Denial Of Service
Monthly
Unbounded memory allocation in Grafana OSS's Live push endpoint allows any authenticated user to exhaust server memory by submitting a large or streaming HTTP request body, resulting in an out-of-memory condition and denial of service. Confirmed affected branches span Grafana OSS 8.0.0 through 13.0.1 across five actively maintained release lines, with vendor-released security patches available for each. No public exploit code exists and CISA has not listed this in KEV; the EPSS score of 0.04% (12th percentile) and SSVC exploitation status of 'none' collectively indicate low current real-world exploitation activity.
Grafana Live's concurrent request handling exposes authenticated Viewer-role users as a denial-of-service vector: sending concurrent requests triggers a fatal map access error that crashes the entire Grafana server, requiring a manual restart to restore service. All Grafana OSS releases from 8.2.0 through 13.0.1 are affected across multiple maintained branches, making the exposure surface exceptionally broad. No public exploit identified at time of analysis and EPSS sits at 0.04% (12th percentile), but the low privilege bar - any Viewer account - and reliable triggering (AC:L) mean insider threats and compromised low-privilege accounts represent a realistic DoS risk for organizations without guest/anonymous access controls.
Denial of service in Palo Alto Networks Prisma SD-WAN ION devices allows an unauthenticated attacker with adjacent network access to crash or disrupt the device by sending a specially crafted IPv6 packet. The vulnerability (CWE-606) exists across three active release branches of the ION software, with fixed versions available from Palo Alto Networks. No public exploit code exists and no active exploitation has been identified at time of analysis, with EPSS at 0.03% and SSVC confirming exploitation status as none.
Unauthenticated remote denial of service in ninenines cowlib (versions 0.1.0 through 2.16.0) allows a single crafted SPDY frame to exhaust BEAM VM memory via a zlib decompression bomb. The cow_spdy:inflate/2 path passes peer-controlled compressed bytes to zlib:inflate/2 without bounding output size, and because the SPDY ?ZDICT dictionary is public and zlib achieves roughly 1024:1 compression on repeated bytes, kilobytes of input expand to gigabytes of heap, OOM-killing the Erlang node. No public exploit identified at time of analysis, EPSS is low (0.14%), and CISA SSVC marks exploitation as none, but the upstream fix is to remove cow_spdy entirely in 2.16.1.
Unauthenticated denial of service in ninenines Cowboy 2.0.0 through 2.14.x allows remote attackers to exhaust BEAM VM memory by sending malformed multipart/form-data uploads that never complete a header section. The flaw lives in cowboy_req:read_part/3, which lacked the upper-bound buffer guard already present in read_part_body/4, letting a handful of concurrent slow uploads accumulate request bytes linearly until the Erlang node runs out of memory. EPSS is very low (0.02%) and no public exploit is identified at time of analysis, but the upstream patch and a regression test are already merged in 2.15.0.
Server-side request forgery in the IKEv2 implementation of Palo Alto Networks PAN-OS allows unauthenticated remote attackers to coerce the firewall into issuing outbound network requests to arbitrary destinations or to trigger a denial-of-service condition. Affected are PAN-OS 10.2, 11.1, 11.2, and 12.1 branch trains; Panorama, Cloud NGFW, and Prisma Access are explicitly confirmed unaffected. No public exploit code has been identified and SSVC assessment confirms no current exploitation, though a vendor-released patch is available across all impacted branches.
Multiple denial-of-service conditions in Palo Alto Networks PAN-OS allow unauthenticated remote attackers to crash or degrade firewall availability by sending specially crafted network traffic, with a high availability impact (VA:H) on the vulnerable system. Affected deployments span PAN-OS 10.2, 11.1, 11.2, and 12.1 branches as well as Prisma Access; vendor explicitly states Panorama and Cloud NGFW are not impacted, though Cloud NGFW appears in CPE strings - a discrepancy worth verifying. No public exploit identified at time of analysis, EPSS is very low (0.05%, 16th percentile), and SSVC classifies exploitation as none with non-automatable attack patterns, collectively suggesting a patch-cycle priority rather than an emergency response.
Remote code execution and denial-of-service in Palo Alto Networks PAN-OS software stems from a buffer overflow in the IKEv2 processing path, allowing unauthenticated network attackers to either crash the firewall or run arbitrary code with elevated privileges. The flaw affects multiple PAN-OS branches (11.1.x, 11.2.x, and 12.1.x) while Panorama, Cloud NGFW, and Prisma Access remain unaffected. There is no public exploit identified at time of analysis, EPSS sits at a low 0.06% (19th percentile), and CISA SSVC currently lists exploitation as 'none'.
Heap-based buffer overflow in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS allows unauthenticated remote attackers to trigger a denial-of-service condition across all PAN-OS platforms (except Cloud NGFW and Prisma Access) and potentially achieve arbitrary code execution on PA-Series hardware appliances via specially crafted network traffic. The flaw is rated CVSS 7.2 with high attack complexity; no public exploit identified at time of analysis and EPSS is 0.07%, but the technical impact is rated total by SSVC.
Buffer Overflow vulnerability in Ardupilot rover commit v.c56439b045162058df0ff136afea3081fcd06d38 allows a local attacker to cause a denial of service via the AP_InertialSensor_ADIS1647x.cpp,. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Disk exhaustion in AutoGPT Platform before version 0.6.32 enables denial of service through unbounded Docker container log accumulation under high user access volume. The platform writes execution activity to stdout/stderr without any rotation or size cap, and Docker captures these logs indefinitely to host disk - a CWE-770 resource allocation failure. No public exploit has been identified at time of analysis; SSVC confirms exploitation status of none, and EPSS is 0.01% (3rd percentile), indicating negligible observed exploitation probability.
Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484778 allows a local attacker to cause a denial of service via the AP_SmartAudio::loop,. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Nautobot's UI object bulk-rename endpoints (e.g., /dcim/interfaces/rename/) allow authenticated low-privilege users to trigger application-wide denial of service by submitting a maliciously crafted regular expression in the `find` field with the `use_regex` flag enabled, causing Python's re.sub() to enter catastrophic backtracking that stalls worker processes indefinitely. All Nautobot installations running versions prior to 2.4.33 (v2.x branch) or prior to 3.1.2 (v3.x branch, from 3.0.0a2) are affected. No active exploitation has been confirmed (not in CISA KEV), no public exploit code has been identified, and EPSS is 0.04% (14th percentile); vendor-released patches are available.
Unauthorized write access to Traefik's live dynamic configuration is achievable by a low-privileged Kubernetes tenant in shared Gateway deployments, because the Gateway API provider's `isInternalService()` check accepts any `TraefikService` name ending in `@internal` - not exclusively the intended `api@internal`. This allows a tenant with `HTTPRoute` creation rights to route external traffic to `rest@internal`, fully bypassing the `providers.rest.insecure=false` safeguard and gaining `PUT /api/providers/rest` write access. No active exploitation is confirmed (not in CISA KEV, EPSS at 0.01%), but a detailed proof-of-concept is published in the GHSA advisory and the SSVC framework marks the attack as automatable for tenants meeting the prerequisites.
Infinite fault loop in the Linux kernel's arm64 contiguous PTE (contpte) subsystem exposes systems using SMMU or CPU configurations without hardware dirty-bit management support to a local denial of service. The defect in `contpte_ptep_set_access_flags()` causes a gathered AF/dirty-bit view across contiguous sub-PTEs to produce false no-ops, leaving individual target sub-PTEs in a stale hardware state that triggers perpetual page faults on non-FEAT_HAFDBS-aware walkers such as SMMMUs without HTTU or CPUs with HA/HD disabled in CD.TCR. No confirmed active exploitation exists; EPSS is 0.02% at the 5th percentile, consistent with the hardware-specific, local-only attack surface.
Null pointer dereference in the Linux kernel's AMD ASoC ACP3x audio driver (acp3x-rt5682-max9836) allows a local low-privileged user on affected hardware to crash the kernel. The flaw originates in acp3x_5682_init(), which failed to validate the return value of clk_get() before passing it to rt5682_clk_enable(), meaning an error pointer could be dereferenced directly. No public exploit identified at time of analysis and the EPSS score of 0.02% (7th percentile) reflects extremely low exploitation interest; this vulnerability is not listed in the CISA KEV catalog.
NULL pointer dereference in the Linux kernel's RT1011 ASoC codec driver allows a local, low-privileged user to crash the kernel on systems equipped with Realtek RT1011 smart speaker amplifier hardware. The flaw in rt1011_recv_spk_mode_put() uses an incorrect helper to retrieve the DAPM (Dynamic Audio Power Management) context from a kcontrol object, yielding a NULL pointer that is subsequently dereferenced, triggering a kernel oops or panic. No public exploit is identified and EPSS of 0.02% (5th percentile) reflects negligible real-world exploitation probability, though vendor-confirmed patches are available in Linux 6.19.9 and 7.0.
Traffic Management Microkernel (TMM) crash in F5 BIG-IP versions 16.1.0 through 21.0.0.1 allows unauthenticated remote attackers to cause complete service disruption when a SIP profile is configured on a virtual server. The vulnerability requires specific configuration (SIP profile deployment) and enables denial of service through undisclosed malformed SIP traffic. EPSS data not available; no active exploitation confirmed by CISA KEV at time of analysis. Vendor patch available across all affected version branches with specific fix versions identified.
Remote unauthenticated attackers can crash F5 BIG-IP and BIG-IP Next Traffic Management Microkernel (TMM) processes via undisclosed malformed HTTP/2 requests when virtual servers are configured with both an HTTP/2 profile and iRules using HTTP::redirect or HTTP::respond commands. Exploitation requires no authentication or user interaction (CVSS AV:N/AC:L/PR:N/UI:N) and results in complete service disruption. Vendor patch available via F5 K000159034. EPSS data not provided, but the specific configuration requirement limits exposure to organizations using HTTP/2 with custom iRule redirects or responses.
Remote memory exhaustion in F5 BIG-IP virtual servers crashes Traffic Management Microkernel when HTTP/2 Layer 7 DoS Protection receives undisclosed malformed traffic. Unauthenticated remote attackers can reliably terminate TMM processes, disrupting application delivery services. CVSS 7.5 (High) with network-exploitable, low-complexity characteristics and EPSS data not provided. Vendor patch available via F5 K000158979.
Traffic Management Microkernel (TMM) in F5 BIG-IP terminates when processing specific traffic against UDP virtual servers configured with Client SSL profiles having Allow Dynamic Record Sizing enabled. Remote unauthenticated attackers can trigger complete service denial by sending crafted traffic, causing TMM process crashes. F5 has released patches per advisory K000160901.
Denial of service in F5 BIG-IP virtual servers with SSL profiles allows remote unauthenticated attackers to exhaust connection processing via undisclosed traffic patterns, forcing affected servers to reject new client connections. The vulnerability affects multiple BIG-IP product lines including classic BIG-IP and all BIG-IP Next variants (SPK, CNF, Kubernetes). F5 has released vendor patches (K000158978), and with CVSS 7.5 (AV:N/AC:L/PR:N/UI:N), this represents a straightforward network-based DoS attack requiring no authentication or special complexity.
Denial of service in F5 BIG-IP when Packet Velocity Acceleration (ePVA) is enabled allows local network attackers to exhaust ePVA and Traffic Management Microkernel (TMM) resources through crafted ethernet traffic, causing service degradation or unavailability. CVSS 6.5 (medium severity) reflects adjacent network access requirement and high availability impact. Patch availability confirmed via vendor advisory.
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in mtrudel bandit allows unauthenticated remote denial of service via worker process exhaustion. 'Elixir.Bandit.HTTP1.Socket':do_read_chunked_data!/5 in lib/bandit/http1/socket.ex terminates only when the last-chunk line 0\r\n is followed immediately by the empty trailer line \r\n. RFC 9112 §7.1.2 permits zero or more trailer fields between them. When trailers are present, none of the match clauses fit: the catch-all arm computes a negative to_read, calls read_available!/2, receives <<>> on timeout, and tail-recurses with unchanged state. The worker process is pinned for the lifetime of the TCP connection. A handful of concurrent connections sending RFC-conformant chunked requests with trailer fields is sufficient to exhaust the Bandit worker pool and render the server unresponsive to all further traffic. No authentication, special headers, or large payload is required. Proxies such as NGINX and HAProxy legitimately forward trailer-bearing requests, so servers behind such proxies may be affected without any malicious client involvement. This issue affects bandit: from 1.6.1 before 1.11.1.
Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion. The chunked clause of 'Elixir.Bandit.HTTP1.Socket':read_data/2 in lib/bandit/http1/socket.ex ignores the caller-supplied :length option when reading HTTP/1 chunked request bodies. Instead of capping the accumulated body at the configured limit (e.g. Plug.Parsers' default 8 MB), do_read_chunked_data!/5 buffers every received chunk into an iolist unconditionally and materializes the entire body as a single binary. The function always returns {:ok, body, ...}, so callers cannot interpose a 413 response. Because Plug.Parsers runs before routing and authentication in the standard Phoenix endpoint, an unauthenticated attacker needs no valid route or credentials. Sending a single Transfer-Encoding: chunked POST request with an arbitrarily large body to any path causes the BEAM process to exhaust available memory and be terminated by the OS OOM killer. The content-length path in the same function correctly enforces the limit and is not affected. This issue affects bandit: from 1.4.0 before 1.11.1.
PHP Object Injection vulnerability in coreActivity activity logging plugin through version 3.0 allows remote attackers to trigger persistent Denial of Service blocking administrator access to log pages. Unauthenticated attackers inject crafted PHP serialized payloads via User-Agent headers during any logged event (e.g., failed login). When administrators view the Logs page, the plugin deserializes untrusted data and passes it to DeviceDetector::setUserAgent(), causing Fatal TypeError. Vendor-released patch version 3.1 available (released May 6, 2026). EPSS exploitation probability not available; no CISA KEV listing at time of analysis. CVSS 8.1 reflects high complexity attack requiring precise payload crafting despite no authentication requirement.
Denial of service in MongoDB Server v7.0 through v8.3 allows authenticated users with aggregation permissions to exhaust CPU resources via densely populated character masks in $trim, $ltrim, and $rtrim aggregation operators. An attacker can pin CPU utilization at 100% for extended periods by crafting malicious aggregation queries with large input strings and computationally expensive mask patterns. No public exploit code or active exploitation has been reported at time of analysis.
Authenticated users can crash MongoDB Server by chaining specific server-side JavaScript operations ($_internalJsEmit or mapreduce map functions) with subsequent JavaScript engine invocations ($where, $function, mapreduce reduce stages), triggering a use-after-free condition. Affects MongoDB Server 7.0 (prior to 7.0.34), 8.0 (prior to 8.0.23), 8.2 (prior to 8.2.9), and 8.3 (prior to 8.3.2). Vendor-released patches available for all affected branches. No public exploit identified at time of analysis; EPSS score of 0.05% (16th percentile) suggests low observed exploitation probability despite 7.7 CVSS score. The CWE-416 use-after-free root cause requires precise sequencing of JavaScript operations, limiting exploitability.
Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484778 allows a local attacker to cause a denial of service via the AP_MSP::loop, AP_MSP, AP_MSP.cpp. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Linux ksmbd contains a remote memory corruption vulnerability in the ACL inheritance path that allows remote clients with directory creation permissions to trigger a heap out-of-bounds read and subsequent heap corruption by setting a crafted DACL with a malformed SID containing an inflated num_subauth field. Attackers can exploit this vulnerability by creating a directory, setting the malicious DACL via SMB2_SET_INFO, and creating child entries to cause kernel instability, denial of service, or potentially achieve privilege escalation to kernel code execution.
Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.167, a remote, unauthenticated denial of service (DoS) vulnerability affects Deskflow servers running with TLS enabled (the default). When any TCP peer connects to the listening port and its first bytes do not parse as a valid TLS ClientHello, SecureSocket::secureAccept enters its fatal-error branch and calls Arch::sleep(1) (a blocking 1-second sleep) on the multiplexer worker thread. That thread services every socket on the server, including established TLS clients delivering mouse motion, keyboard events, and clipboard updates. A single failed handshake therefore stalls input delivery to all connected screens for ~1 second, and a sustained drip of malformed connections (≥ 1/s) makes the server effectively unusable while the attack persists. This vulnerability is fixed in 1.26.0.167.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the UFS/UFS2 filesystem image parser in NanaZip. The function GetAllPaths recurses into subdirectories without any depth limit or visited-inode tracking. A crafted UFS image with a deep directory tree or an inode cycle causes stack exhaustion, crashing the NanaZip process. This vulnerability is fixed in 6.0.1698.0.
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a denial-of-service vulnerability exists in the littlefs filesystem image parser in NanaZip. The handler's Open method reads BlockCount directly from the attacker-controlled superblock without any validation against the actual file size or any upper-bound ceiling, then iterates BlockCount times, allocating a file-path entry per iteration. A crafted 44-byte littlefs image with BlockCount = 0xFFFFFFFF causes ~4 billion heap allocations, exhausting available memory. This vulnerability is fixed in 6.0.1698.0.
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an integer divide-by-zero exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the superblock field fs_ipg (inodes per cylinder group) is set to zero. The parser uses this attacker-controlled value as a divisor without validation, causing an immediate hardware trap and process crash. This vulnerability is fixed in 6.0.1698.0.
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a null-pointer dereference exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the root inode (inode 2) is set to IFLNK (symlink) instead of IFDIR (directory). The parser unconditionally treats the root inode as a directory without checking its type, and when the symlink has an embedded target (small di_size), the directory data buffer is zero-length, causing a null-pointer dereference on the first read. This vulnerability is fixed in 6.0.1698.0.
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the Electron Archive (ASAR) parser in NanaZip. When opening a crafted .asar file with deeply nested JSON in the header, both nlohmann::json::parse and the handler's GetAllPaths function recurse without depth limits, exhausting the thread stack and crashing the NanaZip process. This vulnerability is fixed in 6.0.1698.0.
A vulnerability in a network management service of AOS-8 Operating System could allow an unauthenticated remote attacker to exploit this vulnerability by sending specially crafted network packets to the affected device, potentially resulting in a denial-of-service condition. Successful exploitation could cause the affected service process to terminate unexpectedly, disrupting normal device operations.
Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages to the affected service. Due to insufficient input validation, successful exploitation may terminate a critical system process, resulting in a denial-of-service condition.
Illustrator versions 29.8.6, 30.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Unauthenticated deletion of arbitrary memory records in mem0 1.0.0 allows remote attackers to remove any database entry without credentials, causing unauthorized data loss and potential denial of service. The DELETE /memories/{memory_id} endpoint completely lacks authentication and authorization controls, exposing all memory records to deletion by any network-accessible attacker. No public exploit code has been identified, but the vulnerability is trivial to exploit given the straightforward API design.
mem0 1.0.0 server allows unauthenticated remote attackers to trigger memory reset and table re-creation via unprotected DELETE /memories endpoint, causing schema disruption, data loss, and denial of service. The vulnerability exploits missing authentication and authorization controls on a database management operation accessible over the network without credentials.
Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.
Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service locally.
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to deny service locally.
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network.
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally.
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.
Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally.
Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network.
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
Local privilege escalation in the Windows Ancillary Function Driver for WinSock (AFD.sys) allows low-privileged authenticated users to execute arbitrary code with SYSTEM privileges via use-after-free memory corruption. Microsoft has released patches addressing Windows 10 (versions 1607 through 22H2), Windows 11 (versions 22H3 through 26H1), and Windows Server 2012. CVSS base score is 7.0 (High) with local attack vector and high attack complexity. EPSS data not available; no CISA KEV listing at time of analysis, suggesting exploitation has not been observed in the wild despite public disclosure.
Null pointer dereference in Windows Storport Miniport Driver allows remote attackers to trigger denial of service over a network with user interaction. The vulnerability affects Windows Server 2025 and exists in the storage port driver architecture, requiring the attacker to send a specially crafted network request that causes the driver to dereference a null pointer, resulting in service interruption or system instability. No public exploit code or active exploitation has been confirmed.
Unbounded memory allocation in Grafana OSS's Live push endpoint allows any authenticated user to exhaust server memory by submitting a large or streaming HTTP request body, resulting in an out-of-memory condition and denial of service. Confirmed affected branches span Grafana OSS 8.0.0 through 13.0.1 across five actively maintained release lines, with vendor-released security patches available for each. No public exploit code exists and CISA has not listed this in KEV; the EPSS score of 0.04% (12th percentile) and SSVC exploitation status of 'none' collectively indicate low current real-world exploitation activity.
Grafana Live's concurrent request handling exposes authenticated Viewer-role users as a denial-of-service vector: sending concurrent requests triggers a fatal map access error that crashes the entire Grafana server, requiring a manual restart to restore service. All Grafana OSS releases from 8.2.0 through 13.0.1 are affected across multiple maintained branches, making the exposure surface exceptionally broad. No public exploit identified at time of analysis and EPSS sits at 0.04% (12th percentile), but the low privilege bar - any Viewer account - and reliable triggering (AC:L) mean insider threats and compromised low-privilege accounts represent a realistic DoS risk for organizations without guest/anonymous access controls.
Denial of service in Palo Alto Networks Prisma SD-WAN ION devices allows an unauthenticated attacker with adjacent network access to crash or disrupt the device by sending a specially crafted IPv6 packet. The vulnerability (CWE-606) exists across three active release branches of the ION software, with fixed versions available from Palo Alto Networks. No public exploit code exists and no active exploitation has been identified at time of analysis, with EPSS at 0.03% and SSVC confirming exploitation status as none.
Unauthenticated remote denial of service in ninenines cowlib (versions 0.1.0 through 2.16.0) allows a single crafted SPDY frame to exhaust BEAM VM memory via a zlib decompression bomb. The cow_spdy:inflate/2 path passes peer-controlled compressed bytes to zlib:inflate/2 without bounding output size, and because the SPDY ?ZDICT dictionary is public and zlib achieves roughly 1024:1 compression on repeated bytes, kilobytes of input expand to gigabytes of heap, OOM-killing the Erlang node. No public exploit identified at time of analysis, EPSS is low (0.14%), and CISA SSVC marks exploitation as none, but the upstream fix is to remove cow_spdy entirely in 2.16.1.
Unauthenticated denial of service in ninenines Cowboy 2.0.0 through 2.14.x allows remote attackers to exhaust BEAM VM memory by sending malformed multipart/form-data uploads that never complete a header section. The flaw lives in cowboy_req:read_part/3, which lacked the upper-bound buffer guard already present in read_part_body/4, letting a handful of concurrent slow uploads accumulate request bytes linearly until the Erlang node runs out of memory. EPSS is very low (0.02%) and no public exploit is identified at time of analysis, but the upstream patch and a regression test are already merged in 2.15.0.
Server-side request forgery in the IKEv2 implementation of Palo Alto Networks PAN-OS allows unauthenticated remote attackers to coerce the firewall into issuing outbound network requests to arbitrary destinations or to trigger a denial-of-service condition. Affected are PAN-OS 10.2, 11.1, 11.2, and 12.1 branch trains; Panorama, Cloud NGFW, and Prisma Access are explicitly confirmed unaffected. No public exploit code has been identified and SSVC assessment confirms no current exploitation, though a vendor-released patch is available across all impacted branches.
Multiple denial-of-service conditions in Palo Alto Networks PAN-OS allow unauthenticated remote attackers to crash or degrade firewall availability by sending specially crafted network traffic, with a high availability impact (VA:H) on the vulnerable system. Affected deployments span PAN-OS 10.2, 11.1, 11.2, and 12.1 branches as well as Prisma Access; vendor explicitly states Panorama and Cloud NGFW are not impacted, though Cloud NGFW appears in CPE strings - a discrepancy worth verifying. No public exploit identified at time of analysis, EPSS is very low (0.05%, 16th percentile), and SSVC classifies exploitation as none with non-automatable attack patterns, collectively suggesting a patch-cycle priority rather than an emergency response.
Remote code execution and denial-of-service in Palo Alto Networks PAN-OS software stems from a buffer overflow in the IKEv2 processing path, allowing unauthenticated network attackers to either crash the firewall or run arbitrary code with elevated privileges. The flaw affects multiple PAN-OS branches (11.1.x, 11.2.x, and 12.1.x) while Panorama, Cloud NGFW, and Prisma Access remain unaffected. There is no public exploit identified at time of analysis, EPSS sits at a low 0.06% (19th percentile), and CISA SSVC currently lists exploitation as 'none'.
Heap-based buffer overflow in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS allows unauthenticated remote attackers to trigger a denial-of-service condition across all PAN-OS platforms (except Cloud NGFW and Prisma Access) and potentially achieve arbitrary code execution on PA-Series hardware appliances via specially crafted network traffic. The flaw is rated CVSS 7.2 with high attack complexity; no public exploit identified at time of analysis and EPSS is 0.07%, but the technical impact is rated total by SSVC.
Buffer Overflow vulnerability in Ardupilot rover commit v.c56439b045162058df0ff136afea3081fcd06d38 allows a local attacker to cause a denial of service via the AP_InertialSensor_ADIS1647x.cpp,. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Disk exhaustion in AutoGPT Platform before version 0.6.32 enables denial of service through unbounded Docker container log accumulation under high user access volume. The platform writes execution activity to stdout/stderr without any rotation or size cap, and Docker captures these logs indefinitely to host disk - a CWE-770 resource allocation failure. No public exploit has been identified at time of analysis; SSVC confirms exploitation status of none, and EPSS is 0.01% (3rd percentile), indicating negligible observed exploitation probability.
Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484778 allows a local attacker to cause a denial of service via the AP_SmartAudio::loop,. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Nautobot's UI object bulk-rename endpoints (e.g., /dcim/interfaces/rename/) allow authenticated low-privilege users to trigger application-wide denial of service by submitting a maliciously crafted regular expression in the `find` field with the `use_regex` flag enabled, causing Python's re.sub() to enter catastrophic backtracking that stalls worker processes indefinitely. All Nautobot installations running versions prior to 2.4.33 (v2.x branch) or prior to 3.1.2 (v3.x branch, from 3.0.0a2) are affected. No active exploitation has been confirmed (not in CISA KEV), no public exploit code has been identified, and EPSS is 0.04% (14th percentile); vendor-released patches are available.
Unauthorized write access to Traefik's live dynamic configuration is achievable by a low-privileged Kubernetes tenant in shared Gateway deployments, because the Gateway API provider's `isInternalService()` check accepts any `TraefikService` name ending in `@internal` - not exclusively the intended `api@internal`. This allows a tenant with `HTTPRoute` creation rights to route external traffic to `rest@internal`, fully bypassing the `providers.rest.insecure=false` safeguard and gaining `PUT /api/providers/rest` write access. No active exploitation is confirmed (not in CISA KEV, EPSS at 0.01%), but a detailed proof-of-concept is published in the GHSA advisory and the SSVC framework marks the attack as automatable for tenants meeting the prerequisites.
Infinite fault loop in the Linux kernel's arm64 contiguous PTE (contpte) subsystem exposes systems using SMMU or CPU configurations without hardware dirty-bit management support to a local denial of service. The defect in `contpte_ptep_set_access_flags()` causes a gathered AF/dirty-bit view across contiguous sub-PTEs to produce false no-ops, leaving individual target sub-PTEs in a stale hardware state that triggers perpetual page faults on non-FEAT_HAFDBS-aware walkers such as SMMMUs without HTTU or CPUs with HA/HD disabled in CD.TCR. No confirmed active exploitation exists; EPSS is 0.02% at the 5th percentile, consistent with the hardware-specific, local-only attack surface.
Null pointer dereference in the Linux kernel's AMD ASoC ACP3x audio driver (acp3x-rt5682-max9836) allows a local low-privileged user on affected hardware to crash the kernel. The flaw originates in acp3x_5682_init(), which failed to validate the return value of clk_get() before passing it to rt5682_clk_enable(), meaning an error pointer could be dereferenced directly. No public exploit identified at time of analysis and the EPSS score of 0.02% (7th percentile) reflects extremely low exploitation interest; this vulnerability is not listed in the CISA KEV catalog.
NULL pointer dereference in the Linux kernel's RT1011 ASoC codec driver allows a local, low-privileged user to crash the kernel on systems equipped with Realtek RT1011 smart speaker amplifier hardware. The flaw in rt1011_recv_spk_mode_put() uses an incorrect helper to retrieve the DAPM (Dynamic Audio Power Management) context from a kcontrol object, yielding a NULL pointer that is subsequently dereferenced, triggering a kernel oops or panic. No public exploit is identified and EPSS of 0.02% (5th percentile) reflects negligible real-world exploitation probability, though vendor-confirmed patches are available in Linux 6.19.9 and 7.0.
Traffic Management Microkernel (TMM) crash in F5 BIG-IP versions 16.1.0 through 21.0.0.1 allows unauthenticated remote attackers to cause complete service disruption when a SIP profile is configured on a virtual server. The vulnerability requires specific configuration (SIP profile deployment) and enables denial of service through undisclosed malformed SIP traffic. EPSS data not available; no active exploitation confirmed by CISA KEV at time of analysis. Vendor patch available across all affected version branches with specific fix versions identified.
Remote unauthenticated attackers can crash F5 BIG-IP and BIG-IP Next Traffic Management Microkernel (TMM) processes via undisclosed malformed HTTP/2 requests when virtual servers are configured with both an HTTP/2 profile and iRules using HTTP::redirect or HTTP::respond commands. Exploitation requires no authentication or user interaction (CVSS AV:N/AC:L/PR:N/UI:N) and results in complete service disruption. Vendor patch available via F5 K000159034. EPSS data not provided, but the specific configuration requirement limits exposure to organizations using HTTP/2 with custom iRule redirects or responses.
Remote memory exhaustion in F5 BIG-IP virtual servers crashes Traffic Management Microkernel when HTTP/2 Layer 7 DoS Protection receives undisclosed malformed traffic. Unauthenticated remote attackers can reliably terminate TMM processes, disrupting application delivery services. CVSS 7.5 (High) with network-exploitable, low-complexity characteristics and EPSS data not provided. Vendor patch available via F5 K000158979.
Traffic Management Microkernel (TMM) in F5 BIG-IP terminates when processing specific traffic against UDP virtual servers configured with Client SSL profiles having Allow Dynamic Record Sizing enabled. Remote unauthenticated attackers can trigger complete service denial by sending crafted traffic, causing TMM process crashes. F5 has released patches per advisory K000160901.
Denial of service in F5 BIG-IP virtual servers with SSL profiles allows remote unauthenticated attackers to exhaust connection processing via undisclosed traffic patterns, forcing affected servers to reject new client connections. The vulnerability affects multiple BIG-IP product lines including classic BIG-IP and all BIG-IP Next variants (SPK, CNF, Kubernetes). F5 has released vendor patches (K000158978), and with CVSS 7.5 (AV:N/AC:L/PR:N/UI:N), this represents a straightforward network-based DoS attack requiring no authentication or special complexity.
Denial of service in F5 BIG-IP when Packet Velocity Acceleration (ePVA) is enabled allows local network attackers to exhaust ePVA and Traffic Management Microkernel (TMM) resources through crafted ethernet traffic, causing service degradation or unavailability. CVSS 6.5 (medium severity) reflects adjacent network access requirement and high availability impact. Patch availability confirmed via vendor advisory.
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in mtrudel bandit allows unauthenticated remote denial of service via worker process exhaustion. 'Elixir.Bandit.HTTP1.Socket':do_read_chunked_data!/5 in lib/bandit/http1/socket.ex terminates only when the last-chunk line 0\r\n is followed immediately by the empty trailer line \r\n. RFC 9112 §7.1.2 permits zero or more trailer fields between them. When trailers are present, none of the match clauses fit: the catch-all arm computes a negative to_read, calls read_available!/2, receives <<>> on timeout, and tail-recurses with unchanged state. The worker process is pinned for the lifetime of the TCP connection. A handful of concurrent connections sending RFC-conformant chunked requests with trailer fields is sufficient to exhaust the Bandit worker pool and render the server unresponsive to all further traffic. No authentication, special headers, or large payload is required. Proxies such as NGINX and HAProxy legitimately forward trailer-bearing requests, so servers behind such proxies may be affected without any malicious client involvement. This issue affects bandit: from 1.6.1 before 1.11.1.
Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion. The chunked clause of 'Elixir.Bandit.HTTP1.Socket':read_data/2 in lib/bandit/http1/socket.ex ignores the caller-supplied :length option when reading HTTP/1 chunked request bodies. Instead of capping the accumulated body at the configured limit (e.g. Plug.Parsers' default 8 MB), do_read_chunked_data!/5 buffers every received chunk into an iolist unconditionally and materializes the entire body as a single binary. The function always returns {:ok, body, ...}, so callers cannot interpose a 413 response. Because Plug.Parsers runs before routing and authentication in the standard Phoenix endpoint, an unauthenticated attacker needs no valid route or credentials. Sending a single Transfer-Encoding: chunked POST request with an arbitrarily large body to any path causes the BEAM process to exhaust available memory and be terminated by the OS OOM killer. The content-length path in the same function correctly enforces the limit and is not affected. This issue affects bandit: from 1.4.0 before 1.11.1.
PHP Object Injection vulnerability in coreActivity activity logging plugin through version 3.0 allows remote attackers to trigger persistent Denial of Service blocking administrator access to log pages. Unauthenticated attackers inject crafted PHP serialized payloads via User-Agent headers during any logged event (e.g., failed login). When administrators view the Logs page, the plugin deserializes untrusted data and passes it to DeviceDetector::setUserAgent(), causing Fatal TypeError. Vendor-released patch version 3.1 available (released May 6, 2026). EPSS exploitation probability not available; no CISA KEV listing at time of analysis. CVSS 8.1 reflects high complexity attack requiring precise payload crafting despite no authentication requirement.
Denial of service in MongoDB Server v7.0 through v8.3 allows authenticated users with aggregation permissions to exhaust CPU resources via densely populated character masks in $trim, $ltrim, and $rtrim aggregation operators. An attacker can pin CPU utilization at 100% for extended periods by crafting malicious aggregation queries with large input strings and computationally expensive mask patterns. No public exploit code or active exploitation has been reported at time of analysis.
Authenticated users can crash MongoDB Server by chaining specific server-side JavaScript operations ($_internalJsEmit or mapreduce map functions) with subsequent JavaScript engine invocations ($where, $function, mapreduce reduce stages), triggering a use-after-free condition. Affects MongoDB Server 7.0 (prior to 7.0.34), 8.0 (prior to 8.0.23), 8.2 (prior to 8.2.9), and 8.3 (prior to 8.3.2). Vendor-released patches available for all affected branches. No public exploit identified at time of analysis; EPSS score of 0.05% (16th percentile) suggests low observed exploitation probability despite 7.7 CVSS score. The CWE-416 use-after-free root cause requires precise sequencing of JavaScript operations, limiting exploitability.
Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484778 allows a local attacker to cause a denial of service via the AP_MSP::loop, AP_MSP, AP_MSP.cpp. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Linux ksmbd contains a remote memory corruption vulnerability in the ACL inheritance path that allows remote clients with directory creation permissions to trigger a heap out-of-bounds read and subsequent heap corruption by setting a crafted DACL with a malformed SID containing an inflated num_subauth field. Attackers can exploit this vulnerability by creating a directory, setting the malicious DACL via SMB2_SET_INFO, and creating child entries to cause kernel instability, denial of service, or potentially achieve privilege escalation to kernel code execution.
Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.167, a remote, unauthenticated denial of service (DoS) vulnerability affects Deskflow servers running with TLS enabled (the default). When any TCP peer connects to the listening port and its first bytes do not parse as a valid TLS ClientHello, SecureSocket::secureAccept enters its fatal-error branch and calls Arch::sleep(1) (a blocking 1-second sleep) on the multiplexer worker thread. That thread services every socket on the server, including established TLS clients delivering mouse motion, keyboard events, and clipboard updates. A single failed handshake therefore stalls input delivery to all connected screens for ~1 second, and a sustained drip of malformed connections (≥ 1/s) makes the server effectively unusable while the attack persists. This vulnerability is fixed in 1.26.0.167.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the UFS/UFS2 filesystem image parser in NanaZip. The function GetAllPaths recurses into subdirectories without any depth limit or visited-inode tracking. A crafted UFS image with a deep directory tree or an inode cycle causes stack exhaustion, crashing the NanaZip process. This vulnerability is fixed in 6.0.1698.0.
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a denial-of-service vulnerability exists in the littlefs filesystem image parser in NanaZip. The handler's Open method reads BlockCount directly from the attacker-controlled superblock without any validation against the actual file size or any upper-bound ceiling, then iterates BlockCount times, allocating a file-path entry per iteration. A crafted 44-byte littlefs image with BlockCount = 0xFFFFFFFF causes ~4 billion heap allocations, exhausting available memory. This vulnerability is fixed in 6.0.1698.0.
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an integer divide-by-zero exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the superblock field fs_ipg (inodes per cylinder group) is set to zero. The parser uses this attacker-controlled value as a divisor without validation, causing an immediate hardware trap and process crash. This vulnerability is fixed in 6.0.1698.0.
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a null-pointer dereference exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the root inode (inode 2) is set to IFLNK (symlink) instead of IFDIR (directory). The parser unconditionally treats the root inode as a directory without checking its type, and when the symlink has an embedded target (small di_size), the directory data buffer is zero-length, causing a null-pointer dereference on the first read. This vulnerability is fixed in 6.0.1698.0.
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the Electron Archive (ASAR) parser in NanaZip. When opening a crafted .asar file with deeply nested JSON in the header, both nlohmann::json::parse and the handler's GetAllPaths function recurse without depth limits, exhausting the thread stack and crashing the NanaZip process. This vulnerability is fixed in 6.0.1698.0.
A vulnerability in a network management service of AOS-8 Operating System could allow an unauthenticated remote attacker to exploit this vulnerability by sending specially crafted network packets to the affected device, potentially resulting in a denial-of-service condition. Successful exploitation could cause the affected service process to terminate unexpectedly, disrupting normal device operations.
Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages to the affected service. Due to insufficient input validation, successful exploitation may terminate a critical system process, resulting in a denial-of-service condition.
Illustrator versions 29.8.6, 30.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Unauthenticated deletion of arbitrary memory records in mem0 1.0.0 allows remote attackers to remove any database entry without credentials, causing unauthorized data loss and potential denial of service. The DELETE /memories/{memory_id} endpoint completely lacks authentication and authorization controls, exposing all memory records to deletion by any network-accessible attacker. No public exploit code has been identified, but the vulnerability is trivial to exploit given the straightforward API design.
mem0 1.0.0 server allows unauthenticated remote attackers to trigger memory reset and table re-creation via unprotected DELETE /memories endpoint, causing schema disruption, data loss, and denial of service. The vulnerability exploits missing authentication and authorization controls on a database management operation accessible over the network without credentials.
Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.
Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service locally.
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to deny service locally.
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network.
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally.
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.
Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally.
Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network.
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
Local privilege escalation in the Windows Ancillary Function Driver for WinSock (AFD.sys) allows low-privileged authenticated users to execute arbitrary code with SYSTEM privileges via use-after-free memory corruption. Microsoft has released patches addressing Windows 10 (versions 1607 through 22H2), Windows 11 (versions 22H3 through 26H1), and Windows Server 2012. CVSS base score is 7.0 (High) with local attack vector and high attack complexity. EPSS data not available; no CISA KEV listing at time of analysis, suggesting exploitation has not been observed in the wild despite public disclosure.
Null pointer dereference in Windows Storport Miniport Driver allows remote attackers to trigger denial of service over a network with user interaction. The vulnerability affects Windows Server 2025 and exists in the storage port driver architecture, requiring the attacker to send a specially crafted network request that causes the driver to dereference a null pointer, resulting in service interruption or system instability. No public exploit code or active exploitation has been confirmed.