. A local low-privileged user with access to the Bluetooth socket API can trigger a system crash by exercising the L2CAP state change callback path that lacked the NULL guard already applied to sibling callbacks `l2cap_sock_resume_cb()` and `l2cap_sock_ready_cb()`. No active exploitation is confirmed (not in CISA KEV) and EPSS stands at 0.02% (5th percentile), indicating minimal real-world adversarial interest at time of analysis.

Linux Denial Of Service Null Pointer Dereference Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-48132 HIGH This Week

Denial of service in Check Point Quantum Security Gateway allows remote unauthenticated attackers to crash the VPN processing service by sending specially crafted IKE packets over NAT-T (UDP/4500). Multiple supported releases (R81.10 and below, R81.20, R82, R82.10) are affected up to specific Jumbo Hotfix takes. No public exploit identified at time of analysis, and EPSS is low at 0.06% (17th percentile), suggesting limited near-term exploitation likelihood despite the 8.1 CVSS score.

Denial Of Service Information Disclosure Buffer Overflow Quantum Security Gateway
NVD VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-48131 HIGH This Week

Denial of service in Check Point Quantum Security Gateway allows remote unauthenticated attackers to terminate the VPN service by sending a malformed IKE fragment to UDP port 500 during the early phase of a connection attempt. The flaw affects multiple R81.x, R82, and R82.10 release trains running below specific Jumbo Hotfix Takes; no public exploit identified at time of analysis and EPSS exploitation probability is very low (0.02%, 5th percentile).

Denial Of Service Heap Overflow Buffer Overflow Quantum Security Gateway
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-8479 MEDIUM CISA This Month

NULL pointer dereference in Hitachi Energy RTU500 series CMU Firmware allows an adjacent low-privileged attacker to crash the IEC 60870-5-104 communication process by sending a specially crafted sequence of messages over time, resulting in a Denial of Service on the RTU device. Exploitation is gated behind a non-default configuration - only deployments with bidirectional communication interface (BCI) mode enabled are affected. No public exploit exists and EPSS places exploitation probability at 0.02% (7th percentile), consistent with the specialized OT/ICS context, adjacency requirement, and SSVC confirmation of no known active exploitation.

Denial Of Service Null Pointer Dereference Rtu500 Series Cmu Firmware
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-7310 MEDIUM PATCH CISA This Month

Heap-based buffer overflow in Hitachi Energy MACH HiDraw's XML parser allows a low-privileged, locally authenticated attacker to corrupt heap memory by inducing a victim to open a specially crafted XML file, with a primary impact of high availability loss (application crash) and limited confidentiality and integrity compromise. Affected versions span MACH HiDraw 9.0 through versions prior to 9.22 per EUVD-2026-31812. No public exploit identified at time of analysis, and an EPSS score of 0.01% (3rd percentile) combined with an SSVC exploitation status of 'none' confirm minimal current real-world exploitation activity.

Denial Of Service Heap Overflow Buffer Overflow RCE Mach Hidraw
NVD
CVSS 4.0
4.4
EPSS
0.0%
CVE-2025-11482 HIGH PATCH CISA Act Now

Denial of service in B&R Industrial Automation PPT30 Operating System versions before 1.8.0 allows unauthenticated network attackers to permanently disable the OPC-UA Server through resource exhaustion. The flaw stems from missing throttling on resource allocation (CWE-770) and carries a CVSS 4.0 score of 8.7 due to high availability impact via the network with no privileges or user interaction. EPSS is low at 0.04% and no public exploit has been identified at time of analysis, though SSVC marks the issue as automatable with partial technical impact.

Denial Of Service Ppt30 Operating System
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-9540 PyPI MEDIUM POC PATCH This Month

Denial of service in vllm 0.19.0's OpenAI-compatible serving path allows remote unauthenticated attackers to exhaust scheduler resources by submitting requests with unbounded logprob counts. The root cause, confirmed by PR diff analysis, is the absence of any per-batch logprob budget in the v1 scheduler: requests specifying logprobs=-1 (full vocabulary) multiplied across parallel sequences (n) generate massive compute and memory overhead with no cap, blocking or crashing the inference server. Publicly available exploit code exists (GitHub issue #37343); no confirmed active exploitation at time of analysis.

Denial Of Service Vllm Red Hat
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-8047 HIGH PATCH This Week

Denial of service in CODESYS Control runtime products and HMI/Toolkit components allows unauthenticated remote attackers to crash affected industrial control systems by sending malformed HTTP requests that trigger a size-limited out-of-bounds write during length parsing. The flaw affects a broad range of CODESYS runtime variants used across PLCs, industrial PCs, and embedded controllers from vendors like Beckhoff, WAGO, and Raspberry Pi-based deployments. No public exploit identified at time of analysis, EPSS is low (0.07%), but the network-reachable, no-privileges-required attack surface makes this operationally significant for OT environments.

Denial Of Service Buffer Overflow Codesys Control Rte Sl Codesys Control Rte For Beckhoff Cx Sl Codesys Control Win Sl +13
NVD VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-9496 HIGH PATCH This Week

Denial of service in npm's pacote package (versions 11.2.7 and later) allows remote unauthenticated attackers to exhaust CPU by submitting a crafted spec.rawSpec value to the addGitSha function, where vulnerable regex and string-manipulation logic exhibits catastrophic backtracking. CVSS 4.0 scores this 7.7 (high availability impact, no integrity/confidentiality impact) and SSVC labels exploitation as POC with automatable=yes, though EPSS remains low at 0.04% (11th percentile). No active exploitation has been reported and no public exploit identified at time of analysis, but the bug is trivially triggerable wherever pacote parses untrusted package specs.

Denial Of Service Pacote Org Webjars Npm
NVD GitHub VulDB
CVSS 4.0
7.7
EPSS
0.0%
CVE-2026-9529 LOW POC Monitor

Null pointer dereference in GNU LibreDWG's dwggrep utility crashes the application when processing a maliciously crafted DWG file. The vulnerability resides in the match_BLOCK_HEADER function within dwggrep.c and affects all tracked releases from version 0.1 through 0.14. A local authenticated attacker can exploit this to cause denial of service against the dwggrep utility; no publicly available exploit code exists for confidentiality or integrity compromise, consistent with the CVSS impact scores of VC:N/VI:N/VA:L. Publicly available exploit code exists (no KEV listing), though EPSS at 0.01% reflects negligible widespread exploitation probability.

Denial Of Service Null Pointer Dereference Libredwg
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-48692 HIGH This Week

Unauthenticated gRPC API exposure in FastNetMon Community Edition through 1.2.9 allows adjacent network attackers to invoke security-critical RPC methods including ExecuteBan and ExecuteUnBan without credentials. The server explicitly uses grpc::InsecureServerCredentials() on port 50052, enabling attackers to blackhole legitimate traffic via BGP announcements, disable active DDoS mitigations, and trigger external script execution via popen(). No public exploit identified at time of analysis, and EPSS is low at 0.03%, but CISA SSVC rates technical impact as total.

Denial Of Service Authentication Bypass N A
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-9503 LOW POC PATCH Monitor

Null pointer dereference in GNU LibreDWG (all versions through 0.14) allows a local, low-privileged attacker to crash any application that uses the library to parse a maliciously crafted DWG file, resulting in a denial-of-service condition with no confidentiality or integrity impact. The affected code path is within the DWG 2004 compressed-section handler in src/decode.c, where missing bounds checks on section entry address fields permit invalid memory access. A public proof-of-concept exploit file exists; however, the vulnerability is not listed in CISA KEV, EPSS sits at 0.01% (2nd percentile), and SSVC rates it non-automatable with only partial technical impact, collectively indicating negligible in-the-wild exploitation risk at time of analysis.

Denial Of Service Null Pointer Dereference Libredwg
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-9501 LOW POC PATCH Monitor

Reachable assertion (CWE-617) in GNU LibreDWG's `decompress_R2004_section` function allows a local low-privileged attacker to crash the `dwgread` utility by supplying a malformed R2004-format DWG file with out-of-bounds decompression parameters. All releases from 0.1 through 0.14 are confirmed affected. Publicly available exploit code exists, though EPSS sits at 0.01% (2nd percentile) and no active exploitation is confirmed - consistent with the strictly local, no-code-execution impact profile.

Denial Of Service Libredwg
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-48852 LOW PATCH Monitor

Assertion failure in ECDSA signature verification within PuTTY 0.71 through 0.83 allows a network-positioned attacker to crash the PuTTY client, producing a denial-of-service condition. The vulnerability (CWE-617: Reachable Assertion) carries a CVSS 3.7 Low score with no confidentiality or integrity impact - availability impact is limited to the client process itself. No public exploit code exists and no active exploitation has been identified; SSVC rates exploitation as none and the EPSS score of 0.04% (12th percentile) confirms minimal current exploitation probability.

Denial Of Service Putty
NVD VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2018-25378 MEDIUM POC This Month

Notebook Pro 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the notebook name field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Notebook Pro
NVD Exploit-DB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2018-25369 MEDIUM POC This Month

Visual Ping 0.8.0.0 contains a buffer overflow vulnerability in input field handling that allows local attackers to crash the application by supplying oversized data. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Visual Ping
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2018-25368 HIGH POC This Week

Nord VPN 6.14.31 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting an excessively long string in the password field. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Nordvpn
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2018-25367 MEDIUM POC This Month

NASA openVSP 3.16.1 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the geometry name field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Openvsp
NVD Exploit-DB GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-47073 HIGH POC PATCH GHSA This Week

Denial of service in benoitc hackney (Erlang HTTP client) versions 2.0.0 through 4.0.0 allows a malicious WebSocket server to exhaust client memory via three unbounded buffer paths in src/hackney_ws.erl. An attacker controlling the server the hackney client connects to can drive the Erlang VM to OOM by streaming bytes without terminator, declaring a giant RFC 6455 frame length, or sending endless non-final continuation fragments. Publicly available exploit code exists per SSVC, EPSS is low at 0.09%, and a vendor patch is available in 4.0.1.

Denial Of Service Hackney
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-47067 HIGH POC PATCH GHSA This Week

Denial of service in benoitc hackney (Erlang HTTP client) 2.0.0 through 4.0.0 allows remote unauthenticated attackers to crash the BEAM VM by supplying URLs with attacker-chosen scheme prefixes, exhausting the non-garbage-collected atom table (default limit 1,048,576). Exploitation is automatable per SSVC and affects any application that parses untrusted URLs via hackney - including request targets, configured webhook URLs, or Location redirect headers. No public exploit identified at time of analysis and EPSS is low (0.04%), but a vendor patch is available in 4.0.1.

Denial Of Service Hackney
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-47077 HIGH POC PATCH GHSA This Week

Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. hackney_h3:await_response_loop/6 accumulates the HTTP/3 response body in memory without any size cap. The after Timeout clause is a per-message inactivity timer that resets on every received chunk, housekeeping message, or settings frame - it is not a wall-clock deadline. A malicious HTTP/3 server that emits one small chunk every Timeout - 1 ms with Fin = false and never sends a final frame keeps the loop alive indefinitely while the accumulation buffer grows linearly without bound, eventually exhausting the BEAM process heap and causing an out-of-memory condition. This issue affects hackney: from 2.0.0 before 4.0.1.

Denial Of Service Hackney
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-47071 HIGH POC PATCH GHSA This Week

Denial of service in benoitc hackney (Erlang HTTP client) versions 0.10.0 through 4.0.0 lets a hostile SOCKS5 or HTTP CONNECT proxy hang the connecting Erlang process indefinitely during the TLS upgrade phase. Because the caller-supplied timeout was not forwarded to ssl:connect/2, which defaults to infinity, recv_timeout and connect_timeout options are silently bypassed. Publicly available exploit code exists per SSVC, EPSS is low (0.04%), and a vendor patch is available in 4.0.1.

Denial Of Service Hackney
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-47066 HIGH POC PATCH GHSA This Week

Denial-of-service in benoitc's hackney Erlang HTTP client (versions 2.0.0-beta.1 through 4.0.0) allows any HTTP origin server to pin a client process at 100% CPU by returning a malformed Alt-Svc response header. The flaw is a CWE-835 infinite loop in the Alt-Svc parser, triggerable by a single byte such as '!' in the header value. No public exploit identified at time of analysis, EPSS is low (0.04%), but SSVC rates exploitation as POC and the attack is automatable; a vendor patch is available in 4.0.1.

Denial Of Service Hackney
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-4915 Go MEDIUM PATCH This Month

Server process termination in Mattermost is achievable by any authenticated user via a crafted outgoing webhook callback response that contains a null attachment entry - exploiting the server's failure to filter nil elements from attachment payloads before processing (CWE-754). Affected release trains span 10.11.x through 11.6.x, covering a wide installed base. No public exploit exists and EPSS is extremely low at 0.04% (12th percentile), but the availability impact is rated High by CVSS and the attack requires only low-privilege authentication over the network with no user interaction, making this a meaningful insider or compromised-account threat capable of triggering a full service outage.

Denial Of Service Mattermost
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-48829 HIGH PATCH This Week

Unauthenticated denial of service in GNU SASL before version 2.2.3 occurs through a NULL pointer dereference in the DIGEST-MD5 authentication mechanism. Remote attackers can crash both client and server applications by sending a malformed authentication token that lacks an equals sign character, causing the getsubopt.c parser to dereference a NULL pointer.

Null Pointer Dereference Denial Of Service Gnu Sasl
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-47138 npm HIGH PATCH GHSA This Week

Pre-authentication denial of service in Parse Server (versions <8.6.77 and 9.0.0 through 9.9.0) allows remote unauthenticated attackers who know a publicly-discoverable Parse Application ID to pin Node.js workers for seconds to minutes by sending a crafted X-Parse-Client-Version header or _ClientVersion JSON body field that triggers polynomial regex backtracking in the client SDK version parser. The parser runs before session authentication and rate limiting on every /parse/* request, so a handful of concurrent requests can saturate a worker fleet. No public exploit identified at time of analysis, EPSS sits at 0.16% (37th percentile), and the issue is not in CISA KEV.

Node.js Denial Of Service
NVD GitHub
CVSS 4.0
8.7
EPSS
0.2%
CVE-2026-25680 Go MEDIUM PATCH This Month

Excessive CPU consumption in the golang.org/x/net/html package's HTML parser allows remote attackers to cause denial of service by supplying crafted HTML input to any Go application that parses untrusted markup using this library. All versions before 0.55.0 are confirmed affected per EUVD-2026-31447 and the Go vulnerability database (GO-2026-5028). No active exploitation has been identified - CISA SSVC rates exploitation as 'none' and the EPSS score of 0.04% (13th percentile) indicates very low observed exploitation probability at time of analysis.

Denial Of Service Golang Org X Net Html Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-4635 Go MEDIUM PATCH This Month

Server crash via race condition in Mattermost's persistent notification and channel archival subsystem allows any low-privileged authenticated user to bring down the server with no user interaction required. Affected branches span 10.11.x through 11.6.x across multiple maintenance lines. No public exploit code has been identified at time of analysis and the vulnerability is absent from CISA KEV, but the low authentication bar combined with network accessibility and low attack complexity makes this a credible insider threat or targeted denial-of-service vector against any exposed Mattermost deployment.

Denial Of Service Race Condition Mattermost
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-4646 Go MEDIUM PATCH This Month

Authenticated denial-of-service in Mattermost's plugin subsystem allows a low-privileged user to crash the plugin process by sending a crafted HTTP request to the PR details API endpoint. Affected across four active release branches (10.11.x, 11.4.x, 11.5.x, 11.6.x), the flaw stems from missing input validation in API request handlers (CWE-1287). No public exploit code exists and the vulnerability is not listed in CISA KEV; however, the low authentication barrier (any valid account) combined with network accessibility makes it a realistic insider or post-compromise nuisance risk.

Denial Of Service Mattermost
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-5740 Go HIGH PATCH GHSA This Week

Denial of service in Mattermost server (versions 11.6.0, 11.5.0-11.5.3, 11.4.0-11.4.4, and 10.11.0-10.11.14) allows remote attackers to crash the server process by sending a crafted msgpack-encoded binary WebSocket frame to the public endpoint. The flaw stems from missing validation of frame sizes before memory allocation, enabling a full service outage for all users. No public exploit identified at time of analysis, and the CVSS 7.5 score reflects the unauthenticated network-reachable nature of the attack with high availability impact.

Denial Of Service Mattermost
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-5308 Go MEDIUM PATCH GHSA This Month

Denial of service in Mattermost's plugin HTTP endpoint layer allows an authenticated high-privilege attacker to exhaust server resources by sending crafted oversized HTTP request bodies. Affected across four concurrent release branches - 10.11.x through 11.6.x - with no published EPSS score and no confirmed active exploitation or public proof-of-concept at time of analysis. The CVSS score of 4.9 (Medium) accurately reflects the high-privilege prerequisite that meaningfully limits the realistic attacker population, though availability impact is rated High, meaning successful exploitation disrupts service availability entirely.

Denial Of Service Mattermost
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-5755 Go MEDIUM PATCH This Month

Uncontrolled memory allocation in Mattermost's TIFF image processing allows authenticated users to trigger server-side out-of-memory (OOM) conditions, effectively taking down the collaboration platform. Affected are all Mattermost deployments running versions 10.11.x through 11.6.0. Any account holding file upload or URL-posting permissions can exploit this remotely without elevated privileges, making it a realistic insider or compromised-account threat. No public exploit code or CISA KEV listing has been identified at time of analysis, but the low attack complexity and broad authentication base increase practical risk.

File Upload Denial Of Service Mattermost
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-5072 MEDIUM This Month

Zephyr RTOS versions up to and including 4.3 expose a denial-of-service condition in the PTP (Precision Time Protocol) subsystem through improper validation of the log_announce_interval field. An unauthenticated attacker on an adjacent network can crash affected devices or induce resource starvation loops by sending a two-stage sequence of malformed PTP messages that provokes undefined behavior via an out-of-bounds bitwise shift on a 64-bit integer. No public exploit code has been identified at time of analysis, and EPSS scoring of 0.05% (17th percentile) combined with SSVC exploitation status of 'none' indicates low observed threat activity, though the deterministic crash path on certain architectures warrants patch prioritization on embedded IoT and industrial control deployments.

Denial Of Service Zephyr
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-39827 Go MEDIUM POC PATCH GHSA This Month

Unbounded memory growth in the golang.org/x/crypto/ssh package allows an authenticated remote attacker to crash the SSH server process by repeatedly opening channels that the server rejects. All versions of golang.org/x/crypto/ssh prior to 0.52.0 are affected, and a successful attack disrupts service for every user connected to that server instance. No public exploit has been identified at time of analysis, and EPSS probability sits at 0.02% (5th percentile), though the authentication barrier is low and the availability impact affects all concurrent sessions.

Denial Of Service Golang Org X Crypto Ssh
NVD VulDB GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-42626 Awaiting Data

HP ENVY 5000 series printers VERBASPP1N003.2237A.00 do not properly manage concurrent TCP connections to port 9100 (JetDirect/RAW printing). An unauthenticated remote attacker on the same network can establish a persistent connection to port 9100 and send keep-alive packets, causing the printer's session threads to remain locked in a waiting state. The firmware lacks connection timeouts and concurrent session limits, resulting in a persistent Denial of Service (DoS) that renders the printer unresponsive to all user commands and print jobs. Physical intervention (manual restart) is required to restore functionality, and the attack can be immediately re-initiated.

HP Denial Of Service N A
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-46727 HIGH POC PATCH This Week

Use-after-free in Ruby 4.x (before 4.0.5) lets remote attackers who can manipulate DNS response timing crash applications calling Addrinfo.getaddrinfo with a timeout: option or Socket.tcp with resolv_timeout:. The flaw lives in the pthread-based getaddrinfo timeout handler (rb_getaddrinfo in ext/socket/raddrinfo.c) and, while reliably exploitable for denial of service, also raises a theoretical possibility of memory-corruption-based code execution. No public exploit identified at time of analysis.

Denial Of Service Race Condition Ruby
NVD VulDB GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-46679 npm HIGH PATCH GHSA This Week

Remote denial-of-service in @libp2p/gossipsub (versions <= 15.0.22) allows a single unauthenticated peer to exhaust the Node.js heap of any gossipsub node running default options. Three cooperating defects - an uncapped decode limit (maxSubscriptions = Infinity), unbounded growth of the internal this.topics Map on subscription handling, and a memory leak that leaves empty Sets behind on peer disconnect - combine to produce ~22x amplification, crashing a 1.5GB-heap process after roughly 68MB of attacker bandwidth (~5 seconds at 100Mbps). A working PoC is published in the GitHub Security Advisory GHSA-4f8r-922h-2vgv; no public exploit identified at time of analysis as a separate weaponized tool, but the advisory itself contains reproducible test code.

Node.js Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-46629 PHP MEDIUM PATCH GHSA This Month

Unbounded formatter memoization in twig/intl-extra versions prior to 3.26.0 enables memory exhaustion denial of service on persistent PHP worker runtimes. The IntlExtension caches every unique combination of template filter arguments (locale, pattern, grouping_used, attrs, etc.) as ICU formatter objects with no eviction policy; because ICU allocates its backing buffers outside the Zend memory manager, this growth entirely bypasses PHP's memory_limit directive. On long-running runtimes such as RoadRunner, Swoole, FrankenPHP worker mode, and ReactPHP - where a single Twig\Environment persists across requests - the cache accumulates indefinitely across all requests, making targeted or incidental denial of service achievable without any authentication. No public exploit has been identified at time of analysis and no CISA KEV listing exists.

Denial Of Service
NVD GitHub
CVSS 4.0
5.3
EPSS
0.1%
CVE-2026-46673 Cargo HIGH PATCH GHSA This Week

Denial-of-service via unchecked memory allocation in russh (Rust SSH library) versions <= 0.60.2 allows local SSH agent peers to trigger uncontrolled buffer growth by sending oversized frame length values, and in pre-0.58.0 releases the same CryptoVec allocation path was reachable from remote SSH transport and zlib decompression buffers. The flaw stems from CryptoVec performing unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking calls including NonNull::new_unchecked on potentially failed allocations, which can abort the process under memory pressure. Publicly available exploit code exists in the form of researcher-supplied PoC tests demonstrating both rejection on patched code and crash behavior on historical versions; no public exploit identified at time of analysis for active campaigns and the issue is not listed in CISA KEV.

SSH Denial Of Service RCE
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-46553 npm LOW PATCH GHSA Monitor

Attachment size limit bypass in NocoDB (npm, versions up to and including 0.301.3) allows authenticated users with upload permission to store files exceeding the operator-configured `NC_ATTACHMENT_FIELD_SIZE` quota via the upload-by-URL pathway. The attachments service failed to validate file size against either the remote server's `Content-Length` HTTP header or the decoded byte length of `data:` URI payloads before fetching, and the local storage plugin did not set `maxContentLength` on the axios download, enabling unconstrained resource consumption. No public exploit has been identified at time of analysis, and no vendor-released patched version is confirmed available.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-46551 npm MEDIUM PATCH GHSA This Month

Disk exhaustion denial of service in NocoDB's v1/v2 attachment upload-by-URL API allows authenticated users with Editor-level privileges or higher to direct the server to fetch arbitrarily large remote files, consuming all available disk space. The root cause is missing enforcement of the NC_ATTACHMENT_FIELD_SIZE configuration limit in attachments.service.ts for the v1/v2 code paths, despite the v3 equivalent already implementing the constraint correctly. Cascading failures follow disk exhaustion: database writes block, log rotation fails, and the application itself may crash - making this a high-availability-impact issue for any NocoDB deployment with untrusted authenticated users.

Denial Of Service SSRF
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-46545 Cargo HIGH PATCH GHSA This Week

Remote unauthenticated denial-of-service in the Nimiq core-rs-albatross client (nimiq-primitives crate prior to 1.5.0) lets any state-sync peer crash a syncing node by sending a ResponseChunk whose first TrieItem.key is the empty ROOT key, triggering a panic in MerkleRadixTrie::put_chunk → put_raw. No public exploit identified at time of analysis, but the issue is trivially triggerable with a single malformed chunk and affects all nodes performing initial sync or recovery against untrusted peers. EPSS data was not provided; CVSS A:H impact and zero attacker prerequisites make this a high-priority availability bug for Nimiq node operators.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-46543 Cargo MEDIUM PATCH GHSA This Month

Unauthenticated remote crash of Nimiq full nodes running nimiq-blockchain versions before 1.5.0 is achievable by any network peer sending a single crafted RequestBatchSet message referencing the genesis block hash. The node's batch set handler iterates backward through macro blocks without a lower-bound guard, causing a Rust panic in Policy::macro_block_before when iteration reaches genesis, immediately terminating the process. No CISA KEV listing and no public exploit code exist at time of analysis; however, the attack requires no authentication and trivially low complexity, posing a real availability threat to any reachable full node.

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-46542 Cargo MEDIUM PATCH GHSA This Month

Process crash in the nimiq-keys Rust crate (versions below 1.4.0) occurs when the Ed25519 multisig delinearization path receives a 32-byte public key that is length-valid but does not represent a valid point on the Edwards25519 curve, triggering a Rust `.unwrap()` panic that kills the hosting wallet process. Affected users are those running the Nimiq web-client WASM library or nimiq-wallet crate who can be persuaded by an attacker to include a crafted key in a multisig setup; validator nodes and all consensus infrastructure are explicitly out of scope. No public exploit has been identified at time of analysis, and no KEV listing exists, indicating this has not been broadly weaponized.

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-46432 PyPI HIGH PATCH GHSA This Week

Arbitrary code execution in InternLM lmdeploy <= 0.12.3 occurs because trust_remote_code=True is hardcoded across HuggingFace model-loading call sites in lmdeploy/archs.py and lmdeploy/utils.py. An attacker who can influence the model_path passed to an lmdeploy serving process can point it at a malicious HuggingFace repository, causing Transformers to download and execute attacker-controlled Python code with the privileges of the serving daemon. Publicly available exploit code exists in the GHSA advisory, and an upstream fix has been merged via PR #4511 (fixed in 0.13.0).

Kubernetes Code Injection RCE Denial Of Service Python
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43496 MEDIUM PATCH This Month

Null pointer dereference in the Linux kernel's RED qdisc (sch_red) allows a local user with low privileges to trigger a kernel panic and system crash when a specific nested qdisc hierarchy is configured. The flaw occurs in net/sched/sch_red.c when RED calls its child qdisc's dequeue() directly after a peek() has already cached the packet in QFQ's gso_skb buffer, causing QFQ's dequeue path to dereference a null pointer. No public exploit has been identified at time of analysis, and EPSS is 0.02% (7th percentile), reflecting very low real-world exploitation probability.

Linux Denial Of Service Null Pointer Dereference Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-42001 HIGH PATCH This Week

Remote denial of service in PowerDNS Authoritative Server arises from insufficient validation of SOA queries received via the Autoprimary (formerly 'supermaster') replication mechanism, allowing unauthenticated network-based attackers to disrupt service availability. The flaw carries a CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) with availability-only impact, and no public exploit identified at time of analysis. The OX-reported issue is documented in PowerDNS Security Advisory 2026-06.

Denial Of Service Authoritative
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-44071 LOW Monitor

Netatalk versions 3.1.2 through 4.4.2 are distributed as binaries compiled without the FORTIFY_SOURCE flag, stripping away runtime buffer overflow detection that the compiler would otherwise embed into unsafe C standard library calls. Remote unauthenticated attackers can, under high-complexity conditions, trigger memory errors that the absent protection would have safely caught and terminated, instead manifesting as minor availability impact (CVSS A:L). No public exploit code exists and CISA has not added this to the KEV catalog; the CVSS score of 3.7 (Low) reflects the limited impact ceiling and high attack complexity.

Denial Of Service Buffer Overflow Netatalk
NVD
CVSS 3.1
3.7
EPSS
0.1%
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel's accel/amdxdna driver (AMD AI accelerator/NPU subsystem) allows a local low-privileged user to trigger a kernel crash and denial of service. The flaw arises during error-path execution in aie2_create_context(): when mailbox channel creation fails, the channel pointer remains NULL, yet aie_destroy_context() is unconditionally called assuming it is non-NULL. No public exploit code exists and EPSS probability is 0.02%, indicating very low exploitation activity. Vendor-released patches are available in Linux 6.19.4 and the 7.0 series.

Linux Denial Of Service Null Pointer Dereference +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel's drm/panthor subsystem causes a kernel panic and denial of service during GPU firmware unplug operations. The `panthor_fw_unplug()` function incorrectly attempted MCU halt and wait procedures even when firmware was never loaded or fully initialized, dereferencing a NULL pointer in that code path. Systems running a Panthor-based ARM Mali GPU (using the Panthor DRM driver) are affected across kernel versions from the introduction of the driver up to the fixed stable commits; no public exploit exists and EPSS is at the 5th percentile, indicating negligible opportunistic exploitation probability.

Linux Denial Of Service Null Pointer Dereference +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel bareudp driver crashes the kernel when Open vSwitch triggers `bareudp_fill_metadata_dst()` against a down IPv6 bareudp tunnel device. The socket pointer (`bareudp->sock`) is NULL between `bareudp_stop()` and `bareudp_open()`, and the IPv6 path passes it unsafely to `udp_tunnel6_dst_lookup()` at `sock->sk` offset 0x18. A local attacker with low privileges and access to OVS netlink commands can force a kernel panic, causing a denial of service. No public exploit code exists and no active exploitation has been identified; EPSS at 0.02% (5th percentile) confirms negligible observed exploitation.

Linux Denial Of Service Null Pointer Dereference +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Kernel NULL pointer dereference in the Linux TAPRIO traffic scheduler allows a local user with namespace-scoped CAP_NET_ADMIN to trigger a kernel panic. On systems with unprivileged user namespaces enabled - the default on Ubuntu, Fedora, Debian, and most container-oriented distributions - any unprivileged local user can acquire namespace-scoped CAP_NET_ADMIN simply by creating a new network namespace, reducing the effective privilege bar to an ordinary user account. Patched stable releases exist (6.6.141, 6.12.91, 7.0.10, 6.18.33, 7.1-rc2), no active exploitation has been confirmed by CISA KEV, and EPSS is 0.02% (5th percentile), but the straightforward attack sequence and wide Linux footprint make this a priority patch on multi-tenant or container-hosting systems.

Linux Canonical Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Null pointer dereference in the Linux kernel SLIP header compression (slhc) subsystem crashes the kernel when a VJ-compressed frame is received on a PPP instance configured with zero receive slots. An unprivileged local user who can create a user namespace can invoke the PPPIOCSMAXCID ioctl with a crafted argument (0xffff0000) that exploits a signed-integer arithmetic shift to supply rslots=0 to slhc_init(), leaving comp->rstate NULL; any subsequent inbound VJ frame targeting slot 0 then dereferences that NULL pointer in softirq context, producing a kernel panic. No public exploit has been identified at time of analysis, and EPSS probability is negligible at 0.02%, but the attack path is fully reachable from unprivileged user namespaces, making the practical privilege bar lower than the PR:L label implies on systems where user namespaces are enabled.

Linux Canonical Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Divide-by-zero in the Linux kernel netfilter OSF module (nfnetlink_osf) allows a local user with CAP_NET_ADMIN to crash the kernel. By injecting a crafted OS fingerprint with a zero window scale value (wss.val=0) via nfnetlink, the attacker causes nf_osf_match_one() to execute an unguarded modulo operation when any subsequent matching TCP SYN packet is processed, resulting in a kernel panic and system-wide denial of service. No active exploitation is confirmed; EPSS sits at 0.02% (5th percentile), reflecting very low probability of widespread automated exploitation.

Linux Denial Of Service Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Incorrect end-of-list detection in the Linux kernel's BPF cgroup storage map subsystem allows a local low-privileged user with BPF syscall access to trigger a kernel crash (denial of service) via the `cgroup_storage_get_next_key()` function. The function uses `list_next_entry()`, which never returns NULL but wraps to the list head on the last element, causing the kernel to read `storage->key` from a bogus pointer aliasing internal map fields and copy the result to userspace - a condition that can provoke a kernel oops or panic. No public exploit exists and EPSS is 0.02% (5th percentile), consistent with the local-only attack surface and absence of CISA KEV listing.

Linux Denial Of Service Null Pointer Dereference +2
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Denial of service in the zipdetails CLI tool bundled with Perl's IO::Compress versions 2.207 through 2.219 causes the script to abort with status 255 when parsing a ZIP archive containing an Info-ZIP Unix Extra Field (tag 0x7875) that declares an 8-byte UID or GID size. The bug is a typo in the source (calling unpackValueQ instead of unpackValue_Q), and no public exploit is identified at time of analysis; library callers of IO::Compress/IO::Uncompress are unaffected. EPSS is negligible (0.02%) and impact is limited to crashing the inspection tool, not the consuming application.

Denial Of Service Io Suse +1
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Authenticated network-accessible denial of service in Tanium Server affects three active release branches, patched in versions 7.6.4.2190, 7.7.3.8274, and 7.8.2.1176. The vulnerability stems from a CWE-772 resource leak - allocated resources are not released after their effective lifetime, enabling a low-privileged authenticated attacker to exhaust server resources. A notable conflict exists in the available data: the CVSS vector reports C:H/I:N/A:N (high confidentiality impact, no availability impact) while the CVE description, ENISA EUVD tags, and vendor advisory title all characterize this as a denial of service; defenders should treat both confidentiality and availability as potentially affected until Tanium clarifies. No public exploit is identified and EPSS is low at 0.03%.

Denial Of Service Server
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Uncontrolled resource consumption in the Simply Schedule Appointments WordPress plugin (all versions ≤ 1.6.11.5) enables unauthenticated remote attackers to exhaust PHP-FPM or mod_php worker processes, effectively rendering the WordPress site unavailable to legitimate users. The attack surface is a publicly accessible REST endpoint (/wp-json/ssa/v1/async) that directly passes a caller-controlled delay parameter into PHP's native sleep() function with no rate limiting or input sanitization. No public exploit code has been identified at time of analysis and EPSS is very low (0.05%, 15th percentile), suggesting limited opportunistic interest so far, though the trivially low attack complexity means any actor can attempt this with no tooling.

Denial Of Service WordPress PHP
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Denial of service in OpenStack Swift's s3api middleware allows an authenticated S3 API user to permanently hang proxy-server workers by sending a truncated aws-chunked PUT request body. Versions 2.36.0 through 2.36.1 and 2.37.0 through 2.37.1 are affected; the defect was introduced in 2.36.0 and fixed in 2.36.2 and 2.37.2. There is no public exploit identified at time of analysis, and EPSS is very low (0.04%, 12th percentile), but the high availability impact and low attack complexity make this a credible operational threat to S3-compatible Swift deployments.

Denial Of Service Swift Red Hat
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

LiquidJS (npm package, versions through 10.25.7) has a complete bypass of its `renderLimit` time-budget defense when processing `{% for %}` or `{% tablerow %}` tags with empty bodies, enabling any low-privileged template author to stall a Node.js event-loop thread for an attacker-controlled duration. Because Node.js is single-threaded, a stall of 2-10+ seconds on one worker blocks all concurrent in-flight HTTP requests on that process, making this a practical denial-of-service vector in SaaS and multi-tenant platforms. A public proof-of-concept is included in the GitHub Security Advisory (GHSA-8xx9-69p8-7jp3) and was reproduced against liquidjs@10.25.7; no patch has been released as of this analysis.

Node.js Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Memory corruption via an off-by-one error in GnuTLS PKCS#12 bag element handling exposes any application using GnuTLS to remote unauthenticated denial of service - and potentially unspecified further impact - when a crafted PKCS#12 structure is parsed. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms exploitation requires no authentication, no user interaction, and no elevated complexity, making internet-exposed services that parse client-supplied PKCS#12 inputs the primary risk surface. No public exploit code exists and the vulnerability is not listed in the CISA KEV catalog at time of analysis.

Buffer Overflow Denial Of Service Red Hat Enterprise Linux 10 +6
NVD VulDB
EPSS 0% CVSS 5.9
MEDIUM POC PATCH This Month

Memory exhaustion in Oban Web's cron expression rendering engine allows a low-privileged attacker who can schedule jobs to crash the BEAM VM node. By submitting a cron expression with an astronomically large range such as '0 0 1-100000000 * *', the attacker causes Elixir.Oban.Web.CronExpr.describe/1 to eagerly materialize the range into a list via Enum.to_list/1, allocating approximately 2.4 GB of memory and stalling or crashing the node when a dashboard user views the cron job list. No public exploit identified at time of analysis, but the attack requires no specialized tooling - the malicious expression is trivial to craft given knowledge of the unguarded parse path.

Denial Of Service Oban Web
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW POC Monitor

Null pointer dereference in GPAC's MP4Box tool (versions 2.0 through 2.4.0) allows a local, low-privileged attacker to crash the application by supplying a crafted MP4 file with a malformed Protection System Header Box (PSSH). The vulnerability resides in the MergeFragment function, which fails to validate the private_data pointer before passing it to memmove, resulting in a denial-of-service impact limited to the MP4Box process. A public proof-of-concept exploit exists (hosted on GitHub), though EPSS sits at 0.01% (2nd percentile) and the flaw is not listed in the CISA Known Exploited Vulnerabilities catalog, consistent with the low-severity, local-only nature of the issue.

Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Remote code execution and denial of service in IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5 and 9.0 stem from improper input validation (CWE-444 HTTP Request Smuggling). Unauthenticated network attackers can send crafted requests that desynchronize the plug-in's request parsing, potentially achieving full compromise of the application tier. No public exploit identified at time of analysis, and EPSS remains low (0.06%), but the vendor confirms a patch and CISA SSVC rates the technical impact as total with automatable exploitation.

Denial Of Service IBM Request Smuggling +1
NVD VulDB
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

Incorrect permission assignment in the NVIDIA Display Driver kernel module on Windows and Linux allows a highly privileged local user to corrupt critical resource permissions, leading to denial of service and potentially data tampering. Affected product lines span GeForce (limited to Maxwell, Volta, and Pascal architectures on some branches), RTX/Quadro/NVS, Tesla, and Guest (vGPU) drivers across multiple version branches. No public exploit exists and no active exploitation has been identified; SSVC assessment rates exploitation as none and impact as partial, consistent with the moderate CVSS score of 4.4.

Denial Of Service Nvidia Microsoft +1
NVD VulDB
EPSS 0% CVSS 5.8
MEDIUM This Month

Out-of-bounds write in NVIDIA Virtual GPU Manager exposes virtualized GPU deployments to denial of service, data tampering, and information disclosure. A local, low-privileged attacker operating within a virtualized environment can trigger the memory corruption flaw in the host-side vGPU manager component across multiple affected driver branches (vGPU 16.x through 20.x). No public exploit code exists at time of analysis, and EPSS probability is at the 2nd percentile, but the high availability impact (A:H in CVSS) and the prevalence of vGPU in enterprise virtualization infrastructure warrant prompt patching.

Nvidia Memory Corruption Information Disclosure +3
NVD VulDB
EPSS 0% CVSS 7.0
HIGH This Week

Local privilege escalation and code execution in NVIDIA Virtual GPU Manager arises from a use-after-free on stack memory within the vGPU hypervisor component. Authenticated local attackers on the host or guest side of an affected vGPU deployment (vGPU branches 16.x through 20.x) can trigger memory corruption that may yield DoS, info disclosure, data tampering, or arbitrary code execution. No public exploit identified at time of analysis and EPSS is 0.01%, but SSVC rates technical impact as total.

Nvidia Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in NVIDIA Display Driver for Linux (GeForce, RTX/Quadro/NVS, Tesla, and vGPU guest drivers) allows an authenticated local user to abuse improper permission handling in a kernel mode layer handler, enabling code execution, privilege elevation, and data tampering. CVSS 7.8 reflects high impact across confidentiality, integrity, and availability, but the attack vector is local and authenticated. No public exploit identified at time of analysis and EPSS is 0.01%, but SSVC marks technical impact as total.

Nvidia RCE Linux +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation in NVIDIA Display Driver for Windows (GeForce, RTX/Quadro/NVS, Tesla, and vGPU guest/manager components) stems from a time-of-check time-of-use (TOCTOU) race condition that can be abused by a low-privileged local user. Successful exploitation may yield code execution, privilege escalation, denial of service, information disclosure, or data tampering with scope change beyond the driver's security boundary. No public exploit identified at time of analysis; EPSS is 0.01% and SSVC exploitation status is 'none', so the practical risk is contingent on local access and winning a high-complexity race.

Nvidia RCE Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in NVIDIA Display Driver for Windows and Linux allows authenticated low-privilege users to improperly access GPU resources via a kernel mode layer flaw, potentially leading to code execution, privilege escalation, information disclosure, data tampering, and denial of service. The issue affects GeForce, RTX/Quadro/NVS, and Tesla product lines across multiple driver branches and carries a CVSS 7.8 (High) score. No public exploit identified at time of analysis, and EPSS probability is very low (0.01%), but the breadth of affected hardware and total technical impact warrant prompt patching.

Nvidia RCE Linux +4
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in the NVIDIA Display Driver for Windows and Linux allows an authenticated low-privileged user to trigger an out-of-bounds write (CWE-787) in the kernel-mode driver, potentially leading to code execution, privilege escalation, information disclosure, data tampering, or denial of service. The flaw affects GeForce, RTX/Quadro/NVS, and Tesla product lines, with NVIDIA confirming the vulnerability and releasing patched driver versions. No public exploit identified at time of analysis, and EPSS rates exploitation probability at just 0.01%.

Nvidia Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Out-of-bounds read in NVIDIA Display Driver for Linux (GeForce, RTX/Quadro/NVS, Tesla, and vGPU Guest drivers) allows a locally authenticated user to trigger denial of service and information disclosure. The flaw carries a CVSS 3.1 score of 7.1 (AV:L/AC:L/PR:L), and per CISA SSVC there is no public exploit identified at time of analysis (Exploitation: none), with EPSS at 0.01% indicating negligible near-term exploitation likelihood. NVIDIA has published fixed driver versions across all affected branches in advisory ID 5821.

Denial Of Service Information Disclosure Nvidia +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

NVIDIA Display Driver for Linux exposes a denial-of-service condition in the Multi-Instance GPU (MIG) partition management subsystem, rooted in insecure default initialization of memory subsystem routing resources (CWE-1188). A local authenticated user - with low privileges on a Linux system running MIG-enabled Tesla, GeForce, RTX/Quadro/NVS, or Virtual GPU Manager driver branches - can trigger a hang or data corruption during partition reconfiguration, potentially disrupting all GPU workloads sharing the affected physical GPU. No public exploit code exists and this vulnerability is not in CISA KEV; EPSS sits at 0.01% (2nd percentile), indicating no observed mass exploitation at time of analysis.

Denial Of Service Nvidia
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Race condition exploitation in NVIDIA Display Driver's Linux kernel module allows a local authenticated user to cause denial of service by manipulating compiler or processor memory instruction ordering. Affected product lines span GeForce, RTX/Quadro/NVS, Tesla, and vGPU Guest Driver across multiple driver branches up to the March 2026 release. No active exploitation has been confirmed - this is not listed in CISA KEV, EPSS is 0.01% (1st percentile), and SSVC assessment classifies exploitation status as none - placing this firmly in a patch-and-monitor category rather than emergency response.

Denial Of Service Nvidia Race Condition +6
NVD VulDB
EPSS 0% CVSS 5.6
MEDIUM PATCH This Month

Race condition in NVIDIA GPU Display Driver for Linux allows a high-privileged local attacker to leak sensitive kernel or process memory, producing limited information disclosure alongside potential data tampering and denial of service. Affected product lines span GeForce, RTX/Quadro/NVS, and Tesla GPU families running Linux driver branches prior to 580.159.03 or 595.71.05. No public exploit code exists and this vulnerability is absent from the CISA KEV catalog; an EPSS of 0.01% (1st percentile) and SSVC classification of Exploitation: none together place it at the lowest tier of real-world exploitation priority.

Denial Of Service Information Disclosure Nvidia +3
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Denial of service in NVIDIA Display Driver for Windows and Linux stems from improper lock management (CWE-667), where an attacker with local low-privilege access can leak held driver locks, potentially crashing or hanging the driver stack and denying GPU availability system-wide. Scope is changed (S:C), meaning the impact extends beyond the vulnerable component to the broader kernel or hypervisor layer. No public exploit identified at time of analysis and no CISA KEV listing; EPSS at 0.01% (1st percentile) and SSVC exploitation status of 'none' consistently signal low near-term exploitation likelihood.

Denial Of Service Nvidia Microsoft
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Denial of service in the NVIDIA Display Driver for Linux (UVM kernel module) allows a local user to crash or render the GPU subsystem unavailable through improper input validation. The flaw affects NVIDIA Guest drivers used in vGPU deployments (versions 580.126.09 and 595.58.03 across vGPU 19.4 and 20.0 branches) and carries a CVSS 7.1 with high availability impact and scope change. There is no public exploit identified at time of analysis, and EPSS is very low (0.01%, 2nd percentile), consistent with the local attack vector and DoS-only impact.

Denial Of Service Nvidia
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in NVIDIA Display Driver for Linux (GeForce, RTX/Quadro/NVS, Tesla, and Virtual GPU Manager branches) stems from an incorrect numeric type conversion (CWE-681) that produces a heap buffer overflow. A locally authenticated attacker with low privileges can trigger the flaw to achieve code execution, privilege escalation, information disclosure, data tampering, or denial of service. No public exploit identified at time of analysis, and EPSS is very low (0.01%, 1st percentile), but technical impact per SSVC is total.

Nvidia RCE Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Local privilege escalation and code execution in the NVIDIA Display Driver for Linux (GeForce, RTX/Quadro/NVS, Tesla, and vGPU Guest/Manager components) stems from a use-after-free memory corruption flaw (CWE-416) that a local low-privileged user can trigger to compromise the kernel-level driver. The scope-changed CVSS 8.8 score reflects that successful exploitation crosses a trust boundary, potentially yielding code execution, privilege escalation, information disclosure, data tampering, or denial of service. EPSS is 0.01% (1st percentile) and there is no public exploit identified at time of analysis, but a vendor patch is available across all affected branches.

Nvidia Memory Corruption RCE +3
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Invalid pointer dereference in IBM HTTP Server 8.5 and 9.0 allows an authenticated privileged user on the Administration Server to expose sensitive information or trigger a denial-of-service condition. The flaw requires adjacent network access and existing low-level privileges, and no public exploit identified at time of analysis. EPSS exploitation probability is negligible (0.01%) and CISA SSVC indicates no observed exploitation.

Denial Of Service IBM Http Server
NVD VulDB
EPSS 0% CVSS 8.0
HIGH PATCH This Week

Heap-based buffer overflow in IBM HTTP Server 8.5 and 9.0 allows an attacker already authenticated to the Administration Server to execute arbitrary code or crash the service. The flaw requires adjacent network access and existing low-level privileges, and no public exploit identified at time of analysis despite the high CVSS 8.0 rating. EPSS probability is negligible (0.01%) and SSVC marks exploitation as 'none,' indicating the issue is currently a patch-and-move-on item rather than an emergency.

Denial Of Service Heap Overflow IBM +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

NULL Pointer Dereference in Autodesk 3ds Max's PAR file parser allows a local attacker to crash the application by convincing a user to open a specially crafted PAR file, resulting in a denial-of-service condition. Affected versions span both the 2026 (prior to 2026.1) and 2027 (prior to 2027.1) release lines. No active exploitation has been identified - EPSS is 0.00% (0th percentile), SSVC exploitation status is 'none', and the vulnerability is not listed in CISA KEV - placing this squarely in a low-urgency, patch-and-monitor posture.

Denial Of Service Null Pointer Dereference 3ds Max
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Remote code execution and denial of service in IBM HTTP Server 8.5 and 9.0 affects deployments configured with TLS mutual (client certificate) authentication, where an attacker can trigger code injection (CWE-94) over the network without prior authentication. The flaw carries a CVSS 8.1 score with high attack complexity, and IBM has published a patch (advisory node/7274065); no public exploit has been identified at time of analysis and SSVC marks exploitation as 'none' with total technical impact.

Denial Of Service Code Injection IBM +2
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in IBM HTTP Server 8.5 and 9.0 allows remote unauthenticated attackers to crash or degrade the service when the optional mod_mem_cache module is loaded. The flaw carries a CVSS 7.5 (availability-only impact) and has no public exploit identified at time of analysis, though the SSVC framework rates exploitation as automatable. EPSS probability is very low (0.01%, 3rd percentile), suggesting limited near-term exploitation interest.

Denial Of Service IBM Http Server
NVD
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Denial of service in IBM HTTP Server 8.5 and 9.0 allows local attackers with write access to server configuration files to crash or render the web server unavailable. The CVSS vector (AV:L/PR:N) indicates a local attack vector with high integrity and availability impact, and no public exploit has been identified at time of analysis. EPSS exploitation probability is very low at 0.03% (9th percentile), and SSVC scores exploitation as 'none' with partial technical impact, suggesting limited real-world urgency.

Denial Of Service IBM Http Server
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Denial of service in IBM HTTP Server 8.5 and 9.0 is achievable by a local, unprivileged attacker through the optional mod_fastcgi module, which triggers a reachable assertion (CWE-617) causing the server process to abort. Affected versions span IBM HTTP Server 9.0 and IBM HTTP Server 8.5.0 through Interim Fix 002. No public exploit exists and CISA has not listed this in the KEV catalog; EPSS exploitation probability is extremely low at 0.03% (9th percentile), indicating minimal real-world threat at present.

Denial Of Service IBM Http Server
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in IBM HTTP Server 8.5 and 9.0 allows remote unauthenticated attackers to crash the web server when the optional mod_ibm_upload module is loaded, triggering a null pointer dereference (CWE-476). No public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.02% (4th percentile), though SSVC flags the issue as automatable with partial technical impact. Affected deployments include HTTP Server 8.5 up to Interim Fix 002 and HTTP Server 9.0, with a vendor patch available via IBM support note 7274065.

Denial Of Service Null Pointer Dereference IBM +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Heap buffer overflow in libsolv allows local attackers to corrupt memory when a vulnerable application processes a maliciously crafted .solv repository metadata file. The flaw stems from insufficient input validation during decompression of attacker-controlled data, enabling information disclosure, control-flow alteration, or denial of service across multiple Red Hat Enterprise Linux releases and SUSE distributions. SSVC marks exploitation as PoC-level with total technical impact, while EPSS remains very low at 0.01%, indicating limited probability of widespread exploitation despite high severity.

Denial Of Service Information Disclosure Memory Corruption +9
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Null pointer dereference in the Linux kernel's Bluetooth L2CAP socket layer crashes the kernel when `l2cap_sock_get_sndtimeo_cb()` is invoked with a NULL socket context, resulting in a local denial-of-service (kernel panic). The flaw stems from an oversight where sibling callbacks `l2cap_sock_resume_cb()` and `l2cap_sock_ready_cb()` already carry the required NULL guard, but `l2cap_sock_get_sndtimeo_cb()` does not. With EPSS at 0.02% (5th percentile), no public exploit identified, and no CISA KEV listing, real-world exploitation risk is low - but the vulnerability has persisted since Linux 3.13 and affects every major stable branch until patched versions were released.

Linux Denial Of Service Null Pointer Dereference +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Null pointer dereference in the Linux kernel's Bluetooth L2CAP socket layer crashes the kernel when `l2cap_sock_new_connection_cb()` is invoked without the NULL guard present in sibling callbacks. Local unprivileged users on systems with Bluetooth enabled can trigger a kernel oops or panic, resulting in a denial of service. No public exploit or CISA KEV listing exists; EPSS probability is near zero at 0.02% (5th percentile), indicating minimal active exploitation interest at time of analysis.

Linux Denial Of Service Null Pointer Dereference +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel Bluetooth L2CAP subsystem causes a local denial-of-service via kernel panic when `l2cap_sock_state_change_cb()` is invoked with a NULL socket pointer. A local low-privileged user with access to the Bluetooth socket API can trigger a system crash by exercising the L2CAP state change callback path that lacked the NULL guard already applied to sibling callbacks `l2cap_sock_resume_cb()` and `l2cap_sock_ready_cb()`. No active exploitation is confirmed (not in CISA KEV) and EPSS stands at 0.02% (5th percentile), indicating minimal real-world adversarial interest at time of analysis.

Linux Denial Of Service Null Pointer Dereference +2
NVD VulDB
EPSS 0% CVSS 8.1
HIGH This Week

Denial of service in Check Point Quantum Security Gateway allows remote unauthenticated attackers to crash the VPN processing service by sending specially crafted IKE packets over NAT-T (UDP/4500). Multiple supported releases (R81.10 and below, R81.20, R82, R82.10) are affected up to specific Jumbo Hotfix takes. No public exploit identified at time of analysis, and EPSS is low at 0.06% (17th percentile), suggesting limited near-term exploitation likelihood despite the 8.1 CVSS score.

Denial Of Service Information Disclosure Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 8.1
HIGH This Week

Denial of service in Check Point Quantum Security Gateway allows remote unauthenticated attackers to terminate the VPN service by sending a malformed IKE fragment to UDP port 500 during the early phase of a connection attempt. The flaw affects multiple R81.x, R82, and R82.10 release trains running below specific Jumbo Hotfix Takes; no public exploit identified at time of analysis and EPSS exploitation probability is very low (0.02%, 5th percentile).

Denial Of Service Heap Overflow Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM This Month

NULL pointer dereference in Hitachi Energy RTU500 series CMU Firmware allows an adjacent low-privileged attacker to crash the IEC 60870-5-104 communication process by sending a specially crafted sequence of messages over time, resulting in a Denial of Service on the RTU device. Exploitation is gated behind a non-default configuration - only deployments with bidirectional communication interface (BCI) mode enabled are affected. No public exploit exists and EPSS places exploitation probability at 0.02% (7th percentile), consistent with the specialized OT/ICS context, adjacency requirement, and SSVC confirmation of no known active exploitation.

Denial Of Service Null Pointer Dereference Rtu500 Series Cmu Firmware
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

Heap-based buffer overflow in Hitachi Energy MACH HiDraw's XML parser allows a low-privileged, locally authenticated attacker to corrupt heap memory by inducing a victim to open a specially crafted XML file, with a primary impact of high availability loss (application crash) and limited confidentiality and integrity compromise. Affected versions span MACH HiDraw 9.0 through versions prior to 9.22 per EUVD-2026-31812. No public exploit identified at time of analysis, and an EPSS score of 0.01% (3rd percentile) combined with an SSVC exploitation status of 'none' confirm minimal current real-world exploitation activity.

Denial Of Service Heap Overflow Buffer Overflow +2
NVD
EPSS 0% CVSS 8.7
HIGH PATCH Act Now

Denial of service in B&R Industrial Automation PPT30 Operating System versions before 1.8.0 allows unauthenticated network attackers to permanently disable the OPC-UA Server through resource exhaustion. The flaw stems from missing throttling on resource allocation (CWE-770) and carries a CVSS 4.0 score of 8.7 due to high availability impact via the network with no privileges or user interaction. EPSS is low at 0.04% and no public exploit has been identified at time of analysis, though SSVC marks the issue as automatable with partial technical impact.

Denial Of Service Ppt30 Operating System
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Denial of service in vllm 0.19.0's OpenAI-compatible serving path allows remote unauthenticated attackers to exhaust scheduler resources by submitting requests with unbounded logprob counts. The root cause, confirmed by PR diff analysis, is the absence of any per-batch logprob budget in the v1 scheduler: requests specifying logprobs=-1 (full vocabulary) multiplied across parallel sequences (n) generate massive compute and memory overhead with no cap, blocking or crashing the inference server. Publicly available exploit code exists (GitHub issue #37343); no confirmed active exploitation at time of analysis.

Denial Of Service Vllm Red Hat
NVD VulDB GitHub
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Denial of service in CODESYS Control runtime products and HMI/Toolkit components allows unauthenticated remote attackers to crash affected industrial control systems by sending malformed HTTP requests that trigger a size-limited out-of-bounds write during length parsing. The flaw affects a broad range of CODESYS runtime variants used across PLCs, industrial PCs, and embedded controllers from vendors like Beckhoff, WAGO, and Raspberry Pi-based deployments. No public exploit identified at time of analysis, EPSS is low (0.07%), but the network-reachable, no-privileges-required attack surface makes this operationally significant for OT environments.

Denial Of Service Buffer Overflow Codesys Control Rte Sl +15
NVD VulDB
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Denial of service in npm's pacote package (versions 11.2.7 and later) allows remote unauthenticated attackers to exhaust CPU by submitting a crafted spec.rawSpec value to the addGitSha function, where vulnerable regex and string-manipulation logic exhibits catastrophic backtracking. CVSS 4.0 scores this 7.7 (high availability impact, no integrity/confidentiality impact) and SSVC labels exploitation as POC with automatable=yes, though EPSS remains low at 0.04% (11th percentile). No active exploitation has been reported and no public exploit identified at time of analysis, but the bug is trivially triggerable wherever pacote parses untrusted package specs.

Denial Of Service Pacote Org Webjars Npm
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW POC Monitor

Null pointer dereference in GNU LibreDWG's dwggrep utility crashes the application when processing a maliciously crafted DWG file. The vulnerability resides in the match_BLOCK_HEADER function within dwggrep.c and affects all tracked releases from version 0.1 through 0.14. A local authenticated attacker can exploit this to cause denial of service against the dwggrep utility; no publicly available exploit code exists for confidentiality or integrity compromise, consistent with the CVSS impact scores of VC:N/VI:N/VA:L. Publicly available exploit code exists (no KEV listing), though EPSS at 0.01% reflects negligible widespread exploitation probability.

Denial Of Service Null Pointer Dereference Libredwg
NVD VulDB GitHub
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated gRPC API exposure in FastNetMon Community Edition through 1.2.9 allows adjacent network attackers to invoke security-critical RPC methods including ExecuteBan and ExecuteUnBan without credentials. The server explicitly uses grpc::InsecureServerCredentials() on port 50052, enabling attackers to blackhole legitimate traffic via BGP announcements, disable active DDoS mitigations, and trigger external script execution via popen(). No public exploit identified at time of analysis, and EPSS is low at 0.03%, but CISA SSVC rates technical impact as total.

Denial Of Service Authentication Bypass N A
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW POC PATCH Monitor

Null pointer dereference in GNU LibreDWG (all versions through 0.14) allows a local, low-privileged attacker to crash any application that uses the library to parse a maliciously crafted DWG file, resulting in a denial-of-service condition with no confidentiality or integrity impact. The affected code path is within the DWG 2004 compressed-section handler in src/decode.c, where missing bounds checks on section entry address fields permit invalid memory access. A public proof-of-concept exploit file exists; however, the vulnerability is not listed in CISA KEV, EPSS sits at 0.01% (2nd percentile), and SSVC rates it non-automatable with only partial technical impact, collectively indicating negligible in-the-wild exploitation risk at time of analysis.

Denial Of Service Null Pointer Dereference Libredwg
NVD VulDB GitHub
EPSS 0% CVSS 1.9
LOW POC PATCH Monitor

Reachable assertion (CWE-617) in GNU LibreDWG's `decompress_R2004_section` function allows a local low-privileged attacker to crash the `dwgread` utility by supplying a malformed R2004-format DWG file with out-of-bounds decompression parameters. All releases from 0.1 through 0.14 are confirmed affected. Publicly available exploit code exists, though EPSS sits at 0.01% (2nd percentile) and no active exploitation is confirmed - consistent with the strictly local, no-code-execution impact profile.

Denial Of Service Libredwg
NVD VulDB GitHub
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Assertion failure in ECDSA signature verification within PuTTY 0.71 through 0.83 allows a network-positioned attacker to crash the PuTTY client, producing a denial-of-service condition. The vulnerability (CWE-617: Reachable Assertion) carries a CVSS 3.7 Low score with no confidentiality or integrity impact - availability impact is limited to the client process itself. No public exploit code exists and no active exploitation has been identified; SSVC rates exploitation as none and the EPSS score of 0.04% (12th percentile) confirms minimal current exploitation probability.

Denial Of Service Putty
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Notebook Pro 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the notebook name field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Notebook Pro
NVD Exploit-DB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Visual Ping 0.8.0.0 contains a buffer overflow vulnerability in input field handling that allows local attackers to crash the application by supplying oversized data. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Visual Ping
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.7
HIGH POC This Week

Nord VPN 6.14.31 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting an excessively long string in the password field. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Nordvpn
NVD Exploit-DB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

NASA openVSP 3.16.1 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the geometry name field. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Openvsp
NVD Exploit-DB GitHub
EPSS 0% CVSS 8.7
HIGH POC PATCH This Week

Denial of service in benoitc hackney (Erlang HTTP client) versions 2.0.0 through 4.0.0 allows a malicious WebSocket server to exhaust client memory via three unbounded buffer paths in src/hackney_ws.erl. An attacker controlling the server the hackney client connects to can drive the Erlang VM to OOM by streaming bytes without terminator, declaring a giant RFC 6455 frame length, or sending endless non-final continuation fragments. Publicly available exploit code exists per SSVC, EPSS is low at 0.09%, and a vendor patch is available in 4.0.1.

Denial Of Service Hackney
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH POC PATCH This Week

Denial of service in benoitc hackney (Erlang HTTP client) 2.0.0 through 4.0.0 allows remote unauthenticated attackers to crash the BEAM VM by supplying URLs with attacker-chosen scheme prefixes, exhausting the non-garbage-collected atom table (default limit 1,048,576). Exploitation is automatable per SSVC and affects any application that parses untrusted URLs via hackney - including request targets, configured webhook URLs, or Location redirect headers. No public exploit identified at time of analysis and EPSS is low (0.04%), but a vendor patch is available in 4.0.1.

Denial Of Service Hackney
NVD GitHub VulDB
EPSS 0% CVSS 8.2
HIGH POC PATCH This Week

Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. hackney_h3:await_response_loop/6 accumulates the HTTP/3 response body in memory without any size cap. The after Timeout clause is a per-message inactivity timer that resets on every received chunk, housekeeping message, or settings frame - it is not a wall-clock deadline. A malicious HTTP/3 server that emits one small chunk every Timeout - 1 ms with Fin = false and never sends a final frame keeps the loop alive indefinitely while the accumulation buffer grows linearly without bound, eventually exhausting the BEAM process heap and causing an out-of-memory condition. This issue affects hackney: from 2.0.0 before 4.0.1.

Denial Of Service Hackney
NVD GitHub VulDB
EPSS 0% CVSS 8.2
HIGH POC PATCH This Week

Denial of service in benoitc hackney (Erlang HTTP client) versions 0.10.0 through 4.0.0 lets a hostile SOCKS5 or HTTP CONNECT proxy hang the connecting Erlang process indefinitely during the TLS upgrade phase. Because the caller-supplied timeout was not forwarded to ssl:connect/2, which defaults to infinity, recv_timeout and connect_timeout options are silently bypassed. Publicly available exploit code exists per SSVC, EPSS is low (0.04%), and a vendor patch is available in 4.0.1.

Denial Of Service Hackney
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH POC PATCH This Week

Denial-of-service in benoitc's hackney Erlang HTTP client (versions 2.0.0-beta.1 through 4.0.0) allows any HTTP origin server to pin a client process at 100% CPU by returning a malformed Alt-Svc response header. The flaw is a CWE-835 infinite loop in the Alt-Svc parser, triggerable by a single byte such as '!' in the header value. No public exploit identified at time of analysis, EPSS is low (0.04%), but SSVC rates exploitation as POC and the attack is automatable; a vendor patch is available in 4.0.1.

Denial Of Service Hackney
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Server process termination in Mattermost is achievable by any authenticated user via a crafted outgoing webhook callback response that contains a null attachment entry - exploiting the server's failure to filter nil elements from attachment payloads before processing (CWE-754). Affected release trains span 10.11.x through 11.6.x, covering a wide installed base. No public exploit exists and EPSS is extremely low at 0.04% (12th percentile), but the availability impact is rated High by CVSS and the attack requires only low-privilege authentication over the network with no user interaction, making this a meaningful insider or compromised-account threat capable of triggering a full service outage.

Denial Of Service Mattermost
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Unauthenticated denial of service in GNU SASL before version 2.2.3 occurs through a NULL pointer dereference in the DIGEST-MD5 authentication mechanism. Remote attackers can crash both client and server applications by sending a malformed authentication token that lacks an equals sign character, causing the getsubopt.c parser to dereference a NULL pointer.

Null Pointer Dereference Denial Of Service Gnu Sasl
NVD VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Pre-authentication denial of service in Parse Server (versions <8.6.77 and 9.0.0 through 9.9.0) allows remote unauthenticated attackers who know a publicly-discoverable Parse Application ID to pin Node.js workers for seconds to minutes by sending a crafted X-Parse-Client-Version header or _ClientVersion JSON body field that triggers polynomial regex backtracking in the client SDK version parser. The parser runs before session authentication and rate limiting on every /parse/* request, so a handful of concurrent requests can saturate a worker fleet. No public exploit identified at time of analysis, EPSS sits at 0.16% (37th percentile), and the issue is not in CISA KEV.

Node.js Denial Of Service
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Excessive CPU consumption in the golang.org/x/net/html package's HTML parser allows remote attackers to cause denial of service by supplying crafted HTML input to any Go application that parses untrusted markup using this library. All versions before 0.55.0 are confirmed affected per EUVD-2026-31447 and the Go vulnerability database (GO-2026-5028). No active exploitation has been identified - CISA SSVC rates exploitation as 'none' and the EPSS score of 0.04% (13th percentile) indicates very low observed exploitation probability at time of analysis.

Denial Of Service Golang Org X Net Html Suse
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Server crash via race condition in Mattermost's persistent notification and channel archival subsystem allows any low-privileged authenticated user to bring down the server with no user interaction required. Affected branches span 10.11.x through 11.6.x across multiple maintenance lines. No public exploit code has been identified at time of analysis and the vulnerability is absent from CISA KEV, but the low authentication bar combined with network accessibility and low attack complexity makes this a credible insider threat or targeted denial-of-service vector against any exposed Mattermost deployment.

Denial Of Service Race Condition Mattermost
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Authenticated denial-of-service in Mattermost's plugin subsystem allows a low-privileged user to crash the plugin process by sending a crafted HTTP request to the PR details API endpoint. Affected across four active release branches (10.11.x, 11.4.x, 11.5.x, 11.6.x), the flaw stems from missing input validation in API request handlers (CWE-1287). No public exploit code exists and the vulnerability is not listed in CISA KEV; however, the low authentication barrier (any valid account) combined with network accessibility makes it a realistic insider or post-compromise nuisance risk.

Denial Of Service Mattermost
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in Mattermost server (versions 11.6.0, 11.5.0-11.5.3, 11.4.0-11.4.4, and 10.11.0-10.11.14) allows remote attackers to crash the server process by sending a crafted msgpack-encoded binary WebSocket frame to the public endpoint. The flaw stems from missing validation of frame sizes before memory allocation, enabling a full service outage for all users. No public exploit identified at time of analysis, and the CVSS 7.5 score reflects the unauthenticated network-reachable nature of the attack with high availability impact.

Denial Of Service Mattermost
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Denial of service in Mattermost's plugin HTTP endpoint layer allows an authenticated high-privilege attacker to exhaust server resources by sending crafted oversized HTTP request bodies. Affected across four concurrent release branches - 10.11.x through 11.6.x - with no published EPSS score and no confirmed active exploitation or public proof-of-concept at time of analysis. The CVSS score of 4.9 (Medium) accurately reflects the high-privilege prerequisite that meaningfully limits the realistic attacker population, though availability impact is rated High, meaning successful exploitation disrupts service availability entirely.

Denial Of Service Mattermost
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Uncontrolled memory allocation in Mattermost's TIFF image processing allows authenticated users to trigger server-side out-of-memory (OOM) conditions, effectively taking down the collaboration platform. Affected are all Mattermost deployments running versions 10.11.x through 11.6.0. Any account holding file upload or URL-posting permissions can exploit this remotely without elevated privileges, making it a realistic insider or compromised-account threat. No public exploit code or CISA KEV listing has been identified at time of analysis, but the low attack complexity and broad authentication base increase practical risk.

File Upload Denial Of Service Mattermost
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Zephyr RTOS versions up to and including 4.3 expose a denial-of-service condition in the PTP (Precision Time Protocol) subsystem through improper validation of the log_announce_interval field. An unauthenticated attacker on an adjacent network can crash affected devices or induce resource starvation loops by sending a two-stage sequence of malformed PTP messages that provokes undefined behavior via an out-of-bounds bitwise shift on a 64-bit integer. No public exploit code has been identified at time of analysis, and EPSS scoring of 0.05% (17th percentile) combined with SSVC exploitation status of 'none' indicates low observed threat activity, though the deterministic crash path on certain architectures warrants patch prioritization on embedded IoT and industrial control deployments.

Denial Of Service Zephyr
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

Unbounded memory growth in the golang.org/x/crypto/ssh package allows an authenticated remote attacker to crash the SSH server process by repeatedly opening channels that the server rejects. All versions of golang.org/x/crypto/ssh prior to 0.52.0 are affected, and a successful attack disrupts service for every user connected to that server instance. No public exploit has been identified at time of analysis, and EPSS probability sits at 0.02% (5th percentile), though the authentication barrier is low and the availability impact affects all concurrent sessions.

Denial Of Service Golang Org X Crypto Ssh
NVD VulDB GitHub
EPSS 0% CVSS 5.9
Awaiting Data

HP ENVY 5000 series printers VERBASPP1N003.2237A.00 do not properly manage concurrent TCP connections to port 9100 (JetDirect/RAW printing). An unauthenticated remote attacker on the same network can establish a persistent connection to port 9100 and send keep-alive packets, causing the printer's session threads to remain locked in a waiting state. The firmware lacks connection timeouts and concurrent session limits, resulting in a persistent Denial of Service (DoS) that renders the printer unresponsive to all user commands and print jobs. Physical intervention (manual restart) is required to restore functionality, and the attack can be immediately re-initiated.

HP Denial Of Service N A
NVD
EPSS 0% CVSS 8.1
HIGH POC PATCH This Week

Use-after-free in Ruby 4.x (before 4.0.5) lets remote attackers who can manipulate DNS response timing crash applications calling Addrinfo.getaddrinfo with a timeout: option or Socket.tcp with resolv_timeout:. The flaw lives in the pthread-based getaddrinfo timeout handler (rb_getaddrinfo in ext/socket/raddrinfo.c) and, while reliably exploitable for denial of service, also raises a theoretical possibility of memory-corruption-based code execution. No public exploit identified at time of analysis.

Denial Of Service Race Condition Ruby
NVD VulDB GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote denial-of-service in @libp2p/gossipsub (versions <= 15.0.22) allows a single unauthenticated peer to exhaust the Node.js heap of any gossipsub node running default options. Three cooperating defects - an uncapped decode limit (maxSubscriptions = Infinity), unbounded growth of the internal this.topics Map on subscription handling, and a memory leak that leaves empty Sets behind on peer disconnect - combine to produce ~22x amplification, crashing a 1.5GB-heap process after roughly 68MB of attacker bandwidth (~5 seconds at 100Mbps). A working PoC is published in the GitHub Security Advisory GHSA-4f8r-922h-2vgv; no public exploit identified at time of analysis as a separate weaponized tool, but the advisory itself contains reproducible test code.

Node.js Denial Of Service
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Unbounded formatter memoization in twig/intl-extra versions prior to 3.26.0 enables memory exhaustion denial of service on persistent PHP worker runtimes. The IntlExtension caches every unique combination of template filter arguments (locale, pattern, grouping_used, attrs, etc.) as ICU formatter objects with no eviction policy; because ICU allocates its backing buffers outside the Zend memory manager, this growth entirely bypasses PHP's memory_limit directive. On long-running runtimes such as RoadRunner, Swoole, FrankenPHP worker mode, and ReactPHP - where a single Twig\Environment persists across requests - the cache accumulates indefinitely across all requests, making targeted or incidental denial of service achievable without any authentication. No public exploit has been identified at time of analysis and no CISA KEV listing exists.

Denial Of Service
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial-of-service via unchecked memory allocation in russh (Rust SSH library) versions <= 0.60.2 allows local SSH agent peers to trigger uncontrolled buffer growth by sending oversized frame length values, and in pre-0.58.0 releases the same CryptoVec allocation path was reachable from remote SSH transport and zlib decompression buffers. The flaw stems from CryptoVec performing unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking calls including NonNull::new_unchecked on potentially failed allocations, which can abort the process under memory pressure. Publicly available exploit code exists in the form of researcher-supplied PoC tests demonstrating both rejection on patched code and crash behavior on historical versions; no public exploit identified at time of analysis for active campaigns and the issue is not listed in CISA KEV.

SSH Denial Of Service RCE
NVD GitHub
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Attachment size limit bypass in NocoDB (npm, versions up to and including 0.301.3) allows authenticated users with upload permission to store files exceeding the operator-configured `NC_ATTACHMENT_FIELD_SIZE` quota via the upload-by-URL pathway. The attachments service failed to validate file size against either the remote server's `Content-Length` HTTP header or the decoded byte length of `data:` URI payloads before fetching, and the local storage plugin did not set `maxContentLength` on the axios download, enabling unconstrained resource consumption. No public exploit has been identified at time of analysis, and no vendor-released patched version is confirmed available.

Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Disk exhaustion denial of service in NocoDB's v1/v2 attachment upload-by-URL API allows authenticated users with Editor-level privileges or higher to direct the server to fetch arbitrarily large remote files, consuming all available disk space. The root cause is missing enforcement of the NC_ATTACHMENT_FIELD_SIZE configuration limit in attachments.service.ts for the v1/v2 code paths, despite the v3 equivalent already implementing the constraint correctly. Cascading failures follow disk exhaustion: database writes block, log rotation fails, and the application itself may crash - making this a high-availability-impact issue for any NocoDB deployment with untrusted authenticated users.

Denial Of Service SSRF
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote unauthenticated denial-of-service in the Nimiq core-rs-albatross client (nimiq-primitives crate prior to 1.5.0) lets any state-sync peer crash a syncing node by sending a ResponseChunk whose first TrieItem.key is the empty ROOT key, triggering a panic in MerkleRadixTrie::put_chunk → put_raw. No public exploit identified at time of analysis, but the issue is trivially triggerable with a single malformed chunk and affects all nodes performing initial sync or recovery against untrusted peers. EPSS data was not provided; CVSS A:H impact and zero attacker prerequisites make this a high-priority availability bug for Nimiq node operators.

Denial Of Service
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Unauthenticated remote crash of Nimiq full nodes running nimiq-blockchain versions before 1.5.0 is achievable by any network peer sending a single crafted RequestBatchSet message referencing the genesis block hash. The node's batch set handler iterates backward through macro blocks without a lower-bound guard, causing a Rust panic in Policy::macro_block_before when iteration reaches genesis, immediately terminating the process. No CISA KEV listing and no public exploit code exist at time of analysis; however, the attack requires no authentication and trivially low complexity, posing a real availability threat to any reachable full node.

Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Process crash in the nimiq-keys Rust crate (versions below 1.4.0) occurs when the Ed25519 multisig delinearization path receives a 32-byte public key that is length-valid but does not represent a valid point on the Edwards25519 curve, triggering a Rust `.unwrap()` panic that kills the hosting wallet process. Affected users are those running the Nimiq web-client WASM library or nimiq-wallet crate who can be persuaded by an attacker to include a crafted key in a multisig setup; validator nodes and all consensus infrastructure are explicitly out of scope. No public exploit has been identified at time of analysis, and no KEV listing exists, indicating this has not been broadly weaponized.

Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Arbitrary code execution in InternLM lmdeploy <= 0.12.3 occurs because trust_remote_code=True is hardcoded across HuggingFace model-loading call sites in lmdeploy/archs.py and lmdeploy/utils.py. An attacker who can influence the model_path passed to an lmdeploy serving process can point it at a malicious HuggingFace repository, causing Transformers to download and execute attacker-controlled Python code with the privileges of the serving daemon. Publicly available exploit code exists in the GHSA advisory, and an upstream fix has been merged via PR #4511 (fixed in 0.13.0).

Kubernetes Code Injection RCE +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Null pointer dereference in the Linux kernel's RED qdisc (sch_red) allows a local user with low privileges to trigger a kernel panic and system crash when a specific nested qdisc hierarchy is configured. The flaw occurs in net/sched/sch_red.c when RED calls its child qdisc's dequeue() directly after a peek() has already cached the packet in QFQ's gso_skb buffer, causing QFQ's dequeue path to dereference a null pointer. No public exploit has been identified at time of analysis, and EPSS is 0.02% (7th percentile), reflecting very low real-world exploitation probability.

Linux Denial Of Service Null Pointer Dereference +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote denial of service in PowerDNS Authoritative Server arises from insufficient validation of SOA queries received via the Autoprimary (formerly 'supermaster') replication mechanism, allowing unauthenticated network-based attackers to disrupt service availability. The flaw carries a CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) with availability-only impact, and no public exploit identified at time of analysis. The OX-reported issue is documented in PowerDNS Security Advisory 2026-06.

Denial Of Service Authoritative
NVD VulDB
EPSS 0% CVSS 3.7
LOW Monitor

Netatalk versions 3.1.2 through 4.4.2 are distributed as binaries compiled without the FORTIFY_SOURCE flag, stripping away runtime buffer overflow detection that the compiler would otherwise embed into unsafe C standard library calls. Remote unauthenticated attackers can, under high-complexity conditions, trigger memory errors that the absent protection would have safely caught and terminated, instead manifesting as minor availability impact (CVSS A:L). No public exploit code exists and CISA has not added this to the KEV catalog; the CVSS score of 3.7 (Low) reflects the limited impact ceiling and high attack complexity.

Denial Of Service Buffer Overflow Netatalk
NVD
Prev Page 23 of 406 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy