Skip to main content

Denial Of Service

36455 CVEs technique

Monthly

CVE-2026-58526 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows arises from a use-after-free flaw (CWE-416) in the Windows Storage component, affecting Windows 10 (1809, 21H2, 22H2), Windows 11 (24H2, 25H2, 26H1), and Windows Server 2019/2022/2025. An authorized attacker who already has low-level access to a machine can trigger the freed-memory reuse to elevate to higher privileges (CVSS 7.0, high attack complexity). Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1809 +10
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2026-57976 MEDIUM PATCH Exploit Unlikely This Month

Null pointer dereference in Windows Active Directory Domain Services (AD DS) enables a low-privileged authenticated attacker to crash the service remotely, causing denial of service across the affected domain. The flaw spans a wide range of Windows client and server releases, from Windows 10 version 1607 through Windows 11 version 26H1 and Windows Server 2012 through 2025. No public exploit code has been identified and this vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog at time of analysis, though the network-accessible attack surface and low privilege requirement lower the bar for abuse in environments with broad domain user access.

Denial Of Service Null Pointer Dereference Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2026-54127 HIGH PATCH NEWS Exploit Unlikely This Week

Local privilege escalation in the Windows Hyper-V virtualization stack lets an attacker running code on an affected host trigger a use-after-free to gain higher privileges. The flaw affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2022/2025, was reported by Microsoft, and has a vendor patch available. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the modeled full compromise of confidentiality, integrity, and availability (C:H/I:H/A:H) makes it a meaningful patch-cycle priority.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +5
NVD
CVSS 3.1
7.4
EPSS
0.2%
CVE-2026-50694 HIGH PATCH NEWS This Week

Remote code execution in the Windows Secure Socket Tunneling Protocol (SSTP) component lets an unauthenticated network attacker run arbitrary code by triggering a use-after-free (CWE-416) memory-corruption condition. The flaw spans a broad range of Windows client and server builds, from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. No public exploit is identified at time of analysis and it is not listed in CISA KEV, but the network attack vector combined with full high impact to confidentiality, integrity and availability makes it a meaningful patch priority.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +17
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2026-56170 HIGH PATCH Exploit Unlikely This Week

Denial of service in ASP.NET Core (the web framework shipped with .NET 8.0, 9.0, and 10.0) lets a remote, unauthenticated attacker exhaust server resources by triggering unbounded allocations over the network. Because affected requests are not throttled or capped, a single crafted request stream can degrade availability of the hosting process without any authentication or user interaction. Reported by Microsoft with a vendor patch available; no public exploit identified at time of analysis and no CISA KEV listing.

Denial Of Service Net 10 0 Net 8 0 Net 9 0
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2026-55948 HIGH PATCH This Week

Local code execution in Microsoft Excel (2016, Office 2019, Office LTSC 2021/2024, Microsoft 365 Apps, Office for Mac, and Office Online Server) arises from a use-after-free memory corruption (CWE-416) that an attacker triggers when a victim opens a maliciously crafted spreadsheet. Exploitation runs code in the context of the current user and requires user interaction (opening the file), with no public exploit identified at time of analysis. This is a locally-exploited, phishing-delivered class of bug typical of Office file-format handlers, patched by Microsoft via MSRC.

Use After Free Memory Corruption Denial Of Service Microsoft Microsoft 365 Apps For Enterprise +8
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-54995 HIGH PATCH NEWS This Week

Remote code execution in the Windows Reliable Multicast Transport Driver (RMCAST) lets an unauthenticated network attacker trigger a use-after-free (CWE-416) and run arbitrary code on a broad range of Windows 10, Windows 11, and Windows Server systems (Server 2012 through Server 2025). Rated CVSS 8.1, the flaw carries high impact to confidentiality, integrity, and availability but requires winning a race condition (AC:H), and no public exploit identified at time of analysis. Reported by Microsoft with a vendor patch available.

Use After Free Memory Corruption Denial Of Service Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2026-54119 HIGH PATCH This Week

Denial of service in Windows Active Directory (spanning Windows 10, Windows 11, and Windows Server 2012 through 2025) lets a remote, unauthenticated attacker send crafted network traffic that drives an AD service into an infinite loop, exhausting CPU and rendering domain services unavailable. Because the CVSS vector is AV:N/AC:L/PR:N/UI:N with high availability impact and no confidentiality or integrity loss, this is a pure availability threat against domain controllers. Microsoft has released a patch; there is no public exploit identified at time of analysis and no CISA KEV listing.

Microsoft Denial Of Service Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2026-54114 HIGH PATCH Exploit Likely This Week

Local privilege escalation in Microsoft Windows Win32K (the kernel-mode GUI subsystem) allows an authenticated local user to elevate to SYSTEM by triggering a use-after-free (CWE-416) memory corruption condition. The flaw affects a broad range of supported builds spanning Windows 10 1809 through Windows 11 26H1 and Windows Server 2019 through 2025, including Server Core installations. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1809 +10
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2026-55000 MEDIUM PATCH Exploit Unlikely This Month

Privilege escalation via use-after-free in the Windows USB Print Driver affects Windows 11 (versions 24H2, 25H2, 26H1) and Windows Server 2025, requiring physical access to exploit. An attacker with hands-on access to a target machine can trigger a memory corruption condition through the USB print subsystem to achieve full local privilege escalation - High confidentiality, integrity, and availability impact per CVSS. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +4
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2026-54989 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Quality Windows Audio/Video Experience (QWAVE) service lets an already-authenticated, low-privileged user elevate to higher privileges by exploiting a use-after-free (CWE-416) memory-corruption condition. The flaw spans a broad range of builds from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. Microsoft has released a patch; there is no public exploit identified at time of analysis, and the CVSS 3.1 base score is 7.0 (AV:L/AC:H/PR:L).

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +17
NVD VulDB
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-54129 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Hyper-V (CWE-416 use-after-free) allows an authenticated attacker already running low-privileged code on an affected host to elevate to higher privileges, with full confidentiality, integrity, and availability impact. Reported by Microsoft and affecting a broad range of Windows 10, Windows 11, and Windows Server builds including Server 2019/2022/2025. No public exploit identified at time of analysis, and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1809 +10
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-50506 HIGH PATCH Exploit Unlikely This Week

Uncontrolled resource allocation in Microsoft's ASP.NET Core OData libraries (Microsoft.AspNetCore.OData and Microsoft.AspNet.OData) lets a remote, unauthenticated attacker exhaust server resources and cause a denial of service over the network. Any web application or API exposing OData query endpoints built on the affected packages is at risk, and the CVSS 7.5 rating reflects a high-availability impact with no confidentiality or integrity compromise. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.

Denial Of Service Aspnet Odata Aspnetcore Odata
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2026-49173 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel (Windows 11 version 26H1) lets an already-authenticated low-privileged user corrupt kernel memory through a use-after-free condition and gain SYSTEM-level control. Microsoft self-reported the flaw and has shipped a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The CVSS 7.8 (High) score reflects full confidentiality, integrity, and availability compromise achievable entirely from a local, low-privilege foothold with no user interaction.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 26H1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-49171 HIGH PATCH Exploit Unlikely This Week

Local privilege elevation in the Windows Speech component (Text-to-Speech / speech runtime) affects a broad range of Windows 10, Windows 11, and Windows Server releases, where a use-after-free (CWE-416) lets an already-authenticated local user corrupt memory to run code at higher privilege. Exploitation is non-trivial - it requires local access, low-level authentication, user interaction, and winning a memory-timing condition - and the CVSS 7.5 rating reflects a scope-changed, high-impact outcome. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV, so this is a patch-on-cycle EoP rather than an emergency.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +13
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-49169 HIGH PATCH Exploit Unlikely This Week

Remote code execution in the Windows Server 2025 DNS Server role allows a privileged, authenticated attacker to run arbitrary code over the network by triggering a use-after-free (CWE-416) memory-corruption condition. The flaw carries a CVSS 8.0 rating with a changed scope, meaning successful exploitation can affect resources beyond the vulnerable component. Microsoft has issued a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Windows Server 2025 Windows Server 2025 Server Core Installation
NVD
CVSS 3.1
8.0
EPSS
0.5%
CVE-2026-49167 MEDIUM PATCH Exploit Unlikely This Month

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1809 +10
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2026-49166 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Printer Drivers on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 allows an authenticated local attacker to gain SYSTEM-level privileges by triggering a use-after-free memory-corruption condition. The flaw grants full confidentiality, integrity, and availability impact (C:H/I:H/A:H) once low-level local access is obtained. Reported by Microsoft with a patch available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +4
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-49162 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Brokering File System (bfs.sys/Bfs component) affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 (including Server Core), where a use-after-free (CWE-416) lets an already-authenticated local attacker corrupt kernel/broker memory to gain SYSTEM-level privileges. Exploitation requires low privileges but high attack complexity, and there is no public exploit identified at time of analysis. Microsoft has released a patch via its MSRC update guide.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +4
NVD VulDB
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-48571 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows App Installer (the AppX/MSIX deployment component) lets a low-privileged but authenticated user corrupt memory via a use-after-free (CWE-416) and gain higher privileges on the host. The flaw affects Windows 11 (23H2, 24H2, 25H2, 26H1) and Windows Server 2025, was reported by Microsoft, and has a vendor patch available. There is no public exploit identified at time of analysis and it is not on CISA KEV, though the CVSS 7.0 rating and full C/I/A impact make it a meaningful patch-cycle priority.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 23H2 +5
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-59884 HIGH PATCH This Week

Denial of service in the pyasn1 Python ASN.1 library (versions prior to 0.6.4) allows a remote attacker to exhaust CPU and crash applications by supplying crafted BER, CER, or DER encoded data. The shared BER decoder parses long-form tags without bounding the tag ID size, so a malicious tag forces construction of an arbitrarily large integer whose processing scales quadratically, and on Python 3.11+ triggers unhandled ValueError exceptions in integer-to-string error formatting. No public exploit identified at time of analysis, though the fix commit ships proof-of-concept test cases; not listed in CISA KEV.

Python Denial Of Service Pyasn1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-59885 HIGH PATCH This Week

Denial of service in the pyasn1 Python ASN.1 library (all versions prior to 0.6.4) allows remote attackers to exhaust CPU by submitting a small crafted OBJECT IDENTIFIER or RELATIVE-OID whose arcs are decoded in quadratic time, so any application that calls decode() on untrusted ASN.1 data can be stalled per call; re-encoding such values triggers the same blow-up. Rated CVSS 7.5 (availability-only) with no confidentiality or integrity impact; no public exploit identified at time of analysis, though the fix commit ships a regression test that effectively demonstrates the trigger. As a foundational dependency behind LDAP, SNMP, X.509/PKI and crypto tooling across the Python ecosystem, its broad transitive reach makes this notable despite the modest severity.

Python Denial Of Service Pyasn1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-59886 HIGH PATCH This Week

Uncontrolled resource consumption in the pyasn1 Python ASN.1 library (versions prior to 0.6.4) lets remote attackers hang applications that decode untrusted BER/CER/DER data. A REAL value only a few bytes long can encode an enormous exponent; when the decoded univ.Real object is later printed, logged, compared, or converted via prettyPrint(), str(), int(), or float(), pyasn1 performs exact big-integer exponentiation that consumes excessive CPU and memory. There is no public exploit identified at time of analysis, but the network/no-auth/no-interaction, availability-only profile makes this a straightforward denial-of-service primitive; the issue is fixed in version 0.6.4.

Python Denial Of Service Pyasn1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-59200 HIGH PATCH This Week

Uncontrolled memory consumption in Python Pillow (PIL) versions 5.1.0 through 12.2.x allows a remote attacker to cause denial of service by supplying a small crafted PDF whose FlateDecode stream declares a large Length; PdfParser.PdfStream.decode() passes this attacker-controlled Length straight to zlib.decompress() as the bufsize with no upper bound, so a tiny file inflates into gigabytes of decompressed data and exhausts host memory. Fixed in 12.3.0 by streaming decompression with a bounded max_length. No public exploit identified at time of analysis and this CVE is not in CISA KEV, but the trigger is trivial to construct.

Python Denial Of Service Pillow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-12523 HIGH PATCH This Week

Remote memory exhaustion in Cloudflare quiche's HTTP/3 layer allows unauthenticated attackers to crash or degrade QUIC servers by sending specially crafted HTTP/3 frames that trigger over-allocation. Two distinct defects are involved: frame parsers pre-allocate buffers based on an attacker-declared length field without requiring the bytes to actually be sent, and QPACK decompression fails to enforce the configured MAX_FIELD_SECTION_SIZE limit, so crafted HEADERS frames commit far more memory than advertised. No public exploit identified at time of analysis; impact is availability-only (CVSS 7.5) with no confidentiality or integrity effect.

Denial Of Service Quiche
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-62642 MEDIUM PATCH This Month

Roundcube Webmail's TNEF (winmail.dat) decoder enters an infinite loop when processing a specially crafted TNEF attachment, causing denial of service for users on affected installations. Versions before 1.6.17 and 1.7.x before 1.7.2 are confirmed affected per the vendor advisory issued 2026-07-05. No public exploit code and no active exploitation (CISA KEV) have been identified; the CVSS vector confirms user interaction is required, limiting automatable mass exploitation.

Denial Of Service Webmail
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.3%
CVE-2026-62641 MEDIUM PATCH This Month

Denial of service in Roundcube Webmail's TNEF decoder allows remote senders to crash the webmail parser by embedding a crafted compressed-RTF size field inside a winmail.dat attachment. Affected versions are all Roundcube Webmail releases before 1.6.17 and 1.7.x before 1.7.2. Release notes confirm the defect manifests as an infinite loop in the TNEF parser, meaning repeated delivery of malicious emails could degrade server availability for affected users. No public exploit has been identified at time of analysis, and this vulnerability is not listed in CISA KEV.

Denial Of Service Webmail
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-59203 HIGH PATCH This Week

Denial of service in Python Pillow 12.0.0 through 12.2.0 lets a remote attacker hang an application by supplying a crafted EPS image whose %%BeginBinary directive declares a negative byte count, causing the EPS parser to seek backwards and re-parse the same directive forever. Any service that calls Image.open() on attacker-supplied EPS data is affected until upgraded to 12.3.0. No public exploit identified at time of analysis, though the upstream fix PR includes a test reproducer; the flaw is not listed in CISA KEV.

Python Denial Of Service Pillow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-60081 HIGH PATCH This Week

Memory-exhaustion denial of service in the DBI::ProfileData module (bundled with Perl DBI) before version 1.651 allows an attacker who supplies a crafted profile dump file to force the parser into allocating an oversized array. Because the path-index column is read directly from an untrusted file and used to size an in-memory array, a tiny malicious file can amplify into large memory consumption (CWE-770). There is no public exploit identified at time of analysis and it is not in CISA KEV, but a vendor patch and root-cause commit are available.

Denial Of Service Dbi
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-12707 HIGH PATCH This Week

Denial of service in Cloudflare quiche (all versions before 0.29.3) allows a remote unauthenticated peer to exhaust server memory by triggering rapid post-handshake source address migration, causing unbounded queuing of PathEvent::ReusedSourceConnectionId entries in the internal PathEvents collection. Because the queue grows without limit whenever an application does not drain it via path_event_next(), an attacker can force high memory consumption and crash or degrade the server; notably, servers remain vulnerable even when active connection migration is disabled. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Denial Of Service Quiche
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-10672 HIGH PATCH This Week

Out-of-bounds memory read in the Zephyr RTOS LwM2M firmware-update pull client (subsys/net/lib/lwm2m/lwm2m_pull_context.c) lets a LwM2M management server — or an on-path attacker on a session lacking strong DTLS — leak adjacent device memory and crash the device by writing an over-length Package URI (resource /5/0/1). Affected releases span v3.0.0 through v4.4.0 with the default-on CONFIG_LWM2M_FIRMWARE_UPDATE_PULL_SUPPORT path enabled. No public exploit identified at time of analysis; a vendor patch is available and EPSS/KEV signals are absent.

Buffer Overflow Denial Of Service Information Disclosure Zephyr
NVD GitHub
CVSS 3.1
8.2
EPSS
0.3%
CVE-2026-10670 MEDIUM PATCH This Month

NULL pointer dereference in Zephyr RTOS's syscall verifier allows an unprivileged user-mode thread to crash the kernel across the userspace security boundary. The z_vrfy_k_thread_name_copy() verification handler in kernel/thread.c incorrectly guards against the caller-supplied thread pointer being NULL rather than the ko pointer returned by k_object_find(), so any non-NULL but unregistered address bypasses the check and triggers a supervisor-mode NULL dereference that halts or reboots the system. Affecting Zephyr v2.0.0 through v4.4.0 when built with CONFIG_USERSPACE and CONFIG_THREAD_NAME enabled, no public exploit code and no CISA KEV listing have been identified at time of analysis, but the one-syscall reproducibility makes this straightforward to trigger in qualifying builds.

Denial Of Service Null Pointer Dereference Zephyr
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-10669 HIGH PATCH This Week

Local privilege escalation and kernel memory corruption in Zephyr RTOS on Xtensa SoCs (v3.7.0 through v4.4.0) built with CONFIG_XTENSA_MPU and CONFIG_USERSPACE, where arch_buffer_validate() fails open on an integer-overflow edge case, letting an unprivileged user thread trick the kernel into reading or writing arbitrary kernel/partition memory on its behalf. The flaw stems from a default-permit return value combined with a ROUND_UP address-space wrap that skips the MPU probe loop entirely, and it is not caught by the existing syscall-layer overflow guards. Vendor patch is available; no public exploit identified at time of analysis, and this is not in CISA KEV.

Denial Of Service Privilege Escalation Information Disclosure Buffer Overflow Memory Corruption +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-10573 HIGH This Week

Remote denial-of-service in Rockwell Automation's 1734 POINT I/O module allows unauthenticated network attackers to force the module into a faulted state by sending specially crafted CIP (Common Industrial Protocol) messages, halting I/O processing until a manual restart is performed. The CVSS 4.0 base score of 8.7 reflects a high availability impact against a network-reachable OT device with no privileges or user interaction required. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.

Denial Of Service 1734 Point I O
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2026-9140 HIGH This Week

Denial-of-service in the Rockwell Automation 1719-AENTR (and companion 1718-AENTR) EtherNet/IP adapter allows remote attackers to overload the device with a UDP unicast network storm, causing loss of communication that requires a manual power cycle to recover. The CVSS 4.0 score of 8.7 reflects a high availability impact reachable over the network with no privileges or user interaction. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV, but the low attack complexity makes it a real operational-technology availability concern.

Denial Of Service 1718 Aentr 1719 Aentr
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2026-12588 MEDIUM This Month

Denial of Service in Trellix HX (versions 10.0.0 and earlier) allows an authenticated network attacker to exhaust appliance resources by submitting a specially crafted highly-compressed file to the HX console, triggering the product's own detection engine to perform runaway decompression. The impact is limited to availability - the EDR appliance becomes unresponsive - but disruption of an endpoint detection and response platform carries secondary operational risk by creating a monitoring blind spot. No public exploit code has been identified at time of analysis, and no CISA KEV listing exists.

Denial Of Service
NVD
CVSS 4.0
6.0
EPSS
0.2%
CVE-2026-15690 LOW POC Monitor

Null pointer dereference in open62541's client library (versions up to 1.5.5) allows a remote OPC UA server to crash a connecting client by returning a malformed Server_NamespaceArray during session establishment, causing denial of service. The flaw is client-side only - server deployments are unaffected - and exploitation requires the attacker to control or impersonate a server the vulnerable client connects to, making practical exploitation high-complexity. A proof-of-concept exists as a GitHub issue report; no public exploit is confirmed as weaponized and the vulnerability is not listed in CISA KEV.

Denial Of Service Null Pointer Dereference Open62541
NVD VulDB GitHub
CVSS 4.0
1.3
EPSS
0.4%
CVE-2026-54429 MEDIUM This Month

Denial of service in Siemens SIMATIC S7-PLCSIM Advanced (all versions) allows an unauthenticated attacker on the same local network segment to exhaust the application's memory by flooding it with high-volume multicast traffic, rendering the PLC simulation instance inaccessible until manually restarted. Exploitation is limited to instances running a specific active project configuration, and no project data is lost. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Denial Of Service Simatic S7 Plcsim Advanced
NVD
CVSS 4.0
6.0
EPSS
0.2%
CVE-2026-59246 MEDIUM PATCH This Month

Memory exhaustion in elixir-mint's HTTP/2 client library (mint) allows a malicious or attacker-controlled HTTP/2 server to crash any BEAM application using the library by streaming unbounded zero-length CONTINUATION frames that bypass the existing byte-size guard. Affected versions span mint 0.1.0 through 1.9.1; a vendor-released patch is confirmed in 1.9.2. No public exploit or CISA KEV listing exists at time of analysis, but the explicit SSRF and redirect attack vectors meaningfully increase realistic exposure for server-side Elixir applications that proxy user-supplied URLs.

SSRF Denial Of Service Mint
NVD GitHub
CVSS 4.0
6.3
EPSS
0.3%
CVE-2026-58229 HIGH PATCH This Week

Unbounded memory consumption in the Elixir Mint HTTP client (versions 0.1.0 through 1.9.1) lets a malicious or attacker-influenced HTTP server crash the entire BEAM application acting as the client. The HTTP/1 header and chunked-trailer parsers accumulate every incoming header line into a per-request buffer with no size or count cap, so a server that streams headers forever without sending the terminating blank line drives the client host to out-of-memory death. No public exploit or CISA KEV listing has been identified at time of analysis; a vendor patch (1.9.2) and fix commit are available, and the EPSS/POC signals are unremarked in the source data.

SSRF Denial Of Service Mint
NVD GitHub
CVSS 4.0
8.2
EPSS
0.3%
CVE-2026-9561 HIGH This Week

Log integrity spoofing in Eclipse Kura before 5.6.2 lets an unauthenticated remote attacker forge the client IP recorded in audit logs by supplying a crafted X-Forwarded-For header, because the Jetty ForwardedRequestCustomizer is installed unconditionally on every connector and getRemoteAddr() reflects the header value. This enables bypass of IP-based brute-force defenses like fail2ban (spoofing a non-routable source to evade bans) or a denial of service against a third party by injecting a victim IP so their address is banned. No public exploit is identified at time of analysis and it is not on CISA KEV; CVSS 4.0 base score is 8.8.

Denial Of Service Eclipse Kura
NVD VulDB
CVSS 4.0
8.8
EPSS
0.2%
CVE-2026-58319 CRITICAL PATCH Act Now

Missing authentication on Apache Doris Frontend (FE) HTTP REST administrative APIs allows any unauthenticated attacker with network reach to the FE HTTP service to invoke privileged administrative operations, degrading cluster integrity and availability up to full denial of service. All Apache Doris releases before 3.1.0 (per EUVD, the 2.1.0 through pre-3.1.0 line) are affected, and a fixed release exists in 3.1.0. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; the 9.1 Critical CVSS reflects the trivial unauthenticated network exploitability rather than confirmed in-the-wild use.

Apache Authentication Bypass Denial Of Service Doris
NVD VulDB
CVSS 3.1
9.1
EPSS
0.3%
CVE-2026-51105 HIGH This Week

Denial of service in aMule 2.3.3 lets a remote eD2k server crash the client by sending a malformed OP_SERVERMESSAGE packet that overflows a stack buffer (CWE-121). The flaw is triggered client-side when parsing server-supplied message data, so any hostile or spoofed server the client connects to can terminate the application. No public exploit has been identified at time of analysis, and the issue is documented only as an upstream bug report (amule GitHub issue #445), not a released patch.

Buffer Overflow Stack Overflow Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-58101 HIGH PATCH This Week

Denial of service in the Crypt::OpenSSL::X509 Perl module before 2.1.3 lets a malformed X.509 certificate crash any Perl process that parses it. Four helper functions (basicC, ia5string, auth_att, keyid_data) dereference NULL pointers returned by OpenSSL's X509V3_EXT_d2i() on unparseable extensions - and keyid_data/auth_att additionally deref an akid->keyid field that is legitimately NULL for an empty Authority Key Identifier (DER 30 00). There is no public exploit identified at time of analysis, but the fix commit and a clear crash mechanism are published; CVSS is 7.5 (availability-only).

OpenSSL Denial Of Service Null Pointer Dereference Crypt
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-58486 HIGH This Week

Denial of service in HedgeDoc before 1.11.0 lets a user who can store a note crash the instance by embedding a YAML "alias bomb" in the note frontmatter. Because HedgeDoc parsed frontmatter with the unsafe js-yaml v3 load (via @hedgedoc/meta-marked) and resolved anchor aliases, a compact ten-level payload expands into a massive object that blocks the single Node.js event loop for roughly 235 seconds on every request to the publish view (/s/<shortid>) or, under the opengraph key, the editor view (/<noteId>). No public exploit has been identified at time of analysis and the flaw is not in CISA KEV, but the stored payload persists in the database and re-triggers after process restarts, making outages durable until the note is deleted.

Node.js Denial Of Service Hedgedoc
NVD GitHub
CVSS 4.0
8.3
EPSS
0.2%
CVE-2026-59801 npm CRITICAL POC Act Now

Unauthenticated CRUD on the provider-management API in 9Router (through 0.4.41) lets remote attackers with no credentials enumerate, create, modify, and delete provider connections via the Next.js routes under src/app/api/providers/*. Because the /api/providers endpoints ship without authentication middleware, attackers can harvest partial credentials, OAuth tokens, and API keys, redirect AI traffic to attacker-controlled providers, or wipe all connections for a full denial of service; the companion /api/usage/stats endpoint further leaks full plaintext API keys. Rated CVSS 4.0 9.3 (critical); no public exploit identified at time of analysis, though the trivial access makes exploitation straightforward.

Authentication Bypass Denial Of Service 9Router
NVD GitHub
CVSS 4.0
9.3
EPSS
0.5%
CVE-2026-40469 MEDIUM PATCH This Month

Integer overflow in gawk's do_sub() routine (builtin.c) enables heap metadata corruption on 32-bit builds, crashing the process. Affecting all gawk versions through 5.4.0 compiled for 32-bit architectures, this flaw was reported by CERT-PL and is limited exclusively to the availability domain - the CVSS 4.0 vector confirms no confidentiality or integrity impact. No public exploit code or active exploitation has been identified at time of analysis, and a patch commit is available upstream.

Denial Of Service Integer Overflow Gawk
NVD VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2026-40467 MEDIUM PATCH This Month

Use-after-free memory corruption in gawk's do_getline_redir() routine within io.c allows a local attacker to crash the gawk process, causing a denial of service. All gawk versions 5.4.0 and below are affected, as confirmed by CERT-PL and an upstream patch commit. No active exploitation has been identified (not in CISA KEV), and the impact is confined to availability - no confidentiality or integrity effects have been demonstrated.

Denial Of Service Use After Free Memory Corruption Gawk
NVD VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2026-13014 CRITICAL Act Now

Remote unauthenticated code execution in Thales CERT's "Suspicious" email-analysis application (versions 1.3.4 and earlier), dubbed "Matryoshka Mail," lets an attacker abuse path traversal in attachment handling to overwrite writable application files-Python modules, configuration, cron inputs, and runtime artifacts-yielding root-level execution inside the Django container. Because the affected code runs Python and processes attacker-supplied mail, overwriting an imported module effectively converts arbitrary file write into RCE, plus persistent denial of service and possible exposure of application secrets and integrations. No public exploit identified at time of analysis and the issue is not in CISA KEV, but it carries a CVSS 4.0 base score of 9.2 and vendor-credited discovery by Lucien Doustaly (wlayzz).

Denial Of Service Path Traversal RCE Python Suspicious
NVD GitHub
CVSS 4.0
9.2
EPSS
0.7%
CVE-2026-22102 CRITICAL PATCH Act Now

Arbitrary file write in the Evbee DC-80 EV charging station lets remote unauthenticated attackers overwrite any file on the device by sending a POST request whose Content-Disposition filename parameter is trusted without validation. Because a written file can clobber system files (denial of service) or replace shell scripts that are later executed, this escalates to remote code execution. There is no public exploit identified at time of analysis, but the CVSS 4.0 base score of 9.3 and CWE-20 root cause make this a critical, high-priority flaw.

Denial Of Service Dc 80
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2026-6850 MEDIUM This Month

Catastrophic regex backtracking in Mattermost's client-side markdown parser can be triggered by an authenticated user posting a specially crafted message attachment, causing a denial-of-service condition for every user rendering that channel. Affected builds span versions 11.7.x through 11.7.2, 11.6.x through 11.6.4, and 10.11.x through 10.11.19. No public exploit has been identified at time of analysis and this vulnerability is not listed in CISA KEV, though the low exploitation complexity (AC:L, PR:L) lowers the bar for any authenticated insider or compromised account.

Denial Of Service Mattermost
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-39042 HIGH This Week

Denial of service in MikroTik RouterOS 7.21.x (before 7.21.4) and 7.22.x (before 7.22.2) allows a remote unauthenticated attacker to crash the core inter-process communication layer by triggering an integer overflow in the unflatten() function of the bundled libumsg.so library. Successfully exploiting it disrupts device availability without touching data confidentiality or integrity. There is no public exploit identified at time of analysis, though a third-party research blog documents the underlying integer overflow; EPSS is low at 0.20% (10th percentile).

Denial Of Service Mikrotik Integer Overflow N A
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-51539 HIGH This Week

A Denial of Service (DoS) vulnerability exists in the receive loop of libmodbus 3.1.12 when running on Windows. The issue stems from improper timeout management during network read operations.

Microsoft Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-10668 LOW PATCH Monitor

Denial of service in Zephyr RTOS's Nuvoton NuMaker HSUSBD USB device-controller driver allows a physical or adjacent USB host to permanently wedge the device's USB control endpoint. The driver unconditionally arms the control Data IN stage without accounting for the hardware's inability to disarm an already-armed transfer, so a host that cancels an in-flight control transfer and then re-issues a SETUP packet drives the driver out of sync. Repeated cancel-and-re-SETUP cycles cause the control endpoint to NAK every subsequent transfer, rendering the USB function non-operational until a USB reset or re-plug. No public exploit identified at time of analysis.

Denial Of Service Zephyr
NVD GitHub VulDB
CVSS 3.1
2.4
EPSS
0.1%
CVE-2026-10667 HIGH PATCH This Week

Kernel memory corruption in the Zephyr RTOS (versions v1.14.0 through v4.4.0) lets an unprivileged user-mode thread corrupt the kernel's dynamic object-tracking list across the userspace security boundary. The flaw is a use-after-free race (CWE-416) in the obj_list traversal, exploitable only on builds combining CONFIG_SMP, CONFIG_USERSPACE, and CONFIG_DYNAMIC_OBJECTS, and can yield privilege escalation or a kernel crash. No public exploit identified at time of analysis; a vendor patch is available.

Memory Corruption Buffer Overflow Denial Of Service Use After Free Privilege Escalation +1
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-10666 HIGH PATCH This Week

Out-of-bounds stack write in the Zephyr RTOS IPv4 address parser (parse_ipv4() in subsys/net/ip/utils.c) lets an attacker corrupt memory when an application resolves an attacker-influenced "a.b.c.d:port" string, causing at minimum denial of service and potentially control-flow hijack on the affected embedded device. The defect exists in every release from v1.9.0 through v4.4.0 and is reachable through the standard socket resolver (zsock_getaddrinfo), DNS server-string configuration, and the eswifi Wi-Fi DNS-response path. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but a vendor fix (two upstream commits and advisory GHSA-532c-7g7f-jhmh) is available.

Memory Corruption Denial Of Service Buffer Overflow Zephyr
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.3%
CVE-2026-10665 HIGH PATCH This Week

Out-of-bounds write in the WireGuard subsystem of Zephyr RTOS 4.4.0 lets a malicious or compromised WireGuard peer (or an on-path attacker driving an established session) corrupt memory by sending an oversized transport-data datagram. Because the flawed copy occurs before the Poly1305 authentication check, exploitation needs only a valid receiver session index rather than a valid authenticator, and reliably yields at least a remote denial of service on the target device. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; the Zephyr project has published advisory GHSA-3wqm-wgx2-9367 and an upstream fix.

Memory Corruption Denial Of Service Buffer Overflow Zephyr
NVD GitHub VulDB
CVSS 3.1
7.4
EPSS
0.4%
CVE-2026-10663 MEDIUM PATCH This Month

Use-after-free and double-free in Zephyr RTOS's experimental USB host stack (CONFIG_USB_HOST_STACK, introduced in v4.4.0) allows an attacker with physical USB access to crash the target device or corrupt live kernel slab objects by bouncing a USB device connection to trigger a second removal event after the slab has already been freed. The flaw exists because usbh_device_disconnect() frees the root usb_device slab object without clearing the cached ctx->root pointer, and UHC controller drivers (uhc_max3421e, uhc_mcux_common) emit UHC_EVT_DEV_REMOVED directly from hardware line-state with no debounce or re-entry guard. No public exploit identified at time of analysis, and no CISA KEV listing; the physical-access prerequisite substantially constrains the realistic attacker population.

Memory Corruption Buffer Overflow Denial Of Service Use After Free Zephyr
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.2%
CVE-2026-56877 MEDIUM This Month

Skillable's hosted SCORM lab launch endpoint at scorm.skillable.com enforces per-user lab allocation limits against a client-supplied userId query parameter that is never validated against the authenticated SCORM session token, enabling any enrolled learner to bypass rate limits, provision concurrent cloud VM lab instances at the course provider's expense, and exhaust another enrolled user's lab or exam allocation to deny them access. The vulnerability (CWE-639) was confirmed against the reporter's own account and a consenting fellow student on 2026-05-03; the vendor subsequently acknowledged in a private customer advisory that exam allocations and another learner's active session details are also reachable via the same mechanism. No fix is planned for the SCORM launch path; the vendor characterises the weakness as an inherent SCORM limitation and recommends migration to API or LTI 1.3 integrations. No public exploit code has been released, but the attack technique is trivially reproducible by any enrolled student with a proxy.

Denial Of Service
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2026-56260 PyPI HIGH PATCH This Week

Arbitrary file write in Crawl4AI's Docker API server (versions before 0.8.7) lets remote unauthenticated attackers overwrite any file writable by the service account by abusing the unvalidated output_path parameter on the /screenshot and /pdf endpoints. Reported by VulnCheck and disclosed in GitHub advisory GHSA-365w-hqf6-vxfg, the flaw enables path traversal or absolute-path writes that corrupt server files and cause denial of service. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the network-reachable, no-privileges attack surface makes it a straightforward target once a Crawl4AI Docker server is exposed.

Path Traversal Denial Of Service Docker Crawl4ai
NVD GitHub VulDB
CVSS 4.0
8.8
EPSS
0.4%
CVE-2026-10660 MEDIUM PATCH This Month

Out-of-bounds write in Zephyr RTOS's Bluetooth BAP Broadcast Assistant (subsys/bluetooth/audio/bap_broadcast_assistant.c v4.4.0 and earlier) allows a BLE-adjacent attacker operating one or more malicious Scan Delegator peripherals to corrupt the target device's memory or cause a denial of service. The root cause is a file-static 512-byte att_buf (net_buf_simple) shared across all connection instances: when the Broadcast Assistant holds two or more concurrent BLE connections, concurrent GATT notification callbacks interleave writes into this buffer without tailroom checks, enabling writes past the BSS boundary into adjacent memory. No public exploit has been identified and exploitation requires high attack complexity, but the memory corruption primitive is serious for embedded/IoT targets where crash recovery may be unavailable.

Memory Corruption Denial Of Service Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2026-61870 LOW PATCH Monitor

Memory exhaustion denial of service in ImageMagick before 7.1.2-26 results from an unreleased memory leak in the VIFF image encoder triggered by failed memory allocation during image processing. Locally-positioned attackers without privileges can supply specially crafted VIFF images to repeatedly trigger this leak, gradually exhausting system memory. The CVSS 4.0 score of 2.1 with local attack vector, high complexity, and additional prerequisites indicates this is a low-severity, operationally limited issue; no public exploit code or CISA KEV listing has been identified at time of analysis.

Denial Of Service Imagemagick
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-61861 MEDIUM PATCH This Month

Use-after-free in ImageMagick before 7.1.2-26 exposes servers that process untrusted images to denial of service and potential code execution via a dangling pointer in the FormatMagickCaption method when memory allocation fails. The CVSS 4.0 vector scores this at 6.3, reflecting high attack complexity (AC:H) and specific prerequisite conditions (AT:P), though intelligence tags flag RCE - a claim the vendor CVSS impact metrics do not fully corroborate, as only low availability impact is scored. No public exploit has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Memory Corruption Denial Of Service Use After Free RCE Imagemagick
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.3%
CVE-2026-61857 MEDIUM PATCH This Month

Heap use-after-free in ImageMagick before 7.1.2-26 allows unauthenticated remote attackers to crash applications processing attacker-supplied image files by embedding specially crafted XMP profile data. The root cause is a missing null check (CWE-252) during XMP metadata parsing, which triggers invalid memory access and results in a denial-of-service condition. No public exploit code and no CISA KEV listing exist at time of analysis, though ImageMagick's deep integration into web image pipelines means a single malicious upload can disrupt server-side processing at scale.

Denial Of Service Imagemagick
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.2%
CVE-2026-61465 MEDIUM PATCH This Month

Memory allocation policy bypass in ImageMagick's matrix-backed operations allows a crafted image to exhaust process memory and cause a denial of service. Affected across both the version 7 series (before 7.1.2-26) and the legacy version 6 series (before 6.9.13-51), the flaw arises because operations such as -canny fail to enforce the memory ceiling set in the configured policy, nullifying a key security control. No public exploit code or active exploitation has been identified at time of analysis, and the CVSS 4.0 score of 4.8 reflects a local attack vector requiring user interaction, keeping real-world exposure moderate.

Denial Of Service Imagemagick
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2026-56372 NuGet MEDIUM PATCH This Month

Heap-based out-of-bounds read in ImageMagick before 7.1.2-19 is triggered when processing an image carrying an unrecognized magnify:method value, causing the magnify operation to read beyond allocated heap memory. Affected systems running any version prior to 7.1.2-19 can be impacted when a user or automated pipeline processes a specially crafted image file, with outcomes ranging from partial memory disclosure to application crash. No active exploitation is confirmed (not in CISA KEV) and no public proof-of-concept has been identified at time of analysis, and the CVSS 4.0 score of 4.8 (Medium) reflects the limited local/interactive nature of the attack.

Heap Overflow Denial Of Service Buffer Overflow Imagemagick
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2026-3552 MEDIUM PATCH This Month

Unauthorized data modification in SurfLink - Link Manager & Backup Restore (all versions up to 2.6.0) allows authenticated attackers with Subscriber-level access to inject arbitrary URLs into the plugin's 410 Gone database table, causing those site paths to return HTTP 410 Gone responses to all visitors. The root cause is a missing capability check (current_user_can()) and absent nonce verification (check_ajax_referer()) in the ajax_import_410() AJAX handler - a conspicuous gap given that every other AJAX handler in the same PHP class correctly implements both controls. No public exploit has been identified at time of analysis, and no CISA KEV listing is present, but the low authentication barrier and clear impact on site availability and SEO ranking make this a meaningful risk for affected WordPress deployments.

Authentication Bypass WordPress Denial Of Service Surflink Link Manager Backup Restore
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-57584 HIGH PATCH This Week

Regular-expression denial of service (ReDoS) in the Phalcon PHP framework before 5.15.0 lets remote unauthenticated attackers exhaust server CPU by sending a crafted request URI. Every default MVC application registers a built-in route whose compiled PCRE pattern contains a nested quantifier that Router::handle() evaluates against the raw request path on every request, so a path with repeated slashes followed by decoded newlines triggers catastrophic backtracking. There is no public exploit identified at time of analysis, and the CVSS 4.0 score of 8.7 reflects a high availability impact with no confidentiality or integrity effect.

Denial Of Service PHP Cphalcon
NVD GitHub
CVSS 4.0
8.7
EPSS
0.4%
CVE-2026-7639 HIGH This Week

Local memory-corruption escalation in Imagination Technologies' Graphics DDK (the PowerVR GPU driver stack) lets an unprivileged user trigger a use-after-free by issuing an improper sequence of GPU system calls. By forcing a failure path in the MMU mapping logic, an attacker leaves internal driver state incompletely cleaned up, enabling unauthorized read/write access to physical memory from shader code. There is no public exploit identified at time of analysis and EPSS is low (0.15%), but the flaw carries high confidentiality, integrity, and availability impact for local attackers.

Authentication Bypass Denial Of Service Graphics Ddk
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-55213 HIGH This Week

Remote unauthenticated denial of service in the h2o HTTP server (all versions prior to commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1) allows an attacker to crash the server by sending a crafted QPACK instruction over HTTP/3. The flaw causes lib/http3/qpack.c to allocate an ~800 KB on-stack buffer via alloca, overflowing the default musl libc pthread stack and segfaulting on the guard page. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; impact is limited to availability with no data exposure.

Denial Of Service H2O
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-57220 HIGH PATCH This Week

Memory-exhaustion denial of service in RabbitMQ server prior to 4.2.6 allows an unauthenticated remote client to crash or degrade the broker via its stream protocol listener. Because the stream listener fails to enforce the configured frame-size limit while assembling frames during authentication and before Tune negotiation, an attacker can declare oversized frame lengths and force unbounded memory allocation in rabbit_stream_core. No public exploit has been identified at time of analysis and it is not listed in CISA KEV; risk stems from the trivially reachable, pre-authentication attack surface (CVSS 7.5).

Denial Of Service Rabbitmq Server
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-57212 HIGH PATCH This Week

Uncontrolled resource consumption in the RabbitMQ Management plugin's HTTP API lets an authenticated client crash or degrade the broker by submitting oversized-but-valid JSON bodies. The flaw lives in read_complete_body, which validates accumulated body size before the final chunk but never checks the final combined size, so the with_decode and direct_request code paths buffer and decode payloads that exceed intended limits. Affected releases are all versions prior to 3.13.14, 4.0.19, 4.1.10, and 4.2.5; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Denial Of Service Rabbitmq Server
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.3%
CVE-2026-55233 HIGH PATCH This Week

Denial of service in OpenResty 1.29.2.1 through 1.29.2.4 arises from an out-of-bounds write (CWE-787) in the upstream PROXY protocol v2 implementation; when the platform is configured to prepend PROXY protocol v2 headers to upstream connections, header construction in the stream proxy-protocol-v2 patch overruns its allocated buffer and crashes the worker process. Any environment that has explicitly enabled PROXY protocol v2 for upstream connections is affected, degrading availability without any impact to confidentiality or integrity. There is no public exploit identified at time of analysis and the issue is not on CISA KEV; it is resolved in OpenResty 1.29.2.5.

Memory Corruption Denial Of Service Buffer Overflow Openresty
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-54071 PyPI HIGH POC PATCH GHSA This Week

Arbitrary Python code execution in BabelDOC (funstory-ai, pip package `babeldoc`) prior to 0.6.3 allows an attacker to run code in the context of the translation process by having a victim process a crafted PDF. The vendored pdfminer CMap loader (`cmapdb.py::_load_data`) strips only NUL bytes from a PDF-controlled CMap/Encoding name and passes it to `pickle.loads()`, so a hex-encoded absolute path in the PDF's `/Encoding` name redirects deserialization to an attacker-planted `.pickle.gz` file. A detailed, working proof-of-concept exists (publicly available exploit code exists); there is no CISA KEV listing and no public evidence of active exploitation at time of analysis.

Deserialization Python Canonical Adobe Microsoft +4
NVD GitHub
CVSS 3.1
7.8
CVE-2026-55781 LOW PATCH Monitor

Memory exhaustion in NanaZip's UFS/FFS archive handler (all versions prior to 6.5.1749.0) allows a local low-privilege attacker to terminate the NanaZip process by delivering a crafted disk image that a user opens. The root cause is missing upper-bound validation of the `fs_fsize` fragment size field in the UFS superblock - unlike `fs_bsize`, which is checked against MINBSIZE, `fs_fsize` flows unchecked into indirect-block, directory, and extraction buffer allocation calculations, enabling a tiny image file to trigger multi-gigabyte heap allocation requests. No public exploit has been identified and this vulnerability is not listed in CISA KEV; the CVSS 4.0 score of 2.4 (Low) reflects the constrained local, user-interaction-required attack path with availability-only impact.

Denial Of Service Microsoft Nanazip
NVD GitHub
CVSS 4.0
2.4
EPSS
0.1%
CVE-2026-55780 LOW PATCH Monitor

Process crash via uncaught C++ exception in NanaZip's .NET single-file bundle handler affects all versions prior to 6.5.1749.0 on Windows. The extraction buffer is sized from the bundle entry's Size field, which is validated only for sign - not against the actual file content - allowing a crafted archive to trigger an attacker-controlled allocation whose resulting std::bad_alloc or std::length_error propagates across the COM STDMETHODCALLTYPE ABI boundary and terminates the NanaZip process. Impact is limited to denial of service; no public exploit has been identified at time of analysis, and the vendor has released a fix in version 6.5.1749.0.

Denial Of Service Microsoft Nanazip
NVD GitHub
CVSS 4.0
2.4
EPSS
0.1%
CVE-2026-55783 LOW PATCH Monitor

NULL pointer dereference in NanaZip's custom archive handlers crashes the application when a user tests or extracts archives of seven specific formats. All NanaZip versions prior to 6.5.1749.0 are affected; the seven vulnerable handlers cover WebAssembly, ElectronAsar, Zealfs, Romfs, Ufs, Littlefs, and DotNetSingleFile archive types. Impact is limited to a process crash (denial of service) with no confidentiality or integrity consequence; no public exploit or active exploitation has been identified at time of analysis.

Denial Of Service Microsoft Null Pointer Dereference Nanazip
NVD GitHub
CVSS 4.0
2.4
EPSS
0.1%
CVE-2026-55782 LOW PATCH Monitor

Memory exhaustion in NanaZip's WebAssembly archive handler (prior to 6.5.1749.0) allows a crafted .wasm file to trigger multi-gigabyte heap allocations by supplying oversized 32-bit NameSize or Information.Size fields that are consumed without bounds validation in NanaZip.Codecs.Archive.WebAssembly.cpp. When a user opens or lists such an archive, NanaZip attempts to satisfy the inflated allocations via std::string or std::vector paths, exhausting process memory and causing a crash. No active exploitation or public exploit code has been identified at time of analysis; the impact is strictly limited to NanaZip process availability with no confidentiality or integrity consequence.

Denial Of Service Microsoft Nanazip
NVD GitHub VulDB
CVSS 4.0
2.4
EPSS
0.1%
CVE-2026-59193 MEDIUM PATCH This Month

Disk exhaustion and crash vulnerability in Grav's Direct Install tool allows an authenticated admin.super user to upload a specially crafted ZIP archive that decompresses without bound, filling the server disk or crashing the process. Affecting all Grav releases prior to 2.0.0, the root cause is the Installer::unZip method invoking PHP's ZipArchive::extractTo with no enforced limits on uncompressed size, entry count, or directory depth - a classic zip bomb attack surface. No public exploit code or active exploitation has been identified at time of analysis; a vendor-released fix is available in version 2.0.0.

Denial Of Service Grav
NVD GitHub
CVSS 4.0
6.9
EPSS
0.4%
CVE-2026-53653 HIGH PATCH This Week

Uncontrolled resource consumption in Grav flat-file CMS before 1.7.53 and 2.0.0-rc.8 lets a remote unauthenticated visitor crash or degrade a server by requesting on-the-fly image derivatives with absurdly large dimensions. Because Grav::fallbackUrl forwards URL query image actions such as forceResize straight to ImageMedium magic actions with no dimension or pixel ceiling, a single crafted request forces the server to allocate huge amounts of memory and CPU to build the derivative. No public exploit identified at time of analysis, but the attack is trivial and scriptable given the CVSS 4.0 VA:H, AV:N/AC:L/PR:N profile.

Denial Of Service Grav
NVD GitHub
CVSS 4.0
8.7
EPSS
0.3%
CVE-2026-55687 HIGH PATCH This Week

Denial of service in Espressif's ESP-IDF JPEG driver (versions 6.0.1, 5.5.4, 5.4.4, 5.3.5 and likely earlier) stems from an out-of-bounds stack write in jpeg_parse_dqt_marker(), where the attacker-controlled DQT marker Tq nibble indexes the qt_tbl array without a 0..3 bounds check. Any application that feeds untrusted JPEG data into the hardware JPEG decode path can be reliably crashed by a single malformed image. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; the vendor has released a fix in 6.0.2 with backports pending for the 5.x branches.

Buffer Overflow Denial Of Service Stack Overflow Esp Idf
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-54063 Go HIGH POC PATCH GHSA This Week

Denial of service in the Excelize Go library (github.com/xuri/excelize/v2, a.k.a. qax-os/excelize) before 2.11.0 allows remote attackers to crash any service that opens attacker-supplied XLSX files and reads cell values. The checkSheet() function trusts the <row r="N"> XML attribute as an allocation length, enabling either a ~16 GB out-of-memory kill (r=2147483647) or a runtime panic from negative-index slicing (r=-1). No authentication is required; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Denial Of Service Microsoft Excelize
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2026-59161 HIGH PATCH This Week

Uncontrolled memory and CPU consumption in Excelize (qax-os/excelize), the widely used Go library for reading and writing Microsoft Excel spreadsheets, before version 2.11.0 lets a crafted XLSX file trigger a denial of service. The streaming worksheet reader behind the Rows and GetRows APIs fails to enforce the TotalRows (1,048,576) limit on the row 'r' attribute, so a tiny file declaring an out-of-range row index with no cell coordinate forces GetRows to allocate empty rows up to that attacker-chosen index. No public exploit identified at time of analysis, but the trigger is trivial to construct and the fix is confined to a single validation check.

Denial Of Service Microsoft Excelize
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.5%
CVE-2026-61455 HIGH PATCH This Week

Denial of service in Grav CMS before 2.0.1 allows authenticated users to exhaust server storage by uploading a crafted ZIP archive (a decompression bomb) that the ZipArchiver::extract() routine expands without enforcing limits on uncompressed size, file count, or nesting depth. The CVSS 4.0 base score of 7.1 reflects a network-reachable, low-privilege flaw whose sole impact is high availability loss. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Denial Of Service Grav
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.2%
CVE-2026-58661 MEDIUM PATCH This Month

Disk space exhaustion in n8n's data-table file upload endpoint allows an authenticated user to progressively fill the host's disk by repeatedly uploading files whose cumulative size is never checked against what already exists in the shared temporary directory. Affected versions span all n8n releases before 2.28.0 on the 2.x branch and before 1.123.58 on the 1.x branch. The flaw is rooted in a stateless per-request quota that ignores previously written files, enabling a low-privileged user to loop uploads between periodic cleanup cycles until disk space is exhausted, potentially disrupting the host and all co-resident services. No public exploit code or CISA KEV listing has been identified at time of analysis.

Denial Of Service File Upload N8n
NVD GitHub
CVSS 4.0
5.3
EPSS
0.2%
CVE-2026-56373 NuGet MEDIUM PATCH This Month

Use-after-free in ImageMagick's PDB decoder (all versions before 7.1.2-15) allows remote attackers supplying crafted Palm Database image files to crash the application or write a single null byte to freed heap memory. The flaw manifests specifically when memory allocation fails during PDB decoding, leaving a stale pointer that is subsequently dereferenced rather than nulled or re-validated. No public exploit or active exploitation has been identified at time of analysis; the CVSS 4.0 score of 6.3 reflects constrained exploitation conditions (AC:H, AT:P) and impact limited strictly to availability.

Memory Corruption Denial Of Service Use After Free Imagemagick
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.2%
CVE-2026-56366 NuGet MEDIUM PATCH This Month

Memory leak in ImageMagick's META reader (versions before 7.1.2-18) enables denial of service through resource exhaustion when processing specially crafted APP1JPEG image files. The flaw sits in the error-handling path of the META reader, meaning memory allocated during malformed APP1JPEG processing is never freed, allowing an attacker to repeatedly trigger the leak until the host process exhausts available memory. No public exploit code has been identified at time of analysis and this vulnerability is not listed in the CISA KEV catalog; the CVSS 4.0 score of 4.8 (Medium) reflects limited impact scope.

Denial Of Service Imagemagick
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2026-56309 MEDIUM PATCH This Month

Plan quota enforcement is missing on the /files/upload/attachments endpoint in Capgo before 12.128.2, allowing upload-scoped API keys to bypass plan restrictions and create publicly readable Cloudflare R2 objects regardless of account standing. Apps that have been plan-blocked or suspended retain the ability to upload arbitrary attachments that persist outside bundle metadata and survive app deletion, enabling sustained storage and bandwidth abuse against the Capgo platform. No public exploit has been identified at time of analysis, and the vulnerability has not been confirmed as actively exploited.

Denial Of Service Capgo
NVD GitHub
CVSS 4.0
5.3
EPSS
0.3%
CVE-2026-56814 MEDIUM PATCH This Month

Denial of service in Elixir's Plug library (versions 1.4.0 through 1.20.2) allows unauthenticated remote attackers to exhaust filesystem inodes, disk space, and server memory via a single crafted multipart HTTP request. The Plug.Parsers.MULTIPART component charges its configurable :length limit only against part body bytes, meaning part headers are never counted and parts with empty bodies cost exactly zero - yet each such part with a filename triggers creation of a Plug.Upload struct and a real temporary file on disk. No public exploit has been identified at time of analysis, though the technique is trivially reproducible from the description alone against any application exposing a multipart endpoint.

Denial Of Service
NVD GitHub
CVSS 4.0
6.9
EPSS
0.6%
CVE-2026-58225 LOW PATCH Monitor

SQL injection in Postgrex.Notifications' reconnect replay path allows an attacker who can supply untrusted input as a PostgreSQL LISTEN channel name to corrupt the shared notification connection, silently dropping all channel subscriptions and causing persistent denial of service of the notification subsystem. Affected versions are postgrex 0.16.0 through 0.22.2 in the Elixir ecosystem. No arbitrary SQL execution is possible due to double-quote escaping, and no public exploit or CISA KEV listing exists; the CVSS 4.0 base score of 2.1 reflects the constrained, precondition-heavy impact.

PostgreSQL SQLi Denial Of Service
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.2%
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows arises from a use-after-free flaw (CWE-416) in the Windows Storage component, affecting Windows 10 (1809, 21H2, 22H2), Windows 11 (24H2, 25H2, 26H1), and Windows Server 2019/2022/2025. An authorized attacker who already has low-level access to a machine can trigger the freed-memory reuse to elevate to higher privileges (CVSS 7.0, high attack complexity). Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +12
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH Exploit Unlikely This Month

Null pointer dereference in Windows Active Directory Domain Services (AD DS) enables a low-privileged authenticated attacker to crash the service remotely, causing denial of service across the affected domain. The flaw spans a wide range of Windows client and server releases, from Windows 10 version 1607 through Windows 11 version 26H1 and Windows Server 2012 through 2025. No public exploit code has been identified and this vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog at time of analysis, though the network-accessible attack surface and low privilege requirement lower the bar for abuse in environments with broad domain user access.

Denial Of Service Null Pointer Dereference Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 7.4
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Hyper-V virtualization stack lets an attacker running code on an affected host trigger a use-after-free to gain higher privileges. The flaw affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2022/2025, was reported by Microsoft, and has a vendor patch available. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the modeled full compromise of confidentiality, integrity, and availability (C:H/I:H/A:H) makes it a meaningful patch-cycle priority.

Use After Free Memory Corruption Denial Of Service +7
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Remote code execution in the Windows Secure Socket Tunneling Protocol (SSTP) component lets an unauthenticated network attacker run arbitrary code by triggering a use-after-free (CWE-416) memory-corruption condition. The flaw spans a broad range of Windows client and server builds, from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. No public exploit is identified at time of analysis and it is not listed in CISA KEV, but the network attack vector combined with full high impact to confidentiality, integrity and availability makes it a meaningful patch priority.

Use After Free Memory Corruption Denial Of Service +19
NVD
EPSS 1% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Denial of service in ASP.NET Core (the web framework shipped with .NET 8.0, 9.0, and 10.0) lets a remote, unauthenticated attacker exhaust server resources by triggering unbounded allocations over the network. Because affected requests are not throttled or capped, a single crafted request stream can degrade availability of the hosting process without any authentication or user interaction. Reported by Microsoft with a vendor patch available; no public exploit identified at time of analysis and no CISA KEV listing.

Denial Of Service Net 10 0 Net 8 0 +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local code execution in Microsoft Excel (2016, Office 2019, Office LTSC 2021/2024, Microsoft 365 Apps, Office for Mac, and Office Online Server) arises from a use-after-free memory corruption (CWE-416) that an attacker triggers when a victim opens a maliciously crafted spreadsheet. Exploitation runs code in the context of the current user and requires user interaction (opening the file), with no public exploit identified at time of analysis. This is a locally-exploited, phishing-delivered class of bug typical of Office file-format handlers, patched by Microsoft via MSRC.

Use After Free Memory Corruption Denial Of Service +10
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Remote code execution in the Windows Reliable Multicast Transport Driver (RMCAST) lets an unauthenticated network attacker trigger a use-after-free (CWE-416) and run arbitrary code on a broad range of Windows 10, Windows 11, and Windows Server systems (Server 2012 through Server 2025). Rated CVSS 8.1, the flaw carries high impact to confidentiality, integrity, and availability but requires winning a race condition (AC:H), and no public exploit identified at time of analysis. Reported by Microsoft with a vendor patch available.

Use After Free Memory Corruption Denial Of Service +18
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Denial of service in Windows Active Directory (spanning Windows 10, Windows 11, and Windows Server 2012 through 2025) lets a remote, unauthenticated attacker send crafted network traffic that drives an AD service into an infinite loop, exhausting CPU and rendering domain services unavailable. Because the CVSS vector is AV:N/AC:L/PR:N/UI:N with high availability impact and no confidentiality or integrity loss, this is a pure availability threat against domain controllers. Microsoft has released a patch; there is no public exploit identified at time of analysis and no CISA KEV listing.

Microsoft Denial Of Service Windows 10 Version 1607 +17
NVD
EPSS 2% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Local privilege escalation in Microsoft Windows Win32K (the kernel-mode GUI subsystem) allows an authenticated local user to elevate to SYSTEM by triggering a use-after-free (CWE-416) memory corruption condition. The flaw affects a broad range of supported builds spanning Windows 10 1809 through Windows 11 26H1 and Windows Server 2019 through 2025, including Server Core installations. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +12
NVD
EPSS 0% CVSS 6.4
MEDIUM PATCH Exploit Unlikely This Month

Privilege escalation via use-after-free in the Windows USB Print Driver affects Windows 11 (versions 24H2, 25H2, 26H1) and Windows Server 2025, requiring physical access to exploit. An attacker with hands-on access to a target machine can trigger a memory corruption condition through the USB print subsystem to achieve full local privilege escalation - High confidentiality, integrity, and availability impact per CVSS. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.

Use After Free Memory Corruption Denial Of Service +6
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Quality Windows Audio/Video Experience (QWAVE) service lets an already-authenticated, low-privileged user elevate to higher privileges by exploiting a use-after-free (CWE-416) memory-corruption condition. The flaw spans a broad range of builds from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. Microsoft has released a patch; there is no public exploit identified at time of analysis, and the CVSS 3.1 base score is 7.0 (AV:L/AC:H/PR:L).

Use After Free Memory Corruption Denial Of Service +19
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Hyper-V (CWE-416 use-after-free) allows an authenticated attacker already running low-privileged code on an affected host to elevate to higher privileges, with full confidentiality, integrity, and availability impact. Reported by Microsoft and affecting a broad range of Windows 10, Windows 11, and Windows Server builds including Server 2019/2022/2025. No public exploit identified at time of analysis, and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +12
NVD
EPSS 1% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Uncontrolled resource allocation in Microsoft's ASP.NET Core OData libraries (Microsoft.AspNetCore.OData and Microsoft.AspNet.OData) lets a remote, unauthenticated attacker exhaust server resources and cause a denial of service over the network. Any web application or API exposing OData query endpoints built on the affected packages is at risk, and the CVSS 7.5 rating reflects a high-availability impact with no confidentiality or integrity compromise. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.

Denial Of Service Aspnet Odata Aspnetcore Odata
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel (Windows 11 version 26H1) lets an already-authenticated low-privileged user corrupt kernel memory through a use-after-free condition and gain SYSTEM-level control. Microsoft self-reported the flaw and has shipped a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The CVSS 7.8 (High) score reflects full confidentiality, integrity, and availability compromise achievable entirely from a local, low-privilege foothold with no user interaction.

Use After Free Memory Corruption Denial Of Service +2
NVD
EPSS 0% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Local privilege elevation in the Windows Speech component (Text-to-Speech / speech runtime) affects a broad range of Windows 10, Windows 11, and Windows Server releases, where a use-after-free (CWE-416) lets an already-authenticated local user corrupt memory to run code at higher privilege. Exploitation is non-trivial - it requires local access, low-level authentication, user interaction, and winning a memory-timing condition - and the CVSS 7.5 rating reflects a scope-changed, high-impact outcome. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV, so this is a patch-on-cycle EoP rather than an emergency.

Use After Free Memory Corruption Denial Of Service +15
NVD
EPSS 0% CVSS 8.0
HIGH PATCH Exploit Unlikely This Week

Remote code execution in the Windows Server 2025 DNS Server role allows a privileged, authenticated attacker to run arbitrary code over the network by triggering a use-after-free (CWE-416) memory-corruption condition. The flaw carries a CVSS 8.0 rating with a changed scope, meaning successful exploitation can affect resources beyond the vulnerable component. Microsoft has issued a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +2
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH Exploit Unlikely This Month

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

Use After Free Memory Corruption Denial Of Service +12
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Printer Drivers on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 allows an authenticated local attacker to gain SYSTEM-level privileges by triggering a use-after-free memory-corruption condition. The flaw grants full confidentiality, integrity, and availability impact (C:H/I:H/A:H) once low-level local access is obtained. Reported by Microsoft with a patch available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +6
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Brokering File System (bfs.sys/Bfs component) affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 (including Server Core), where a use-after-free (CWE-416) lets an already-authenticated local attacker corrupt kernel/broker memory to gain SYSTEM-level privileges. Exploitation requires low privileges but high attack complexity, and there is no public exploit identified at time of analysis. Microsoft has released a patch via its MSRC update guide.

Use After Free Memory Corruption Denial Of Service +6
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows App Installer (the AppX/MSIX deployment component) lets a low-privileged but authenticated user corrupt memory via a use-after-free (CWE-416) and gain higher privileges on the host. The flaw affects Windows 11 (23H2, 24H2, 25H2, 26H1) and Windows Server 2025, was reported by Microsoft, and has a vendor patch available. There is no public exploit identified at time of analysis and it is not on CISA KEV, though the CVSS 7.0 rating and full C/I/A impact make it a meaningful patch-cycle priority.

Use After Free Memory Corruption Denial Of Service +7
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in the pyasn1 Python ASN.1 library (versions prior to 0.6.4) allows a remote attacker to exhaust CPU and crash applications by supplying crafted BER, CER, or DER encoded data. The shared BER decoder parses long-form tags without bounding the tag ID size, so a malicious tag forces construction of an arbitrarily large integer whose processing scales quadratically, and on Python 3.11+ triggers unhandled ValueError exceptions in integer-to-string error formatting. No public exploit identified at time of analysis, though the fix commit ships proof-of-concept test cases; not listed in CISA KEV.

Python Denial Of Service Pyasn1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in the pyasn1 Python ASN.1 library (all versions prior to 0.6.4) allows remote attackers to exhaust CPU by submitting a small crafted OBJECT IDENTIFIER or RELATIVE-OID whose arcs are decoded in quadratic time, so any application that calls decode() on untrusted ASN.1 data can be stalled per call; re-encoding such values triggers the same blow-up. Rated CVSS 7.5 (availability-only) with no confidentiality or integrity impact; no public exploit identified at time of analysis, though the fix commit ships a regression test that effectively demonstrates the trigger. As a foundational dependency behind LDAP, SNMP, X.509/PKI and crypto tooling across the Python ecosystem, its broad transitive reach makes this notable despite the modest severity.

Python Denial Of Service Pyasn1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Uncontrolled resource consumption in the pyasn1 Python ASN.1 library (versions prior to 0.6.4) lets remote attackers hang applications that decode untrusted BER/CER/DER data. A REAL value only a few bytes long can encode an enormous exponent; when the decoded univ.Real object is later printed, logged, compared, or converted via prettyPrint(), str(), int(), or float(), pyasn1 performs exact big-integer exponentiation that consumes excessive CPU and memory. There is no public exploit identified at time of analysis, but the network/no-auth/no-interaction, availability-only profile makes this a straightforward denial-of-service primitive; the issue is fixed in version 0.6.4.

Python Denial Of Service Pyasn1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Uncontrolled memory consumption in Python Pillow (PIL) versions 5.1.0 through 12.2.x allows a remote attacker to cause denial of service by supplying a small crafted PDF whose FlateDecode stream declares a large Length; PdfParser.PdfStream.decode() passes this attacker-controlled Length straight to zlib.decompress() as the bufsize with no upper bound, so a tiny file inflates into gigabytes of decompressed data and exhausts host memory. Fixed in 12.3.0 by streaming decompression with a bounded max_length. No public exploit identified at time of analysis and this CVE is not in CISA KEV, but the trigger is trivial to construct.

Python Denial Of Service Pillow
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote memory exhaustion in Cloudflare quiche's HTTP/3 layer allows unauthenticated attackers to crash or degrade QUIC servers by sending specially crafted HTTP/3 frames that trigger over-allocation. Two distinct defects are involved: frame parsers pre-allocate buffers based on an attacker-declared length field without requiring the bytes to actually be sent, and QPACK decompression fails to enforce the configured MAX_FIELD_SECTION_SIZE limit, so crafted HEADERS frames commit far more memory than advertised. No public exploit identified at time of analysis; impact is availability-only (CVSS 7.5) with no confidentiality or integrity effect.

Denial Of Service Quiche
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Roundcube Webmail's TNEF (winmail.dat) decoder enters an infinite loop when processing a specially crafted TNEF attachment, causing denial of service for users on affected installations. Versions before 1.6.17 and 1.7.x before 1.7.2 are confirmed affected per the vendor advisory issued 2026-07-05. No public exploit code and no active exploitation (CISA KEV) have been identified; the CVSS vector confirms user interaction is required, limiting automatable mass exploitation.

Denial Of Service Webmail
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Denial of service in Roundcube Webmail's TNEF decoder allows remote senders to crash the webmail parser by embedding a crafted compressed-RTF size field inside a winmail.dat attachment. Affected versions are all Roundcube Webmail releases before 1.6.17 and 1.7.x before 1.7.2. Release notes confirm the defect manifests as an infinite loop in the TNEF parser, meaning repeated delivery of malicious emails could degrade server availability for affected users. No public exploit has been identified at time of analysis, and this vulnerability is not listed in CISA KEV.

Denial Of Service Webmail
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in Python Pillow 12.0.0 through 12.2.0 lets a remote attacker hang an application by supplying a crafted EPS image whose %%BeginBinary directive declares a negative byte count, causing the EPS parser to seek backwards and re-parse the same directive forever. Any service that calls Image.open() on attacker-supplied EPS data is affected until upgraded to 12.3.0. No public exploit identified at time of analysis, though the upstream fix PR includes a test reproducer; the flaw is not listed in CISA KEV.

Python Denial Of Service Pillow
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Memory-exhaustion denial of service in the DBI::ProfileData module (bundled with Perl DBI) before version 1.651 allows an attacker who supplies a crafted profile dump file to force the parser into allocating an oversized array. Because the path-index column is read directly from an untrusted file and used to size an in-memory array, a tiny malicious file can amplify into large memory consumption (CWE-770). There is no public exploit identified at time of analysis and it is not in CISA KEV, but a vendor patch and root-cause commit are available.

Denial Of Service Dbi
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in Cloudflare quiche (all versions before 0.29.3) allows a remote unauthenticated peer to exhaust server memory by triggering rapid post-handshake source address migration, causing unbounded queuing of PathEvent::ReusedSourceConnectionId entries in the internal PathEvents collection. Because the queue grows without limit whenever an application does not drain it via path_event_next(), an attacker can force high memory consumption and crash or degrade the server; notably, servers remain vulnerable even when active connection migration is disabled. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Denial Of Service Quiche
NVD GitHub
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Out-of-bounds memory read in the Zephyr RTOS LwM2M firmware-update pull client (subsys/net/lib/lwm2m/lwm2m_pull_context.c) lets a LwM2M management server — or an on-path attacker on a session lacking strong DTLS — leak adjacent device memory and crash the device by writing an over-length Package URI (resource /5/0/1). Affected releases span v3.0.0 through v4.4.0 with the default-on CONFIG_LWM2M_FIRMWARE_UPDATE_PULL_SUPPORT path enabled. No public exploit identified at time of analysis; a vendor patch is available and EPSS/KEV signals are absent.

Buffer Overflow Denial Of Service Information Disclosure +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

NULL pointer dereference in Zephyr RTOS's syscall verifier allows an unprivileged user-mode thread to crash the kernel across the userspace security boundary. The z_vrfy_k_thread_name_copy() verification handler in kernel/thread.c incorrectly guards against the caller-supplied thread pointer being NULL rather than the ko pointer returned by k_object_find(), so any non-NULL but unregistered address bypasses the check and triggers a supervisor-mode NULL dereference that halts or reboots the system. Affecting Zephyr v2.0.0 through v4.4.0 when built with CONFIG_USERSPACE and CONFIG_THREAD_NAME enabled, no public exploit code and no CISA KEV listing have been identified at time of analysis, but the one-syscall reproducibility makes this straightforward to trigger in qualifying builds.

Denial Of Service Null Pointer Dereference Zephyr
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation and kernel memory corruption in Zephyr RTOS on Xtensa SoCs (v3.7.0 through v4.4.0) built with CONFIG_XTENSA_MPU and CONFIG_USERSPACE, where arch_buffer_validate() fails open on an integer-overflow edge case, letting an unprivileged user thread trick the kernel into reading or writing arbitrary kernel/partition memory on its behalf. The flaw stems from a default-permit return value combined with a ROUND_UP address-space wrap that skips the MPU probe loop entirely, and it is not caught by the existing syscall-layer overflow guards. Vendor patch is available; no public exploit identified at time of analysis, and this is not in CISA KEV.

Denial Of Service Privilege Escalation Information Disclosure +3
NVD GitHub
EPSS 0% CVSS 8.7
HIGH This Week

Remote denial-of-service in Rockwell Automation's 1734 POINT I/O module allows unauthenticated network attackers to force the module into a faulted state by sending specially crafted CIP (Common Industrial Protocol) messages, halting I/O processing until a manual restart is performed. The CVSS 4.0 base score of 8.7 reflects a high availability impact against a network-reachable OT device with no privileges or user interaction required. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.

Denial Of Service 1734 Point I O
NVD
EPSS 0% CVSS 8.7
HIGH This Week

Denial-of-service in the Rockwell Automation 1719-AENTR (and companion 1718-AENTR) EtherNet/IP adapter allows remote attackers to overload the device with a UDP unicast network storm, causing loss of communication that requires a manual power cycle to recover. The CVSS 4.0 score of 8.7 reflects a high availability impact reachable over the network with no privileges or user interaction. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV, but the low attack complexity makes it a real operational-technology availability concern.

Denial Of Service 1718 Aentr 1719 Aentr
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

Denial of Service in Trellix HX (versions 10.0.0 and earlier) allows an authenticated network attacker to exhaust appliance resources by submitting a specially crafted highly-compressed file to the HX console, triggering the product's own detection engine to perform runaway decompression. The impact is limited to availability - the EDR appliance becomes unresponsive - but disruption of an endpoint detection and response platform carries secondary operational risk by creating a monitoring blind spot. No public exploit code has been identified at time of analysis, and no CISA KEV listing exists.

Denial Of Service
NVD
EPSS 0% CVSS 1.3
LOW POC Monitor

Null pointer dereference in open62541's client library (versions up to 1.5.5) allows a remote OPC UA server to crash a connecting client by returning a malformed Server_NamespaceArray during session establishment, causing denial of service. The flaw is client-side only - server deployments are unaffected - and exploitation requires the attacker to control or impersonate a server the vulnerable client connects to, making practical exploitation high-complexity. A proof-of-concept exists as a GitHub issue report; no public exploit is confirmed as weaponized and the vulnerability is not listed in CISA KEV.

Denial Of Service Null Pointer Dereference Open62541
NVD VulDB GitHub
EPSS 0% CVSS 6.0
MEDIUM This Month

Denial of service in Siemens SIMATIC S7-PLCSIM Advanced (all versions) allows an unauthenticated attacker on the same local network segment to exhaust the application's memory by flooding it with high-volume multicast traffic, rendering the PLC simulation instance inaccessible until manually restarted. Exploitation is limited to instances running a specific active project configuration, and no project data is lost. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Denial Of Service Simatic S7 Plcsim Advanced
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Memory exhaustion in elixir-mint's HTTP/2 client library (mint) allows a malicious or attacker-controlled HTTP/2 server to crash any BEAM application using the library by streaming unbounded zero-length CONTINUATION frames that bypass the existing byte-size guard. Affected versions span mint 0.1.0 through 1.9.1; a vendor-released patch is confirmed in 1.9.2. No public exploit or CISA KEV listing exists at time of analysis, but the explicit SSRF and redirect attack vectors meaningfully increase realistic exposure for server-side Elixir applications that proxy user-supplied URLs.

SSRF Denial Of Service Mint
NVD GitHub
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Unbounded memory consumption in the Elixir Mint HTTP client (versions 0.1.0 through 1.9.1) lets a malicious or attacker-influenced HTTP server crash the entire BEAM application acting as the client. The HTTP/1 header and chunked-trailer parsers accumulate every incoming header line into a per-request buffer with no size or count cap, so a server that streams headers forever without sending the terminating blank line drives the client host to out-of-memory death. No public exploit or CISA KEV listing has been identified at time of analysis; a vendor patch (1.9.2) and fix commit are available, and the EPSS/POC signals are unremarked in the source data.

SSRF Denial Of Service Mint
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Log integrity spoofing in Eclipse Kura before 5.6.2 lets an unauthenticated remote attacker forge the client IP recorded in audit logs by supplying a crafted X-Forwarded-For header, because the Jetty ForwardedRequestCustomizer is installed unconditionally on every connector and getRemoteAddr() reflects the header value. This enables bypass of IP-based brute-force defenses like fail2ban (spoofing a non-routable source to evade bans) or a denial of service against a third party by injecting a victim IP so their address is banned. No public exploit is identified at time of analysis and it is not on CISA KEV; CVSS 4.0 base score is 8.8.

Denial Of Service Eclipse Kura
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Missing authentication on Apache Doris Frontend (FE) HTTP REST administrative APIs allows any unauthenticated attacker with network reach to the FE HTTP service to invoke privileged administrative operations, degrading cluster integrity and availability up to full denial of service. All Apache Doris releases before 3.1.0 (per EUVD, the 2.1.0 through pre-3.1.0 line) are affected, and a fixed release exists in 3.1.0. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; the 9.1 Critical CVSS reflects the trivial unauthenticated network exploitability rather than confirmed in-the-wild use.

Apache Authentication Bypass Denial Of Service +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in aMule 2.3.3 lets a remote eD2k server crash the client by sending a malformed OP_SERVERMESSAGE packet that overflows a stack buffer (CWE-121). The flaw is triggered client-side when parsing server-supplied message data, so any hostile or spoofed server the client connects to can terminate the application. No public exploit has been identified at time of analysis, and the issue is documented only as an upstream bug report (amule GitHub issue #445), not a released patch.

Buffer Overflow Stack Overflow Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in the Crypt::OpenSSL::X509 Perl module before 2.1.3 lets a malformed X.509 certificate crash any Perl process that parses it. Four helper functions (basicC, ia5string, auth_att, keyid_data) dereference NULL pointers returned by OpenSSL's X509V3_EXT_d2i() on unparseable extensions - and keyid_data/auth_att additionally deref an akid->keyid field that is legitimately NULL for an empty Authority Key Identifier (DER 30 00). There is no public exploit identified at time of analysis, but the fix commit and a clear crash mechanism are published; CVSS is 7.5 (availability-only).

OpenSSL Denial Of Service Null Pointer Dereference +1
NVD GitHub VulDB
EPSS 0% CVSS 8.3
HIGH This Week

Denial of service in HedgeDoc before 1.11.0 lets a user who can store a note crash the instance by embedding a YAML "alias bomb" in the note frontmatter. Because HedgeDoc parsed frontmatter with the unsafe js-yaml v3 load (via @hedgedoc/meta-marked) and resolved anchor aliases, a compact ten-level payload expands into a massive object that blocks the single Node.js event loop for roughly 235 seconds on every request to the publish view (/s/<shortid>) or, under the opengraph key, the editor view (/<noteId>). No public exploit has been identified at time of analysis and the flaw is not in CISA KEV, but the stored payload persists in the database and re-triggers after process restarts, making outages durable until the note is deleted.

Node.js Denial Of Service Hedgedoc
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

Unauthenticated CRUD on the provider-management API in 9Router (through 0.4.41) lets remote attackers with no credentials enumerate, create, modify, and delete provider connections via the Next.js routes under src/app/api/providers/*. Because the /api/providers endpoints ship without authentication middleware, attackers can harvest partial credentials, OAuth tokens, and API keys, redirect AI traffic to attacker-controlled providers, or wipe all connections for a full denial of service; the companion /api/usage/stats endpoint further leaks full plaintext API keys. Rated CVSS 4.0 9.3 (critical); no public exploit identified at time of analysis, though the trivial access makes exploitation straightforward.

Authentication Bypass Denial Of Service 9Router
NVD GitHub
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Integer overflow in gawk's do_sub() routine (builtin.c) enables heap metadata corruption on 32-bit builds, crashing the process. Affecting all gawk versions through 5.4.0 compiled for 32-bit architectures, this flaw was reported by CERT-PL and is limited exclusively to the availability domain - the CVSS 4.0 vector confirms no confidentiality or integrity impact. No public exploit code or active exploitation has been identified at time of analysis, and a patch commit is available upstream.

Denial Of Service Integer Overflow Gawk
NVD VulDB
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Use-after-free memory corruption in gawk's do_getline_redir() routine within io.c allows a local attacker to crash the gawk process, causing a denial of service. All gawk versions 5.4.0 and below are affected, as confirmed by CERT-PL and an upstream patch commit. No active exploitation has been identified (not in CISA KEV), and the impact is confined to availability - no confidentiality or integrity effects have been demonstrated.

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 1% CVSS 9.2
CRITICAL Act Now

Remote unauthenticated code execution in Thales CERT's "Suspicious" email-analysis application (versions 1.3.4 and earlier), dubbed "Matryoshka Mail," lets an attacker abuse path traversal in attachment handling to overwrite writable application files-Python modules, configuration, cron inputs, and runtime artifacts-yielding root-level execution inside the Django container. Because the affected code runs Python and processes attacker-supplied mail, overwriting an imported module effectively converts arbitrary file write into RCE, plus persistent denial of service and possible exposure of application secrets and integrations. No public exploit identified at time of analysis and the issue is not in CISA KEV, but it carries a CVSS 4.0 base score of 9.2 and vendor-credited discovery by Lucien Doustaly (wlayzz).

Denial Of Service Path Traversal RCE +2
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Arbitrary file write in the Evbee DC-80 EV charging station lets remote unauthenticated attackers overwrite any file on the device by sending a POST request whose Content-Disposition filename parameter is trusted without validation. Because a written file can clobber system files (denial of service) or replace shell scripts that are later executed, this escalates to remote code execution. There is no public exploit identified at time of analysis, but the CVSS 4.0 base score of 9.3 and CWE-20 root cause make this a critical, high-priority flaw.

Denial Of Service Dc 80
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Catastrophic regex backtracking in Mattermost's client-side markdown parser can be triggered by an authenticated user posting a specially crafted message attachment, causing a denial-of-service condition for every user rendering that channel. Affected builds span versions 11.7.x through 11.7.2, 11.6.x through 11.6.4, and 10.11.x through 10.11.19. No public exploit has been identified at time of analysis and this vulnerability is not listed in CISA KEV, though the low exploitation complexity (AC:L, PR:L) lowers the bar for any authenticated insider or compromised account.

Denial Of Service Mattermost
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in MikroTik RouterOS 7.21.x (before 7.21.4) and 7.22.x (before 7.22.2) allows a remote unauthenticated attacker to crash the core inter-process communication layer by triggering an integer overflow in the unflatten() function of the bundled libumsg.so library. Successfully exploiting it disrupts device availability without touching data confidentiality or integrity. There is no public exploit identified at time of analysis, though a third-party research blog documents the underlying integer overflow; EPSS is low at 0.20% (10th percentile).

Denial Of Service Mikrotik Integer Overflow +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A Denial of Service (DoS) vulnerability exists in the receive loop of libmodbus 3.1.12 when running on Windows. The issue stems from improper timeout management during network read operations.

Microsoft Denial Of Service N A
NVD GitHub
EPSS 0% CVSS 2.4
LOW PATCH Monitor

Denial of service in Zephyr RTOS's Nuvoton NuMaker HSUSBD USB device-controller driver allows a physical or adjacent USB host to permanently wedge the device's USB control endpoint. The driver unconditionally arms the control Data IN stage without accounting for the hardware's inability to disarm an already-armed transfer, so a host that cancels an in-flight control transfer and then re-issues a SETUP packet drives the driver out of sync. Repeated cancel-and-re-SETUP cycles cause the control endpoint to NAK every subsequent transfer, rendering the USB function non-operational until a USB reset or re-plug. No public exploit identified at time of analysis.

Denial Of Service Zephyr
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Kernel memory corruption in the Zephyr RTOS (versions v1.14.0 through v4.4.0) lets an unprivileged user-mode thread corrupt the kernel's dynamic object-tracking list across the userspace security boundary. The flaw is a use-after-free race (CWE-416) in the obj_list traversal, exploitable only on builds combining CONFIG_SMP, CONFIG_USERSPACE, and CONFIG_DYNAMIC_OBJECTS, and can yield privilege escalation or a kernel crash. No public exploit identified at time of analysis; a vendor patch is available.

Memory Corruption Buffer Overflow Denial Of Service +3
NVD GitHub VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Out-of-bounds stack write in the Zephyr RTOS IPv4 address parser (parse_ipv4() in subsys/net/ip/utils.c) lets an attacker corrupt memory when an application resolves an attacker-influenced "a.b.c.d:port" string, causing at minimum denial of service and potentially control-flow hijack on the affected embedded device. The defect exists in every release from v1.9.0 through v4.4.0 and is reachable through the standard socket resolver (zsock_getaddrinfo), DNS server-string configuration, and the eswifi Wi-Fi DNS-response path. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but a vendor fix (two upstream commits and advisory GHSA-532c-7g7f-jhmh) is available.

Memory Corruption Denial Of Service Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Out-of-bounds write in the WireGuard subsystem of Zephyr RTOS 4.4.0 lets a malicious or compromised WireGuard peer (or an on-path attacker driving an established session) corrupt memory by sending an oversized transport-data datagram. Because the flawed copy occurs before the Poly1305 authentication check, exploitation needs only a valid receiver session index rather than a valid authenticator, and reliably yields at least a remote denial of service on the target device. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; the Zephyr project has published advisory GHSA-3wqm-wgx2-9367 and an upstream fix.

Memory Corruption Denial Of Service Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Use-after-free and double-free in Zephyr RTOS's experimental USB host stack (CONFIG_USB_HOST_STACK, introduced in v4.4.0) allows an attacker with physical USB access to crash the target device or corrupt live kernel slab objects by bouncing a USB device connection to trigger a second removal event after the slab has already been freed. The flaw exists because usbh_device_disconnect() frees the root usb_device slab object without clearing the cached ctx->root pointer, and UHC controller drivers (uhc_max3421e, uhc_mcux_common) emit UHC_EVT_DEV_REMOVED directly from hardware line-state with no debounce or re-entry guard. No public exploit identified at time of analysis, and no CISA KEV listing; the physical-access prerequisite substantially constrains the realistic attacker population.

Memory Corruption Buffer Overflow Denial Of Service +2
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM This Month

Skillable's hosted SCORM lab launch endpoint at scorm.skillable.com enforces per-user lab allocation limits against a client-supplied userId query parameter that is never validated against the authenticated SCORM session token, enabling any enrolled learner to bypass rate limits, provision concurrent cloud VM lab instances at the course provider's expense, and exhaust another enrolled user's lab or exam allocation to deny them access. The vulnerability (CWE-639) was confirmed against the reporter's own account and a consenting fellow student on 2026-05-03; the vendor subsequently acknowledged in a private customer advisory that exam allocations and another learner's active session details are also reachable via the same mechanism. No fix is planned for the SCORM launch path; the vendor characterises the weakness as an inherent SCORM limitation and recommends migration to API or LTI 1.3 integrations. No public exploit code has been released, but the attack technique is trivially reproducible by any enrolled student with a proxy.

Denial Of Service
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Arbitrary file write in Crawl4AI's Docker API server (versions before 0.8.7) lets remote unauthenticated attackers overwrite any file writable by the service account by abusing the unvalidated output_path parameter on the /screenshot and /pdf endpoints. Reported by VulnCheck and disclosed in GitHub advisory GHSA-365w-hqf6-vxfg, the flaw enables path traversal or absolute-path writes that corrupt server files and cause denial of service. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the network-reachable, no-privileges attack surface makes it a straightforward target once a Crawl4AI Docker server is exposed.

Path Traversal Denial Of Service Docker +1
NVD GitHub VulDB
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

Out-of-bounds write in Zephyr RTOS's Bluetooth BAP Broadcast Assistant (subsys/bluetooth/audio/bap_broadcast_assistant.c v4.4.0 and earlier) allows a BLE-adjacent attacker operating one or more malicious Scan Delegator peripherals to corrupt the target device's memory or cause a denial of service. The root cause is a file-static 512-byte att_buf (net_buf_simple) shared across all connection instances: when the Broadcast Assistant holds two or more concurrent BLE connections, concurrent GATT notification callbacks interleave writes into this buffer without tailroom checks, enabling writes past the BSS boundary into adjacent memory. No public exploit has been identified and exploitation requires high attack complexity, but the memory corruption primitive is serious for embedded/IoT targets where crash recovery may be unavailable.

Memory Corruption Denial Of Service Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Memory exhaustion denial of service in ImageMagick before 7.1.2-26 results from an unreleased memory leak in the VIFF image encoder triggered by failed memory allocation during image processing. Locally-positioned attackers without privileges can supply specially crafted VIFF images to repeatedly trigger this leak, gradually exhausting system memory. The CVSS 4.0 score of 2.1 with local attack vector, high complexity, and additional prerequisites indicates this is a low-severity, operationally limited issue; no public exploit code or CISA KEV listing has been identified at time of analysis.

Denial Of Service Imagemagick
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Use-after-free in ImageMagick before 7.1.2-26 exposes servers that process untrusted images to denial of service and potential code execution via a dangling pointer in the FormatMagickCaption method when memory allocation fails. The CVSS 4.0 vector scores this at 6.3, reflecting high attack complexity (AC:H) and specific prerequisite conditions (AT:P), though intelligence tags flag RCE - a claim the vendor CVSS impact metrics do not fully corroborate, as only low availability impact is scored. No public exploit has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Memory Corruption Denial Of Service Use After Free +2
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Heap use-after-free in ImageMagick before 7.1.2-26 allows unauthenticated remote attackers to crash applications processing attacker-supplied image files by embedding specially crafted XMP profile data. The root cause is a missing null check (CWE-252) during XMP metadata parsing, which triggers invalid memory access and results in a denial-of-service condition. No public exploit code and no CISA KEV listing exist at time of analysis, though ImageMagick's deep integration into web image pipelines means a single malicious upload can disrupt server-side processing at scale.

Denial Of Service Imagemagick
NVD GitHub VulDB
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Memory allocation policy bypass in ImageMagick's matrix-backed operations allows a crafted image to exhaust process memory and cause a denial of service. Affected across both the version 7 series (before 7.1.2-26) and the legacy version 6 series (before 6.9.13-51), the flaw arises because operations such as -canny fail to enforce the memory ceiling set in the configured policy, nullifying a key security control. No public exploit code or active exploitation has been identified at time of analysis, and the CVSS 4.0 score of 4.8 reflects a local attack vector requiring user interaction, keeping real-world exposure moderate.

Denial Of Service Imagemagick
NVD GitHub VulDB
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Heap-based out-of-bounds read in ImageMagick before 7.1.2-19 is triggered when processing an image carrying an unrecognized magnify:method value, causing the magnify operation to read beyond allocated heap memory. Affected systems running any version prior to 7.1.2-19 can be impacted when a user or automated pipeline processes a specially crafted image file, with outcomes ranging from partial memory disclosure to application crash. No active exploitation is confirmed (not in CISA KEV) and no public proof-of-concept has been identified at time of analysis, and the CVSS 4.0 score of 4.8 (Medium) reflects the limited local/interactive nature of the attack.

Heap Overflow Denial Of Service Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Unauthorized data modification in SurfLink - Link Manager & Backup Restore (all versions up to 2.6.0) allows authenticated attackers with Subscriber-level access to inject arbitrary URLs into the plugin's 410 Gone database table, causing those site paths to return HTTP 410 Gone responses to all visitors. The root cause is a missing capability check (current_user_can()) and absent nonce verification (check_ajax_referer()) in the ajax_import_410() AJAX handler - a conspicuous gap given that every other AJAX handler in the same PHP class correctly implements both controls. No public exploit has been identified at time of analysis, and no CISA KEV listing is present, but the low authentication barrier and clear impact on site availability and SEO ranking make this a meaningful risk for affected WordPress deployments.

Authentication Bypass WordPress Denial Of Service +1
NVD
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Regular-expression denial of service (ReDoS) in the Phalcon PHP framework before 5.15.0 lets remote unauthenticated attackers exhaust server CPU by sending a crafted request URI. Every default MVC application registers a built-in route whose compiled PCRE pattern contains a nested quantifier that Router::handle() evaluates against the raw request path on every request, so a path with repeated slashes followed by decoded newlines triggers catastrophic backtracking. There is no public exploit identified at time of analysis, and the CVSS 4.0 score of 8.7 reflects a high availability impact with no confidentiality or integrity effect.

Denial Of Service PHP Cphalcon
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Local memory-corruption escalation in Imagination Technologies' Graphics DDK (the PowerVR GPU driver stack) lets an unprivileged user trigger a use-after-free by issuing an improper sequence of GPU system calls. By forcing a failure path in the MMU mapping logic, an attacker leaves internal driver state incompletely cleaned up, enabling unauthorized read/write access to physical memory from shader code. There is no public exploit identified at time of analysis and EPSS is low (0.15%), but the flaw carries high confidentiality, integrity, and availability impact for local attackers.

Authentication Bypass Denial Of Service Graphics Ddk
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Remote unauthenticated denial of service in the h2o HTTP server (all versions prior to commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1) allows an attacker to crash the server by sending a crafted QPACK instruction over HTTP/3. The flaw causes lib/http3/qpack.c to allocate an ~800 KB on-stack buffer via alloca, overflowing the default musl libc pthread stack and segfaulting on the guard page. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; impact is limited to availability with no data exposure.

Denial Of Service H2O
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Memory-exhaustion denial of service in RabbitMQ server prior to 4.2.6 allows an unauthenticated remote client to crash or degrade the broker via its stream protocol listener. Because the stream listener fails to enforce the configured frame-size limit while assembling frames during authentication and before Tune negotiation, an attacker can declare oversized frame lengths and force unbounded memory allocation in rabbit_stream_core. No public exploit has been identified at time of analysis and it is not listed in CISA KEV; risk stems from the trivially reachable, pre-authentication attack surface (CVSS 7.5).

Denial Of Service Rabbitmq Server
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Uncontrolled resource consumption in the RabbitMQ Management plugin's HTTP API lets an authenticated client crash or degrade the broker by submitting oversized-but-valid JSON bodies. The flaw lives in read_complete_body, which validates accumulated body size before the final chunk but never checks the final combined size, so the with_decode and direct_request code paths buffer and decode payloads that exceed intended limits. Affected releases are all versions prior to 3.13.14, 4.0.19, 4.1.10, and 4.2.5; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Denial Of Service Rabbitmq Server
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in OpenResty 1.29.2.1 through 1.29.2.4 arises from an out-of-bounds write (CWE-787) in the upstream PROXY protocol v2 implementation; when the platform is configured to prepend PROXY protocol v2 headers to upstream connections, header construction in the stream proxy-protocol-v2 patch overruns its allocated buffer and crashes the worker process. Any environment that has explicitly enabled PROXY protocol v2 for upstream connections is affected, degrading availability without any impact to confidentiality or integrity. There is no public exploit identified at time of analysis and the issue is not on CISA KEV; it is resolved in OpenResty 1.29.2.5.

Memory Corruption Denial Of Service Buffer Overflow +1
NVD GitHub
CVSS 7.8
HIGH POC PATCH This Week

Arbitrary Python code execution in BabelDOC (funstory-ai, pip package `babeldoc`) prior to 0.6.3 allows an attacker to run code in the context of the translation process by having a victim process a crafted PDF. The vendored pdfminer CMap loader (`cmapdb.py::_load_data`) strips only NUL bytes from a PDF-controlled CMap/Encoding name and passes it to `pickle.loads()`, so a hex-encoded absolute path in the PDF's `/Encoding` name redirects deserialization to an attacker-planted `.pickle.gz` file. A detailed, working proof-of-concept exists (publicly available exploit code exists); there is no CISA KEV listing and no public evidence of active exploitation at time of analysis.

Deserialization Python Canonical +6
NVD GitHub
EPSS 0% CVSS 2.4
LOW PATCH Monitor

Memory exhaustion in NanaZip's UFS/FFS archive handler (all versions prior to 6.5.1749.0) allows a local low-privilege attacker to terminate the NanaZip process by delivering a crafted disk image that a user opens. The root cause is missing upper-bound validation of the `fs_fsize` fragment size field in the UFS superblock - unlike `fs_bsize`, which is checked against MINBSIZE, `fs_fsize` flows unchecked into indirect-block, directory, and extraction buffer allocation calculations, enabling a tiny image file to trigger multi-gigabyte heap allocation requests. No public exploit has been identified and this vulnerability is not listed in CISA KEV; the CVSS 4.0 score of 2.4 (Low) reflects the constrained local, user-interaction-required attack path with availability-only impact.

Denial Of Service Microsoft Nanazip
NVD GitHub
EPSS 0% CVSS 2.4
LOW PATCH Monitor

Process crash via uncaught C++ exception in NanaZip's .NET single-file bundle handler affects all versions prior to 6.5.1749.0 on Windows. The extraction buffer is sized from the bundle entry's Size field, which is validated only for sign - not against the actual file content - allowing a crafted archive to trigger an attacker-controlled allocation whose resulting std::bad_alloc or std::length_error propagates across the COM STDMETHODCALLTYPE ABI boundary and terminates the NanaZip process. Impact is limited to denial of service; no public exploit has been identified at time of analysis, and the vendor has released a fix in version 6.5.1749.0.

Denial Of Service Microsoft Nanazip
NVD GitHub
EPSS 0% CVSS 2.4
LOW PATCH Monitor

NULL pointer dereference in NanaZip's custom archive handlers crashes the application when a user tests or extracts archives of seven specific formats. All NanaZip versions prior to 6.5.1749.0 are affected; the seven vulnerable handlers cover WebAssembly, ElectronAsar, Zealfs, Romfs, Ufs, Littlefs, and DotNetSingleFile archive types. Impact is limited to a process crash (denial of service) with no confidentiality or integrity consequence; no public exploit or active exploitation has been identified at time of analysis.

Denial Of Service Microsoft Null Pointer Dereference +1
NVD GitHub
EPSS 0% CVSS 2.4
LOW PATCH Monitor

Memory exhaustion in NanaZip's WebAssembly archive handler (prior to 6.5.1749.0) allows a crafted .wasm file to trigger multi-gigabyte heap allocations by supplying oversized 32-bit NameSize or Information.Size fields that are consumed without bounds validation in NanaZip.Codecs.Archive.WebAssembly.cpp. When a user opens or lists such an archive, NanaZip attempts to satisfy the inflated allocations via std::string or std::vector paths, exhausting process memory and causing a crash. No active exploitation or public exploit code has been identified at time of analysis; the impact is strictly limited to NanaZip process availability with no confidentiality or integrity consequence.

Denial Of Service Microsoft Nanazip
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Disk exhaustion and crash vulnerability in Grav's Direct Install tool allows an authenticated admin.super user to upload a specially crafted ZIP archive that decompresses without bound, filling the server disk or crashing the process. Affecting all Grav releases prior to 2.0.0, the root cause is the Installer::unZip method invoking PHP's ZipArchive::extractTo with no enforced limits on uncompressed size, entry count, or directory depth - a classic zip bomb attack surface. No public exploit code or active exploitation has been identified at time of analysis; a vendor-released fix is available in version 2.0.0.

Denial Of Service Grav
NVD GitHub
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Uncontrolled resource consumption in Grav flat-file CMS before 1.7.53 and 2.0.0-rc.8 lets a remote unauthenticated visitor crash or degrade a server by requesting on-the-fly image derivatives with absurdly large dimensions. Because Grav::fallbackUrl forwards URL query image actions such as forceResize straight to ImageMedium magic actions with no dimension or pixel ceiling, a single crafted request forces the server to allocate huge amounts of memory and CPU to build the derivative. No public exploit identified at time of analysis, but the attack is trivial and scriptable given the CVSS 4.0 VA:H, AV:N/AC:L/PR:N profile.

Denial Of Service Grav
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in Espressif's ESP-IDF JPEG driver (versions 6.0.1, 5.5.4, 5.4.4, 5.3.5 and likely earlier) stems from an out-of-bounds stack write in jpeg_parse_dqt_marker(), where the attacker-controlled DQT marker Tq nibble indexes the qt_tbl array without a 0..3 bounds check. Any application that feeds untrusted JPEG data into the hardware JPEG decode path can be reliably crashed by a single malformed image. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; the vendor has released a fix in 6.0.2 with backports pending for the 5.x branches.

Buffer Overflow Denial Of Service Stack Overflow +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Denial of service in the Excelize Go library (github.com/xuri/excelize/v2, a.k.a. qax-os/excelize) before 2.11.0 allows remote attackers to crash any service that opens attacker-supplied XLSX files and reads cell values. The checkSheet() function trusts the <row r="N"> XML attribute as an allocation length, enabling either a ~16 GB out-of-memory kill (r=2147483647) or a runtime panic from negative-index slicing (r=-1). No authentication is required; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Denial Of Service Microsoft Excelize
NVD GitHub
EPSS 1% CVSS 8.7
HIGH PATCH This Week

Uncontrolled memory and CPU consumption in Excelize (qax-os/excelize), the widely used Go library for reading and writing Microsoft Excel spreadsheets, before version 2.11.0 lets a crafted XLSX file trigger a denial of service. The streaming worksheet reader behind the Rows and GetRows APIs fails to enforce the TotalRows (1,048,576) limit on the row 'r' attribute, so a tiny file declaring an out-of-range row index with no cell coordinate forces GetRows to allocate empty rows up to that attacker-chosen index. No public exploit identified at time of analysis, but the trigger is trivial to construct and the fix is confined to a single validation check.

Denial Of Service Microsoft Excelize
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Denial of service in Grav CMS before 2.0.1 allows authenticated users to exhaust server storage by uploading a crafted ZIP archive (a decompression bomb) that the ZipArchiver::extract() routine expands without enforcing limits on uncompressed size, file count, or nesting depth. The CVSS 4.0 base score of 7.1 reflects a network-reachable, low-privilege flaw whose sole impact is high availability loss. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Denial Of Service Grav
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Disk space exhaustion in n8n's data-table file upload endpoint allows an authenticated user to progressively fill the host's disk by repeatedly uploading files whose cumulative size is never checked against what already exists in the shared temporary directory. Affected versions span all n8n releases before 2.28.0 on the 2.x branch and before 1.123.58 on the 1.x branch. The flaw is rooted in a stateless per-request quota that ignores previously written files, enabling a low-privileged user to loop uploads between periodic cleanup cycles until disk space is exhausted, potentially disrupting the host and all co-resident services. No public exploit code or CISA KEV listing has been identified at time of analysis.

Denial Of Service File Upload N8n
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Use-after-free in ImageMagick's PDB decoder (all versions before 7.1.2-15) allows remote attackers supplying crafted Palm Database image files to crash the application or write a single null byte to freed heap memory. The flaw manifests specifically when memory allocation fails during PDB decoding, leaving a stale pointer that is subsequently dereferenced rather than nulled or re-validated. No public exploit or active exploitation has been identified at time of analysis; the CVSS 4.0 score of 6.3 reflects constrained exploitation conditions (AC:H, AT:P) and impact limited strictly to availability.

Memory Corruption Denial Of Service Use After Free +1
NVD GitHub VulDB
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Memory leak in ImageMagick's META reader (versions before 7.1.2-18) enables denial of service through resource exhaustion when processing specially crafted APP1JPEG image files. The flaw sits in the error-handling path of the META reader, meaning memory allocated during malformed APP1JPEG processing is never freed, allowing an attacker to repeatedly trigger the leak until the host process exhausts available memory. No public exploit code has been identified at time of analysis and this vulnerability is not listed in the CISA KEV catalog; the CVSS 4.0 score of 4.8 (Medium) reflects limited impact scope.

Denial Of Service Imagemagick
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Plan quota enforcement is missing on the /files/upload/attachments endpoint in Capgo before 12.128.2, allowing upload-scoped API keys to bypass plan restrictions and create publicly readable Cloudflare R2 objects regardless of account standing. Apps that have been plan-blocked or suspended retain the ability to upload arbitrary attachments that persist outside bundle metadata and survive app deletion, enabling sustained storage and bandwidth abuse against the Capgo platform. No public exploit has been identified at time of analysis, and the vulnerability has not been confirmed as actively exploited.

Denial Of Service Capgo
NVD GitHub
EPSS 1% CVSS 6.9
MEDIUM PATCH This Month

Denial of service in Elixir's Plug library (versions 1.4.0 through 1.20.2) allows unauthenticated remote attackers to exhaust filesystem inodes, disk space, and server memory via a single crafted multipart HTTP request. The Plug.Parsers.MULTIPART component charges its configurable :length limit only against part body bytes, meaning part headers are never counted and parts with empty bodies cost exactly zero - yet each such part with a filename triggers creation of a Plug.Upload struct and a real temporary file on disk. No public exploit has been identified at time of analysis, though the technique is trivially reproducible from the description alone against any application exposing a multipart endpoint.

Denial Of Service
NVD GitHub
EPSS 0% CVSS 2.1
LOW PATCH Monitor

SQL injection in Postgrex.Notifications' reconnect replay path allows an attacker who can supply untrusted input as a PostgreSQL LISTEN channel name to corrupt the shared notification connection, silently dropping all channel subscriptions and causing persistent denial of service of the notification subsystem. Affected versions are postgrex 0.16.0 through 0.22.2 in the Elixir ecosystem. No arbitrary SQL execution is possible due to double-quote escaping, and no public exploit or CISA KEV listing exists; the CVSS 4.0 base score of 2.1 reflects the constrained, precondition-heavy impact.

PostgreSQL SQLi Denial Of Service
NVD GitHub VulDB
Prev Page 3 of 406 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy