Skip to main content

Denial Of Service

36514 CVEs technique

Monthly

CVE-2026-40881 Cargo MEDIUM PATCH GHSA This Month

Zebra cryptocurrency node prior to version 4.3.1 allocates excessive memory (up to 233,016 addresses) when deserializing addr/addrv2 protocol messages, even though the specification limits messages to 1,000 addresses. An attacker can trigger out-of-memory crashes by sending multiple oversized address messages over different connections. This is a network-accessible denial of service vulnerability affecting all Zebra versions before 4.3.1, with no public exploit code identified but straightforward to execute given the protocol specification.

Denial Of Service Deserialization
NVD GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-40481 Go HIGH PATCH GHSA This Week

Uncontrolled memory consumption in monetr 1.12.3 and earlier allows remote unauthenticated attackers to trigger denial of service by sending oversized payloads to the public Stripe webhook endpoint. The vulnerability affects deployments with Stripe webhooks enabled and lacks upstream body-size enforcement. Version 1.12.4 provides a fix. EPSS and KEV data not available; no public exploit confirmed at time of analysis, though the attack method is straightforward (8.2 CVSS reflecting high availability impact with low complexity).

Denial Of Service Monetr
NVD GitHub
CVSS 4.0
8.2
EPSS
0.1%
CVE-2026-5720 HIGH PATCH This Week

Integer underflow in miniupnpd's SOAPAction header parser triggers out-of-bounds memory reads, enabling adjacent network attackers to crash UPnP-enabled routers or leak sensitive memory contents without authentication. Affects miniupnpd versions prior to 2.3.10. Vendor patch available via commit a0ee71e9fa66. CVSS 7.1 with adjacent network vector (AV:A) indicates attackers must be on the same local network segment as the vulnerable device. No active exploitation confirmed in CISA KEV at time of analysis.

Denial Of Service Information Disclosure Integer Overflow Miniupnpd
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.1%
CVE-2026-40351 CRITICAL PATCH Act Now

NoSQL injection in FastGPT <4.14.9.5 password authentication allows unauthenticated remote attackers to bypass login controls and access any account, including root administrator, by submitting MongoDB query operators instead of plaintext passwords. The vulnerability stems from missing runtime validation on password fields in the login endpoint. Exploitation requires no special conditions beyond network access to the login endpoint. CVSS 9.8 (Critical) with EPSS data unavailable; no CISA KEV listing or public POC identified at time of analysis, though GitHub security advisory provides technical details that could enable exploit development.

Denial Of Service Nosql Injection Fastgpt
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-32624 MEDIUM PATCH This Month

Heap-based buffer overflow in xrdp 0.10.5 and earlier allows unauthenticated remote attackers to cause denial of service or memory corruption when the domain_user_separator configuration directive is explicitly enabled in xrdp.ini. An attacker sends a crafted RDP logon request with an excessively long username and domain name combination that overflows an internal buffer, corrupting adjacent memory regions. The vulnerability requires non-default configuration (domain_user_separator must be uncommented) and affects only systems with this setting enabled. Vendor-released patch: version 0.10.6.

Heap Overflow Denial Of Service Buffer Overflow Suse
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.1%
CVE-2026-33516 HIGH PATCH This Week

Out-of-bounds read in xrdp RDP server versions ≤0.10.5 allows remote unauthenticated attackers to crash the service or disclose process memory by sending a malformed Confirm Active PDU during RDP capability negotiation. Attack complexity is low but requires user interaction. EPSS data not available; no CISA KEV listing or public POC identified at time of analysis. Vendor-released patch available in version 0.10.6 per GitHub security advisory GHSA-rvh9-9wm3-28c7.

Denial Of Service Information Disclosure Microsoft Buffer Overflow Suse
NVD GitHub VulDB
CVSS 4.0
7.7
EPSS
0.1%
CVE-2026-32623 HIGH PATCH This Week

Heap-based buffer overflow in xrdp's NeutrinoRDP module (versions ≤0.10.5) enables malicious downstream RDP servers or MitM attackers to achieve remote code execution or denial of service when proxying RDP sessions. Exploitation requires the victim xrdp server to have the non-default NeutrinoRDP module compiled and enabled (--enable-neutrinordp), and a user must initiate an RDP session through the affected proxy to a malicious server. EPSS data unavailable; no CISA KEV listing indicates targeted rather than widespread exploitation. Fixed in version 0.10.6.

Heap Overflow Denial Of Service Buffer Overflow RCE Suse
NVD GitHub VulDB
CVSS 4.0
7.7
EPSS
0.4%
CVE-2026-35215 HIGH PATCH This Week

Firebird database server crashes via crafted slice packet exploiting zero-length SDL descriptor validation flaw. Remote unauthenticated attackers can trigger division-by-zero errors in the sdl_desc() function to cause denial of service against Firebird versions prior to 5.0.4, 4.0.7, and 3.0.14. CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) indicates trivial remote exploitation with no authentication required. EPSS data not available; no public exploit identified at time of analysis, though technical details in GitHub advisory may facilitate reproduction.

Denial Of Service Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-34232 HIGH PATCH This Week

Remote denial-of-service in Firebird Database Server versions prior to 5.0.4, 4.0.7, and 3.0.14 allows unauthenticated network attackers to crash the server via crafted XDR-encoded op_response packets. The xdr_status_vector() function fails to handle isc_arg_cstring status vector types during packet decoding, triggering immediate server termination. With CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) and CWE-228 (Improper Handling of Syntactically Invalid Structure), this represents a high-severity availability risk for internet-exposed Firebird instances. No active exploitation confirmed, but exploit development is trivial given the low attack complexity.

Denial Of Service Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-28224 HIGH PATCH This Week

Null pointer dereference in Firebird SQL server causes remote denial-of-service when unauthenticated attackers send malformed op_crypt_key_callback packets. Firebird versions prior to 5.0.4, 4.0.7, and 3.0.14 are affected. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms trivial remote exploitation requiring no authentication or user interaction, allowing attackers who know only the server's IP and port to crash database services. The integrity impact rating (I:L) suggests potential for limited data corruption alongside the high availability impact. Vendor-released patches are available in versions 5.0.4, 4.0.7, and 3.0.14. No public exploit code or CISA KEV listing identified at time of analysis, though the low attack complexity makes weaponization straightforward.

Null Pointer Dereference Denial Of Service Suse
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-28214 MEDIUM PATCH This Month

Integer overflow in Firebird database versions prior to 5.0.4, 4.0.7, and 3.0.14 allows authenticated users with INSERT privileges to trigger a denial of service via a malformed Batch Parameter Block that overflows the totalLength value in ClumpletReader::getClumpletSize(), causing infinite loop conditions on the server.

Denial Of Service Integer Overflow Suse
NVD GitHub VulDB
CVSS 4.0
6.0
EPSS
0.0%
CVE-2026-28212 HIGH PATCH This Week

Remote unauthenticated denial of service in Firebird SQL database server versions prior to 6.0.0/5.0.4/4.0.7/3.0.14 allows attackers to crash the database by sending a malformed op_slice network packet that triggers a null pointer dereference in the SDL_info() function. Attack requires only network access to the database port with no authentication (CVSS AV:N/AC:L/PR:N). No public exploit code identified at time of analysis, and EPSS data not available for this recent CVE. Fixed versions released by vendor across all maintained branches.

Null Pointer Dereference Denial Of Service Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-6507 HIGH PATCH This Week

Out-of-bounds write in dnsmasq's DHCP split-relay handler allows remote unauthenticated denial of service via crafted BOOTREPLY packets. Affects Red Hat Enterprise Linux 6-10 and OpenShift Container Platform 4 when dnsmasq runs with the --dhcp-split-relay option enabled. CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) indicates trivial network exploitation, but real-world risk is mitigated by the non-default configuration requirement. No public exploit or active exploitation (CISA KEV) confirmed at time of analysis, though CWE-787 (out-of-bounds write) primitives are well-understood by attackers.

Denial Of Service Memory Corruption Buffer Overflow Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 +6
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-5807 Go HIGH PATCH GHSA This Week

HashiCorp Vault unauthenticated denial-of-service vulnerability allows remote attackers to block critical administrative operations by monopolizing the single operation slot for root token generation and rekey workflows. Affects all Vault Community and Enterprise versions prior to 2.0.0. No active exploitation confirmed (EPSS 3rd percentile), but attack is trivially automatable per CISA SSVC framework. HashiCorp released patches in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0.

Denial Of Service Hashicorp Vault Vault Enterprise
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-70795 MEDIUM This Month

STProcessMonitor 11.11.4.0 driver in Safetica Application suite allows local privileged users to send crafted IOCTL requests (0xB822200C) that terminate processes protected by third-party security implementations due to insufficient caller validation in the kernel-mode driver handler. This enables denial of service attacks against critical services without requiring user interaction. Publicly available exploit code exists, and the vulnerability is tracked in CISA's LOLDrivers database as a legitimate-but-abused Windows driver.

Privilege Escalation Denial Of Service N A
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-40308 PHP HIGH POC PATCH GHSA This Week

My Calendar is a WordPress plugin for managing calendar events. In versions 3.7.6 and below, the mc_ajax_mcjs_action AJAX endpoint, registered for unauthenticated users, passes user-supplied arguments through parse_str() without validation, allowing injection of arbitrary parameters including a site value. On WordPress Multisite installations, this enables an unauthenticated attacker to call switch_to_blog() with an arbitrary site ID and extract calendar events from any sub-site on the network, including private or hidden events. On standard Single Site installations, switch_to_blog() does not exist, causing an uncaught PHP fatal error and crashing the worker thread, creating an unauthenticated denial of service vector. This issue has been fixed in version 3.7.7.

PHP Authentication Bypass WordPress Denial Of Service
NVD GitHub
CVSS 4.0
8.8
EPSS
0.0%
CVE-2026-40324 NuGet CRITICAL PATCH GHSA Act Now

### Impact Hot Chocolate's `Utf8GraphQLParser` is a recursive descent parser with no recursion depth limit. A crafted GraphQL document with deeply nested selection sets, object values, list values, or list types can trigger a `StackOverflowException` on payloads as small as **40 KB**. Because `StackOverflowException` is **uncatchable in .NET** (since .NET 2.0), the entire worker process is terminated immediately. All in-flight HTTP requests, background `IHostedService` tasks, and open WebSocket subscriptions on that worker are dropped. The orchestrator (Kubernetes, IIS, etc.) must restart the process. This occurs **before any validation rules run** - `MaxExecutionDepth`, complexity analyzers, persisted query allow-lists, and custom `IDocumentValidatorRule` implementations cannot intercept the crash because `Utf8GraphQLParser.Parse` is invoked before validation. The existing `MaxAllowedFields=2048` limit does not help because the crashing payloads contain very few fields. **Severity:** Critical (9.1) - `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H` ### Patches - **v12 line:** Fixed in `12.22.7` - **v13 line:** Fixed in `13.9.16` - **v14 line:** Fixed in `14.3.1` - **v15 line:** Fixed in `15.1.14` The fix adds a `MaxAllowedRecursionDepth` option to `ParserOptions` with a safe default, and enforces it across all recursive parser methods (`ParseSelectionSet`, `ParseValueLiteral`, `ParseObject`, `ParseList`, `ParseTypeReference`, etc.). When the limit is exceeded, a catchable `SyntaxException` is thrown instead of overflowing the stack. ### Workarounds There is no application-level workaround. `StackOverflowException` cannot be caught in .NET. The only mitigation is to upgrade to a patched version. Operators can reduce (but not eliminate) risk by limiting HTTP request body size at the reverse proxy or load balancer layer, though the smallest crashing payload (40 KB) is well below most default body size limits and is highly compressible (~few hundred bytes via gzip). ### References - Fix for v15: https://github.com/ChilliCream/graphql-platform/pull/9528

Denial Of Service Kubernetes
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-40303 Go HIGH PATCH GHSA This Week

**Summary** endpoints.GetSessionCookie parses an attacker-supplied cookie chunk count and calls make([]string, count) with no upper bound before any token validation occurs. The function is reached on every request to an OAuth-protected proxy share, allowing an unauthenticated remote attacker to trigger gigabyte-scale heap allocations per request, leading to process-level OOM termination or repeated goroutine panics. Both publicProxy and dynamicProxy are affected. - Attack Vector: Network - exploitable via a single HTTP request with a crafted Cookie header. - Attack Complexity: Low - no preconditions or chaining required; the attacker only needs to know the cookie name (publicly derivable from any OAuth redirect). - Privileges Required: None - reached before JWT validation or any authentication check. - User Interaction: None. - Scope: Unchanged - impact is confined to the affected proxy process. - Confidentiality Impact: None. - Integrity Impact: None. Availability Impact: High - sustained or concurrent requests cause OOM process termination, taking down the proxy for all users of all shares it serves. **Affected Components** - endpoints/oauthCookies.go - GetSessionCookie (line 81) - endpoints/publicProxy/authOAuth.go - handleOAuth (line 50) - call site, pre-auth - endpoints/dynamicProxy/cookies.go - getSessionCookie (line 29) - call site

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-39313 npm HIGH PATCH GHSA This Week

### Summary The `readRequestBody()` function in `src/transports/http/server.ts` concatenates HTTP request body chunks into a string with no size limit, allowing a remote unauthenticated attacker to crash the server via memory exhaustion with a single large HTTP POST request. ### Details **File:** `src/transports/http/server.ts`, lines 224-240 ```typescript private async readRequestBody(req: IncomingMessage): Promise<any> { return new Promise((resolve, reject) => { let body = ''; req.on('data', (chunk) => { body += chunk.toString(); // No size limit }); req.on('end', () => { try { const parsed = body ? JSON.parse(body) : null; resolve(parsed); } catch (error) { reject(error); } }); req.on('error', reject); }); } ``` A `maxMessageSize` configuration value exists in `DEFAULT_HTTP_STREAM_CONFIG` (4MB, defined in `src/transports/http/types.ts` line 124) but is never enforced in `readRequestBody()`. This creates a false sense of security. ### PoC Local testing with 50MB POST payloads against the vulnerable `readRequestBody()` function: | Trial | Payload | RSS growth | Time | Result | |-------|---------|-----------|------|--------| | 1 | 50MB | +197MB | 42ms | Vulnerable | | 2 | 50MB | +183MB | 46ms | Vulnerable | | 3 | 50MB | +15MB | 43ms | Vulnerable | | 4 | 50MB | +14MB | 32ms | Vulnerable | | 5 | 50MB | +65MB | 38ms | Vulnerable | Reproducibility: 5/5 (100%) ### Impact - **Denial of Service:** Any mcp-framework HTTP server can be crashed by a single large POST request to /mcp - **No authentication required:** readRequestBody() executes before any auth checks (auth is opt-in, default is no auth) - **Dead config:** maxMessageSize exists but is never enforced, giving a false sense of security - **Affected:** All applications using mcp-framework HttpStreamTransport (60,000 weekly npm downloads) **CWE-770:** Allocation of Resources Without Limits or Throttling **Suggested CVSS 3.1:** 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ### Suggested Fix Enforce `maxMessageSize` in `readRequestBody()`: ```typescript private async readRequestBody(req: IncomingMessage): Promise<any> { const maxSize = this._config.maxMessageSize || 4 * 1024 * 1024; return new Promise((resolve, reject) => { let body = ''; let size = 0; req.on('data', (chunk) => { size += chunk.length; if (size > maxSize) { req.destroy(); reject(new Error('Request body too large')); return; } body += chunk.toString(); }); // ... }); } ``` ### Disclosure Timeline This report follows coordinated disclosure. I request a 90-day window before public disclosure. **Reporter:** Raza Sharif, CyberSecAI Ltd (contact@agentsign.dev)

Denial Of Service Node.js
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-35469 Go HIGH PATCH GHSA This Week

The SPDY/3 frame parser in spdystream does not validate attacker-controlled counts and lengths before allocating memory. A remote peer that can send SPDY frames to a service using spdystream can cause the process to allocate gigabytes of memory with a small number of malformed control frames, leading to an out-of-memory crash.   Three allocation paths in the receive side are affected: 1. **SETTINGS entry count** -- The SETTINGS frame reader reads a 32-bit `numSettings` from the payload and allocates a slice of that size without checking it against the declared frame length. An attacker can set `numSettings` to a value far exceeding the actual payload, triggering a large allocation before any setting data is read.   2. **Header count** -- `parseHeaderValueBlock` reads a 32-bit `numHeaders` from the decompressed header block and allocates an `http.Header` map of that size with no upper bound.   3. **Header field size** -- Individual header name and value lengths are read as 32-bit integers and used directly as allocation sizes with no validation.   Because SPDY header blocks are zlib-compressed, a small on-the-wire payload can decompress into attacker-controlled bytes that the parser interprets as 32-bit counts and lengths. A single crafted frame is enough to exhaust process memory. ## Impact  Any program that accepts SPDY connections using spdystream -- directly or through a dependent library -- is affected. A remote peer that can send SPDY frames to the service can crash the process with a single crafted SPDY control frame, causing denial of service. ## Affected versions  `github.com/moby/spdystream` <= v0.5.0 ## Fix  v0.5.1 addresses the receive-side allocation bugs and adds related hardening:   **Core fixes:**   - **SETTINGS entry-count validation** -- The SETTINGS frame reader now checks that `numSettings` is consistent with the declared frame length (`numSettings <= (length-4)/8`) before allocating.   - **Header count limit** -- `parseHeaderValueBlock` enforces a maximum number of headers per frame (default: 1000).   - **Header field size limit** -- Individual header name and value lengths are checked against a per-field size limit (default: 1 MiB) before allocation.   - **Connection closure on protocol error** -- The connection read loop now closes the underlying `net.Conn` when it encounters an `InvalidControlFrame` error, preventing further exploitation on the same connection.   **Additional hardening:**   - **Write-side bounds checks** -- All frame write methods now verify that payloads fit within the 24-bit length field, preventing the library from producing invalid frames.   **Configurable limits:**   - Callers can adjust the defaults using `NewConnectionWithOptions` or the lower-level `spdy.NewFramerWithOptions` with functional options: `WithMaxControlFramePayloadSize`, `WithMaxHeaderFieldSize`, and `WithMaxHeaderCount`.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-43935 MEDIUM PATCH This Month

Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper resource shutdown or release vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service.

Denial Of Service Dell
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-43883 MEDIUM PATCH This Month

Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper check for unusual or exceptional conditions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service.

Denial Of Service Dell
NVD VulDB
CVSS 3.1
4.1
EPSS
0.0%
CVE-2026-33083 HIGH PATCH This Week

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the orderDirection parameter used in dataset-related endpoints including /de2api/datasetData/enumValueDs and /de2api/datasetTree/exportDataset. The Order2SQLObj class directly assigns the raw user-supplied orderDirection value into the SQL query without any validation or whitelist enforcement, and the value is rendered into the ORDER BY clause via StringTemplate before being executed against the database. An authenticated attacker can inject arbitrary SQL commands through the sorting direction field, enabling time-based blind data extraction and denial of service. This issue has been fixed in version 2.10.21.

Denial Of Service SQLi Dataease
NVD GitHub
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-6409 PHP HIGH PATCH GHSA This Week

A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages-specifically those containing negative varints or deep recursion-can be used to crash the application, impacting service availability.

PHP Denial Of Service
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.1%
CVE-2026-30656 HIGH PATCH This Week

A NULL pointer dereference vulnerability exists in fio (Flexible I/O Tester) v3.41 when parsing job files containing the fdp_pli option. The callback function str_fdp_pli_cb() does not validate the input pointer and calls strdup() on a NULL value when the option is specified without an argument. This results in a segmentation fault and process crash.

Null Pointer Dereference Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-2374 HIGH PATCH This Week

The XML parsers within multiple WSO2 products accept user-supplied XML data without properly configuring to prevent the resolution of external entities. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Denial Of Service Wso2 Api Manager Wso2 Identity Server Wso2 Open Banking Am +2
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-40594 PyPI MEDIUM PATCH GHSA This Month

Race condition in pyLoad's Flask session cookie handler allows unauthenticated attackers to manipulate the SESSION_COOKIE_SECURE flag globally across all concurrent requests by spoofing the X-Forwarded-Proto header. On deployments behind a TLS-terminating proxy, this enables session cookie downgrade attacks resulting in plaintext cookie transmission; on default plain HTTP deployments, it causes session denial of service by forcing the Secure flag and breaking all concurrent user sessions. The vulnerability requires no authentication and exploits a multi-threaded race window in the Cheroot WSGI server (request_queue_size=512) combined with missing proxy origin validation (acknowledged TODO in code).

Denial Of Service Kubernetes Python
NVD GitHub
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-40347 PyPI MEDIUM PATCH GHSA This Month

### Summary A denial of service vulnerability exists when parsing crafted `multipart/form-data` requests with large preamble or epilogue sections. ### Details Two inefficient multipart parsing paths could be abused with attacker-controlled input. Before the first multipart boundary, the parser handled leading CR and LF bytes inefficiently while searching for the start of the first part. After the closing boundary, the parser continued processing trailing epilogue data instead of discarding it immediately. As a result, parsing time could grow with the size of crafted data placed before the first boundary or after the closing boundary. ### Impact An attacker can send oversized malformed multipart bodies that consume excessive CPU time during request parsing, reducing request-handling capacity and delaying legitimate requests. This issue degrades availability but does not typically result in a complete denial of service for the entire application. ### Mitigation Upgrade to version `0.0.26` or later, which skips ahead to the next boundary candidate when processing leading CR/LF data and immediately discards epilogue data after the closing boundary.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-6385 MEDIUM PATCH This Month

A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds checks, leading to a heap out-of-bounds write. Successful exploitation can result in a denial of service (DoS) due to an application crash, and potentially lead to arbitrary code execution.

Denial Of Service Integer Overflow Buffer Overflow RCE Red Hat +1
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-6384 HIGH PATCH This Week

A flaw was found in gimp. This buffer overflow vulnerability in the GIF image loading component's `ReadJeffsImage` function allows an attacker to write beyond an allocated buffer by processing a specially crafted GIF file. This can lead to a denial of service or potentially arbitrary code execution.

Denial Of Service Buffer Overflow RCE Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-6319 HIGH PATCH This Week

Remote code execution in Google Chrome on Android versions prior to 147.0.7727.101 is possible through a use-after-free vulnerability in the Payments feature. Attackers who successfully convince users to perform specific UI interactions on a malicious webpage can achieve arbitrary code execution with high impact to confidentiality, integrity, and availability. The vulnerability requires high attack complexity and user interaction (CVSS:3.1/AV:N/AC:H/PR:N/UI:R), indicating social engineering is necessary. Google has released Chrome 147.0.7727.101 to address this issue. No evidence of active exploitation (not in CISA KEV) or public proof-of-concept code has been identified at time of analysis.

Use After Free Memory Corruption Google Denial Of Service RCE +1
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-6318 HIGH PATCH This Week

Arbitrary code execution within Chrome's sandbox affects all versions prior to 147.0.7727.101 via crafted HTML pages exploiting a use-after-free in codec processing. Remote attackers require user interaction (visiting a malicious page) but need no authentication. CVSS 8.8 (High) with network attack vector, low complexity, and high impact across confidentiality, integrity, and availability. Google patched this in the stable channel update released April 15, 2026. No public exploit code or CISA KEV listing identified at time of analysis, though Chromium issue tracker #495996858 indicates vendor-confirmed vulnerability. The sandbox containment limits initial exploitation to Chrome's restricted environment, not direct system compromise.

Use After Free Memory Corruption Google Denial Of Service RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-6317 HIGH PATCH This Week

Use after free in Cast in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Use After Free Memory Corruption Google Denial Of Service RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-6362 MEDIUM PATCH This Month

Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted video file. (Chromium security severity: High)

Denial Of Service Memory Corruption Use After Free Google Chrome
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-6316 HIGH PATCH This Week

Use after free in Forms in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Use After Free Memory Corruption Google Denial Of Service RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-6315 HIGH PATCH This Week

Use after free in Permissions in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Use After Free Memory Corruption Google Denial Of Service RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-6310 HIGH PATCH This Week

Use after free in Dawn in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Memory Corruption Use After Free Google Chrome
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-6360 HIGH PATCH This Week

Use after free in FileSystem in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Memory Corruption Use After Free Google Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-6309 HIGH PATCH This Week

Use after free in Viz in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Memory Corruption Use After Free Google Chrome
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-6304 HIGH PATCH This Week

Use after free in Graphite in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Memory Corruption Use After Free Google Chrome
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-6303 HIGH PATCH This Week

Arbitrary code execution within Google Chrome's sandbox affects all versions prior to 147.0.7727.101 through a use-after-free vulnerability in the codec processing components. Remote attackers can exploit this by tricking users into visiting a malicious webpage, achieving high-severity compromise of confidentiality, integrity, and availability within the sandboxed renderer process. Google has released version 147.0.7727.101 as a stable channel update to address this flaw. No evidence of active exploitation (not in CISA KEV) or public exploit code has been identified at time of analysis, though the simplicity of the attack vector (network-based, low complexity, requiring only user interaction) warrants prioritized patching.

Use After Free Memory Corruption Google Denial Of Service RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-6302 HIGH PATCH This Week

Use after free in Video in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Use After Free Memory Corruption Google Denial Of Service RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-6300 HIGH PATCH This Week

Use after free in CSS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Use After Free Memory Corruption Google Denial Of Service RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-6359 HIGH PATCH This Week

Use after free in Video in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Use After Free Microsoft Memory Corruption Google Denial Of Service +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-6358 HIGH PATCH This Week

Use after free in XR in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Critical)

Denial Of Service Memory Corruption Use After Free Google Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-6299 HIGH PATCH This Week

Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Use After Free Memory Corruption Google Denial Of Service RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-6297 HIGH PATCH This Week

Use after free in Proxy in Google Chrome prior to 147.0.7727.101 allowed an attacker in a privileged network position to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Denial Of Service Memory Corruption Use After Free Google Chrome
NVD VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-40919 MEDIUM PATCH This Month

A flaw was found in GIMP. This vulnerability, a buffer overflow in the `file-seattle-filmworks` plugin, can be exploited when a user opens a specially crafted Seattle Filmworks file. A remote attacker could leverage this to cause a denial of service (DoS), leading to the plugin crashing and potentially impacting the stability of the GIMP application.

Denial Of Service Memory Corruption Buffer Overflow Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 +2
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-40918 MEDIUM PATCH This Month

A flaw was found in GIMP. Processing a specially crafted PVR image file with large dimensions can lead to a denial of service (DoS). This occurs due to a stack-based buffer overflow and an out-of-bounds read in the PVR image loader, causing the application to crash. Systems that process untrusted PVR image files are affected.

Denial Of Service Buffer Overflow Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-40916 MEDIUM PATCH This Month

A flaw was found in GIMP. A stack buffer overflow vulnerability in the TIM image loader's 4BPP decoding path allows a local user to cause a Denial of Service (DoS). By opening a specially crafted TIM image file, the application crashes due to an unconditional overflow when writing to a variable-length array.

Denial Of Service Memory Corruption Buffer Overflow Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 +2
NVD VulDB
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-40915 MEDIUM PATCH This Month

A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by providing a specially crafted FITS file. This integer overflow leads to a zero-byte memory allocation, which is then subjected to a heap buffer overflow when processing pixel data. Successful exploitation could result in a denial of service (DoS) or potentially arbitrary code execution.

Denial Of Service Integer Overflow Buffer Overflow RCE Red Hat Enterprise Linux 6 +3
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-6245 MEDIUM PATCH This Month

A flaw was found in the System Security Services Daemon (SSSD). The pam_passkey_child_read_data() function within the PAM passkey responder fails to properly handle raw bytes received from a pipe. Because the data is treated as a NUL-terminated C string without explicit termination, it results in an out-of-bounds read when processed by functions like snprintf(). A local attacker could potentially trigger this vulnerability by initiating a crafted passkey authentication request, causing the SSSD PAM responder to crash, resulting in a local Denial of Service (DoS).

Denial Of Service Buffer Overflow Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20180 CRITICAL NEWS Act Now

A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to&nbsp;root. In single-node ISE deployments, successful exploitation of these vulnerabilities could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.

Denial Of Service Cisco Path Traversal Cisco Identity Services Engine Software
NVD VulDB
CVSS 3.1
9.9
EPSS
0.2%
CVE-2026-20186 CRITICAL NEWS Act Now

A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to&nbsp;root. In single-node ISE deployments, successful exploitation of these vulnerabilities could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.

Denial Of Service Cisco Command Injection Cisco Identity Services Engine Software
NVD VulDB
CVSS 3.1
9.9
EPSS
0.2%
CVE-2026-20147 CRITICAL NEWS Act Now

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node ISE deployments, successful exploitation of this vulnerability could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.

Denial Of Service Cisco Command Injection Cisco Identity Services Engine Software Cisco Ise Passive Identity Connector
NVD VulDB
CVSS 3.1
9.9
EPSS
0.2%
CVE-2024-33618 HIGH This Week

Uncontrolled Resource Consumption in Bosch VMS Central Server in Bosch VMS 12.0.1 allows attackers to consume excessive amounts of disk space via network interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bvms Bvms Viewer Bosch Divar Ip All In One 7000 R3 Bosch Divar Ip 7000 R2 +4
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-3505 Maven HIGH PATCH GHSA This Week

Pre-authentication resource exhaustion in Bouncy Castle BC-JAVA PGP modules (bcpg) allows remote attackers to trigger denial-of-service by exploiting unbounded AEAD chunk sizes, affecting all versions before 1.84. The maximum CVSS 4.0 score of 10.0 reflects complete compromise potential across confidentiality, integrity, and availability with no attack complexity, no authentication requirements, and network-based exploitation. No public exploit identified at time of analysis, though the attack s

Denial Of Service Java Bc Java
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-1509 MEDIUM This Month

Arbitrary WordPress action execution in Avada (Fusion) Builder plugin versions up to 3.15.1 allows authenticated attackers with Subscriber-level access to invoke unvalidated WordPress action hooks via the Dynamic Data feature, potentially enabling privilege escalation, file inclusion, denial of service, or remote code execution depending on available hooks in the WordPress installation. The vulnerability stems from the `output_action_hook()` function accepting user-controlled input without authorization checks. No public exploit code or active exploitation has been confirmed at time of analysis.

Denial Of Service RCE WordPress Privilege Escalation Code Injection
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-27292 HIGH This Week

Arbitrary code execution in Adobe FrameMaker 2022.8 and earlier allows local attackers to execute malicious code with current user privileges by tricking victims into opening specially crafted files. This use-after-free memory corruption vulnerability requires no authentication but depends on user interaction. No confirmed active exploitation (not in CISA KEV) or public proof-of-concept identified at time of analysis, though the local attack vector and user interaction requirement reduce immediate remote threat surface compared to network-accessible vulnerabilities.

Denial Of Service RCE Memory Corruption Adobe Use After Free
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-40319 PyPI LOW PATCH GHSA Monitor

Denial of service in giskard-checks RegexMatching check via unguarded regex pattern matching allows local attackers with write access to check definitions to trigger catastrophic backtracking in Python's re.search() function, causing process hangs and disrupting CI/CD pipelines or automated test execution.

Denial Of Service Python
NVD GitHub
CVSS 4.0
1.0
EPSS
0.0%
CVE-2026-40890 Go HIGH PATCH GHSA This Week

### Summary Processing a malformed input containing a `<` character that is not followed by a `>` character anywhere in the remaining text with a SmartypantsRenderer will lead to Out of Bounds read or a panic. ### Details The `smartLeftAngle()` function in `html/smartypants.go:367-376` performs an out-of-bounds slice operation when processing a `<` character that is not followed by a `>` character anywhere in the remaining text. https://github.com/gomarkdown/markdown/blob/37c66b85d6ab025ba67a73ba03b7f3ef55859cca/html/smartypants.go#L367-L376 If the length of the slice is lower than its capacity, this leads to an extra byte of data read. If the length equals the capacity, this leads to a panic. ### PoC ```golang package main import ( "bytes" "fmt" "github.com/gomarkdown/markdown/html" ) func main() { src := []byte("<a") fmt.Printf("Input: %q (len=%d, cap=%d)\n", src, len(src), cap(src)) var buf bytes.Buffer sp := html.NewSmartypantsRenderer(html.Smartypants) sp.Process(&buf, src) // panics: slice bounds out of range fmt.Printf("Output: %q\n", buf.String()) } ``` ### Impact This vulnerability will lead to a Denial of Service / panic on the processing service. -- The Datadog Security Team

Denial Of Service Information Disclosure Buffer Overflow Red Hat
NVD GitHub HeroDevs
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-40104 Maven MEDIUM PATCH GHSA This Month

Denial of service via resource exhaustion in XWiki REST API endpoints that list database properties without respecting configured query limits, allowing remote attackers to enumerate all pages on large wiki installations and exhaust server resources. Affects XWiki Platform versions before 16.10.16, 17.4.8, and 17.10.1. Vendor-released patches are available; no public exploit code or active exploitation confirmed at time of analysis.

Denial Of Service
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-35034 MEDIUM PATCH This Month

Denial of service in Jellyfin versions prior to 10.11.7 allows authenticated users to exhaust server resources and crash the SyncPlay media synchronization service via the group creation endpoint (POST /SyncPlay/New) by submitting unbounded payload sizes. An attacker can lock out legitimate clients from accessing SyncPlay functionality and trigger out-of-memory conditions through insufficient input validation on group names and IDs. No public exploit code or active exploitation has been identified.

Denial Of Service Jellyfin
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-27308 LOW Monitor

ColdFusion versions 2023.18, 2025.6, and earlier are vulnerable to uncontrolled resource consumption that allows high-privileged attackers to trigger application denial-of-service by exhausting system resources without user interaction. This is a low-severity issue (CVSS 2.4) affecting only authenticated administrators, with no public exploit code or active exploitation reported.

Denial Of Service Coldfusion
NVD
CVSS 3.1
2.4
EPSS
0.0%
CVE-2026-27307 LOW Monitor

ColdFusion versions 2023.18, 2025.6 and earlier are vulnerable to uncontrolled resource consumption that allows high-privileged attackers to trigger denial-of-service by exhausting system resources without user interaction. The CVSS score of 2.4 reflects low severity due to the high-privilege requirement (PR:H), though the attack vector is adjacent network access and does not require authentication once the attacker has elevated privileges.

Denial Of Service Coldfusion
NVD
CVSS 3.1
2.4
EPSS
0.0%
CVE-2026-27222 MEDIUM This Month

Divide by zero vulnerability in Adobe Bridge versions 15.1.4 and earlier allows local denial of service when a victim opens a malicious file, crashing or freezing the application. The vulnerability requires user interaction and local file access but carries a moderate CVSS score of 5.5 due to high availability impact; no public exploit code or active exploitation has been confirmed.

Denial Of Service Bridge
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-33115 HIGH PATCH NEWS Exploit Unlikely This Week

Memory corruption in Microsoft Office Word enables local code execution through a use-after-free flaw affecting Microsoft 365 Apps for Enterprise and Office LTSC 2021/2024 for Windows and Mac. Despite the local attack vector (AV:L), the vulnerability requires no privileges (PR:N) or user interaction (UI:N), allowing unauthorized attackers to execute arbitrary code with high impact to confidentiality, integrity, and availability (CVSS 8.4). Vendor-released patch available via Microsoft Security Response Center as of April 2026. No public exploit identified at time of analysis, though the technical simplicity (AC:L) and memory corruption primitive increase weaponization risk.

Denial Of Service Use After Free Memory Corruption Microsoft
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-33101 HIGH PATCH This Week

Local privilege escalation in Windows Print Spooler Components allows authenticated attackers with low privileges to achieve complete system compromise (high confidentiality, integrity, and availability impact) by exploiting a use-after-free memory corruption vulnerability. Affects Windows 11 versions 24H2, 25H2, 26H1, Windows Server 2022 23H2 Edition, and Windows Server 2025. CVSS score 7.8 reflects local attack vector with low complexity and no user interaction required. No public exploit or CISA KEV status identified at time of analysis, though use-after-free vulnerabilities in Print Spooler have historically been attractive exploitation targets.

Denial Of Service Use After Free Memory Corruption Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-33100 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Ancillary Function Driver for WinSock (AFD.sys) affects all supported Windows 10, Windows 11, and Windows Server versions from 2012 through 2025. The CWE-416 use-after-free memory corruption flaw allows low-privileged authenticated attackers with local access to elevate to SYSTEM privileges, achieving complete control over confidentiality, integrity, and availability. SSVC framework rates this as non-automatable with total technical impact. No public exploit

Denial Of Service Use After Free Memory Corruption Microsoft
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-33099 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation via use-after-free in Windows Ancillary Function Driver for WinSock (AFD.sys) allows authenticated low-privileged attackers to execute arbitrary code with SYSTEM privileges across all supported Windows versions. Microsoft has released patches for Windows 10 (versions 1607-22H2), Windows 11 (versions 22H3-25H2), and Windows Server (2012-2022 23H2). The vulnerability requires local access and low privileges (PR:L) with high attack complexity (AC:H), but no public exploit

Denial Of Service Use After Free Memory Corruption Microsoft
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-26171 NuGet HIGH POC PATCH GHSA Exploit Unlikely This Week

Denial-of-service condition in Microsoft .NET Framework 8.0, 9.0, and 10.0 allows unauthenticated remote attackers to exhaust system resources through network-based uncontrolled resource consumption. Affects .NET 8.0 versions prior to 8.0.26, .NET 9.0 versions prior to 9.0.15, and .NET 10.0 versions prior to 10.0.6. Microsoft has released patches addressing CWE-400 resource exhaustion. No evidence of active exploitation (not listed in CISA KEV) at time of analysis, though the network-accessible, unauthenticated attack vector and low complexity (CVSS AV:N/AC:L/PR:N) present significant availability risk for internet-facing .NET applications.

Denial Of Service Net 10 0 Net 8 0 Net 9 0
NVD VulDB HeroDevs GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2026-32200 HIGH PATCH Exploit Unlikely This Week

Use-after-free memory corruption in Microsoft PowerPoint (versions 2016, 2019, LTSC 2021, LTSC 2024, and Microsoft 365 Apps for Enterprise) enables local code execution when users open malicious files. An attacker with no privileges can achieve full system compromise (high confidentiality, integrity, and availability impact) by convincing a user to open a crafted PowerPoint document. Vendor patch available via Microsoft Security Response Center. No public exploit code or confirmed active exploitation (CISA KEV) identified at time of analysis, though CVSS 7.8 rating reflects high severity for local attack scenarios.

Denial Of Service Use After Free Memory Corruption Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-32199 HIGH PATCH Exploit Unlikely This Week

Microsoft Excel use-after-free vulnerability (CWE-416) enables arbitrary code execution when a user opens a specially crafted Excel file. Affects Microsoft 365 Apps for Enterprise, Excel 2016, Office 2019, Office LTSC 2021/2024 (Windows and Mac), and Office Online Server. CVSS 7.8 (High) requires local access and user interaction but no authentication. No public exploit identified at time of analysis. Microsoft released patches addressing all affected product lines per MSRC update guide.

Denial Of Service Use After Free Memory Corruption Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-32198 HIGH PATCH Exploit Unlikely This Week

Use-after-free vulnerability in Microsoft Office Excel enables local code execution when users open maliciously crafted Excel files. Affects all major Office versions including Microsoft 365 Apps for Enterprise, Excel 2016, Office 2019, Office LTSC 2021/2024 (Windows and Mac), and Office Online Server. Attack requires no authentication (PR:N) but demands user interaction (opening a weaponized document). CVSS 7.8 (High) reflects significant impact potential (code execution with high confidentiali

Denial Of Service Use After Free Memory Corruption Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-32197 HIGH PATCH Exploit Unlikely This Week

Use-after-free memory corruption in Microsoft Excel across Office 2016-2024 and Microsoft 365 enables local code execution when a user opens a malicious spreadsheet. Attackers must craft a weaponized Excel file and trick users into opening it, after which arbitrary code runs with the victim's privileges. No authentication is required, though user interaction is necessary. Exploitation probability remains moderate (CVSS 7.8) with no confirmed active exploitation (no CISA KEV listing) and no publi

Denial Of Service Use After Free Memory Corruption Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-32190 HIGH PATCH NEWS Exploit Unlikely This Week

Use-after-free memory corruption in Microsoft Office (versions 2016 through LTSC 2024, including Microsoft 365 Apps for Enterprise) enables local code execution with no authentication or user interaction required. Attackers with local system access can execute arbitrary code with high impact to confidentiality, integrity, and availability (CVSS 8.4). No public exploit identified at time of analysis. Vendor-released patch available via Microsoft Security Response Center for all affected versions.

Denial Of Service Use After Free Memory Corruption Microsoft
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-32155 HIGH PATCH Exploit Unlikely This Week

Desktop Window Manager (DWM) privilege escalation via use-after-free memory corruption affects Windows 10 21H2/22H2, Windows 11 22H3 through 25H2, and Windows Server 2022/2025. Local authenticated attackers with low privileges can exploit this memory corruption flaw to gain SYSTEM-level access, achieving full compromise of confidentiality, integrity, and availability. Vendor-released patches are available across all affected platforms. No public exploit identified at time of analysis, though the

Denial Of Service Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-32153 HIGH PATCH Exploit Unlikely This Week

Use-after-free in Microsoft Windows Speech component enables local privilege escalation to SYSTEM on Windows 10 (versions 1809, 21H2, 22H2) and Windows 11 (versions 22H3 through 26H1). Authenticated local attackers with low privileges can exploit memory corruption to gain full system control with low attack complexity and no user interaction required. CVSS 7.8 (High). Vendor-released patches available for all affected versions. No public exploit identified at time of analysis, though the straigh

Denial Of Service Use After Free Memory Corruption Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-32080 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows WalletService across Server 2016 through Server 2025 allows low-privileged authenticated attackers to gain SYSTEM-level access by exploiting a use-after-free memory corruption flaw. Attack complexity is high (CVSS AC:H), requiring precise timing or race condition exploitation. Patch available per vendor advisory (MSRC). No public exploit identified at time of analysis, EPSS data not provided.

Denial Of Service Use After Free Memory Corruption Microsoft
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-32078 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Projected File System (ProjFS) across Windows 10, Windows 11, and Windows Server 2019-2025 allows authenticated low-privileged users to gain SYSTEM-level control via use-after-free memory corruption. Attack requires local access and low-privileged credentials (CVSS PR:L) but no user interaction, enabling complete compromise of confidentiality, integrity, and availability. Vendor-released patches are available for all affected versions. No public exploit identified at time of analysis, though the vulnerability class (use-after-free) is well-understood and commonly targeted once details emerge.

Denial Of Service Use After Free Memory Corruption Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-32070 HIGH PATCH Exploit Likely This Week

Local privilege escalation in Windows Common Log File System (CLFS) Driver affects Windows 10, 11, and Server 2012-2025 through a use-after-free memory corruption flaw. Authenticated local attackers with low privileges can exploit this vulnerability to gain SYSTEM-level access, achieving full control over confidentiality, integrity, and availability. While no public exploit identified at time of analysis, the Windows CLFS driver has been a frequent target for privilege escalation exploits histor

Denial Of Service Use After Free Memory Corruption Microsoft
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-27925 MEDIUM PATCH Exploit Unlikely This Month

Use-after-free memory corruption in Windows UPnP Device Host enables unauthenticated adjacent network attackers to disclose sensitive information with CVSS 6.5 high severity. The vulnerability affects Windows 10 (versions 1607, 1809, 21H2, 22H2), Windows 11 (versions 22H3, 23H2, 24H2, 25H2, 26H1), and multiple Windows Server editions (2012 through 2025). Microsoft has released patches with specific version thresholds; exploitation requires network adjacency but no authentication or user interaction.

Denial Of Service Use After Free Memory Corruption Microsoft
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-27923 HIGH PATCH Exploit Unlikely This Week

Desktop Window Manager (DWM) use-after-free memory corruption allows authenticated local attackers to escalate privileges to SYSTEM on all supported Windows 10, Windows 11, and Windows Server versions (2012-2025). The vulnerability enables low-privileged users to gain complete control over affected systems with low attack complexity and no user interaction required. Vendor-released patches are available across all affected versions. No public exploit identified at time of analysis, though the st

Denial Of Service Use After Free Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27922 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Ancillary Function Driver for WinSock (AFD.sys) affects all Windows 10, Windows 11, and Windows Server versions from 2012 through 2025 via a use-after-free memory corruption flaw. Authenticated local attackers with low privileges can exploit this CWE-416 vulnerability to achieve full system compromise (SYSTEM-level access), though the high attack complexity (AC:H) suggests exploitation requires precise timing or race condition manipulation. No public exp

Denial Of Service Use After Free Memory Corruption Microsoft
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-27916 HIGH PATCH Exploit Unlikely This Week

Windows Universal Plug and Play (UPnP) Device Host privilege escalation allows authenticated local attackers to gain SYSTEM-level access via use-after-free memory corruption. Affects all supported Windows versions from Server 2012 through Windows 11 26H1 and Windows Server 2025. Vendor-released patches available. Attack requires low complexity with no user interaction (CVSS:3.1 AV:L/AC:L/PR:L/UI:N). No public exploit identified at time of analysis, though the primitive nature of use-after-free v

Denial Of Service Use After Free Memory Corruption Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27909 HIGH PATCH Exploit Likely This Week

Local privilege escalation in Microsoft Windows Search Component affects Windows 10 (1607-22H2), Windows 11 (22H3-26H1), and Windows Server (2012-2025) via use-after-free memory corruption (CWE-416). Authenticated local attackers with low privileges can exploit this vulnerability to gain SYSTEM-level access with low attack complexity and no user interaction required (CVSS 7.8). Vendor-released patches available for all affected versions; no public exploit identified at time of analysis.

Denial Of Service Use After Free Memory Corruption Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-26182 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Ancillary Function Driver for WinSock (AFD.sys) allows authenticated low-privilege users to gain SYSTEM-level access through use-after-free memory corruption. Affects all supported Windows 10, Windows 11, and Windows Server versions from 2012 through 2025, including Server Core installations. Vendor-released patches available across all affected platforms. No public exploit identified at time of analysis, though high-complexity local exploitation (CVSS AC:H)

Denial Of Service Use After Free Memory Corruption Microsoft
NVD VulDB
CVSS 3.1
7.0
EPSS
0.1%
CVE-2026-26177 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Ancillary Function Driver for WinSock affects all supported Windows 10, 11, and Server versions through use-after-free memory corruption. Authenticated local attackers with low privileges can exploit this CWE-416 vulnerability to gain SYSTEM-level access, achieving high impact to confidentiality, integrity, and availability. Vendor-released patches are available across all affected platforms. No public exploit identified at time of analysis, though the high

Denial Of Service Use After Free Memory Corruption Microsoft
NVD VulDB
CVSS 3.1
7.0
EPSS
0.1%
CVE-2026-23657 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office Word via use-after-free memory corruption affects Microsoft 365 Apps for Enterprise and Office LTSC 2024. Unauthenticated attackers can achieve full system compromise (confidentiality, integrity, availability) by inducing users to open specially crafted Word documents, triggering memory reuse vulnerabilities during document parsing. Vendor patch available via Microsoft Security Response Center. No public exploit identified at time of analysis, though CVSS 7.8 indicates high severity when user interaction occurs.

Denial Of Service Use After Free Memory Corruption Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-33116 NuGet HIGH POC PATCH GHSA Exploit Unlikely This Week

Infinite loop denial-of-service vulnerability in Microsoft .NET Framework (3.5 through 4.8.1), .NET 8.0, 9.0, and 10.0 allows unauthenticated remote attackers to exhaust server resources via specially crafted network requests. The vulnerability (CWE-835) stems from unreachable loop exit conditions in core .NET processing logic, enabling complete service disruption with low attack complexity. Vendor-released patches are available across all affected product lines. No public exploit identified at

Denial Of Service Net 10 0 Net 8 0 Net 9 0 Microsoft Net Framework 3 5 +5
NVD VulDB GitHub
CVSS 3.1
7.5
EPSS
0.9%
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Zebra cryptocurrency node prior to version 4.3.1 allocates excessive memory (up to 233,016 addresses) when deserializing addr/addrv2 protocol messages, even though the specification limits messages to 1,000 addresses. An attacker can trigger out-of-memory crashes by sending multiple oversized address messages over different connections. This is a network-accessible denial of service vulnerability affecting all Zebra versions before 4.3.1, with no public exploit code identified but straightforward to execute given the protocol specification.

Denial Of Service Deserialization
NVD GitHub
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Uncontrolled memory consumption in monetr 1.12.3 and earlier allows remote unauthenticated attackers to trigger denial of service by sending oversized payloads to the public Stripe webhook endpoint. The vulnerability affects deployments with Stripe webhooks enabled and lacks upstream body-size enforcement. Version 1.12.4 provides a fix. EPSS and KEV data not available; no public exploit confirmed at time of analysis, though the attack method is straightforward (8.2 CVSS reflecting high availability impact with low complexity).

Denial Of Service Monetr
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Integer underflow in miniupnpd's SOAPAction header parser triggers out-of-bounds memory reads, enabling adjacent network attackers to crash UPnP-enabled routers or leak sensitive memory contents without authentication. Affects miniupnpd versions prior to 2.3.10. Vendor patch available via commit a0ee71e9fa66. CVSS 7.1 with adjacent network vector (AV:A) indicates attackers must be on the same local network segment as the vulnerable device. No active exploitation confirmed in CISA KEV at time of analysis.

Denial Of Service Information Disclosure Integer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

NoSQL injection in FastGPT <4.14.9.5 password authentication allows unauthenticated remote attackers to bypass login controls and access any account, including root administrator, by submitting MongoDB query operators instead of plaintext passwords. The vulnerability stems from missing runtime validation on password fields in the login endpoint. Exploitation requires no special conditions beyond network access to the login endpoint. CVSS 9.8 (Critical) with EPSS data unavailable; no CISA KEV listing or public POC identified at time of analysis, though GitHub security advisory provides technical details that could enable exploit development.

Denial Of Service Nosql Injection Fastgpt
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Heap-based buffer overflow in xrdp 0.10.5 and earlier allows unauthenticated remote attackers to cause denial of service or memory corruption when the domain_user_separator configuration directive is explicitly enabled in xrdp.ini. An attacker sends a crafted RDP logon request with an excessively long username and domain name combination that overflows an internal buffer, corrupting adjacent memory regions. The vulnerability requires non-default configuration (domain_user_separator must be uncommented) and affects only systems with this setting enabled. Vendor-released patch: version 0.10.6.

Heap Overflow Denial Of Service Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Out-of-bounds read in xrdp RDP server versions ≤0.10.5 allows remote unauthenticated attackers to crash the service or disclose process memory by sending a malformed Confirm Active PDU during RDP capability negotiation. Attack complexity is low but requires user interaction. EPSS data not available; no CISA KEV listing or public POC identified at time of analysis. Vendor-released patch available in version 0.10.6 per GitHub security advisory GHSA-rvh9-9wm3-28c7.

Denial Of Service Information Disclosure Microsoft +2
NVD GitHub VulDB
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Heap-based buffer overflow in xrdp's NeutrinoRDP module (versions ≤0.10.5) enables malicious downstream RDP servers or MitM attackers to achieve remote code execution or denial of service when proxying RDP sessions. Exploitation requires the victim xrdp server to have the non-default NeutrinoRDP module compiled and enabled (--enable-neutrinordp), and a user must initiate an RDP session through the affected proxy to a malicious server. EPSS data unavailable; no CISA KEV listing indicates targeted rather than widespread exploitation. Fixed in version 0.10.6.

Heap Overflow Denial Of Service Buffer Overflow +2
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Firebird database server crashes via crafted slice packet exploiting zero-length SDL descriptor validation flaw. Remote unauthenticated attackers can trigger division-by-zero errors in the sdl_desc() function to cause denial of service against Firebird versions prior to 5.0.4, 4.0.7, and 3.0.14. CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) indicates trivial remote exploitation with no authentication required. EPSS data not available; no public exploit identified at time of analysis, though technical details in GitHub advisory may facilitate reproduction.

Denial Of Service Suse
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote denial-of-service in Firebird Database Server versions prior to 5.0.4, 4.0.7, and 3.0.14 allows unauthenticated network attackers to crash the server via crafted XDR-encoded op_response packets. The xdr_status_vector() function fails to handle isc_arg_cstring status vector types during packet decoding, triggering immediate server termination. With CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) and CWE-228 (Improper Handling of Syntactically Invalid Structure), this represents a high-severity availability risk for internet-exposed Firebird instances. No active exploitation confirmed, but exploit development is trivial given the low attack complexity.

Denial Of Service Suse
NVD GitHub VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Null pointer dereference in Firebird SQL server causes remote denial-of-service when unauthenticated attackers send malformed op_crypt_key_callback packets. Firebird versions prior to 5.0.4, 4.0.7, and 3.0.14 are affected. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms trivial remote exploitation requiring no authentication or user interaction, allowing attackers who know only the server's IP and port to crash database services. The integrity impact rating (I:L) suggests potential for limited data corruption alongside the high availability impact. Vendor-released patches are available in versions 5.0.4, 4.0.7, and 3.0.14. No public exploit code or CISA KEV listing identified at time of analysis, though the low attack complexity makes weaponization straightforward.

Null Pointer Dereference Denial Of Service Suse
NVD GitHub VulDB
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

Integer overflow in Firebird database versions prior to 5.0.4, 4.0.7, and 3.0.14 allows authenticated users with INSERT privileges to trigger a denial of service via a malformed Batch Parameter Block that overflows the totalLength value in ClumpletReader::getClumpletSize(), causing infinite loop conditions on the server.

Denial Of Service Integer Overflow Suse
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote unauthenticated denial of service in Firebird SQL database server versions prior to 6.0.0/5.0.4/4.0.7/3.0.14 allows attackers to crash the database by sending a malformed op_slice network packet that triggers a null pointer dereference in the SDL_info() function. Attack requires only network access to the database port with no authentication (CVSS AV:N/AC:L/PR:N). No public exploit code identified at time of analysis, and EPSS data not available for this recent CVE. Fixed versions released by vendor across all maintained branches.

Null Pointer Dereference Denial Of Service Suse
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Out-of-bounds write in dnsmasq's DHCP split-relay handler allows remote unauthenticated denial of service via crafted BOOTREPLY packets. Affects Red Hat Enterprise Linux 6-10 and OpenShift Container Platform 4 when dnsmasq runs with the --dhcp-split-relay option enabled. CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) indicates trivial network exploitation, but real-world risk is mitigated by the non-default configuration requirement. No public exploit or active exploitation (CISA KEV) confirmed at time of analysis, though CWE-787 (out-of-bounds write) primitives are well-understood by attackers.

Denial Of Service Memory Corruption Buffer Overflow +8
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

HashiCorp Vault unauthenticated denial-of-service vulnerability allows remote attackers to block critical administrative operations by monopolizing the single operation slot for root token generation and rekey workflows. Affects all Vault Community and Enterprise versions prior to 2.0.0. No active exploitation confirmed (EPSS 3rd percentile), but attack is trivially automatable per CISA SSVC framework. HashiCorp released patches in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0.

Denial Of Service Hashicorp Vault +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

STProcessMonitor 11.11.4.0 driver in Safetica Application suite allows local privileged users to send crafted IOCTL requests (0xB822200C) that terminate processes protected by third-party security implementations due to insufficient caller validation in the kernel-mode driver handler. This enables denial of service attacks against critical services without requiring user interaction. Publicly available exploit code exists, and the vulnerability is tracked in CISA's LOLDrivers database as a legitimate-but-abused Windows driver.

Privilege Escalation Denial Of Service N A
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

My Calendar is a WordPress plugin for managing calendar events. In versions 3.7.6 and below, the mc_ajax_mcjs_action AJAX endpoint, registered for unauthenticated users, passes user-supplied arguments through parse_str() without validation, allowing injection of arbitrary parameters including a site value. On WordPress Multisite installations, this enables an unauthenticated attacker to call switch_to_blog() with an arbitrary site ID and extract calendar events from any sub-site on the network, including private or hidden events. On standard Single Site installations, switch_to_blog() does not exist, causing an uncaught PHP fatal error and crashing the worker thread, creating an unauthenticated denial of service vector. This issue has been fixed in version 3.7.7.

PHP Authentication Bypass WordPress +1
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

### Impact Hot Chocolate's `Utf8GraphQLParser` is a recursive descent parser with no recursion depth limit. A crafted GraphQL document with deeply nested selection sets, object values, list values, or list types can trigger a `StackOverflowException` on payloads as small as **40 KB**. Because `StackOverflowException` is **uncatchable in .NET** (since .NET 2.0), the entire worker process is terminated immediately. All in-flight HTTP requests, background `IHostedService` tasks, and open WebSocket subscriptions on that worker are dropped. The orchestrator (Kubernetes, IIS, etc.) must restart the process. This occurs **before any validation rules run** - `MaxExecutionDepth`, complexity analyzers, persisted query allow-lists, and custom `IDocumentValidatorRule` implementations cannot intercept the crash because `Utf8GraphQLParser.Parse` is invoked before validation. The existing `MaxAllowedFields=2048` limit does not help because the crashing payloads contain very few fields. **Severity:** Critical (9.1) - `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H` ### Patches - **v12 line:** Fixed in `12.22.7` - **v13 line:** Fixed in `13.9.16` - **v14 line:** Fixed in `14.3.1` - **v15 line:** Fixed in `15.1.14` The fix adds a `MaxAllowedRecursionDepth` option to `ParserOptions` with a safe default, and enforces it across all recursive parser methods (`ParseSelectionSet`, `ParseValueLiteral`, `ParseObject`, `ParseList`, `ParseTypeReference`, etc.). When the limit is exceeded, a catchable `SyntaxException` is thrown instead of overflowing the stack. ### Workarounds There is no application-level workaround. `StackOverflowException` cannot be caught in .NET. The only mitigation is to upgrade to a patched version. Operators can reduce (but not eliminate) risk by limiting HTTP request body size at the reverse proxy or load balancer layer, though the smallest crashing payload (40 KB) is well below most default body size limits and is highly compressible (~few hundred bytes via gzip). ### References - Fix for v15: https://github.com/ChilliCream/graphql-platform/pull/9528

Denial Of Service Kubernetes
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

**Summary** endpoints.GetSessionCookie parses an attacker-supplied cookie chunk count and calls make([]string, count) with no upper bound before any token validation occurs. The function is reached on every request to an OAuth-protected proxy share, allowing an unauthenticated remote attacker to trigger gigabyte-scale heap allocations per request, leading to process-level OOM termination or repeated goroutine panics. Both publicProxy and dynamicProxy are affected. - Attack Vector: Network - exploitable via a single HTTP request with a crafted Cookie header. - Attack Complexity: Low - no preconditions or chaining required; the attacker only needs to know the cookie name (publicly derivable from any OAuth redirect). - Privileges Required: None - reached before JWT validation or any authentication check. - User Interaction: None. - Scope: Unchanged - impact is confined to the affected proxy process. - Confidentiality Impact: None. - Integrity Impact: None. Availability Impact: High - sustained or concurrent requests cause OOM process termination, taking down the proxy for all users of all shares it serves. **Affected Components** - endpoints/oauthCookies.go - GetSessionCookie (line 81) - endpoints/publicProxy/authOAuth.go - handleOAuth (line 50) - call site, pre-auth - endpoints/dynamicProxy/cookies.go - getSessionCookie (line 29) - call site

Denial Of Service
NVD GitHub
EPSS 0% CVSS 8.7
HIGH PATCH This Week

### Summary The `readRequestBody()` function in `src/transports/http/server.ts` concatenates HTTP request body chunks into a string with no size limit, allowing a remote unauthenticated attacker to crash the server via memory exhaustion with a single large HTTP POST request. ### Details **File:** `src/transports/http/server.ts`, lines 224-240 ```typescript private async readRequestBody(req: IncomingMessage): Promise<any> { return new Promise((resolve, reject) => { let body = ''; req.on('data', (chunk) => { body += chunk.toString(); // No size limit }); req.on('end', () => { try { const parsed = body ? JSON.parse(body) : null; resolve(parsed); } catch (error) { reject(error); } }); req.on('error', reject); }); } ``` A `maxMessageSize` configuration value exists in `DEFAULT_HTTP_STREAM_CONFIG` (4MB, defined in `src/transports/http/types.ts` line 124) but is never enforced in `readRequestBody()`. This creates a false sense of security. ### PoC Local testing with 50MB POST payloads against the vulnerable `readRequestBody()` function: | Trial | Payload | RSS growth | Time | Result | |-------|---------|-----------|------|--------| | 1 | 50MB | +197MB | 42ms | Vulnerable | | 2 | 50MB | +183MB | 46ms | Vulnerable | | 3 | 50MB | +15MB | 43ms | Vulnerable | | 4 | 50MB | +14MB | 32ms | Vulnerable | | 5 | 50MB | +65MB | 38ms | Vulnerable | Reproducibility: 5/5 (100%) ### Impact - **Denial of Service:** Any mcp-framework HTTP server can be crashed by a single large POST request to /mcp - **No authentication required:** readRequestBody() executes before any auth checks (auth is opt-in, default is no auth) - **Dead config:** maxMessageSize exists but is never enforced, giving a false sense of security - **Affected:** All applications using mcp-framework HttpStreamTransport (60,000 weekly npm downloads) **CWE-770:** Allocation of Resources Without Limits or Throttling **Suggested CVSS 3.1:** 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ### Suggested Fix Enforce `maxMessageSize` in `readRequestBody()`: ```typescript private async readRequestBody(req: IncomingMessage): Promise<any> { const maxSize = this._config.maxMessageSize || 4 * 1024 * 1024; return new Promise((resolve, reject) => { let body = ''; let size = 0; req.on('data', (chunk) => { size += chunk.length; if (size > maxSize) { req.destroy(); reject(new Error('Request body too large')); return; } body += chunk.toString(); }); // ... }); } ``` ### Disclosure Timeline This report follows coordinated disclosure. I request a 90-day window before public disclosure. **Reporter:** Raza Sharif, CyberSecAI Ltd (contact@agentsign.dev)

Denial Of Service Node.js
NVD GitHub
EPSS 0% CVSS 8.7
HIGH PATCH This Week

The SPDY/3 frame parser in spdystream does not validate attacker-controlled counts and lengths before allocating memory. A remote peer that can send SPDY frames to a service using spdystream can cause the process to allocate gigabytes of memory with a small number of malformed control frames, leading to an out-of-memory crash.   Three allocation paths in the receive side are affected: 1. **SETTINGS entry count** -- The SETTINGS frame reader reads a 32-bit `numSettings` from the payload and allocates a slice of that size without checking it against the declared frame length. An attacker can set `numSettings` to a value far exceeding the actual payload, triggering a large allocation before any setting data is read.   2. **Header count** -- `parseHeaderValueBlock` reads a 32-bit `numHeaders` from the decompressed header block and allocates an `http.Header` map of that size with no upper bound.   3. **Header field size** -- Individual header name and value lengths are read as 32-bit integers and used directly as allocation sizes with no validation.   Because SPDY header blocks are zlib-compressed, a small on-the-wire payload can decompress into attacker-controlled bytes that the parser interprets as 32-bit counts and lengths. A single crafted frame is enough to exhaust process memory. ## Impact  Any program that accepts SPDY connections using spdystream -- directly or through a dependent library -- is affected. A remote peer that can send SPDY frames to the service can crash the process with a single crafted SPDY control frame, causing denial of service. ## Affected versions  `github.com/moby/spdystream` <= v0.5.0 ## Fix  v0.5.1 addresses the receive-side allocation bugs and adds related hardening:   **Core fixes:**   - **SETTINGS entry-count validation** -- The SETTINGS frame reader now checks that `numSettings` is consistent with the declared frame length (`numSettings <= (length-4)/8`) before allocating.   - **Header count limit** -- `parseHeaderValueBlock` enforces a maximum number of headers per frame (default: 1000).   - **Header field size limit** -- Individual header name and value lengths are checked against a per-field size limit (default: 1 MiB) before allocation.   - **Connection closure on protocol error** -- The connection read loop now closes the underlying `net.Conn` when it encounters an `InvalidControlFrame` error, preventing further exploitation on the same connection.   **Additional hardening:**   - **Write-side bounds checks** -- All frame write methods now verify that payloads fit within the 24-bit length field, preventing the library from producing invalid frames.   **Configurable limits:**   - Callers can adjust the defaults using `NewConnectionWithOptions` or the lower-level `spdy.NewFramerWithOptions` with functional options: `WithMaxControlFramePayloadSize`, `WithMaxHeaderFieldSize`, and `WithMaxHeaderCount`.

Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper resource shutdown or release vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service.

Denial Of Service Dell
NVD
EPSS 0% CVSS 4.1
MEDIUM PATCH This Month

Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper check for unusual or exceptional conditions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service.

Denial Of Service Dell
NVD VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the orderDirection parameter used in dataset-related endpoints including /de2api/datasetData/enumValueDs and /de2api/datasetTree/exportDataset. The Order2SQLObj class directly assigns the raw user-supplied orderDirection value into the SQL query without any validation or whitelist enforcement, and the value is rendered into the ORDER BY clause via StringTemplate before being executed against the database. An authenticated attacker can inject arbitrary SQL commands through the sorting direction field, enabling time-based blind data extraction and denial of service. This issue has been fixed in version 2.10.21.

Denial Of Service SQLi Dataease
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages-specifically those containing negative varints or deep recursion-can be used to crash the application, impacting service availability.

PHP Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A NULL pointer dereference vulnerability exists in fio (Flexible I/O Tester) v3.41 when parsing job files containing the fdp_pli option. The callback function str_fdp_pli_cb() does not validate the input pointer and calls strdup() on a NULL value when the option is specified without an argument. This results in a segmentation fault and process crash.

Null Pointer Dereference Denial Of Service Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

The XML parsers within multiple WSO2 products accept user-supplied XML data without properly configuring to prevent the resolution of external entities. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Denial Of Service Wso2 Api Manager +4
NVD VulDB
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Race condition in pyLoad's Flask session cookie handler allows unauthenticated attackers to manipulate the SESSION_COOKIE_SECURE flag globally across all concurrent requests by spoofing the X-Forwarded-Proto header. On deployments behind a TLS-terminating proxy, this enables session cookie downgrade attacks resulting in plaintext cookie transmission; on default plain HTTP deployments, it causes session denial of service by forcing the Secure flag and breaking all concurrent user sessions. The vulnerability requires no authentication and exploits a multi-threaded race window in the Cheroot WSGI server (request_queue_size=512) combined with missing proxy origin validation (acknowledged TODO in code).

Denial Of Service Kubernetes Python
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

### Summary A denial of service vulnerability exists when parsing crafted `multipart/form-data` requests with large preamble or epilogue sections. ### Details Two inefficient multipart parsing paths could be abused with attacker-controlled input. Before the first multipart boundary, the parser handled leading CR and LF bytes inefficiently while searching for the start of the first part. After the closing boundary, the parser continued processing trailing epilogue data instead of discarding it immediately. As a result, parsing time could grow with the size of crafted data placed before the first boundary or after the closing boundary. ### Impact An attacker can send oversized malformed multipart bodies that consume excessive CPU time during request parsing, reducing request-handling capacity and delaying legitimate requests. This issue degrades availability but does not typically result in a complete denial of service for the entire application. ### Mitigation Upgrade to version `0.0.26` or later, which skips ahead to the next boundary candidate when processing leading CR/LF data and immediately discards epilogue data after the closing boundary.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds checks, leading to a heap out-of-bounds write. Successful exploitation can result in a denial of service (DoS) due to an application crash, and potentially lead to arbitrary code execution.

Denial Of Service Integer Overflow Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A flaw was found in gimp. This buffer overflow vulnerability in the GIF image loading component's `ReadJeffsImage` function allows an attacker to write beyond an allocated buffer by processing a specially crafted GIF file. This can lead to a denial of service or potentially arbitrary code execution.

Denial Of Service Buffer Overflow RCE +4
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote code execution in Google Chrome on Android versions prior to 147.0.7727.101 is possible through a use-after-free vulnerability in the Payments feature. Attackers who successfully convince users to perform specific UI interactions on a malicious webpage can achieve arbitrary code execution with high impact to confidentiality, integrity, and availability. The vulnerability requires high attack complexity and user interaction (CVSS:3.1/AV:N/AC:H/PR:N/UI:R), indicating social engineering is necessary. Google has released Chrome 147.0.7727.101 to address this issue. No evidence of active exploitation (not in CISA KEV) or public proof-of-concept code has been identified at time of analysis.

Use After Free Memory Corruption Google +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Arbitrary code execution within Chrome's sandbox affects all versions prior to 147.0.7727.101 via crafted HTML pages exploiting a use-after-free in codec processing. Remote attackers require user interaction (visiting a malicious page) but need no authentication. CVSS 8.8 (High) with network attack vector, low complexity, and high impact across confidentiality, integrity, and availability. Google patched this in the stable channel update released April 15, 2026. No public exploit code or CISA KEV listing identified at time of analysis, though Chromium issue tracker #495996858 indicates vendor-confirmed vulnerability. The sandbox containment limits initial exploitation to Chrome's restricted environment, not direct system compromise.

Use After Free Memory Corruption Google +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Cast in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Use After Free Memory Corruption Google +3
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted video file. (Chromium security severity: High)

Denial Of Service Memory Corruption Use After Free +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Forms in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Use After Free Memory Corruption Google +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Permissions in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Use After Free Memory Corruption Google +3
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in Dawn in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Memory Corruption Use After Free +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in FileSystem in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Memory Corruption Use After Free +2
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in Viz in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Memory Corruption Use After Free +2
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in Graphite in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Denial Of Service Memory Corruption Use After Free +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Arbitrary code execution within Google Chrome's sandbox affects all versions prior to 147.0.7727.101 through a use-after-free vulnerability in the codec processing components. Remote attackers can exploit this by tricking users into visiting a malicious webpage, achieving high-severity compromise of confidentiality, integrity, and availability within the sandboxed renderer process. Google has released version 147.0.7727.101 as a stable channel update to address this flaw. No evidence of active exploitation (not in CISA KEV) or public exploit code has been identified at time of analysis, though the simplicity of the attack vector (network-based, low complexity, requiring only user interaction) warrants prioritized patching.

Use After Free Memory Corruption Google +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Video in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Use After Free Memory Corruption Google +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in CSS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Use After Free Memory Corruption Google +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Video in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Use After Free Microsoft Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in XR in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Critical)

Denial Of Service Memory Corruption Use After Free +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Use After Free Memory Corruption Google +3
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in Proxy in Google Chrome prior to 147.0.7727.101 allowed an attacker in a privileged network position to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Denial Of Service Memory Corruption Use After Free +2
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

A flaw was found in GIMP. This vulnerability, a buffer overflow in the `file-seattle-filmworks` plugin, can be exploited when a user opens a specially crafted Seattle Filmworks file. A remote attacker could leverage this to cause a denial of service (DoS), leading to the plugin crashing and potentially impacting the stability of the GIMP application.

Denial Of Service Memory Corruption Buffer Overflow +4
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in GIMP. Processing a specially crafted PVR image file with large dimensions can lead to a denial of service (DoS). This occurs due to a stack-based buffer overflow and an out-of-bounds read in the PVR image loader, causing the application to crash. Systems that process untrusted PVR image files are affected.

Denial Of Service Buffer Overflow Red Hat Enterprise Linux 6 +3
NVD VulDB
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

A flaw was found in GIMP. A stack buffer overflow vulnerability in the TIM image loader's 4BPP decoding path allows a local user to cause a Denial of Service (DoS). By opening a specially crafted TIM image file, the application crashes due to an unconditional overflow when writing to a variable-length array.

Denial Of Service Memory Corruption Buffer Overflow +4
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by providing a specially crafted FITS file. This integer overflow leads to a zero-byte memory allocation, which is then subjected to a heap buffer overflow when processing pixel data. Successful exploitation could result in a denial of service (DoS) or potentially arbitrary code execution.

Denial Of Service Integer Overflow Buffer Overflow +5
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in the System Security Services Daemon (SSSD). The pam_passkey_child_read_data() function within the PAM passkey responder fails to properly handle raw bytes received from a pipe. Because the data is treated as a NUL-terminated C string without explicit termination, it results in an out-of-bounds read when processed by functions like snprintf(). A local attacker could potentially trigger this vulnerability by initiating a crafted passkey authentication request, causing the SSSD PAM responder to crash, resulting in a local Denial of Service (DoS).

Denial Of Service Buffer Overflow Red Hat +1
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to&nbsp;root. In single-node ISE deployments, successful exploitation of these vulnerabilities could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.

Denial Of Service Cisco Path Traversal +1
NVD VulDB
EPSS 0% CVSS 9.9
CRITICAL Act Now

A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to&nbsp;root. In single-node ISE deployments, successful exploitation of these vulnerabilities could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.

Denial Of Service Cisco Command Injection +1
NVD VulDB
EPSS 0% CVSS 9.9
CRITICAL Act Now

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node ISE deployments, successful exploitation of this vulnerability could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.

Denial Of Service Cisco Command Injection +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Uncontrolled Resource Consumption in Bosch VMS Central Server in Bosch VMS 12.0.1 allows attackers to consume excessive amounts of disk space via network interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bvms Bvms Viewer +6
NVD
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Pre-authentication resource exhaustion in Bouncy Castle BC-JAVA PGP modules (bcpg) allows remote attackers to trigger denial-of-service by exploiting unbounded AEAD chunk sizes, affecting all versions before 1.84. The maximum CVSS 4.0 score of 10.0 reflects complete compromise potential across confidentiality, integrity, and availability with no attack complexity, no authentication requirements, and network-based exploitation. No public exploit identified at time of analysis, though the attack s

Denial Of Service Java Bc Java
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Arbitrary WordPress action execution in Avada (Fusion) Builder plugin versions up to 3.15.1 allows authenticated attackers with Subscriber-level access to invoke unvalidated WordPress action hooks via the Dynamic Data feature, potentially enabling privilege escalation, file inclusion, denial of service, or remote code execution depending on available hooks in the WordPress installation. The vulnerability stems from the `output_action_hook()` function accepting user-controlled input without authorization checks. No public exploit code or active exploitation has been confirmed at time of analysis.

Denial Of Service RCE WordPress +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe FrameMaker 2022.8 and earlier allows local attackers to execute malicious code with current user privileges by tricking victims into opening specially crafted files. This use-after-free memory corruption vulnerability requires no authentication but depends on user interaction. No confirmed active exploitation (not in CISA KEV) or public proof-of-concept identified at time of analysis, though the local attack vector and user interaction requirement reduce immediate remote threat surface compared to network-accessible vulnerabilities.

Denial Of Service RCE Memory Corruption +2
NVD
EPSS 0% CVSS 1.0
LOW PATCH Monitor

Denial of service in giskard-checks RegexMatching check via unguarded regex pattern matching allows local attackers with write access to check definitions to trigger catastrophic backtracking in Python's re.search() function, causing process hangs and disrupting CI/CD pipelines or automated test execution.

Denial Of Service Python
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

### Summary Processing a malformed input containing a `<` character that is not followed by a `>` character anywhere in the remaining text with a SmartypantsRenderer will lead to Out of Bounds read or a panic. ### Details The `smartLeftAngle()` function in `html/smartypants.go:367-376` performs an out-of-bounds slice operation when processing a `<` character that is not followed by a `>` character anywhere in the remaining text. https://github.com/gomarkdown/markdown/blob/37c66b85d6ab025ba67a73ba03b7f3ef55859cca/html/smartypants.go#L367-L376 If the length of the slice is lower than its capacity, this leads to an extra byte of data read. If the length equals the capacity, this leads to a panic. ### PoC ```golang package main import ( "bytes" "fmt" "github.com/gomarkdown/markdown/html" ) func main() { src := []byte("<a") fmt.Printf("Input: %q (len=%d, cap=%d)\n", src, len(src), cap(src)) var buf bytes.Buffer sp := html.NewSmartypantsRenderer(html.Smartypants) sp.Process(&buf, src) // panics: slice bounds out of range fmt.Printf("Output: %q\n", buf.String()) } ``` ### Impact This vulnerability will lead to a Denial of Service / panic on the processing service. -- The Datadog Security Team

Denial Of Service Information Disclosure Buffer Overflow +1
NVD GitHub HeroDevs
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Denial of service via resource exhaustion in XWiki REST API endpoints that list database properties without respecting configured query limits, allowing remote attackers to enumerate all pages on large wiki installations and exhaust server resources. Affects XWiki Platform versions before 16.10.16, 17.4.8, and 17.10.1. Vendor-released patches are available; no public exploit code or active exploitation confirmed at time of analysis.

Denial Of Service
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Denial of service in Jellyfin versions prior to 10.11.7 allows authenticated users to exhaust server resources and crash the SyncPlay media synchronization service via the group creation endpoint (POST /SyncPlay/New) by submitting unbounded payload sizes. An attacker can lock out legitimate clients from accessing SyncPlay functionality and trigger out-of-memory conditions through insufficient input validation on group names and IDs. No public exploit code or active exploitation has been identified.

Denial Of Service Jellyfin
NVD GitHub
EPSS 0% CVSS 2.4
LOW Monitor

ColdFusion versions 2023.18, 2025.6, and earlier are vulnerable to uncontrolled resource consumption that allows high-privileged attackers to trigger application denial-of-service by exhausting system resources without user interaction. This is a low-severity issue (CVSS 2.4) affecting only authenticated administrators, with no public exploit code or active exploitation reported.

Denial Of Service Coldfusion
NVD
EPSS 0% CVSS 2.4
LOW Monitor

ColdFusion versions 2023.18, 2025.6 and earlier are vulnerable to uncontrolled resource consumption that allows high-privileged attackers to trigger denial-of-service by exhausting system resources without user interaction. The CVSS score of 2.4 reflects low severity due to the high-privilege requirement (PR:H), though the attack vector is adjacent network access and does not require authentication once the attacker has elevated privileges.

Denial Of Service Coldfusion
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Divide by zero vulnerability in Adobe Bridge versions 15.1.4 and earlier allows local denial of service when a victim opens a malicious file, crashing or freezing the application. The vulnerability requires user interaction and local file access but carries a moderate CVSS score of 5.5 due to high availability impact; no public exploit code or active exploitation has been confirmed.

Denial Of Service Bridge
NVD
EPSS 0% CVSS 8.4
HIGH PATCH Exploit Unlikely This Week

Memory corruption in Microsoft Office Word enables local code execution through a use-after-free flaw affecting Microsoft 365 Apps for Enterprise and Office LTSC 2021/2024 for Windows and Mac. Despite the local attack vector (AV:L), the vulnerability requires no privileges (PR:N) or user interaction (UI:N), allowing unauthorized attackers to execute arbitrary code with high impact to confidentiality, integrity, and availability (CVSS 8.4). Vendor-released patch available via Microsoft Security Response Center as of April 2026. No public exploit identified at time of analysis, though the technical simplicity (AC:L) and memory corruption primitive increase weaponization risk.

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in Windows Print Spooler Components allows authenticated attackers with low privileges to achieve complete system compromise (high confidentiality, integrity, and availability impact) by exploiting a use-after-free memory corruption vulnerability. Affects Windows 11 versions 24H2, 25H2, 26H1, Windows Server 2022 23H2 Edition, and Windows Server 2025. CVSS score 7.8 reflects local attack vector with low complexity and no user interaction required. No public exploit or CISA KEV status identified at time of analysis, though use-after-free vulnerabilities in Print Spooler have historically been attractive exploitation targets.

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Ancillary Function Driver for WinSock (AFD.sys) affects all supported Windows 10, Windows 11, and Windows Server versions from 2012 through 2025. The CWE-416 use-after-free memory corruption flaw allows low-privileged authenticated attackers with local access to elevate to SYSTEM privileges, achieving complete control over confidentiality, integrity, and availability. SSVC framework rates this as non-automatable with total technical impact. No public exploit

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation via use-after-free in Windows Ancillary Function Driver for WinSock (AFD.sys) allows authenticated low-privileged attackers to execute arbitrary code with SYSTEM privileges across all supported Windows versions. Microsoft has released patches for Windows 10 (versions 1607-22H2), Windows 11 (versions 22H3-25H2), and Windows Server (2012-2022 23H2). The vulnerability requires local access and low privileges (PR:L) with high attack complexity (AC:H), but no public exploit

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 1% CVSS 7.5
HIGH POC PATCH Exploit Unlikely This Week

Denial-of-service condition in Microsoft .NET Framework 8.0, 9.0, and 10.0 allows unauthenticated remote attackers to exhaust system resources through network-based uncontrolled resource consumption. Affects .NET 8.0 versions prior to 8.0.26, .NET 9.0 versions prior to 9.0.15, and .NET 10.0 versions prior to 10.0.6. Microsoft has released patches addressing CWE-400 resource exhaustion. No evidence of active exploitation (not listed in CISA KEV) at time of analysis, though the network-accessible, unauthenticated attack vector and low complexity (CVSS AV:N/AC:L/PR:N) present significant availability risk for internet-facing .NET applications.

Denial Of Service Net 10 0 Net 8 0 +1
NVD VulDB HeroDevs GitHub
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Use-after-free memory corruption in Microsoft PowerPoint (versions 2016, 2019, LTSC 2021, LTSC 2024, and Microsoft 365 Apps for Enterprise) enables local code execution when users open malicious files. An attacker with no privileges can achieve full system compromise (high confidentiality, integrity, and availability impact) by convincing a user to open a crafted PowerPoint document. Vendor patch available via Microsoft Security Response Center. No public exploit code or confirmed active exploitation (CISA KEV) identified at time of analysis, though CVSS 7.8 rating reflects high severity for local attack scenarios.

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Microsoft Excel use-after-free vulnerability (CWE-416) enables arbitrary code execution when a user opens a specially crafted Excel file. Affects Microsoft 365 Apps for Enterprise, Excel 2016, Office 2019, Office LTSC 2021/2024 (Windows and Mac), and Office Online Server. CVSS 7.8 (High) requires local access and user interaction but no authentication. No public exploit identified at time of analysis. Microsoft released patches addressing all affected product lines per MSRC update guide.

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Use-after-free vulnerability in Microsoft Office Excel enables local code execution when users open maliciously crafted Excel files. Affects all major Office versions including Microsoft 365 Apps for Enterprise, Excel 2016, Office 2019, Office LTSC 2021/2024 (Windows and Mac), and Office Online Server. Attack requires no authentication (PR:N) but demands user interaction (opening a weaponized document). CVSS 7.8 (High) reflects significant impact potential (code execution with high confidentiali

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Use-after-free memory corruption in Microsoft Excel across Office 2016-2024 and Microsoft 365 enables local code execution when a user opens a malicious spreadsheet. Attackers must craft a weaponized Excel file and trick users into opening it, after which arbitrary code runs with the victim's privileges. No authentication is required, though user interaction is necessary. Exploitation probability remains moderate (CVSS 7.8) with no confirmed active exploitation (no CISA KEV listing) and no publi

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH Exploit Unlikely This Week

Use-after-free memory corruption in Microsoft Office (versions 2016 through LTSC 2024, including Microsoft 365 Apps for Enterprise) enables local code execution with no authentication or user interaction required. Attackers with local system access can execute arbitrary code with high impact to confidentiality, integrity, and availability (CVSS 8.4). No public exploit identified at time of analysis. Vendor-released patch available via Microsoft Security Response Center for all affected versions.

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Desktop Window Manager (DWM) privilege escalation via use-after-free memory corruption affects Windows 10 21H2/22H2, Windows 11 22H3 through 25H2, and Windows Server 2022/2025. Local authenticated attackers with low privileges can exploit this memory corruption flaw to gain SYSTEM-level access, achieving full compromise of confidentiality, integrity, and availability. Vendor-released patches are available across all affected platforms. No public exploit identified at time of analysis, though the

Denial Of Service Use After Free Memory Corruption
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Use-after-free in Microsoft Windows Speech component enables local privilege escalation to SYSTEM on Windows 10 (versions 1809, 21H2, 22H2) and Windows 11 (versions 22H3 through 26H1). Authenticated local attackers with low privileges can exploit memory corruption to gain full system control with low attack complexity and no user interaction required. CVSS 7.8 (High). Vendor-released patches available for all affected versions. No public exploit identified at time of analysis, though the straigh

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows WalletService across Server 2016 through Server 2025 allows low-privileged authenticated attackers to gain SYSTEM-level access by exploiting a use-after-free memory corruption flaw. Attack complexity is high (CVSS AC:H), requiring precise timing or race condition exploitation. Patch available per vendor advisory (MSRC). No public exploit identified at time of analysis, EPSS data not provided.

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Projected File System (ProjFS) across Windows 10, Windows 11, and Windows Server 2019-2025 allows authenticated low-privileged users to gain SYSTEM-level control via use-after-free memory corruption. Attack requires local access and low-privileged credentials (CVSS PR:L) but no user interaction, enabling complete compromise of confidentiality, integrity, and availability. Vendor-released patches are available for all affected versions. No public exploit identified at time of analysis, though the vulnerability class (use-after-free) is well-understood and commonly targeted once details emerge.

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Likely This Week

Local privilege escalation in Windows Common Log File System (CLFS) Driver affects Windows 10, 11, and Server 2012-2025 through a use-after-free memory corruption flaw. Authenticated local attackers with low privileges can exploit this vulnerability to gain SYSTEM-level access, achieving full control over confidentiality, integrity, and availability. While no public exploit identified at time of analysis, the Windows CLFS driver has been a frequent target for privilege escalation exploits histor

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH Exploit Unlikely This Month

Use-after-free memory corruption in Windows UPnP Device Host enables unauthenticated adjacent network attackers to disclose sensitive information with CVSS 6.5 high severity. The vulnerability affects Windows 10 (versions 1607, 1809, 21H2, 22H2), Windows 11 (versions 22H3, 23H2, 24H2, 25H2, 26H1), and multiple Windows Server editions (2012 through 2025). Microsoft has released patches with specific version thresholds; exploitation requires network adjacency but no authentication or user interaction.

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Desktop Window Manager (DWM) use-after-free memory corruption allows authenticated local attackers to escalate privileges to SYSTEM on all supported Windows 10, Windows 11, and Windows Server versions (2012-2025). The vulnerability enables low-privileged users to gain complete control over affected systems with low attack complexity and no user interaction required. Vendor-released patches are available across all affected versions. No public exploit identified at time of analysis, though the st

Denial Of Service Use After Free Memory Corruption
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Ancillary Function Driver for WinSock (AFD.sys) affects all Windows 10, Windows 11, and Windows Server versions from 2012 through 2025 via a use-after-free memory corruption flaw. Authenticated local attackers with low privileges can exploit this CWE-416 vulnerability to achieve full system compromise (SYSTEM-level access), though the high attack complexity (AC:H) suggests exploitation requires precise timing or race condition manipulation. No public exp

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Windows Universal Plug and Play (UPnP) Device Host privilege escalation allows authenticated local attackers to gain SYSTEM-level access via use-after-free memory corruption. Affects all supported Windows versions from Server 2012 through Windows 11 26H1 and Windows Server 2025. Vendor-released patches available. Attack requires low complexity with no user interaction (CVSS:3.1 AV:L/AC:L/PR:L/UI:N). No public exploit identified at time of analysis, though the primitive nature of use-after-free v

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Local privilege escalation in Microsoft Windows Search Component affects Windows 10 (1607-22H2), Windows 11 (22H3-26H1), and Windows Server (2012-2025) via use-after-free memory corruption (CWE-416). Authenticated local attackers with low privileges can exploit this vulnerability to gain SYSTEM-level access with low attack complexity and no user interaction required (CVSS 7.8). Vendor-released patches available for all affected versions; no public exploit identified at time of analysis.

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Ancillary Function Driver for WinSock (AFD.sys) allows authenticated low-privilege users to gain SYSTEM-level access through use-after-free memory corruption. Affects all supported Windows 10, Windows 11, and Windows Server versions from 2012 through 2025, including Server Core installations. Vendor-released patches available across all affected platforms. No public exploit identified at time of analysis, though high-complexity local exploitation (CVSS AC:H)

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Ancillary Function Driver for WinSock affects all supported Windows 10, 11, and Server versions through use-after-free memory corruption. Authenticated local attackers with low privileges can exploit this CWE-416 vulnerability to gain SYSTEM-level access, achieving high impact to confidentiality, integrity, and availability. Vendor-released patches are available across all affected platforms. No public exploit identified at time of analysis, though the high

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office Word via use-after-free memory corruption affects Microsoft 365 Apps for Enterprise and Office LTSC 2024. Unauthenticated attackers can achieve full system compromise (confidentiality, integrity, availability) by inducing users to open specially crafted Word documents, triggering memory reuse vulnerabilities during document parsing. Vendor patch available via Microsoft Security Response Center. No public exploit identified at time of analysis, though CVSS 7.8 indicates high severity when user interaction occurs.

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 1% CVSS 7.5
HIGH POC PATCH Exploit Unlikely This Week

Infinite loop denial-of-service vulnerability in Microsoft .NET Framework (3.5 through 4.8.1), .NET 8.0, 9.0, and 10.0 allows unauthenticated remote attackers to exhaust server resources via specially crafted network requests. The vulnerability (CWE-835) stems from unreachable loop exit conditions in core .NET processing logic, enabling complete service disruption with low attack complexity. Vendor-released patches are available across all affected product lines. No public exploit identified at

Denial Of Service Net 10 0 Net 8 0 +7
NVD VulDB GitHub
Prev Page 36 of 406 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy