Skip to main content

Denial Of Service

36508 CVEs technique

Monthly

CVE-2026-42297 Go HIGH PATCH GHSA This Week

Missing authorization checks in Argo Workflows v4.0.0-4.0.4 allow any authenticated user-even those with fake Bearer tokens-to create, read, update, and delete Kubernetes ConfigMaps containing workflow synchronization limits. The ConfigMap-backed sync provider (server/sync/sync_cm.go) completely omits auth.CanI permission validation on all four CRUD endpoints. Publicly available exploit code exists (detailed PoC in advisory). CVSS 8.5 reflects network-accessible authentication bypass enabling high integrity/availability impact through denial-of-service and arbitrary ConfigMap manipulation. Patch released in version 4.0.5 adding checkConfigMapPermission() calls to validate Kubernetes RBAC before operations.

Authentication Bypass Denial Of Service Information Disclosure Kubernetes
NVD GitHub VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-41685 Go MEDIUM GHSA This Month

Incus before version 7.0.0 allows authenticated users to exhaust host disk space through unbounded uploads via instance backup import, storage bucket import, storage volume backup import, and storage volume ISO import endpoints. The daemon streams HTTP request bodies directly into temporary files using io.Copy without enforcing maximum request size limits, enabling denial of service on the host system or shared storage in multi-tenant deployments. Public proof-of-concept code demonstrates sustained disk exhaustion by streaming null bytes through application/octet-stream endpoints.

Denial Of Service Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-41684 Go MEDIUM GHSA This Month

Denial of service in Incus daemon via nil pointer dereference when restoring backup archives with valid inline backup/index.yaml but malformed legacy backup/container/backup.yaml omitting the container section. An authenticated user with backup import permissions can crash the daemon by crafting a backup archive that passes preflight validation but triggers nil dereference during the restore phase after archive extraction. CVSS 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) - confirmed by 7asecurity with proof-of-concept test cases.

Denial Of Service Null Pointer Dereference Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-41648 Go MEDIUM GHSA This Month

Incus versions up to 6.23.0 allow authenticated users to trigger denial of service by uploading crafted image or backup tarballs containing oversized YAML metadata files that consume excessive server memory during parsing. When metadata.yaml or backup/index.yaml entries declare large sizes in the tar header, the YAML decoder reads and allocates 5-6x the input size without limits, potentially exhausting memory on constrained daemons; a 200 MB YAML entry may trigger 1.2 GB of heap allocations. Vendor-released patch available in v7.0.0.

Denial Of Service Suse
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-41647 Go MEDIUM GHSA This Month

Nil-pointer dereference in Incus daemon S3 storage bucket import allows authenticated users to crash the daemon by uploading a truncated or corrupted tar backup file. The TransferManager.UploadAllFiles function fails to handle non-EOF errors from tar parsing, causing a panic when hdr is nil. Vendor-released patch available in v7.0.0.

Denial Of Service Null Pointer Dereference Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-40251 Go HIGH PATCH GHSA This Week

Denial of service in Incus prior to version 7.0.0 allows authenticated users to crash the Incus daemon by importing a maliciously crafted backup archive with physical snapshot directories but tampered metadata arrays. The vulnerability stems from an incorrect bounds check (len(slice) >= i-1 instead of len(slice) > i) in the backup restore and migration code paths, enabling out-of-bounds array access that triggers a runtime panic. Repeated exploitation keeps the Incus service offline, confirmed by a publicly available proof-of-concept.

Denial Of Service Information Disclosure Buffer Overflow Suse
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-7768 npm HIGH PATCH GHSA This Week

Unbounded cache growth in @fastify/accepts-serializer versions ≤6.0.3 allows remote unauthenticated attackers to exhaust Node.js heap memory by sending numerous distinct Accept header variants, crashing the application. The plugin caches serializer selections keyed by Accept header without size limits, enabling trivial memory exhaustion attacks against any exposed Fastify endpoint. Fix available in version 6.0.4, which implements an LRU cache with 100-entry default limit. No public exploit code identified at time of analysis, but attack is straightforward to execute with basic HTTP tools.

Denial Of Service Node.js
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-25863 HIGH PATCH This Week

Denial-of-service condition in Conditional Fields for Contact Form 7 WordPress plugin allows remote unauthenticated attackers to crash PHP processes by injecting arbitrarily large iteration values through REST API parameters. The Wpcf7cfMailParser class processes user-supplied POST data without validation, enabling attackers to trigger unbounded loops with multiple regex operations that exhaust server memory. Affects all versions through 2.6.7 with vendor patch now available. EPSS data not provided, but the network-accessible unauthenticated attack vector (AV:N/PR:N) combined with low complexity (AC:L) indicates straightforward exploitation potential against publicly accessible WordPress sites running this plugin.

Denial Of Service PHP WordPress
NVD VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-42146 MEDIUM This Month

Denial of service in CImg Library prior to version 3.7.5 allows local attackers to crash applications via crafted BMP files with oversized nb_colors header fields. The vulnerability stems from unchecked allocation of memory based on user-supplied file header data, causing out-of-memory conditions when loading untrusted BMP files. No authentication or network access required; user interaction (file opening) is the sole prerequisite.

Denial Of Service
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-29004 HIGH PATCH This Week

Heap buffer overflow in BusyBox udhcpc6 (DHCPv6 client) allows network-adjacent attackers to achieve remote code execution or denial of service on embedded systems. The vulnerability stems from incorrect heap buffer allocation in option_to_env() when parsing D6_OPT_DNS_SERVERS options in DHCPv6 responses. Particularly dangerous on embedded devices lacking heap hardening protections. Fixed in commit 42202bf. No active exploitation confirmed (not in CISA KEV), but publicly available proof-of-concept from VulnCheck disclosure increases real-world risk for IoT and embedded deployments.

RCE Denial Of Service Buffer Overflow Heap Overflow
NVD GitHub VulDB
CVSS 4.0
7.2
EPSS
0.0%
CVE-2026-42154 Go HIGH POC PATCH GHSA This Week

Memory exhaustion in Prometheus remote read endpoint allows unauthenticated attackers to crash the monitoring server via maliciously crafted snappy-compressed payloads. The /api/v1/read endpoint in versions prior to 3.5.3 and 3.11.3 accepts compressed request bodies without validating the declared decoded length, enabling a 5-byte payload claiming 256 MiB decoded size to trigger massive heap allocations. Concurrent requests can exhaust memory and crash the Prometheus process. EPSS data not provided; no evidence of active exploitation (not in CISA KEV). Vendor-released patches available in versions 3.5.3 and 3.11.3.

Denial Of Service Prometheus
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-43964 HIGH PATCH This Week

Remote denial of service in the Postfix mail transfer agent (before 3.8.16, 3.9.x before 3.9.10, and 3.10.x before 3.10.9) lets attackers crash the process through a malformed enhanced status code that ends immediately after the third numeric component with no trailing text, triggering a buffer over-read. The flaw affects availability only - no data exposure or code execution - and has no public exploit identified at time of analysis. EPSS is very low (0.04%, 11th percentile) and CISA SSVC rates exploitation as none and non-automatable, consistent with a crash-only bug.

Denial Of Service Postfix
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-40197 Go HIGH PATCH GHSA This Week

Nil-pointer dereference in Incus daemon's custom volume backup import logic allows authenticated users to crash the service by supplying a malformed backup archive containing null entries in the volume_snapshots array, enabling repeated denial of service attacks. The vulnerability exists in the CreateCustomVolumeFromBackup function which fails to validate snapshot pointers before dereferencing them during import operations. CVSS 6.5 (authenticated network access, high availability impact); no public exploit code or active exploitation reported at analysis time, but proof-of-concept demonstration included in advisory.

Null Pointer Dereference Denial Of Service Suse
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-40195 Go HIGH PATCH GHSA This Week

Nil-pointer dereference in Incus daemon's storage bucket import logic allows authenticated users to crash the daemon by submitting a malformed bucket backup archive with a missing config section in index.yaml, enabling denial of service through repeated exploitation. The vulnerability affects Incus versions prior to 7.0.0 and requires valid storage bucket feature access but no special privileges beyond authenticated user status.

Null Pointer Dereference Denial Of Service Python Suse
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-42440 Maven HIGH PATCH GHSA This Week

Remote denial of service in Apache OpenNLP versions before 2.5.9 and 3.0.0-M3 allows unauthenticated attackers to crash JVM processes by uploading malicious .bin model files that trigger OutOfMemoryError through unbounded array allocation. Exploitation requires no authentication (AV:N/AC:L/PR:N) and affects any code path deserializing binary model files from untrusted sources. EPSS score of 0.02% (5th percentile) suggests low widespread exploitation risk, and no active exploitation or public POC has been identified at time of analysis. Vendor-released patches are available with default safeguards limiting count fields to 10 million entries.

Denial Of Service Apache Deserialization Apache Opennlp
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-29169 HIGH PATCH This Week

Remote attackers can crash Apache HTTP Server 2.4.66 and earlier by sending malicious requests that trigger a NULL pointer dereference in mod_dav_lock, causing denial of service. The vulnerability affects only servers with mod_dav_lock enabled, a legacy module whose primary use-case (Apache Subversion < 1.2.0) is obsolete in modern deployments. CISA SSVC indicates no active exploitation, but the attack is automatable against susceptible configurations. CVSS 7.5 (High) reflects network-accessible, unauthenticated denial of service, though real-world impact is limited to the small subset of servers still running mod_dav_lock.

Null Pointer Dereference Denial Of Service Apache Red Hat Apache HTTP Server
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-33007 MEDIUM PATCH This Month

Null pointer dereference in mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows unauthenticated remote attackers to crash child processes in caching forward proxy configurations, resulting in denial of service. The vulnerability has CVSS 5.3 (medium) with network accessibility and no authentication required, but is limited to partial availability impact affecting only specific proxy deployments. Vendor-released patch: version 2.4.67.

Red Hat Suse Null Pointer Dereference Denial Of Service Apache +1
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-7740 LOW POC Monitor

Denial of service in tsMuxer up to version 2.7.0 via improper handling of the track_id argument in the VvcVpsUnit::setFPS function allows local authenticated attackers to trigger an availability impact. Publicly available exploit code exists; however, the vulnerability affects only unsupported legacy versions and requires local access with user-level privileges, limiting real-world exposure.

Denial Of Service Tsmuxer
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-7739 LOW POC Monitor

Denial of service in tsMuxer up to version 2.7.0 via improper input validation in the HevcVpsUnit::setFPS function allows local authenticated attackers to crash the application by manipulating the track_id argument. The vulnerability affects only unsupported product versions and carries a very low CVSS score (1.9), though publicly available exploit code exists.

Denial Of Service Tsmuxer
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-43864 LOW PATCH Monitor

Mutt mail client before version 2.3.2 crashes due to a null pointer dereference in the show_sig_summary function when processing GPG signatures, causing denial of service. The vulnerability requires local access and user interaction to trigger (viewing a malicious email with a crafted signature), resulting in application termination with minimal real-world impact. CVSS score of 2.5 reflects low severity; no public exploit or active exploitation confirmed.

Null Pointer Dereference Denial Of Service Mutt
NVD GitHub VulDB
CVSS 3.1
2.5
EPSS
0.0%
CVE-2026-43863 LOW PATCH Monitor

Mutt before version 2.3.2 contains an infinite loop in the data_object_to_stream function within crypt-gpgme.c that can be triggered during GPG encryption operations, leading to denial of service. The vulnerability affects remote attackers under high-complexity conditions (requiring specific GPG-encrypted message handling), and is publicly documented via a GitHub commit but has no active exploitation confirmed. The fix changes the loop condition from checking non-zero read results to explicitly checking for positive read values (> 0), preventing infinite iteration when gpgme_data_read returns zero or negative values.

Denial Of Service Mutt
NVD GitHub VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-20450 MEDIUM This Month

Remote denial of service in MediaTek modem firmware across 47+ chipset variants allows attackers to crash the modem via incorrect error handling when a user equipment device connects to a rogue base station, requiring no authentication or user interaction. The vulnerability affects a broad range of MediaTek cellular chipsets (MT6855, MT6985, MT8793, and others) and carries a CVSS 6.5 score reflecting network-adjacent attack vector and high availability impact. Patch MSV-6100 / MOLY01753620 is available from MediaTek.

Denial Of Service Mediatek Chipset
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-20449 MEDIUM This Month

Heap buffer overflow in MediaTek modem firmware allows remote denial of service when a device connects to an attacker-controlled base station. The vulnerability affects a wide range of MediaTek chipsets and can crash the modem without requiring user interaction or special privileges. No public exploit code has been identified, and CISA has not listed this in the Known Exploited Vulnerabilities catalog, though the low EPSS score (0.07%) suggests limited real-world exploitation likelihood despite the attack vector requiring only adjacent network access.

Denial Of Service Buffer Overflow Mediatek Chipset
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-7734 Go MEDIUM PATCH This Month

Denial of service in osrg GoBGP up to version 4.3.0 allows remote attackers to trigger an infinite loop via malformed SRv6 L3 Service attributes in BGP packets. The vulnerability exists in the SRv6L3ServiceAttribute.DecodeFromBytes function, which incorrectly advances a loop variable when processing unknown sub-TLV types, causing the parser to never exit the loop and exhaust system resources. Vendor-released patch available in version 4.4.0.

Denial Of Service Suse
NVD VulDB GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-6948 MEDIUM PATCH This Month

Velociraptor server versions before 0.76.4 are vulnerable to denial of service via resource exhaustion when a compromised or rogue client sends specially crafted messages through the agent control channel, causing out-of-memory conditions and server crashes. The vulnerability requires authenticated client access but can be triggered by any authenticated agent, making it a realistic threat in environments where client integrity cannot be guaranteed. CVSS score of 4.9 reflects high privileges required (PR:H) but complete availability impact.

Denial Of Service Suse
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-70071 MEDIUM PATCH This Month

Denial of service in Assimp 6.0.2 allows remote attackers to crash the application by sending specially crafted FBX files that trigger memory exhaustion or infinite loops in the FBXParser ParseVectorDataArray() function. The vulnerability requires network access but involves high attack complexity, indicating the attacker must precisely craft malformed input. Public exploit code exists; CISA SSVC analysis indicates the vulnerability is not automatable and results in partial technical impact (availability loss only), suggesting targeted rather than mass-scale exploitation.

Denial Of Service N A
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-70069 HIGH PATCH This Week

Assimp 6.0.2 crashes when processing malformed FBX files due to unchecked resource consumption in the FBX multi-material mesh converter. Remote attackers can trigger denial of service (application crash) via network-delivered malicious 3D model files without authentication, requiring no user interaction beyond normal file processing. EPSS data not available; no evidence of active exploitation (not in CISA KEV). Publicly documented proof-of-concept exists via GitHub Gist, enabling straightforward reproduction.

Denial Of Service N A
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-70070 MEDIUM PATCH This Month

Denial of service vulnerability in Assimp 6.0.2 via null pointer dereference in FBXMeshGeometry.cpp MeshGeometry constructor allows remote attackers to crash applications processing malicious FBX files. Requires user interaction (opening/processing a crafted file) but affects any application using the vulnerable library version. Publicly available exploit code exists; CVSS 6.5 reflects network attack vector with user interaction requirement.

Null Pointer Dereference Denial Of Service N A
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-70072 MEDIUM PATCH This Month

Assimp version 6.0.2 is vulnerable to denial of service through improper buffer handling in the FBXConverter::ConvertMeshMultiMaterial() function when processing crafted FBX model files. A remote attacker can trigger a crash by supplying a malicious FBX file via network or local file access, causing the application to become unavailable. Publicly available exploit code exists, though the vulnerability requires user interaction to process the malicious file.

Denial Of Service Information Disclosure Buffer Overflow N A
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-37458 MEDIUM PATCH This Month

Missing input validation in FRRouting stable/10.0 through 10.6 allows authenticated BGP peers to trigger a Denial of Service by sending a crafted UPDATE message with invalid martian addresses in the MP_REACH_NLRI component. An authenticated attacker can crash or severely degrade the BGP routing daemon by exploiting insufficient validation of next-hop addresses, with an EPSS score of 0.02% indicating low real-world exploitation probability despite moderate CVSS scoring.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-37459 HIGH PATCH This Week

Denial of Service in FRRouting 10.0 through 10.6 allows remote unauthenticated attackers to crash the BGP daemon via a malformed BGP UPDATE message exploiting an integer underflow in next-hop capability processing. Upstream fix available in commit 693a2e0 but released patched version not independently confirmed. No public exploit identified at time of analysis, with EPSS score not provided suggesting low observed exploitation activity.

Denial Of Service N A
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-37461 Go HIGH PATCH GHSA This Week

Remote attackers can crash GoBGP v4.3.0 by sending a malformed BGP UPDATE message that triggers an out-of-bounds read in IPv6 extended community parsing. The flaw allows unauthenticated denial of service against default configurations with no authentication required (CVSS AV:N/AC:L/PR:N/UI:N). No public exploit identified at time of analysis, and EPSS score of 0.02% (4th percentile) indicates very low observed exploitation probability. Upstream fixes available via GitHub commits 362cce3e and 9ce8936.

Denial Of Service Information Disclosure Buffer Overflow Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-7708 LOW POC Monitor

Denial of service in Open5GS UDR component up to version 2.7.7 allows authenticated remote attackers to crash the subscription data service by manipulating the supi_id argument to the ogs_dbi_subscription_data function. Publicly available exploit code exists, and the vendor has been notified via issue report but has not yet released a patch.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-7707 LOW POC Monitor

Denial of service in Open5GS UDR component (versions up to 2.7.7) via malformed pei argument in udr_nudr_dr_handle_subscription_context function allows authenticated remote attackers to crash the User Data Repository service with low complexity. Publicly available exploit code exists; vendor has not responded to early notification.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-7706 LOW POC Monitor

Denial of service in Open5GS versions up to 2.7.7 allows authenticated remote attackers to crash the AMF (Access and Mobility Management Function) component by exploiting improper error handling in the gmm_handle_service_request function. The vulnerability requires low-privilege authentication to trigger and results in service unavailability. A public exploit has been disclosed via GitHub issue tracker, though the vendor has not yet released a patch despite early notification.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-7701 LOW Monitor

Null pointer dereference in Telegram Desktop up to version 6.7.5 allows remote attackers without authentication to cause denial of service by crafting a malicious login_url argument in the Bot API RequestButton function. The vulnerability requires user interaction to click a malicious link and has a public exploit disclosure, though vendor response to early disclosure notification was not forthcoming.

Null Pointer Dereference Denial Of Service Desktop
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-6525 MEDIUM PATCH This Month

Wireshark 4.6.0 through 4.6.4 crashes when processing malformed IEEE 802.11 frames due to a null pointer dereference in the protocol dissector. An attacker can trigger denial of service by crafting or replaying a specially malformed wireless packet that causes the dissector to crash when analyzed, rendering packet analysis impossible until the application restarts. CVSS score 5.5 reflects local attack vector with user interaction required; no public exploit code has been identified at time of analysis.

Null Pointer Dereference Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43058 MEDIUM PATCH This Month

Local denial-of-service in the Linux kernel's vidtv virtual DVB media driver allows an authenticated local user to crash the kernel via a NULL pointer dereference triggered by uninitialized struct fields in vidtv_ts_null_write_into() and vidtv_ts_pcr_write_into(). Affected kernel versions span from commit f90cf6079bf6 across multiple stable branches through Linux 5.10, with fixes backported to 6.6.136, 6.12.83, 6.18.24, 6.19.14, 7.0.1, and 7.1-rc1. No public exploit identified at time of analysis, EPSS is 0.02% (7th percentile), and this CVE is not listed in the CISA KEV catalog, reflecting its low real-world exploitation likelihood.

Linux Null Pointer Dereference Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-7601 MEDIUM PATCH This Month

Denial of service in Open5GS AMF (Access and Mobility Function) up to version 2.7.6 allows authenticated remote attackers to cause service unavailability by sending crafted registration requests with manipulated reg_type arguments. The vulnerability exists in the GMM (Mobility Management) handler due to insufficient validation of registration type values, potentially triggering null pointer dereferences or assertion failures. Vendor-released patch version 2.7.7 is available.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
5.3
EPSS
0.1%
CVE-2026-39804 HIGH POC PATCH GHSA This Week

Memory exhaustion in Bandit WebSocket server (versions 0.5.9 through 1.10.x) allows unauthenticated remote attackers to crash BEAM nodes via compression bombs when permessage-deflate is enabled. The inflate/2 function decompresses WebSocket frames without output-size limits, enabling attackers to send tiny compressed payloads (~1024:1 ratio) that expand to gigabyte-scale heap allocations. Vendor-released patch available (version 1.11.0). EPSS data not available; no public exploit identified at time of analysis. Exploitation requires non-default configuration (both server-level compress and per-upgrade compress: true options enabled), making stock Phoenix/LiveView applications unaffected.

Denial Of Service Red Hat
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-42786 HIGH POC PATCH GHSA This Week

Memory exhaustion in Bandit WebSocket server (versions 0.5.0 through 1.10.x) allows unauthenticated remote attackers to trigger denial of service by sending unbounded WebSocket continuation frames without setting the fin flag. The fragment reassembly logic accumulates payloads without checking cumulative message size, bypassing the max_frame_size limit which only applies to individual frames. Applications using Phoenix Channels or LiveView over Bandit expose this attack surface on any WebSocket endpoint. Patch available in version 1.11.0 introduces max_fragmented_message_size parameter (default 8MB). No public exploit code identified at time of analysis, but trivial to reproduce with standard WebSocket libraries.

Denial Of Service Red Hat
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-42788 MEDIUM POC PATCH GHSA This Month

Denial of service in mtrudel bandit via HTTP/2 frame deserialization allows unauthenticated remote attackers to exhaust server memory by sending oversized frames. The vulnerability exists because the HTTP/2 frame parser in 'Elixir.Bandit.HTTP2.Frame':deserialize/2 performs the max frame size check after pattern-matching the entire payload into memory, rather than before, allowing attackers to force buffering of up to 16 MiB frames regardless of negotiated limits. Confirmed actively exploited (CISA KEV status unknown but vendor advisory confirms vulnerability). Patch available in version 1.11.0.

Denial Of Service Red Hat
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-35233 MEDIUM NEWS This Month

DTrace kernel instrumentation tool on Linux is vulnerable to a denial-of-service and potential privilege escalation attack when processing malicious ELF binaries with out-of-range sh_link fields. An unprivileged attacker can craft an ELF binary that, when instrumented by a root-level dtrace process, triggers an out-of-bounds heap read in the ELF parser. This can crash the dtrace daemon (DoS) or, depending on heap layout, lead to reading and dereferencing garbage pointers controlled by the attacker, potentially enabling code execution in a privileged context. The vulnerability requires local access and a privileged dtrace instance to be actively instrumentation the malicious process, but carries significant risk given dtrace's typical deployment in system administration and security monitoring contexts.

Denial Of Service Buffer Overflow Information Disclosure
NVD VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-21996 LOW NEWS Monitor

DTrace process can be reliably crashed by unprivileged local attackers via a malicious ELF binary that triggers an integer divide-by-zero condition in the Pbuild_file_symtab() function, causing denial of service. CVSS 3.3 (low severity) reflects local-only attack vector and low privileges required, though the reliable crash mechanism and low exploitation complexity may elevate practical risk in multi-tenant or shared-system environments.

Denial Of Service
NVD VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-7587 LOW POC Monitor

Denial of service in Open5GS AMF component up to version 2.7.7 allows authenticated remote attackers to trigger resource exhaustion via improper handling of PDU session context update messages in the amf_nsmf_pdusession_handle_update_sm_context function. The vulnerability has a low CVSS score (2.1) but publicly available exploit code exists; however, exploitation requires prior authentication to the 5G network, significantly limiting real-world attack surface.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-7586 LOW Monitor

Denial of service in Open5GS up to version 2.7.7 affects the AMF (Access and Mobility Function) component, specifically the ogs_id_get_value function in nudm-handler.c, allowing remote authenticated attackers to cause service unavailability. Publicly available exploit code exists, and the vulnerability has been reported to the project via GitHub issue #4405 without vendor acknowledgment or patch release at time of analysis.

Denial Of Service Open5gs
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-37554 HIGH POC This Week

Remote unauthenticated denial of service crashes Vanetza V2X v26.02 receivers via malformed GeoNetworking packets containing invalid ECC points. Uncaught OpenSSL exceptions from elliptic curve point validation (invalid compressed points, points not on curve) in the security layer escape through the Router::indicate() call chain, triggering std::terminate and process termination. No public exploit identified at time of analysis, though EPSS risk assessment unavailable. Attack requires only network access to the V2X receiver endpoint with no authentication or user interaction (CVSS AV:N/AC:L/PR:N/UI:N), making this a significant operational risk for deployed V2X infrastructure relying on continuous availability for vehicle safety communications.

OpenSSL Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-22166 HIGH This Week

Use-after-free in Imagination Graphics DDK GPU GLES user-space library allows authenticated remote attackers to crash the GPU render process via crafted WebGPU content. CVSS 8.1 (High) with network vector and low complexity. On platforms where the GPU process runs with elevated system privileges, successful exploitation could enable system-level compromise beyond the initial crash. EPSS and KEV data not provided; SSVC framework indicates no confirmed exploitation, non-automatable attack, but total technical impact. Vendor patches available across affected DDK versions 1.18, 23.2, 24.1-24.2, and 25.1-25.3.

Denial Of Service Use After Free Memory Corruption Ddk
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-22165 HIGH This Week

Remote authenticated attackers can execute code or cause persistent denial-of-service in Imagination Technologies Graphics DDK by triggering a use-after-free in the GPU GLES render process via specially crafted WebGPU content. On platforms where the GPU driver runs with elevated system privileges, successful exploitation enables device-level compromise beyond the browser sandbox. EPSS data not available, no CISA KEV listing identified, no public POC confirmed. SSVC framework indicates no active exploitation and non-automatable attack requiring authenticated interaction.

Denial Of Service Use After Free Memory Corruption Ddk
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-7585 LOW POC Monitor

Denial of service in Open5GS up to version 2.7.7 allows authenticated remote attackers to crash the AMF (Access and Mobility Management Function) component via manipulation of the amf_nudm_sdm_handle_provisioned function in the NUDM handler. The vulnerability has publicly available exploit code and affects the authentication and mobility management core of 5G networks, requiring valid credentials to trigger but resulting in service unavailability. Public disclosure has occurred without vendor remediation at the time of analysis.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-43507 MEDIUM PATCH This Month

Denial of service via memory exhaustion in Prosody before 0.12.6 and 1.0.0 through 13.0.4 allows unauthenticated remote attackers to crash the server through XML parsing resource amplification. An attacker can send specially crafted XML payloads to trigger excessive memory consumption without authentication, resulting in service unavailability with a CVSS score of 5.3 indicating low severity availability impact.

Denial Of Service Prosody
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-43506 MEDIUM PATCH This Month

Prosody XMPP server versions before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5 are vulnerable to denial of service via memory exhaustion from unauthenticated connections. An attacker can remotely trigger memory leaks by establishing multiple connections without authentication, eventually exhausting server memory and causing service unavailability. No special configuration or user interaction is required; the vulnerability affects default Prosody deployments accessible over the network.

Denial Of Service Prosody
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-7583 LOW POC Monitor

Denial of service in Open5GS up to version 2.7.7 allows authenticated remote attackers to crash the BSF (Binding Support Function) component by manipulating the ipv6Prefix argument in the bsf_sess_find_by_ipv6prefix function. The vulnerability has a low CVSS score of 2.1 due to requiring authentication and causing only availability impact, but publicly available exploit code exists and the vendor has not yet responded to early disclosure.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-42484 CRITICAL Act Now

Heap-based buffer overflow in hashcat 7.1.2 enables remote code execution or denial of service through maliciously crafted PKZIP hash files. Attackers can exploit inadequate input validation in the hex_to_binary function affecting PKZIP hash parser modules (17200, 17210, 17220, 17225, 17230) to overflow fixed-size buffers with arbitrary hex data. CVSS 9.8 reflects network-accessible attack vector requiring no authentication or user interaction, though real-world exploitation requires victim to process attacker-supplied hash files. EPSS data not available; no CISA KEV listing indicates no confirmed widespread exploitation. Public proof-of-concept exists (GitHub Gist), elevating exploitation risk for environments processing untrusted hash files.

RCE Denial Of Service Buffer Overflow Memory Corruption Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-42483 CRITICAL Act Now

Heap-based buffer overflow in hashcat 7.1.2's Kerberos hash parser enables remote code execution without authentication. Attacker supplies a maliciously crafted Kerberos hash file with manipulated delimiter positions to overflow the fixed-size account_info buffer during memcpy operations in module_hash_decode. The vulnerability affects multiple Kerberos-related hashcat modules due to missing upper-bound validation on account_info_len before memory copy. CVSS 9.8 with network attack vector, but real-world exploitation requires user processing the malicious file. EPSS data not available; no active exploitation confirmed in CISA KEV at time of analysis.

RCE Denial Of Service Buffer Overflow Memory Corruption Suse
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-42482 CRITICAL Act Now

Stack-based buffer overflow in hashcat 7.1.2's rule processing functions enables remote code execution when processing password candidates of 128+ characters. The vulnerability stems from inadequate bounds checking in mangle_to_hex_lower() and mangle_to_hex_upper() functions that fail to account for 2x memory expansion during byte-to-hex conversion. CVSS 9.8 (critical) with network attack vector and no authentication required. Public proof-of-concept code available via GitHub gist. No CISA KEV listing suggests targeted rather than widespread exploitation despite theoretical network exploitability.

RCE Denial Of Service Buffer Overflow Memory Corruption Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-31713 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: fuse: abort on fatal signal during sync init When sync init is used and the server exits for some reason (error, crash) while processing FUSE_INIT, the filesystem creation will hang. The reason is that while all other threads will exit, the mounting thread (or process) will keep the device fd open, which will prevent an abort from happening. This is a regression from the async mount case, where the mount was done first, and the FUSE_INIT processing afterwards, in which case there's no such recursive syscall keeping the fd open.

Red Hat Suse Denial Of Service Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31703 HIGH PATCH This Week

Use-after-free condition in Linux kernel writeback subsystem allows local authenticated attackers to potentially execute arbitrary code, escalate privileges, or trigger kernel crashes. The vulnerability affects Linux kernel versions 6.18.x through 7.1-rc1 and arises from improper synchronization between work queue processing and memory deallocation in inode_switch_wbs_work_fn(). Vendor patches are available across stable kernel branches (6.18.25, 7.0.2, 7.1-rc1) with low EPSS score (0.02%) indicating minimal observed exploitation activity, though the CVSS 7.8 score reflects significant impact if successfully exploited by authenticated local users.

Denial Of Service Linux Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43053 MEDIUM PATCH This Month

XFS filesystem crashes during log recovery when inodes with node-format extended attributes are inactivated following an untimely log shutdown, due to stale metadata block references in the attribute B-tree. Unprivileged local attackers with write access to XFS filesystems can trigger this denial-of-service condition by inducing log shutdown during extended attribute cleanup, causing the filesystem to unmount and require repair. The vulnerability affects Linux kernel versions prior to 6.19.12 and later stable branches.

Denial Of Service Linux Red Hat Suse
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-43043 MEDIUM PATCH This Month

Denial of service in the Linux kernel AF_ALG crypto interface allows local authenticated attackers to trigger a NULL pointer dereference and kernel panic by sending sequential sendmsg() calls that cause scatter-gather list chain operations to fail to properly unmark SGL boundaries. The vulnerability occurs when AF_ALG allocates chained SGL structures without clearing end markers on previous entries, causing the crypto scatterwalk to encounter premature termination and dereference NULL pointers. CVSS 5.5 (AV:L/AC:L/PR:L) reflects local-only attack requirement with low complexity; EPSS 0.02% (7th percentile) indicates minimal real-world exploitation risk despite kernel panic severity.

Denial Of Service Null Pointer Dereference Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43015 HIGH PATCH This Week

Use-after-free in Linux kernel macb driver allows local authenticated attackers to cause denial of service or potentially escalate privileges during module removal. The vulnerability occurs in the PCI glue driver when platform_device_unregister() triggers a runtime resume callback that attempts to access already-freed clock structures. EPSS score is low (0.02%) with no evidence of active exploitation. Vendor patches are available across multiple stable kernel branches (5.10.253, 5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, and mainline 7.0).

Denial Of Service Use After Free Memory Corruption Linux Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-43013 MEDIUM PATCH This Month

Null pointer dereference in Linux kernel net/mlx5 LAG (Link Aggregation) driver allows local authenticated attackers to cause denial of service by accessing debugfs interfaces when LAG device context is invalid. The vulnerability exists in mlx5_ldev_add_debugfs() which creates debugfs entries without validating that a valid LAG context exists, exposing the members file and other interfaces that depend on a valid ldev pointer. EPSS exploitation probability is 0.02% (percentile 7%), indicating low real-world exploitation likelihood despite the vulnerability's availability for patching.

Denial Of Service Null Pointer Dereference Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43008 MEDIUM PATCH This Month

Denial of service via null pointer dereference in Linux kernel gpio-qixis-fpga driver affects local users with limited privileges. The driver incorrectly checks for NULL return value from devm_regmap_init_mmio(), which returns ERR_PTR() on failure, allowing a local attacker with user-level privileges to trigger a kernel panic by causing improper error handling. EPSS score is low (0.02%), indicating limited exploitation probability despite CVSS 5.5 severity.

Denial Of Service Null Pointer Dereference Linux Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31775 MEDIUM PATCH This Month

Denial of service in Linux kernel ALSA ctxfi audio driver allows local authenticated attackers to crash the system via improper SPDIF1 enumeration during DAIO initialization on hw20k2 hardware. The vulnerability affects kernel versions 6.19 through 7.0 due to a refactoring that loops over all DAIO types including the hw20k2-incompatible SPDIF1 entry, triggering a kernel crash when the undefined hardware info is accessed. Patch available from Linux stable repositories.

Red Hat Suse Denial Of Service Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31774 HIGH PATCH This Week

Integer overflow in Linux kernel io_uring subsystem allows local authenticated users to trigger slab-out-of-bounds memory reads and denial of service. The vulnerability stems from improper type casting of user-supplied length values in network bundled receive/send operations, where values exceeding INT_MAX cause negative overflow leading to infinite loops and out-of-bounds array access. EPSS score of 0.02% (5th percentile) indicates low probability of widespread exploitation. Vendor patches available for affected stable kernel branches (6.12.81, 6.18.22, 6.19.12, 7.0), making this a straightforward patching priority for systems running vulnerable versions with io_uring enabled.

Red Hat Suse Denial Of Service Buffer Overflow Linux +1
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-31770 MEDIUM PATCH This Month

Denial of service via divide-by-zero crash in the hwmon OCC (On-Chip Controller) power monitoring driver affects Linux kernels when the power sensor is queried before initial data samples are collected, typically during early boot. Local attackers with unprivileged user privileges can trigger a kernel panic by accessing the affected sysfs power attribute, causing system availability impact. CVSS 5.5 reflects local attack vector and low complexity; EPSS 0.02% indicates low real-world exploitation probability despite the straightforward trigger condition.

Red Hat Suse Denial Of Service Linux
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31765 MEDIUM PATCH This Month

Kernel NULL pointer dereference in AMD GPU driver on systems with 64KB page sizes allows local authenticated attackers to crash the system by triggering memory allocation mismatches between reserved trap area (8KB) and required allocation size (128KB) during GPU memory initialization. The vulnerability affects systems running ROCm workloads and causes denial of service when executing rocminfo or rccl unit tests on IBM POWER10 and similar 64K-page architectures. EPSS exploitation probability is very low (0.02%), and no public exploit code or active in-the-wild exploitation has been identified.

Red Hat Suse Denial Of Service Null Pointer Dereference Amd +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31755 MEDIUM PATCH This Month

Denial of service via NULL pointer dereference in the Linux kernel USB Cadence 3 (cdns3) gadget driver when ep_queue is called on disabled or unconfigured endpoints. A local authenticated attacker can trigger a kernel crash by invoking the vulnerable code path on systems with cdns3 USB gadget support enabled. No public exploit code has been identified, but the attack requires only local access and low privileges (CVSS 5.5, EPSS 0.02%).

Denial Of Service Null Pointer Dereference Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31754 MEDIUM PATCH This Month

A denial of service condition in the Linux kernel's Cadence USB3 (cdns3) gadget driver occurs when gadget initialization fails, leaving the DRD hardware in gadget mode while software state remains inactive. Switching the device to USB host mode via sysfs triggers a synchronous external abort in the xHCI host controller setup, causing a kernel crash. Local authenticated users with access to the USB role-switch sysfs interface can trigger this condition, affecting Linux kernel versions 5.4 through current releases. A patch is available from the Linux kernel project.

Red Hat Suse Denial Of Service Linux
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31753 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: auxdisplay: line-display: fix NULL dereference in linedisp_release linedisp_release() currently retrieves the enclosing struct linedisp via to_linedisp(). That lookup depends on the attachment list, but the attachment may already have been removed before put_device() invokes the release callback. This can happen in linedisp_unregister(), and can also be reached from some linedisp_register() error paths. In that case, to_linedisp() returns NULL and linedisp_release() dereferences it while freeing the display resources. The struct device released here is the embedded linedisp->dev used by linedisp_register(), so retrieve the enclosing object directly with container_of() instead.

Red Hat Suse Denial Of Service Null Pointer Dereference Linux
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31751 MEDIUM PATCH This Month

Denial of service in the Linux kernel comedi dt2815 driver allows local authenticated users to crash the system by attaching the driver to arbitrary I/O addresses without actual hardware present via the COMEDI_DEVCONFIG ioctl. The vulnerability occurs when outb() operations are performed on non-existent hardware, triggering page faults under race conditions. A patch adding hardware detection via status register reads prevents the crash.

Red Hat Suse Denial Of Service Race Condition Linux
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-31749 MEDIUM PATCH This Month

Null pointer dereference and invalid I/O port writes in the Linux kernel's comedi ni_atmio16d driver occur when the device attach handler fails, causing the detach handler to call reset_atmio16d() with uninitialized device state. Local privileged attackers can trigger a denial of service by causing attach to fail, resulting in kernel memory access violations or writes to address zero. No public exploit code or active exploitation has been identified; patch versions are available from the Linux kernel stable branches.

Red Hat Suse Denial Of Service Null Pointer Dereference Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31744 MEDIUM PATCH This Month

Denial of service in Linux kernel energy model netlink handler allows local authenticated attackers to crash the system via NULL pointer dereference when requesting non-existent performance domain IDs. The dev_energymodel_nl_get_perf_domains_doit() function fails to validate the return value from em_perf_domain_get_by_id() before dereferencing the performance domain structure, causing immediate kernel panic when an invalid domain ID is supplied. EPSS exploitation probability is very low (0.02%, 5th percentile), and no public exploit code or active exploitation has been identified.

Red Hat Suse Denial Of Service Null Pointer Dereference Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31739 HIGH PATCH This Week

Missing CRYPTO_ALG_ASYNC flag in Linux kernel's Tegra crypto driver causes the crypto API to incorrectly select asynchronous algorithms for synchronous-only requests, resulting in system crashes. This affects Tegra-based Linux systems (typically NVIDIA Jetson devices) running kernel versions 6.10 through early 7.0 development branches. Vendor patches are available across stable branches (6.12.81, 6.18.22, 6.19.12, 7.0). EPSS score of 0.02% (5th percentile) indicates minimal observed exploitation probability, and no active exploitation or public POC has been identified. The CVSS vector (AV:N/AC:L/PR:L/UI:N) suggests network-based exploitation requiring authenticated access, though this conflicts with the technical nature of a local driver configuration bug.

Red Hat Suse Denial Of Service Linux
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-31736 MEDIUM PATCH This Month

Denial of service via NULL pointer dereference in the MediaTek Ethernet PPE (packet processing engine) driver occurs when gmac0 (the primary ethernet interface) is disabled on affected systems. A local authenticated attacker can trigger a kernel crash by sending traffic through the networking stack when the driver incorrectly checks for a valid ingress device without verifying if the first network device pointer is actually initialized. The vulnerability affects Linux kernel versions prior to fixes released in stable branches 6.18.22, 6.12.81, 6.19.12, and 7.0.

Red Hat Suse Denial Of Service Null Pointer Dereference Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31728 MEDIUM PATCH This Month

A race condition in the USB gadget ethernet driver (usb: gadget: u_ether) between gether_disconnect() and eth_stop() causes a NULL pointer dereference and system hardlockup on local systems with low privilege users. When eth_stop() is triggered concurrently during gether_disconnect(), it attempts to access a cleared endpoint descriptor, crashing while holding a spinlock that gether_disconnect() also needs, resulting in kernel panic and denial of service. CVSS 4.7 with low EPSS score (0.02%, percentile 7%) indicates limited real-world exploitation likelihood despite confirmed availability of vendor patches across multiple stable kernel branches.

Red Hat Suse Denial Of Service Race Condition Linux
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-31727 MEDIUM PATCH This Month

NULL pointer dereference in the USB Ethernet gadget driver (u_ether) allows local attackers with low privileges to cause a denial of service by querying device information via ethtool during device unbind. The vulnerability occurs when userspace tools call eth_get_drvinfo() on a gadget interface after the kernel has cleared the gadget pointer during device reparenting, triggering a crash without authentication or user interaction. EPSS exploitation probability is minimal (0.02%), and this is a localized denial of service with no impact on confidentiality or integrity.

Denial Of Service Null Pointer Dereference Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31726 MEDIUM PATCH This Month

A NULL pointer dereference in the Linux kernel USB gadget UVC (USB Video Class) driver during power management transitions allows local authenticated attackers with low privileges to cause a kernel panic and denial of service. The vulnerability occurs when the PM subsystem freezes user space processes during suspend, causing wait_event_interruptible_timeout() to abort early in uvc_function_unbind(), which nullifies the gadget pointer. When tasks are restarted, the V4L2 release path attempts to access the already nullified pointer, triggering a kernel panic. Patches are available across multiple kernel versions (5.10.253, 5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0).

Red Hat Suse Denial Of Service Null Pointer Dereference Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-42402 Maven HIGH PATCH GHSA This Week

Algorithmic complexity denial of service in Apache Neethi allows remote unauthenticated attackers to exhaust JVM heap memory via malicious WS-Policy documents. Specially crafted policy documents trigger exponential Cartesian cross-product expansion during normalization, generating unbounded policy alternatives that consume all available memory. Apache has released version 3.2.2 with normalization limits to prevent exploitation. EPSS data not available; no CISA KEV listing identified at time of analysis.

Denial Of Service Apache Red Hat
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-42403 Maven HIGH PATCH GHSA This Week

Denial of Service in Apache Neethi WS-Policy processor allows remote unauthenticated attackers to crash applications or cause resource exhaustion by sending crafted policy documents with circular references. The vulnerability (CVSS 7.5) triggers infinite loops or stack overflow during policy normalization when Policy A references Policy B which references Policy A. Apache released version 3.2.2 to address this flaw. With network vector, low complexity, and no authentication required (AV:N/AC:L/PR:N), this represents a readily exploitable attack surface for applications parsing untrusted WS-Policy documents, though no public exploit or active exploitation (KEV) has been identified at time of analysis.

Denial Of Service Apache Red Hat
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-7535 LOW Monitor

Denial of service in Open5GS up to version 2.7.7 allows authenticated remote attackers to crash the AMF (Access and Mobility Function) service by manipulating the ueContextId parameter in the UE context transfer-update endpoint, resulting in service unavailability. Public exploit code is available but the vendor has not issued a patch or official response despite early notification.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-7518 LOW Monitor

Denial of service in Open5GS AMF SBI Endpoint (versions up to 2.7.7) allows authenticated remote attackers to crash the service by manipulating the changeItem.newValue argument in the /namf-callback/v1/{id}/sdmsubscription-notify endpoint. CVSS score of 2.1 reflects low severity despite network accessibility, primarily due to availability impact limitation and authentication requirement. Exploit code is publicly available, though the vendor has not yet responded to the early notification.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-7536 MEDIUM POC This Month

Denial of service in Open5GS up to version 2.7.7 allows remote unauthenticated attackers to crash the BSF (Binding Support Function) service by manipulating the ipv4Addr parameter in the /nbsf-management/v1/pcfBindings endpoint. The vulnerability has publicly available exploit code and affects a core 5G network function, creating operational risk for mobile networks relying on this open-source implementation.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-42479 MEDIUM This Month

Out-of-bounds read in Open CASCADE Technology V8_0_0_rc5 VRML parser allows denial of service when processing crafted VRML files with invalid coordIndex values. The vulnerability exists in VrmlData_IndexedLineSet::TShape geometry processing, where array indices are used without bounds validation, enabling local attackers with user interaction to crash applications through malformed input.

Denial Of Service Information Disclosure Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-37541 CRITICAL Act Now

Remote code execution in Open Vehicle Monitoring System 3 (OVMS3) version 3.3.005 allows network-based attackers to execute arbitrary code or crash the system without authentication. A buffer overflow in the GVRET CAN data parser (canformat_gvret.cpp) fails to validate length fields in binary frames, enabling memory corruption. CVSS 10.0 reflects unauthenticated network vector with scope change, but no public exploit or active exploitation confirmed at time of analysis. EPSS data unavailable; real-world risk depends on OVMS3 deployment exposure (typically vehicle telematics environments).

Denial Of Service Buffer Overflow RCE Stack Overflow
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
0.2%
CVE-2026-42481 MEDIUM This Month

Open CASCADE Technology (OCCT) V8_0_0_rc5 contains multiple out-of-bounds read vulnerabilities and infinite recursion flaws in its IGES and STEP file parsers that can be triggered by maliciously crafted CAD files, resulting in denial of service or memory disclosure. Local attackers with low privilege can exploit these issues without user interaction by supplying crafted IGES or STEP files to applications using OCCT. EPSS-based risk assessment indicates moderate exploitation probability; CISA SSVC framework rates this as non-automated with partial technical impact (denial of service and information disclosure).

Denial Of Service Information Disclosure Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-37457 HIGH PATCH This Week

Remote denial of service in FRRouting stable/10.0 allows unauthenticated attackers to crash the BGP daemon via malformed FlowSpec NLRI messages. The off-by-one vulnerability in bgp_flowspec_op_decode() enables out-of-bounds writes when parsing crafted BGP FlowSpec components, causing process termination. EPSS exploitation probability data not available, but SSVC marks this as automatable with partial technical impact. No public exploit code identified at time of analysis, and not listed in CISA KEV, suggesting theoretical rather than actively exploited risk.

Denial Of Service Buffer Overflow Memory Corruption N A
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-42480 MEDIUM This Month

Stack-based out-of-bounds read in Open CASCADE Technology (OCCT) V8_0_0_rc5 VRML parser allows local attackers with low privileges to cause denial of service by submitting a crafted VRML file. The vulnerability stems from unsafe pointer arithmetic in the quoted-string escape handler that reads past a fixed-size stack buffer without bounds validation. CISA SSVC assessment indicates exploitation is not currently active and not readily automatable, suggesting this is a localized attack requiring user interaction with malicious files.

Denial Of Service Information Disclosure Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-37538 HIGH This Week

Remote unauthenticated attackers can crash socketcand 0.4.2 daemon by sending a malformed CAN bus name that triggers a stack-based buffer overflow in the main function's socketcand.c implementation. The CVSS vector indicates network-accessible denial of service with no authentication required. A publicly available proof-of-concept exists (GitHub Gist reference), but CISA KEV status is not confirmed, and EPSS data is unavailable. The low attack complexity (AC:L) and network attack vector (AV:N) make this readily exploitable against exposed instances, though the impact is currently limited to availability (A:H) with no confirmed confidentiality or integrity impacts.

Stack Overflow Denial Of Service Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-37539 CRITICAL Act Now

Remote code execution in cannelloni v2.0.0 allows unauthenticated network attackers to crash the service or execute arbitrary code by sending malformed CAN FD frames that trigger buffer overflows in two separate parsing functions (parseCANFrame in parser.cpp and decodeFrame in decoder.cpp). The CVSS score of 9.8 reflects network-accessible exploitation requiring no authentication or user interaction, with complete system compromise possible. Public proof-of-concept code exists (GitHub Gist reference), elevating immediate exploitation risk despite no CISA KEV listing, suggesting targeted rather than mass exploitation scenarios.

Denial Of Service Buffer Overflow RCE Stack Overflow
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.3%
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Missing authorization checks in Argo Workflows v4.0.0-4.0.4 allow any authenticated user-even those with fake Bearer tokens-to create, read, update, and delete Kubernetes ConfigMaps containing workflow synchronization limits. The ConfigMap-backed sync provider (server/sync/sync_cm.go) completely omits auth.CanI permission validation on all four CRUD endpoints. Publicly available exploit code exists (detailed PoC in advisory). CVSS 8.5 reflects network-accessible authentication bypass enabling high integrity/availability impact through denial-of-service and arbitrary ConfigMap manipulation. Patch released in version 4.0.5 adding checkConfigMapPermission() calls to validate Kubernetes RBAC before operations.

Authentication Bypass Denial Of Service Information Disclosure +1
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Incus before version 7.0.0 allows authenticated users to exhaust host disk space through unbounded uploads via instance backup import, storage bucket import, storage volume backup import, and storage volume ISO import endpoints. The daemon streams HTTP request bodies directly into temporary files using io.Copy without enforcing maximum request size limits, enabling denial of service on the host system or shared storage in multi-tenant deployments. Public proof-of-concept code demonstrates sustained disk exhaustion by streaming null bytes through application/octet-stream endpoints.

Denial Of Service Suse
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Denial of service in Incus daemon via nil pointer dereference when restoring backup archives with valid inline backup/index.yaml but malformed legacy backup/container/backup.yaml omitting the container section. An authenticated user with backup import permissions can crash the daemon by crafting a backup archive that passes preflight validation but triggers nil dereference during the restore phase after archive extraction. CVSS 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) - confirmed by 7asecurity with proof-of-concept test cases.

Denial Of Service Null Pointer Dereference Suse
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

Incus versions up to 6.23.0 allow authenticated users to trigger denial of service by uploading crafted image or backup tarballs containing oversized YAML metadata files that consume excessive server memory during parsing. When metadata.yaml or backup/index.yaml entries declare large sizes in the tar header, the YAML decoder reads and allocates 5-6x the input size without limits, potentially exhausting memory on constrained daemons; a 200 MB YAML entry may trigger 1.2 GB of heap allocations. Vendor-released patch available in v7.0.0.

Denial Of Service Suse
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Nil-pointer dereference in Incus daemon S3 storage bucket import allows authenticated users to crash the daemon by uploading a truncated or corrupted tar backup file. The TransferManager.UploadAllFiles function fails to handle non-EOF errors from tar parsing, causing a panic when hdr is nil. Vendor-released patch available in v7.0.0.

Denial Of Service Null Pointer Dereference Suse
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Denial of service in Incus prior to version 7.0.0 allows authenticated users to crash the Incus daemon by importing a maliciously crafted backup archive with physical snapshot directories but tampered metadata arrays. The vulnerability stems from an incorrect bounds check (len(slice) >= i-1 instead of len(slice) > i) in the backup restore and migration code paths, enabling out-of-bounds array access that triggers a runtime panic. Repeated exploitation keeps the Incus service offline, confirmed by a publicly available proof-of-concept.

Denial Of Service Information Disclosure Buffer Overflow +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Unbounded cache growth in @fastify/accepts-serializer versions ≤6.0.3 allows remote unauthenticated attackers to exhaust Node.js heap memory by sending numerous distinct Accept header variants, crashing the application. The plugin caches serializer selections keyed by Accept header without size limits, enabling trivial memory exhaustion attacks against any exposed Fastify endpoint. Fix available in version 6.0.4, which implements an LRU cache with 100-entry default limit. No public exploit code identified at time of analysis, but attack is straightforward to execute with basic HTTP tools.

Denial Of Service Node.js
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Denial-of-service condition in Conditional Fields for Contact Form 7 WordPress plugin allows remote unauthenticated attackers to crash PHP processes by injecting arbitrarily large iteration values through REST API parameters. The Wpcf7cfMailParser class processes user-supplied POST data without validation, enabling attackers to trigger unbounded loops with multiple regex operations that exhaust server memory. Affects all versions through 2.6.7 with vendor patch now available. EPSS data not provided, but the network-accessible unauthenticated attack vector (AV:N/PR:N) combined with low complexity (AC:L) indicates straightforward exploitation potential against publicly accessible WordPress sites running this plugin.

Denial Of Service PHP WordPress
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Denial of service in CImg Library prior to version 3.7.5 allows local attackers to crash applications via crafted BMP files with oversized nb_colors header fields. The vulnerability stems from unchecked allocation of memory based on user-supplied file header data, causing out-of-memory conditions when loading untrusted BMP files. No authentication or network access required; user interaction (file opening) is the sole prerequisite.

Denial Of Service
NVD GitHub
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Heap buffer overflow in BusyBox udhcpc6 (DHCPv6 client) allows network-adjacent attackers to achieve remote code execution or denial of service on embedded systems. The vulnerability stems from incorrect heap buffer allocation in option_to_env() when parsing D6_OPT_DNS_SERVERS options in DHCPv6 responses. Particularly dangerous on embedded devices lacking heap hardening protections. Fixed in commit 42202bf. No active exploitation confirmed (not in CISA KEV), but publicly available proof-of-concept from VulnCheck disclosure increases real-world risk for IoT and embedded deployments.

RCE Denial Of Service Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Memory exhaustion in Prometheus remote read endpoint allows unauthenticated attackers to crash the monitoring server via maliciously crafted snappy-compressed payloads. The /api/v1/read endpoint in versions prior to 3.5.3 and 3.11.3 accepts compressed request bodies without validating the declared decoded length, enabling a 5-byte payload claiming 256 MiB decoded size to trigger massive heap allocations. Concurrent requests can exhaust memory and crash the Prometheus process. EPSS data not provided; no evidence of active exploitation (not in CISA KEV). Vendor-released patches available in versions 3.5.3 and 3.11.3.

Denial Of Service Prometheus
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote denial of service in the Postfix mail transfer agent (before 3.8.16, 3.9.x before 3.9.10, and 3.10.x before 3.10.9) lets attackers crash the process through a malformed enhanced status code that ends immediately after the third numeric component with no trailing text, triggering a buffer over-read. The flaw affects availability only - no data exposure or code execution - and has no public exploit identified at time of analysis. EPSS is very low (0.04%, 11th percentile) and CISA SSVC rates exploitation as none and non-automatable, consistent with a crash-only bug.

Denial Of Service Postfix
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Nil-pointer dereference in Incus daemon's custom volume backup import logic allows authenticated users to crash the service by supplying a malformed backup archive containing null entries in the volume_snapshots array, enabling repeated denial of service attacks. The vulnerability exists in the CreateCustomVolumeFromBackup function which fails to validate snapshot pointers before dereferencing them during import operations. CVSS 6.5 (authenticated network access, high availability impact); no public exploit code or active exploitation reported at analysis time, but proof-of-concept demonstration included in advisory.

Null Pointer Dereference Denial Of Service Suse
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Nil-pointer dereference in Incus daemon's storage bucket import logic allows authenticated users to crash the daemon by submitting a malformed bucket backup archive with a missing config section in index.yaml, enabling denial of service through repeated exploitation. The vulnerability affects Incus versions prior to 7.0.0 and requires valid storage bucket feature access but no special privileges beyond authenticated user status.

Null Pointer Dereference Denial Of Service Python +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote denial of service in Apache OpenNLP versions before 2.5.9 and 3.0.0-M3 allows unauthenticated attackers to crash JVM processes by uploading malicious .bin model files that trigger OutOfMemoryError through unbounded array allocation. Exploitation requires no authentication (AV:N/AC:L/PR:N) and affects any code path deserializing binary model files from untrusted sources. EPSS score of 0.02% (5th percentile) suggests low widespread exploitation risk, and no active exploitation or public POC has been identified at time of analysis. Vendor-released patches are available with default safeguards limiting count fields to 10 million entries.

Denial Of Service Apache Deserialization +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote attackers can crash Apache HTTP Server 2.4.66 and earlier by sending malicious requests that trigger a NULL pointer dereference in mod_dav_lock, causing denial of service. The vulnerability affects only servers with mod_dav_lock enabled, a legacy module whose primary use-case (Apache Subversion < 1.2.0) is obsolete in modern deployments. CISA SSVC indicates no active exploitation, but the attack is automatable against susceptible configurations. CVSS 7.5 (High) reflects network-accessible, unauthenticated denial of service, though real-world impact is limited to the small subset of servers still running mod_dav_lock.

Null Pointer Dereference Denial Of Service Apache +2
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Null pointer dereference in mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows unauthenticated remote attackers to crash child processes in caching forward proxy configurations, resulting in denial of service. The vulnerability has CVSS 5.3 (medium) with network accessibility and no authentication required, but is limited to partial availability impact affecting only specific proxy deployments. Vendor-released patch: version 2.4.67.

Red Hat Suse Null Pointer Dereference +3
NVD VulDB
EPSS 0% CVSS 1.9
LOW POC Monitor

Denial of service in tsMuxer up to version 2.7.0 via improper handling of the track_id argument in the VvcVpsUnit::setFPS function allows local authenticated attackers to trigger an availability impact. Publicly available exploit code exists; however, the vulnerability affects only unsupported legacy versions and requires local access with user-level privileges, limiting real-world exposure.

Denial Of Service Tsmuxer
NVD VulDB GitHub
EPSS 0% CVSS 1.9
LOW POC Monitor

Denial of service in tsMuxer up to version 2.7.0 via improper input validation in the HevcVpsUnit::setFPS function allows local authenticated attackers to crash the application by manipulating the track_id argument. The vulnerability affects only unsupported product versions and carries a very low CVSS score (1.9), though publicly available exploit code exists.

Denial Of Service Tsmuxer
NVD VulDB GitHub
EPSS 0% CVSS 2.5
LOW PATCH Monitor

Mutt mail client before version 2.3.2 crashes due to a null pointer dereference in the show_sig_summary function when processing GPG signatures, causing denial of service. The vulnerability requires local access and user interaction to trigger (viewing a malicious email with a crafted signature), resulting in application termination with minimal real-world impact. CVSS score of 2.5 reflects low severity; no public exploit or active exploitation confirmed.

Null Pointer Dereference Denial Of Service Mutt
NVD GitHub VulDB
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Mutt before version 2.3.2 contains an infinite loop in the data_object_to_stream function within crypt-gpgme.c that can be triggered during GPG encryption operations, leading to denial of service. The vulnerability affects remote attackers under high-complexity conditions (requiring specific GPG-encrypted message handling), and is publicly documented via a GitHub commit but has no active exploitation confirmed. The fix changes the loop condition from checking non-zero read results to explicitly checking for positive read values (> 0), preventing infinite iteration when gpgme_data_read returns zero or negative values.

Denial Of Service Mutt
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Remote denial of service in MediaTek modem firmware across 47+ chipset variants allows attackers to crash the modem via incorrect error handling when a user equipment device connects to a rogue base station, requiring no authentication or user interaction. The vulnerability affects a broad range of MediaTek cellular chipsets (MT6855, MT6985, MT8793, and others) and carries a CVSS 6.5 score reflecting network-adjacent attack vector and high availability impact. Patch MSV-6100 / MOLY01753620 is available from MediaTek.

Denial Of Service Mediatek Chipset
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Heap buffer overflow in MediaTek modem firmware allows remote denial of service when a device connects to an attacker-controlled base station. The vulnerability affects a wide range of MediaTek chipsets and can crash the modem without requiring user interaction or special privileges. No public exploit code has been identified, and CISA has not listed this in the Known Exploited Vulnerabilities catalog, though the low EPSS score (0.07%) suggests limited real-world exploitation likelihood despite the attack vector requiring only adjacent network access.

Denial Of Service Buffer Overflow Mediatek Chipset
NVD
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Denial of service in osrg GoBGP up to version 4.3.0 allows remote attackers to trigger an infinite loop via malformed SRv6 L3 Service attributes in BGP packets. The vulnerability exists in the SRv6L3ServiceAttribute.DecodeFromBytes function, which incorrectly advances a loop variable when processing unknown sub-TLV types, causing the parser to never exit the loop and exhaust system resources. Vendor-released patch available in version 4.4.0.

Denial Of Service Suse
NVD VulDB GitHub
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Velociraptor server versions before 0.76.4 are vulnerable to denial of service via resource exhaustion when a compromised or rogue client sends specially crafted messages through the agent control channel, causing out-of-memory conditions and server crashes. The vulnerability requires authenticated client access but can be triggered by any authenticated agent, making it a realistic threat in environments where client integrity cannot be guaranteed. CVSS score of 4.9 reflects high privileges required (PR:H) but complete availability impact.

Denial Of Service Suse
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Denial of service in Assimp 6.0.2 allows remote attackers to crash the application by sending specially crafted FBX files that trigger memory exhaustion or infinite loops in the FBXParser ParseVectorDataArray() function. The vulnerability requires network access but involves high attack complexity, indicating the attacker must precisely craft malformed input. Public exploit code exists; CISA SSVC analysis indicates the vulnerability is not automatable and results in partial technical impact (availability loss only), suggesting targeted rather than mass-scale exploitation.

Denial Of Service N A
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Assimp 6.0.2 crashes when processing malformed FBX files due to unchecked resource consumption in the FBX multi-material mesh converter. Remote attackers can trigger denial of service (application crash) via network-delivered malicious 3D model files without authentication, requiring no user interaction beyond normal file processing. EPSS data not available; no evidence of active exploitation (not in CISA KEV). Publicly documented proof-of-concept exists via GitHub Gist, enabling straightforward reproduction.

Denial Of Service N A
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Denial of service vulnerability in Assimp 6.0.2 via null pointer dereference in FBXMeshGeometry.cpp MeshGeometry constructor allows remote attackers to crash applications processing malicious FBX files. Requires user interaction (opening/processing a crafted file) but affects any application using the vulnerable library version. Publicly available exploit code exists; CVSS 6.5 reflects network attack vector with user interaction requirement.

Null Pointer Dereference Denial Of Service N A
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Assimp version 6.0.2 is vulnerable to denial of service through improper buffer handling in the FBXConverter::ConvertMeshMultiMaterial() function when processing crafted FBX model files. A remote attacker can trigger a crash by supplying a malicious FBX file via network or local file access, causing the application to become unavailable. Publicly available exploit code exists, though the vulnerability requires user interaction to process the malicious file.

Denial Of Service Information Disclosure Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Missing input validation in FRRouting stable/10.0 through 10.6 allows authenticated BGP peers to trigger a Denial of Service by sending a crafted UPDATE message with invalid martian addresses in the MP_REACH_NLRI component. An authenticated attacker can crash or severely degrade the BGP routing daemon by exploiting insufficient validation of next-hop addresses, with an EPSS score of 0.02% indicating low real-world exploitation probability despite moderate CVSS scoring.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of Service in FRRouting 10.0 through 10.6 allows remote unauthenticated attackers to crash the BGP daemon via a malformed BGP UPDATE message exploiting an integer underflow in next-hop capability processing. Upstream fix available in commit 693a2e0 but released patched version not independently confirmed. No public exploit identified at time of analysis, with EPSS score not provided suggesting low observed exploitation activity.

Denial Of Service N A
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote attackers can crash GoBGP v4.3.0 by sending a malformed BGP UPDATE message that triggers an out-of-bounds read in IPv6 extended community parsing. The flaw allows unauthenticated denial of service against default configurations with no authentication required (CVSS AV:N/AC:L/PR:N/UI:N). No public exploit identified at time of analysis, and EPSS score of 0.02% (4th percentile) indicates very low observed exploitation probability. Upstream fixes available via GitHub commits 362cce3e and 9ce8936.

Denial Of Service Information Disclosure Buffer Overflow +1
NVD GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

Denial of service in Open5GS UDR component up to version 2.7.7 allows authenticated remote attackers to crash the subscription data service by manipulating the supi_id argument to the ogs_dbi_subscription_data function. Publicly available exploit code exists, and the vendor has been notified via issue report but has not yet released a patch.

Denial Of Service Open5gs
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

Denial of service in Open5GS UDR component (versions up to 2.7.7) via malformed pei argument in udr_nudr_dr_handle_subscription_context function allows authenticated remote attackers to crash the User Data Repository service with low complexity. Publicly available exploit code exists; vendor has not responded to early notification.

Denial Of Service Open5gs
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

Denial of service in Open5GS versions up to 2.7.7 allows authenticated remote attackers to crash the AMF (Access and Mobility Management Function) component by exploiting improper error handling in the gmm_handle_service_request function. The vulnerability requires low-privilege authentication to trigger and results in service unavailability. A public exploit has been disclosed via GitHub issue tracker, though the vendor has not yet released a patch despite early notification.

Denial Of Service Open5gs
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW Monitor

Null pointer dereference in Telegram Desktop up to version 6.7.5 allows remote attackers without authentication to cause denial of service by crafting a malicious login_url argument in the Bot API RequestButton function. The vulnerability requires user interaction to click a malicious link and has a public exploit disclosure, though vendor response to early disclosure notification was not forthcoming.

Null Pointer Dereference Denial Of Service Desktop
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Wireshark 4.6.0 through 4.6.4 crashes when processing malformed IEEE 802.11 frames due to a null pointer dereference in the protocol dissector. An attacker can trigger denial of service by crafting or replaying a specially malformed wireless packet that causes the dissector to crash when analyzed, rendering packet analysis impossible until the application restarts. CVSS score 5.5 reflects local attack vector with user interaction required; no public exploit code has been identified at time of analysis.

Null Pointer Dereference Denial Of Service Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Local denial-of-service in the Linux kernel's vidtv virtual DVB media driver allows an authenticated local user to crash the kernel via a NULL pointer dereference triggered by uninitialized struct fields in vidtv_ts_null_write_into() and vidtv_ts_pcr_write_into(). Affected kernel versions span from commit f90cf6079bf6 across multiple stable branches through Linux 5.10, with fixes backported to 6.6.136, 6.12.83, 6.18.24, 6.19.14, 7.0.1, and 7.1-rc1. No public exploit identified at time of analysis, EPSS is 0.02% (7th percentile), and this CVE is not listed in the CISA KEV catalog, reflecting its low real-world exploitation likelihood.

Linux Null Pointer Dereference Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Denial of service in Open5GS AMF (Access and Mobility Function) up to version 2.7.6 allows authenticated remote attackers to cause service unavailability by sending crafted registration requests with manipulated reg_type arguments. The vulnerability exists in the GMM (Mobility Management) handler due to insufficient validation of registration type values, potentially triggering null pointer dereferences or assertion failures. Vendor-released patch version 2.7.7 is available.

Denial Of Service Open5gs
NVD VulDB GitHub
EPSS 0% CVSS 8.2
HIGH POC PATCH This Week

Memory exhaustion in Bandit WebSocket server (versions 0.5.9 through 1.10.x) allows unauthenticated remote attackers to crash BEAM nodes via compression bombs when permessage-deflate is enabled. The inflate/2 function decompresses WebSocket frames without output-size limits, enabling attackers to send tiny compressed payloads (~1024:1 ratio) that expand to gigabyte-scale heap allocations. Vendor-released patch available (version 1.11.0). EPSS data not available; no public exploit identified at time of analysis. Exploitation requires non-default configuration (both server-level compress and per-upgrade compress: true options enabled), making stock Phoenix/LiveView applications unaffected.

Denial Of Service Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH POC PATCH This Week

Memory exhaustion in Bandit WebSocket server (versions 0.5.0 through 1.10.x) allows unauthenticated remote attackers to trigger denial of service by sending unbounded WebSocket continuation frames without setting the fin flag. The fragment reassembly logic accumulates payloads without checking cumulative message size, bypassing the max_frame_size limit which only applies to individual frames. Applications using Phoenix Channels or LiveView over Bandit expose this attack surface on any WebSocket endpoint. Patch available in version 1.11.0 introduces max_fragmented_message_size parameter (default 8MB). No public exploit code identified at time of analysis, but trivial to reproduce with standard WebSocket libraries.

Denial Of Service Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM POC PATCH This Month

Denial of service in mtrudel bandit via HTTP/2 frame deserialization allows unauthenticated remote attackers to exhaust server memory by sending oversized frames. The vulnerability exists because the HTTP/2 frame parser in 'Elixir.Bandit.HTTP2.Frame':deserialize/2 performs the max frame size check after pattern-matching the entire payload into memory, rather than before, allowing attackers to force buffering of up to 16 MiB frames regardless of negotiated limits. Confirmed actively exploited (CISA KEV status unknown but vendor advisory confirms vulnerability). Patch available in version 1.11.0.

Denial Of Service Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 4.4
MEDIUM This Month

DTrace kernel instrumentation tool on Linux is vulnerable to a denial-of-service and potential privilege escalation attack when processing malicious ELF binaries with out-of-range sh_link fields. An unprivileged attacker can craft an ELF binary that, when instrumented by a root-level dtrace process, triggers an out-of-bounds heap read in the ELF parser. This can crash the dtrace daemon (DoS) or, depending on heap layout, lead to reading and dereferencing garbage pointers controlled by the attacker, potentially enabling code execution in a privileged context. The vulnerability requires local access and a privileged dtrace instance to be actively instrumentation the malicious process, but carries significant risk given dtrace's typical deployment in system administration and security monitoring contexts.

Denial Of Service Buffer Overflow Information Disclosure
NVD VulDB
EPSS 0% CVSS 3.3
LOW Monitor

DTrace process can be reliably crashed by unprivileged local attackers via a malicious ELF binary that triggers an integer divide-by-zero condition in the Pbuild_file_symtab() function, causing denial of service. CVSS 3.3 (low severity) reflects local-only attack vector and low privileges required, though the reliable crash mechanism and low exploitation complexity may elevate practical risk in multi-tenant or shared-system environments.

Denial Of Service
NVD VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

Denial of service in Open5GS AMF component up to version 2.7.7 allows authenticated remote attackers to trigger resource exhaustion via improper handling of PDU session context update messages in the amf_nsmf_pdusession_handle_update_sm_context function. The vulnerability has a low CVSS score (2.1) but publicly available exploit code exists; however, exploitation requires prior authentication to the 5G network, significantly limiting real-world attack surface.

Denial Of Service Open5gs
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW Monitor

Denial of service in Open5GS up to version 2.7.7 affects the AMF (Access and Mobility Function) component, specifically the ogs_id_get_value function in nudm-handler.c, allowing remote authenticated attackers to cause service unavailability. Publicly available exploit code exists, and the vulnerability has been reported to the project via GitHub issue #4405 without vendor acknowledgment or patch release at time of analysis.

Denial Of Service Open5gs
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC This Week

Remote unauthenticated denial of service crashes Vanetza V2X v26.02 receivers via malformed GeoNetworking packets containing invalid ECC points. Uncaught OpenSSL exceptions from elliptic curve point validation (invalid compressed points, points not on curve) in the security layer escape through the Router::indicate() call chain, triggering std::terminate and process termination. No public exploit identified at time of analysis, though EPSS risk assessment unavailable. Attack requires only network access to the V2X receiver endpoint with no authentication or user interaction (CVSS AV:N/AC:L/PR:N/UI:N), making this a significant operational risk for deployed V2X infrastructure relying on continuous availability for vehicle safety communications.

OpenSSL Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 8.1
HIGH This Week

Use-after-free in Imagination Graphics DDK GPU GLES user-space library allows authenticated remote attackers to crash the GPU render process via crafted WebGPU content. CVSS 8.1 (High) with network vector and low complexity. On platforms where the GPU process runs with elevated system privileges, successful exploitation could enable system-level compromise beyond the initial crash. EPSS and KEV data not provided; SSVC framework indicates no confirmed exploitation, non-automatable attack, but total technical impact. Vendor patches available across affected DDK versions 1.18, 23.2, 24.1-24.2, and 25.1-25.3.

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 8.1
HIGH This Week

Remote authenticated attackers can execute code or cause persistent denial-of-service in Imagination Technologies Graphics DDK by triggering a use-after-free in the GPU GLES render process via specially crafted WebGPU content. On platforms where the GPU driver runs with elevated system privileges, successful exploitation enables device-level compromise beyond the browser sandbox. EPSS data not available, no CISA KEV listing identified, no public POC confirmed. SSVC framework indicates no active exploitation and non-automatable attack requiring authenticated interaction.

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

Denial of service in Open5GS up to version 2.7.7 allows authenticated remote attackers to crash the AMF (Access and Mobility Management Function) component via manipulation of the amf_nudm_sdm_handle_provisioned function in the NUDM handler. The vulnerability has publicly available exploit code and affects the authentication and mobility management core of 5G networks, requiring valid credentials to trigger but resulting in service unavailability. Public disclosure has occurred without vendor remediation at the time of analysis.

Denial Of Service Open5gs
NVD VulDB GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Denial of service via memory exhaustion in Prosody before 0.12.6 and 1.0.0 through 13.0.4 allows unauthenticated remote attackers to crash the server through XML parsing resource amplification. An attacker can send specially crafted XML payloads to trigger excessive memory consumption without authentication, resulting in service unavailability with a CVSS score of 5.3 indicating low severity availability impact.

Denial Of Service Prosody
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Prosody XMPP server versions before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5 are vulnerable to denial of service via memory exhaustion from unauthenticated connections. An attacker can remotely trigger memory leaks by establishing multiple connections without authentication, eventually exhausting server memory and causing service unavailability. No special configuration or user interaction is required; the vulnerability affects default Prosody deployments accessible over the network.

Denial Of Service Prosody
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

Denial of service in Open5GS up to version 2.7.7 allows authenticated remote attackers to crash the BSF (Binding Support Function) component by manipulating the ipv6Prefix argument in the bsf_sess_find_by_ipv6prefix function. The vulnerability has a low CVSS score of 2.1 due to requiring authentication and causing only availability impact, but publicly available exploit code exists and the vendor has not yet responded to early disclosure.

Denial Of Service Open5gs
NVD VulDB GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Heap-based buffer overflow in hashcat 7.1.2 enables remote code execution or denial of service through maliciously crafted PKZIP hash files. Attackers can exploit inadequate input validation in the hex_to_binary function affecting PKZIP hash parser modules (17200, 17210, 17220, 17225, 17230) to overflow fixed-size buffers with arbitrary hex data. CVSS 9.8 reflects network-accessible attack vector requiring no authentication or user interaction, though real-world exploitation requires victim to process attacker-supplied hash files. EPSS data not available; no CISA KEV listing indicates no confirmed widespread exploitation. Public proof-of-concept exists (GitHub Gist), elevating exploitation risk for environments processing untrusted hash files.

RCE Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Heap-based buffer overflow in hashcat 7.1.2's Kerberos hash parser enables remote code execution without authentication. Attacker supplies a maliciously crafted Kerberos hash file with manipulated delimiter positions to overflow the fixed-size account_info buffer during memcpy operations in module_hash_decode. The vulnerability affects multiple Kerberos-related hashcat modules due to missing upper-bound validation on account_info_len before memory copy. CVSS 9.8 with network attack vector, but real-world exploitation requires user processing the malicious file. EPSS data not available; no active exploitation confirmed in CISA KEV at time of analysis.

RCE Denial Of Service Buffer Overflow +2
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Stack-based buffer overflow in hashcat 7.1.2's rule processing functions enables remote code execution when processing password candidates of 128+ characters. The vulnerability stems from inadequate bounds checking in mangle_to_hex_lower() and mangle_to_hex_upper() functions that fail to account for 2x memory expansion during byte-to-hex conversion. CVSS 9.8 (critical) with network attack vector and no authentication required. Public proof-of-concept code available via GitHub gist. No CISA KEV listing suggests targeted rather than widespread exploitation despite theoretical network exploitability.

RCE Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: fuse: abort on fatal signal during sync init When sync init is used and the server exits for some reason (error, crash) while processing FUSE_INIT, the filesystem creation will hang. The reason is that while all other threads will exit, the mounting thread (or process) will keep the device fd open, which will prevent an abort from happening. This is a regression from the async mount case, where the mount was done first, and the FUSE_INIT processing afterwards, in which case there's no such recursive syscall keeping the fd open.

Red Hat Suse Denial Of Service +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free condition in Linux kernel writeback subsystem allows local authenticated attackers to potentially execute arbitrary code, escalate privileges, or trigger kernel crashes. The vulnerability affects Linux kernel versions 6.18.x through 7.1-rc1 and arises from improper synchronization between work queue processing and memory deallocation in inode_switch_wbs_work_fn(). Vendor patches are available across stable kernel branches (6.18.25, 7.0.2, 7.1-rc1) with low EPSS score (0.02%) indicating minimal observed exploitation activity, though the CVSS 7.8 score reflects significant impact if successfully exploited by authenticated local users.

Denial Of Service Linux Use After Free +1
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

XFS filesystem crashes during log recovery when inodes with node-format extended attributes are inactivated following an untimely log shutdown, due to stale metadata block references in the attribute B-tree. Unprivileged local attackers with write access to XFS filesystems can trigger this denial-of-service condition by inducing log shutdown during extended attribute cleanup, causing the filesystem to unmount and require repair. The vulnerability affects Linux kernel versions prior to 6.19.12 and later stable branches.

Denial Of Service Linux Red Hat +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Denial of service in the Linux kernel AF_ALG crypto interface allows local authenticated attackers to trigger a NULL pointer dereference and kernel panic by sending sequential sendmsg() calls that cause scatter-gather list chain operations to fail to properly unmark SGL boundaries. The vulnerability occurs when AF_ALG allocates chained SGL structures without clearing end markers on previous entries, causing the crypto scatterwalk to encounter premature termination and dereference NULL pointers. CVSS 5.5 (AV:L/AC:L/PR:L) reflects local-only attack requirement with low complexity; EPSS 0.02% (7th percentile) indicates minimal real-world exploitation risk despite kernel panic severity.

Denial Of Service Null Pointer Dereference Linux +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in Linux kernel macb driver allows local authenticated attackers to cause denial of service or potentially escalate privileges during module removal. The vulnerability occurs in the PCI glue driver when platform_device_unregister() triggers a runtime resume callback that attempts to access already-freed clock structures. EPSS score is low (0.02%) with no evidence of active exploitation. Vendor patches are available across multiple stable kernel branches (5.10.253, 5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, and mainline 7.0).

Denial Of Service Use After Free Memory Corruption +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Null pointer dereference in Linux kernel net/mlx5 LAG (Link Aggregation) driver allows local authenticated attackers to cause denial of service by accessing debugfs interfaces when LAG device context is invalid. The vulnerability exists in mlx5_ldev_add_debugfs() which creates debugfs entries without validating that a valid LAG context exists, exposing the members file and other interfaces that depend on a valid ldev pointer. EPSS exploitation probability is 0.02% (percentile 7%), indicating low real-world exploitation likelihood despite the vulnerability's availability for patching.

Denial Of Service Null Pointer Dereference Linux +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Denial of service via null pointer dereference in Linux kernel gpio-qixis-fpga driver affects local users with limited privileges. The driver incorrectly checks for NULL return value from devm_regmap_init_mmio(), which returns ERR_PTR() on failure, allowing a local attacker with user-level privileges to trigger a kernel panic by causing improper error handling. EPSS score is low (0.02%), indicating limited exploitation probability despite CVSS 5.5 severity.

Denial Of Service Null Pointer Dereference Linux +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Denial of service in Linux kernel ALSA ctxfi audio driver allows local authenticated attackers to crash the system via improper SPDIF1 enumeration during DAIO initialization on hw20k2 hardware. The vulnerability affects kernel versions 6.19 through 7.0 due to a refactoring that loops over all DAIO types including the hw20k2-incompatible SPDIF1 entry, triggering a kernel crash when the undefined hardware info is accessed. Patch available from Linux stable repositories.

Red Hat Suse Denial Of Service +1
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Integer overflow in Linux kernel io_uring subsystem allows local authenticated users to trigger slab-out-of-bounds memory reads and denial of service. The vulnerability stems from improper type casting of user-supplied length values in network bundled receive/send operations, where values exceeding INT_MAX cause negative overflow leading to infinite loops and out-of-bounds array access. EPSS score of 0.02% (5th percentile) indicates low probability of widespread exploitation. Vendor patches available for affected stable kernel branches (6.12.81, 6.18.22, 6.19.12, 7.0), making this a straightforward patching priority for systems running vulnerable versions with io_uring enabled.

Red Hat Suse Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Denial of service via divide-by-zero crash in the hwmon OCC (On-Chip Controller) power monitoring driver affects Linux kernels when the power sensor is queried before initial data samples are collected, typically during early boot. Local attackers with unprivileged user privileges can trigger a kernel panic by accessing the affected sysfs power attribute, causing system availability impact. CVSS 5.5 reflects local attack vector and low complexity; EPSS 0.02% indicates low real-world exploitation probability despite the straightforward trigger condition.

Red Hat Suse Denial Of Service +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Kernel NULL pointer dereference in AMD GPU driver on systems with 64KB page sizes allows local authenticated attackers to crash the system by triggering memory allocation mismatches between reserved trap area (8KB) and required allocation size (128KB) during GPU memory initialization. The vulnerability affects systems running ROCm workloads and causes denial of service when executing rocminfo or rccl unit tests on IBM POWER10 and similar 64K-page architectures. EPSS exploitation probability is very low (0.02%), and no public exploit code or active in-the-wild exploitation has been identified.

Red Hat Suse Denial Of Service +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Denial of service via NULL pointer dereference in the Linux kernel USB Cadence 3 (cdns3) gadget driver when ep_queue is called on disabled or unconfigured endpoints. A local authenticated attacker can trigger a kernel crash by invoking the vulnerable code path on systems with cdns3 USB gadget support enabled. No public exploit code has been identified, but the attack requires only local access and low privileges (CVSS 5.5, EPSS 0.02%).

Denial Of Service Null Pointer Dereference Linux
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A denial of service condition in the Linux kernel's Cadence USB3 (cdns3) gadget driver occurs when gadget initialization fails, leaving the DRD hardware in gadget mode while software state remains inactive. Switching the device to USB host mode via sysfs triggers a synchronous external abort in the xHCI host controller setup, causing a kernel crash. Local authenticated users with access to the USB role-switch sysfs interface can trigger this condition, affecting Linux kernel versions 5.4 through current releases. A patch is available from the Linux kernel project.

Red Hat Suse Denial Of Service +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: auxdisplay: line-display: fix NULL dereference in linedisp_release linedisp_release() currently retrieves the enclosing struct linedisp via to_linedisp(). That lookup depends on the attachment list, but the attachment may already have been removed before put_device() invokes the release callback. This can happen in linedisp_unregister(), and can also be reached from some linedisp_register() error paths. In that case, to_linedisp() returns NULL and linedisp_release() dereferences it while freeing the display resources. The struct device released here is the embedded linedisp->dev used by linedisp_register(), so retrieve the enclosing object directly with container_of() instead.

Red Hat Suse Denial Of Service +2
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Denial of service in the Linux kernel comedi dt2815 driver allows local authenticated users to crash the system by attaching the driver to arbitrary I/O addresses without actual hardware present via the COMEDI_DEVCONFIG ioctl. The vulnerability occurs when outb() operations are performed on non-existent hardware, triggering page faults under race conditions. A patch adding hardware detection via status register reads prevents the crash.

Red Hat Suse Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Null pointer dereference and invalid I/O port writes in the Linux kernel's comedi ni_atmio16d driver occur when the device attach handler fails, causing the detach handler to call reset_atmio16d() with uninitialized device state. Local privileged attackers can trigger a denial of service by causing attach to fail, resulting in kernel memory access violations or writes to address zero. No public exploit code or active exploitation has been identified; patch versions are available from the Linux kernel stable branches.

Red Hat Suse Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Denial of service in Linux kernel energy model netlink handler allows local authenticated attackers to crash the system via NULL pointer dereference when requesting non-existent performance domain IDs. The dev_energymodel_nl_get_perf_domains_doit() function fails to validate the return value from em_perf_domain_get_by_id() before dereferencing the performance domain structure, causing immediate kernel panic when an invalid domain ID is supplied. EPSS exploitation probability is very low (0.02%, 5th percentile), and no public exploit code or active exploitation has been identified.

Red Hat Suse Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Missing CRYPTO_ALG_ASYNC flag in Linux kernel's Tegra crypto driver causes the crypto API to incorrectly select asynchronous algorithms for synchronous-only requests, resulting in system crashes. This affects Tegra-based Linux systems (typically NVIDIA Jetson devices) running kernel versions 6.10 through early 7.0 development branches. Vendor patches are available across stable branches (6.12.81, 6.18.22, 6.19.12, 7.0). EPSS score of 0.02% (5th percentile) indicates minimal observed exploitation probability, and no active exploitation or public POC has been identified. The CVSS vector (AV:N/AC:L/PR:L/UI:N) suggests network-based exploitation requiring authenticated access, though this conflicts with the technical nature of a local driver configuration bug.

Red Hat Suse Denial Of Service +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Denial of service via NULL pointer dereference in the MediaTek Ethernet PPE (packet processing engine) driver occurs when gmac0 (the primary ethernet interface) is disabled on affected systems. A local authenticated attacker can trigger a kernel crash by sending traffic through the networking stack when the driver incorrectly checks for a valid ingress device without verifying if the first network device pointer is actually initialized. The vulnerability affects Linux kernel versions prior to fixes released in stable branches 6.18.22, 6.12.81, 6.19.12, and 7.0.

Red Hat Suse Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

A race condition in the USB gadget ethernet driver (usb: gadget: u_ether) between gether_disconnect() and eth_stop() causes a NULL pointer dereference and system hardlockup on local systems with low privilege users. When eth_stop() is triggered concurrently during gether_disconnect(), it attempts to access a cleared endpoint descriptor, crashing while holding a spinlock that gether_disconnect() also needs, resulting in kernel panic and denial of service. CVSS 4.7 with low EPSS score (0.02%, percentile 7%) indicates limited real-world exploitation likelihood despite confirmed availability of vendor patches across multiple stable kernel branches.

Red Hat Suse Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

NULL pointer dereference in the USB Ethernet gadget driver (u_ether) allows local attackers with low privileges to cause a denial of service by querying device information via ethtool during device unbind. The vulnerability occurs when userspace tools call eth_get_drvinfo() on a gadget interface after the kernel has cleared the gadget pointer during device reparenting, triggering a crash without authentication or user interaction. EPSS exploitation probability is minimal (0.02%), and this is a localized denial of service with no impact on confidentiality or integrity.

Denial Of Service Null Pointer Dereference Linux
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A NULL pointer dereference in the Linux kernel USB gadget UVC (USB Video Class) driver during power management transitions allows local authenticated attackers with low privileges to cause a kernel panic and denial of service. The vulnerability occurs when the PM subsystem freezes user space processes during suspend, causing wait_event_interruptible_timeout() to abort early in uvc_function_unbind(), which nullifies the gadget pointer. When tasks are restarted, the V4L2 release path attempts to access the already nullified pointer, triggering a kernel panic. Patches are available across multiple kernel versions (5.10.253, 5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0).

Red Hat Suse Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Algorithmic complexity denial of service in Apache Neethi allows remote unauthenticated attackers to exhaust JVM heap memory via malicious WS-Policy documents. Specially crafted policy documents trigger exponential Cartesian cross-product expansion during normalization, generating unbounded policy alternatives that consume all available memory. Apache has released version 3.2.2 with normalization limits to prevent exploitation. EPSS data not available; no CISA KEV listing identified at time of analysis.

Denial Of Service Apache Red Hat
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of Service in Apache Neethi WS-Policy processor allows remote unauthenticated attackers to crash applications or cause resource exhaustion by sending crafted policy documents with circular references. The vulnerability (CVSS 7.5) triggers infinite loops or stack overflow during policy normalization when Policy A references Policy B which references Policy A. Apache released version 3.2.2 to address this flaw. With network vector, low complexity, and no authentication required (AV:N/AC:L/PR:N), this represents a readily exploitable attack surface for applications parsing untrusted WS-Policy documents, though no public exploit or active exploitation (KEV) has been identified at time of analysis.

Denial Of Service Apache Red Hat
NVD VulDB
EPSS 0% CVSS 2.1
LOW Monitor

Denial of service in Open5GS up to version 2.7.7 allows authenticated remote attackers to crash the AMF (Access and Mobility Function) service by manipulating the ueContextId parameter in the UE context transfer-update endpoint, resulting in service unavailability. Public exploit code is available but the vendor has not issued a patch or official response despite early notification.

Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW Monitor

Denial of service in Open5GS AMF SBI Endpoint (versions up to 2.7.7) allows authenticated remote attackers to crash the service by manipulating the changeItem.newValue argument in the /namf-callback/v1/{id}/sdmsubscription-notify endpoint. CVSS score of 2.1 reflects low severity despite network accessibility, primarily due to availability impact limitation and authentication requirement. Exploit code is publicly available, though the vendor has not yet responded to the early notification.

Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Denial of service in Open5GS up to version 2.7.7 allows remote unauthenticated attackers to crash the BSF (Binding Support Function) service by manipulating the ipv4Addr parameter in the /nbsf-management/v1/pcfBindings endpoint. The vulnerability has publicly available exploit code and affects a core 5G network function, creating operational risk for mobile networks relying on this open-source implementation.

Denial Of Service Open5gs
NVD VulDB GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

Out-of-bounds read in Open CASCADE Technology V8_0_0_rc5 VRML parser allows denial of service when processing crafted VRML files with invalid coordIndex values. The vulnerability exists in VrmlData_IndexedLineSet::TShape geometry processing, where array indices are used without bounds validation, enabling local attackers with user interaction to crash applications through malformed input.

Denial Of Service Information Disclosure Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 10.0
CRITICAL Act Now

Remote code execution in Open Vehicle Monitoring System 3 (OVMS3) version 3.3.005 allows network-based attackers to execute arbitrary code or crash the system without authentication. A buffer overflow in the GVRET CAN data parser (canformat_gvret.cpp) fails to validate length fields in binary frames, enabling memory corruption. CVSS 10.0 reflects unauthenticated network vector with scope change, but no public exploit or active exploitation confirmed at time of analysis. EPSS data unavailable; real-world risk depends on OVMS3 deployment exposure (typically vehicle telematics environments).

Denial Of Service Buffer Overflow RCE +1
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Open CASCADE Technology (OCCT) V8_0_0_rc5 contains multiple out-of-bounds read vulnerabilities and infinite recursion flaws in its IGES and STEP file parsers that can be triggered by maliciously crafted CAD files, resulting in denial of service or memory disclosure. Local attackers with low privilege can exploit these issues without user interaction by supplying crafted IGES or STEP files to applications using OCCT. EPSS-based risk assessment indicates moderate exploitation probability; CISA SSVC framework rates this as non-automated with partial technical impact (denial of service and information disclosure).

Denial Of Service Information Disclosure Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote denial of service in FRRouting stable/10.0 allows unauthenticated attackers to crash the BGP daemon via malformed FlowSpec NLRI messages. The off-by-one vulnerability in bgp_flowspec_op_decode() enables out-of-bounds writes when parsing crafted BGP FlowSpec components, causing process termination. EPSS exploitation probability data not available, but SSVC marks this as automatable with partial technical impact. No public exploit code identified at time of analysis, and not listed in CISA KEV, suggesting theoretical rather than actively exploited risk.

Denial Of Service Buffer Overflow Memory Corruption +1
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Stack-based out-of-bounds read in Open CASCADE Technology (OCCT) V8_0_0_rc5 VRML parser allows local attackers with low privileges to cause denial of service by submitting a crafted VRML file. The vulnerability stems from unsafe pointer arithmetic in the quoted-string escape handler that reads past a fixed-size stack buffer without bounds validation. CISA SSVC assessment indicates exploitation is not currently active and not readily automatable, suggesting this is a localized attack requiring user interaction with malicious files.

Denial Of Service Information Disclosure Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Remote unauthenticated attackers can crash socketcand 0.4.2 daemon by sending a malformed CAN bus name that triggers a stack-based buffer overflow in the main function's socketcand.c implementation. The CVSS vector indicates network-accessible denial of service with no authentication required. A publicly available proof-of-concept exists (GitHub Gist reference), but CISA KEV status is not confirmed, and EPSS data is unavailable. The low attack complexity (AC:L) and network attack vector (AV:N) make this readily exploitable against exposed instances, though the impact is currently limited to availability (A:H) with no confirmed confidentiality or integrity impacts.

Stack Overflow Denial Of Service Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Remote code execution in cannelloni v2.0.0 allows unauthenticated network attackers to crash the service or execute arbitrary code by sending malformed CAN FD frames that trigger buffer overflows in two separate parsing functions (parseCANFrame in parser.cpp and decodeFrame in decoder.cpp). The CVSS score of 9.8 reflects network-accessible exploitation requiring no authentication or user interaction, with complete system compromise possible. Public proof-of-concept code exists (GitHub Gist reference), elevating immediate exploitation risk despite no CISA KEV listing, suggesting targeted rather than mass exploitation scenarios.

Denial Of Service Buffer Overflow RCE +1
NVD GitHub VulDB
Prev Page 31 of 406 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy