Skip to main content

Denial Of Service

36497 CVEs technique

Monthly

CVE-2026-54234 HIGH PATCH This Week

Denial of service in the vLLM LLM inference server (all versions prior to 0.24.0) allows a remote client to crash the shared engine worker by sending a specific multi-request speculative decoding workload. The rejection sampler produces a recovered token equal to the vocabulary-size boundary, which is coerced to -1, written back into the drafter's input ids, and later dereferenced by the embedding/attention path, triggering a GPU device-side assertion that kills the worker. There is no public exploit identified at time of analysis and this CVE is not in CISA KEV; per CVSS the impact is availability-only (C:N/I:N/A:H) with a low EPSS profile expected for a crash-only bug.

Denial Of Service Vllm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-48267 MEDIUM This Month

Null Pointer Dereference in Adobe DNG SDK versions 1.7.1 build 2536 and earlier allows an attacker to crash any application embedding the SDK by supplying a specially crafted DNG file. The flaw is strictly a denial-of-service with no confidentiality or integrity impact, and requires a victim to open the malicious file, constraining realistic exposure to imaging pipelines or end-user applications that ingest untrusted DNG content. No public exploit code and no active exploitation have been identified at time of analysis.

Denial Of Service Null Pointer Dereference Dng Sdk
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-55646 PyPI MEDIUM POC PATCH This Month

Memory exhaustion in vLLM 0.22.0-0.23.0 allows authenticated API callers to crash or destabilize the inference server by uploading arbitrarily large audio files. The `/v1/audio/transcriptions` and `/v1/audio/translations` endpoints invoke `request.file.read()` to fully buffer multipart uploads into process memory before the `VLLM_MAX_AUDIO_CLIP_FILESIZE_MB` size guard is evaluated, meaning the size limit is checked only after the damage is done. No public exploit is identified at time of analysis; vendor-confirmed fix is available in version 0.24.0.

Denial Of Service Vllm
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2026-59089 MEDIUM This Month

Integer overflow in GIMP's PlayStation TIM image loader crashes the plug-in when processing a maliciously crafted TIM file, resulting in denial of service. The flaw affects GIMP as packaged on Red Hat Enterprise Linux 6 through 9, where the TIM loader multiplies two 16-bit unsigned short values (num_colors × num_cluts) without bounds checking, producing a 32-bit overflow that corrupts CLUT size calculation and triggers an abort. No public exploit code has been identified at time of analysis, and exploitation requires user interaction to open a crafted file, limiting real-world impact to targeted social engineering scenarios.

Integer Overflow Denial Of Service Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-42546 LOW PATCH Monitor

Heap exhaustion in OP-TEE OS (versions 3.3.0 through 4.10.x) allows a low-privileged normal-world local caller to progressively degrade and ultimately deny service to all trusted applications running in the secure world. The root cause is a missing bitmask application in `cleanup_shm_refs()` that causes `mobj_reg_shm` reference objects to accumulate indefinitely on internal lists without being released. No public exploit code has been identified at time of analysis, and EPSS data was not supplied; however, the flaw is structurally straightforward to trigger through normal TEE invocation with non-contiguous shared memory parameters, making it feasible for any process with TEE access to exhaust the secure heap over time.

Linux Denial Of Service Optee Os
NVD GitHub VulDB
CVSS 3.1
3.8
EPSS
0.1%
CVE-2026-40140 HIGH PATCH NEWS This Week

Denial-of-service in BeyondTrust Remote Support and Privileged Remote Access appliances lets an unauthenticated remote attacker exhaust or crash the network communication subsystem, taking the appliance offline. The flaw is pre-authentication and network-reachable (CVSS 4.0 8.7, availability-only impact), but affects availability only - no confidentiality or integrity loss. No public exploit identified at time of analysis, and it is not listed in CISA KEV.

Denial Of Service Remote Support Privileged Remote Access
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2026-58380 HIGH This Week

Stack-based memory corruption in GIMP's PNM image parser lets an attacker execute code or crash the application when a victim opens a malicious PNM/PBM/PGM/PPM file. The flaw is an off-by-one in pnmscanner_gettoken() that writes a null terminator one byte past a stack buffer; it is local and requires the user to open the crafted file (UI:R). No public exploit is identified at time of analysis, and EPSS is low (0.12%), consistent with the CISA SSVC 'Exploitation: none' judgment.

Denial Of Service Buffer Overflow RCE Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-13708 HIGH PATCH This Week

Uncontrolled memory consumption in the Perl module Imager::File::JPEG (before 1.003, and bundled in Imager before 1.032) lets remote attackers exhaust process memory by submitting a JPEG containing many repeated APP13 (Photoshop/IPTC) markers. The i_readjpeg_wiol handler leaks the heap payload of every APP13 marker except the last on each read, so long-lived services that decode attacker-supplied images accumulate leaks until the process is killed, causing denial of service. There is no public exploit identified at time of analysis and it is not in CISA KEV, but the fix (Imager::File::JPEG 1.003 / Imager 1.032) is available and the trigger is trivial to craft.

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-4249 HIGH PATCH This Week

Persistent denial of service in multiple WSO2 products - including WSO2 API Manager, WSO2 Universal Gateway, WSO2 Traffic Manager, and WSO2 API Control Plane - allows an unauthenticated remote attacker to send malicious JSON payloads to the throttling event handling mechanism, crashing or corrupting API Gateway state so that legitimate API traffic can no longer be processed. Because the outage is persistent and requires manual intervention to restore service, and the CVSS scope is changed (S:C), a single request can take down the entire API Gateway tier. There is no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Denial Of Service Wso2 Universal Gateway Wso2 Traffic Manager Wso2 Api Control Plane Wso2 Api Manager
NVD VulDB
CVSS 3.1
8.6
EPSS
0.3%
CVE-2026-56810 HIGH PATCH This Week

Uncontrolled memory allocation in the Elixir Mint HTTP client (Mint.HTTP1 module, versions 0.5.0 through 1.9.0) lets a malicious or compromised HTTP server exhaust a client's memory and force an out-of-memory crash. When decoding a chunked response, Mint buffers every byte of the current chunk in an unbounded iolist and withholds it from the caller until the full declared chunk length arrives, so a server that advertises a huge chunk size (e.g. 0x7FFFFFFF ≈ 2 GiB) and then dribbles bytes slowly drives client memory arbitrarily high. This CWE-770 flaw is a denial-of-service only (VA:H, no confidentiality or integrity impact) with no public exploit identified at time of analysis and no CISA KEV listing.

Denial Of Service Mint
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.3%
CVE-2026-9165 HIGH This Week

Authenticated denial of service in Red Hat Advanced Cluster Security for Kubernetes (RHACS) 4 allows any user holding a valid API token to exhaust Central's resources. Because Central does not cap the nesting depth of queries served on its authenticated GraphQL API, a single deeply nested query can drive excessive CPU and memory consumption and take down the RHACS management plane. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV, but the low-privilege network vector makes it trivial for any token holder to trigger.

Kubernetes Red Hat Denial Of Service Red Hat Advanced Cluster Security 4
NVD
CVSS 3.1
7.7
EPSS
0.3%
CVE-2026-24012 PyPI HIGH PATCH This Week

Denial of service in Apache IoTDB versions 1.3.3 through 2.0.7 lets remote attackers crash the DataNode process by submitting a single query whose time span and aggregation interval are unbounded. Because the affected query interface enforces no reasonable limit on these parameters, a request combining a very large time range with a minimal interval forces the DataNode to materialize an enormous result set in memory, exhausting the Java heap. No public exploit has been identified at time of analysis and the issue is not in CISA KEV, but the fix is easy to reverse-engineer from the version bump to 2.0.8.

Java Denial Of Service Apache Apache Iotdb
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-14790 LOW POC PATCH Monitor

Null pointer dereference in GPAC 26.02.0's nhmldump_send_frame function (src/filters/write_nhml.c) allows a local, low-privileged attacker to crash the application by supplying crafted media input to the NHML write filter. Impact is strictly limited to availability - a process-level denial of service with no confidentiality or integrity implications. A publicly available proof-of-concept exploit exists (GitHub issue #3596), though the vendor itself characterizes this class of issue as 'more bugs than vulns,' contextualizing it as a robustness fix rather than an urgent security incident.

Denial Of Service Null Pointer Dereference Gpac
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.1%
CVE-2026-14788 LOW POC PATCH Monitor

Use-after-free in radare2's r_core_bin_load function (libr/core/cfile.c) affects all versions up to and including 6.1.6, allowing a local low-privileged user to trigger memory corruption resulting in a denial of service. A public proof-of-concept exists (GitHub issue #26049), confirmed by the CVSS 4.0 E:P exploitability modifier, though the vulnerability is not listed in CISA KEV and no confirmed widespread active exploitation is known. The CVSS 4.0 score of 4.8 (Medium) reflects the strictly local attack vector, limited availability impact, and absence of confidentiality or integrity compromise.

Memory Corruption Denial Of Service Use After Free Radare2
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.1%
CVE-2026-14803 MEDIUM PATCH This Month

Memory exhaustion via uncontrolled recursion in Mojo::JSON's pure-Perl decoder allows network-accessible callers to cause denial of service in Mojolicious applications. All versions before 9.47 are affected when the pure-Perl decode path is active - specifically when Cpanel::JSON::XS is absent or MOJO_NO_JSON_XS=1 is set. No public exploit has been identified and EPSS sits at 0.19% (8th percentile), but the attack is conceptually trivial given the published patch diff and OSS-Security advisory.

Denial Of Service Mojo
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-58210 HIGH PATCH This Week

Denial of service in NATS Server (nats-server) MQTT handler allows a remote, unauthenticated client to exhaust server memory by sending an MQTT CONNECT packet that declares a large variable-length 'remaining length' before authentication completes. Because the pre-connection MQTT parser failed to enforce the configured max_payload limit, the server would buffer attacker-controlled data unbounded, degrading or crashing the broker (CVSS 7.5, availability-only impact). There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the fix is confirmed by upstream commits, releases, and a GitHub Security Advisory.

Denial Of Service Nats Server
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2026-12893 MEDIUM This Month

NULL pointer dereference in the error handler of gstavdemux.c within gstreamer1-libav can crash the GStreamer pipeline process when it encounters a malformed or crafted media stream during AV demuxing. The flaw resides specifically in error recovery logic - the code path meant to handle failures itself dereferences a NULL pointer, producing a denial-of-service condition in any application relying on this plugin for media playback or processing. No public exploit code or active exploitation has been identified at time of analysis; this appears to be a stability/reliability bug reported through Ubuntu's vendor channel.

Denial Of Service Red Hat
NVD
CVE-2026-38976 HIGH This Week

Denial of service in the mruby/c lightweight Ruby VM (all releases through 3.4.1) arises from a NULL pointer dereference in op_super()/OP_SUPER within src/vm.c, where a runtime guard for a top-level 'super' call is missing. When the interpreter executes a script that invokes 'super' outside of any method context, the VM dereferences a NULL pointer and crashes. There is no public exploit identified at time of analysis, and the low EPSS score (0.15%, 5th percentile) reflects limited exploitation interest; impact is confined to availability (CWE-476).

Denial Of Service Null Pointer Dereference N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-58250 HIGH PATCH This Week

Remote denial of service in the NATS Server (nats-io/nats-server) leafnode subsystem allows unauthenticated attackers to crash the entire server by sending a second INFO protocol message before CONNECT on the leafnode port, triggering a nil-pointer dereference (c.acc == nil) that panics the process. All server instances exposing a leafnode listener prior to v2.11.17 (2.11.x) and v2.12.8 (2.12.x) are affected. No public exploit has been identified, but the vendor's own regression test (TestLeafNodeSecondInfoBeforeConnectDoesNotPanic) demonstrates the exact crash payload, and the CVSS availability-only vector (7.5) reflects a single-packet, no-auth crash.

Denial Of Service Null Pointer Dereference Nats Server
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2026-10657 MEDIUM PATCH This Month

Out-of-bounds read in Zephyr RTOS's mDNS detection logic crashes devices resolving short-suffix hostnames when CONFIG_MDNS_RESOLVER is compiled in. The flaw in dns_resolve_name_internal() reads a fixed 7 bytes from a suffix pointer regardless of the actual string length, causing a 1-2 byte over-read past the NUL terminator for suffixes like .org, .com, .net, or .io. Under the specific runtime condition of a tightly-sized allocation adjacent to an unmapped boundary (guard page, MPU domain, or ASAN), the over-read faults and crashes the device; no public exploit has been identified at time of analysis and CVSS 3.7 with AC:H accurately reflects the narrow crash preconditions.

Denial Of Service Buffer Overflow Information Disclosure Zephyr
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-10656 MEDIUM PATCH This Month

NULL pointer dereference in the Zephyr RTOS MAX32xxx USB device controller driver (udc_max32.c) crashes devices running Zephyr v4.4.0 when a physically connected USB host aborts an in-flight EP0 control transfer by sending a new SETUP packet - a completely legal USB protocol action. The race condition between interrupt-queued transfer-completion events and asynchronous FIFO draining by the driver thread causes net_buf_add(NULL, ...) when udc_buf_get() returns NULL on an empty FIFO, producing a near-NULL pointer dereference and device fault. No active exploitation has been confirmed (not in CISA KEV), and no public proof-of-concept code has been identified at time of analysis; real-world risk is constrained by the physical access prerequisite and the specific MAX32xxx hardware dependency.

Denial Of Service Null Pointer Dereference Zephyr
NVD GitHub VulDB
CVSS 3.1
4.6
EPSS
0.2%
CVE-2026-14760 LOW POC PATCH Monitor

Use-after-free in radare2's regprofile handler crashes the application for local users on versions up to 6.1.6. The vulnerable function r_core_seek_arch_bits in libr/core/disasm.c mismanages memory during architecture bit-seeking operations, allowing a local attacker with standard user privileges to trigger application termination. No confidentiality or integrity impact is present; this is a denial-of-service class finding with a publicly available proof-of-concept and no confirmed active exploitation in the wild.

Memory Corruption Denial Of Service Use After Free Radare2
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.1%
CVE-2026-14684 LOW Monitor

Uncontrolled memory allocation in HdrHistogram versions up to 2.2.2 allows a local low-privileged attacker to cause denial of service by passing a crafted byte buffer to the AbstractHistogram.decodeFromByteBuffer method with a malicious numberOfSignificantValueDigits value. The affected Java library fails to validate this argument before using it to drive heap allocation, allowing JVM memory exhaustion in any application that processes attacker-influenced histogram data. Publicly available exploit code exists; no patch has been released as the project maintainer has not responded to the coordinated disclosure.

Java Denial Of Service
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.1%
CVE-2026-14683 LOW Monitor

Uncontrolled memory allocation in HdrHistogram up to version 2.2.2 allows a local attacker with low-privilege access to crash a dependent Java application by supplying a crafted `lengthOfCompressedContents` value to the `decodeFromCompressedByteBuffer` function, exhausting JVM heap space and causing a denial-of-service. A public proof-of-concept exists (E:P per CVSS 4.0), though the vulnerability is not listed in CISA KEV, indicating no confirmed widespread active exploitation. The CVSS 4.0 score of 1.9 reflects the strictly local attack vector and limited impact scope - only availability at the vulnerable system level is affected.

Java Denial Of Service
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.1%
CVE-2026-14650 LOW Monitor

Local denial-of-service in the grass Rust-based Sass compiler (versions up to and including 0.13.4) is triggerable by a local, low-privileged user who supplies crafted UTF-8 input to the `grass_compiler::raw_to_parse_error` function. Publicly available exploit code exists (CVSS 4.0 E:P), though no CISA KEV listing has been issued. The project maintainer has explicitly stated in Issue #117 that DoS in Sass compilers is considered acceptable behavior due to the inherently exponential nature of the @extend algorithm and other compile-time constructs, significantly reducing the urgency of a vendor-released fix.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.1%
CVE-2026-14651 LOW POC Monitor

Denial-of-service in the grass Sass compiler (up to v0.13.4) allows a local attacker with low privileges to trigger exponential resource consumption via a crafted stylesheet using the CSS @extend directive. The affected functions are grass_compiler::selector::extend and grass_compiler::evaluate::visitor, where the @extend algorithm's inherently exponential complexity can be exploited with a maliciously constructed input to hang or crash the compiler process. A public exploit has been disclosed; however, the project maintainer explicitly contests the severity, noting that DoS conditions are an accepted and expected limitation of Sass compilers by design.

Denial Of Service Grass
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.1%
CVE-2026-14626 LOW Monitor

Denial of service in NousResearch hermes-agent (versions up to 2026.4.30) is triggered by manipulating the `todos` argument passed to the `AIAgent.run_conversation` function via the HTTP API in `run_agent.py`. An authenticated remote attacker can send a crafted request to crash or resource-exhaust the agent process, disrupting availability for legitimate users. No public exploit identified at time of analysis is incorrect here - a public exploit exists (E:P in CVSS 4.0 vector; GitHub Gist referenced), and the vendor has not responded to disclosure, leaving no patch available.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.3%
CVE-2026-14624 LOW POC PATCH Monitor

Denial of service in omec-project's 5G Access and Mobility Management Function (AMF) versions up to 2.0.2 and 2.1.1 allows remote low-privileged attackers to crash the AMF process by sending a malformed NGSetupRequest message over the NGAP interface. A publicly available proof-of-concept exploit exists via GitHub issue #677, lowering the exploitation barrier substantially. No CISA KEV listing exists, but given the AMF's role as the central mobility and registration anchor in 5G core infrastructure, even a partial service disruption can deny connectivity across entire served cell areas.

Denial Of Service Amf
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.3%
CVE-2026-14623 LOW POC PATCH Monitor

Denial of service in omec-project AMF (Access and Mobility Management Function) versions up to 2.1.1 allows a low-privileged remote attacker to crash or degrade the NGAP Message Handler by submitting a crafted RRCInactiveTransitionReport message, exploiting improper resource release (CWE-404). The vulnerability affects the 5G core network control plane component responsible for UE mobility and session management, making it a high-value target in operator and research 5G deployments. No active exploitation is confirmed via CISA KEV, but a public proof-of-concept has been disclosed via GitHub issue #676 and a patch commit exists.

Denial Of Service Amf
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.5%
CVE-2026-14618 LOW POC PATCH Monitor

Denial of service in the Open5GS AMF component (versions up to 2.7.7) can be triggered remotely by a low-privileged attacker via improper resource handling in the `amf_nnrf_handle_nf_discover` function of `src/amf/nnrf-handler.c`. The AMF is a critical 5G core control-plane element; crashing or hanging it disrupts mobility management and NF discovery for all connected UEs and network functions. A public proof-of-concept exists (GitHub issue #4517), and a patch commit has been identified, though the fix originates in a fork rather than the mainline repository.

Denial Of Service Open5gs
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.3%
CVE-2026-58421 HIGH PATCH This Week

Denial of service in Gitea, the self-hosted open-source Git service, allows a remote unauthenticated attacker to exhaust server CPU by triggering catastrophic backtracking in the regular-expression engine that evaluates CODEOWNERS pattern matching. All versions prior to the fixed 1.26.3/1.26.4 releases are affected, and the CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N, A:H only) confirms network-reachable, low-complexity, no-authentication abuse with availability-only impact. There is no public exploit identified at time of analysis and EPSS is low (0.16%, 6th percentile), so exploitation risk is real but not yet widespread.

Authentication Bypass Denial Of Service Gitea Open Source Git Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-58294 HIGH PATCH This Week

Remote code execution in Microsoft Edge (Chromium-based) stems from a use-after-free (CWE-416) memory-corruption flaw that an unauthorized, remote attacker can trigger to run arbitrary code. Exploitation requires the victim to interact with attacker-controlled web content, and the CVSS 3.1 vector marks high attack complexity (AC:H) despite requiring no privileges (PR:N). Microsoft has released a fix; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Memory Corruption Google Microsoft Denial Of Service Use After Free +1
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-58288 HIGH PATCH This Week

Remote code execution in Microsoft Edge (Chromium-based) stems from a use-after-free (CWE-416) memory-corruption flaw that an unauthenticated, network-based attacker can trigger to run arbitrary code in the browser process. Exploitation requires the victim to interact — typically by visiting a malicious or compromised web page — and the CVSS 3.1 score of 8.3 reflects high attack complexity plus a scope change consistent with a renderer sandbox escape. There is no public exploit identified at time of analysis and no CISA KEV listing, though the underlying Chromium engine origin (tags reference Google) means a shared upstream root cause across Chromium browsers is likely.

Memory Corruption Google Microsoft Denial Of Service Use After Free +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.4%
CVE-2026-58276 HIGH PATCH This Week

Remote code execution in Microsoft Edge (Chromium-based) stems from a use-after-free memory corruption flaw (CWE-416) that an unauthorized network attacker can trigger to run arbitrary code in the browser process. Exploitation requires the victim to interact with attacker-controlled content (UI:R) and involves high attack complexity (AC:H), so a user must be lured to a malicious or compromised page. No public exploit has been identified at time of analysis, and the issue is not listed in CISA KEV; Microsoft has released a fix.

Memory Corruption Google Microsoft Denial Of Service Use After Free +1
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-57986 HIGH PATCH This Week

Remote code execution in Microsoft Edge (Chromium-based) stems from a use-after-free memory-corruption bug (CWE-416) that an unauthorized attacker can trigger over the network to run arbitrary code in the browser's context. Exploitation requires the victim to interact with attacker-controlled web content and the CVSS vector flags high attack complexity, so successful attacks are not trivial. There is no public exploit identified at time of analysis and no CISA KEV listing, but a vendor patch is available from Microsoft.

Memory Corruption Google Microsoft Denial Of Service Use After Free +1
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-57981 HIGH PATCH This Week

Remote code execution in Microsoft Edge (Chromium-based) stems from a use-after-free memory corruption flaw (CWE-416) that lets an unauthenticated attacker run arbitrary code when a victim visits a malicious web page. All Edge Chromium versions prior to the vendor-patched build are affected, and the CVSS 3.1 base score is 8.8 (High). There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; exploitation requires user interaction such as browsing to attacker-controlled content.

Memory Corruption Google Microsoft Denial Of Service Use After Free +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2026-58287 HIGH PATCH This Week

Remote code execution in Microsoft Edge (Chromium-based) allows an unauthorized attacker to run arbitrary code when a victim views attacker-controlled web content, stemming from a use-after-free memory-corruption flaw (CWE-416). The scope-changed CVSS vector (S:C) indicates the bug can breach the browser's sandbox boundary. Microsoft has released a fix; there is no public exploit identified at time of analysis (CVSS E:U) and it is not listed in CISA KEV.

Memory Corruption Google Microsoft Denial Of Service Use After Free +1
NVD VulDB
CVSS 3.1
8.3
EPSS
0.4%
CVE-2026-57992 HIGH PATCH This Week

Remote code execution in Microsoft Edge (Chromium-based) lets an unauthenticated attacker run arbitrary code when a victim is lured into loading attacker-controlled web content that triggers a use-after-free memory corruption. The flaw carries a CVSS 3.1 base of 7.5 and requires user interaction, and the CVSS temporal metrics (E:U, RL:O, RC:C) indicate the issue is confirmed and officially patched with no public exploit identified at time of analysis. Because Edge shares Chromium's rendering engine, the underlying defect is likely rooted in an upstream Chromium/Blink component (the intel tags also reference Google).

Memory Corruption Google Microsoft Denial Of Service Use After Free +1
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-57984 HIGH PATCH This Week

Remote code execution in Microsoft Edge (Chromium-based) stems from a use-after-free (CWE-416) memory-corruption flaw that an unauthenticated attacker can trigger over the network when a victim loads attacker-controlled web content. Microsoft has released an official fix and rates the issue 7.5 (High), tempered by high attack complexity and required user interaction; the CVSS temporal data marks exploit maturity as Unproven (E:U), so there is no public exploit identified at time of analysis and no CISA KEV listing. The vendor tags ('Google', 'Use After Free', 'Denial Of Service') indicate this most likely tracks an upstream Chromium engine defect inherited by Edge.

Memory Corruption Google Microsoft Denial Of Service Use After Free +1
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-26307 HIGH PATCH This Week

Gitea versions before 1.25.5 do not enforce a timeout on git grep searches, allowing expensive searches to consume server resources.

Denial Of Service Gitea Gitea Open Source Git Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-58379 HIGH This Week

Heap-based buffer overflow in GIMP's Paint Shop Pro (PSP) image format parser lets an attacker achieve arbitrary code execution or crash the application when a victim opens a maliciously crafted PSP file. The flaw stems from incorrect buffer-size arithmetic on low bit-depth images, and affects GIMP as shipped across Red Hat Enterprise Linux 6 through 9. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV; exploitation requires local file-open interaction (CVSS 7.3).

Heap Overflow Denial Of Service Buffer Overflow RCE Red Hat Enterprise Linux 6 +3
NVD VulDB
CVSS 3.1
7.3
EPSS
0.2%
CVE-2026-14612 MEDIUM This Month

Two off-by-one errors in FreeIPA's ipa-otpd daemon expose RHEL 6 through 10 deployments configured with an external OAuth2/OIDC Identity Provider to out-of-bounds memory access during the device authorization flow. An attacker who controls or can man-in-the-middle the configured IdP endpoint can serve an oversized authorization response, triggering CWE-787 writes or reads one byte past a fixed-size buffer boundary. The most probable outcome is denial of service of the ipa-otpd daemon; no public exploit has been identified and the vulnerability is not listed in the CISA KEV catalog.

Memory Corruption Denial Of Service Buffer Overflow Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 +4
NVD VulDB
CVSS 3.1
4.2
EPSS
0.1%
CVE-2026-46463 MEDIUM PATCH This Month

Integer overflow in Dell PowerProtect Data Domain across multiple release trains (main, LTS2024, LTS2025, LTS2026) exposes backup and data protection infrastructure to remote denial of service by an unauthenticated attacker. The CVSS vector (AV:N/AC:H/PR:N) confirms network-accessible, unauthenticated exploitation, though high attack complexity constrains practical exploitation to adversaries who can satisfy specific preconditions. No public exploit has been identified at time of analysis, and the vulnerability has not been added to the CISA Known Exploited Vulnerabilities catalog.

Integer Overflow Dell Denial Of Service Powerprotect Data Domain
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-46465 MEDIUM PATCH This Month

Format string exploitation in Dell PowerProtect Data Domain enables remote high-privileged attackers to disclose memory contents and crash the service across multiple concurrent release trains. Affected versions span the mainline (7.7.1.0-8.7), LTS2026 (8.6.1.0-8.6.1.10), LTS2025 (8.3.1.0-8.3.1.30), and LTS2024 (7.13.1.0-7.13.1.70) branches, creating broad organizational exposure for enterprises running any supported Data Domain release. No public exploit or confirmed active exploitation has been identified at time of analysis; the mandatory high-privilege prerequisite substantially constrains the realistic attacker pool.

Dell Denial Of Service Information Disclosure Powerprotect Data Domain
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-4967 HIGH This Week

Remote denial of service in the IMS (IP Multimedia Subsystem) implementation of Unisoc mobile chipsets allows an unauthenticated remote attacker to crash the affected component via an out-of-bounds read triggered by a missing bounds check. The flaw spans a broad range of Unisoc SoCs (SC7731E, SC9832E, SC9863A, T310/T610/T618, T7200-series, T8100/T8200/T8300, T9100) commonly used in budget Android smartphones. It carries CVSS 7.5 with availability-only impact and no confidentiality or integrity effect; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Denial Of Service Buffer Overflow Sc7731E Sc9832E Sc9863A T310 T610 T618 T7200 T7225 T7250 T7255 T7280 T7300 T8100 T9100 T8200 T8300
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-13084 HIGH This Week

Denial-of-service in WatchGuard Fireware OS lets a remote, unauthenticated attacker crash the IKEv2 VPN service by sending specially crafted IKEv2 messages that trigger a null pointer dereference (CWE-476). The flaw affects appliances running Mobile User VPN with IKEv2 or Branch Office VPN over IKEv2 with a dynamic gateway peer, spanning Fireware OS 11.10.2 through 2026.2. No public exploit identified at time of analysis; the CVSS 4.0 score of 8.7 reflects high availability impact with no confidentiality or integrity loss.

Watchguard Denial Of Service Microsoft Null Pointer Dereference Fireware Os
NVD VulDB
CVSS 4.0
8.7
EPSS
0.5%
CVE-2026-50721 MEDIUM PATCH This Month

Signature forgery and denial-of-service in Libreswan's IKEv1 RSA authentication allows a remote unauthenticated attacker to impersonate an IKE peer or crash the daemon. The flaw lives in RSA_authenticate_hash_signature_raw_rsa(), which fails to validate the length of the authentication hash inside a PKCS #1 (RFC 2313) encoded SIG payload; when a peer uses a small RSA public exponent such as e=3, a Bleichenbacher-style forgery becomes feasible. There is no public exploit identified at time of analysis and it is not in CISA KEV, but the impersonation impact against IKEv1 raw-RSA authentication makes this a high-severity issue (CVSS 8.1); remote code execution is explicitly not possible and X.509 certificate verification is unaffected.

Jwt Attack Denial Of Service RCE Libreswan
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2026-50722 MEDIUM PATCH This Month

Peer impersonation and denial-of-service in Libreswan IPsec/IKEv2 arises from improper DER/ASN.1 digest verification in RSA_authenticate_hash_signature_pkcs1_1_5_rsa() when the IKEv2 AUTH payload uses RSASSA-PKCS1-v1_5 signatures. A remote unauthenticated attacker can mount a Bleichenbacher-style forgery to impersonate a peer when small RSA public exponents (e.g., e=3) are in use, or send an undersized hash to trip an assertion that aborts and restarts the daemon for sustained DoS. A vendor patch is available and there is no public exploit identified at time of analysis; RCE is not possible and X.509 certificate verification of the peer is unaffected.

Jwt Attack Denial Of Service RCE Libreswan
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2026-12413 HIGH This Week

Denial of service in the Libreswan IPsec VPN's pluto daemon allows remote unauthenticated attackers to crash and repeatedly restart the daemon by sending an invalidly formatted IKEv2 fragment. The off-by-one flaw affects any deployment permitting IKEv2 connections that do not explicitly set fragmentation=no, with no authentication or user interaction required; repeated exploitation sustains the outage. No public exploit identified at time of analysis, and no remote code execution is possible despite the mislabeled 'RCE' tag.

Denial Of Service RCE Libreswan
NVD VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2026-49284 PHP HIGH PATCH GHSA This Week

Authentication/authorization bypass in SimpleSAMLphp's SAML Service Provider ACS handler allows a lower-trust but trusted IdP to satisfy login state that was created for a different, expected IdP. Because the ACS only logs (rather than rejects) a mismatch between the saved ExpectedIssuer and the actual response issuer, and because the code accepts an unsigned samlp:Response/@InResponseTo when the signed assertion lacks its own InResponseTo, an attacker holding a signed IdP-initiated assertion from IdP B can bind it to SP state intended for IdP A. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; impact is conditional on multi-IdP deployments where authorization depends on the selected IdP.

Denial Of Service
NVD GitHub
CVSS 3.1
7.1
CVE-2026-49289 PHP HIGH PATCH GHSA This Week

Denial-of-service in the simplesamlphp/saml2 PHP library (and its saml2-legacy variant, used by SimpleSAMLphp) allows unauthenticated remote attackers to exhaust CPU/memory by submitting SAML messages containing malicious XPath transforms in XML Signature elements. The fix restricts the number of transforms and rejects XPath transforms entirely, permitting only the transform algorithms named in the SAML 2.0 Core specification. No public exploit has been identified at time of analysis and the flaw carries CVSS 7.5 (availability-only impact); it is not in CISA KEV.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
CVE-2026-52829 Cargo HIGH PATCH GHSA This Week

Remote denial of service in the Zebra Zcash full-node (zebrad) up to and including v4.4.1 lets an unauthenticated peer deterministically crash any synced node running the standard Linux dual-stack configuration. By completing a P2P handshake over IPv4 to a `[::]` listener and then advertising a single invalid mempool transaction (e.g. a coinbase), the attacker triggers a reachable-assertion panic in the address book after a 30-second batch flush, and `panic = "abort"` terminates the process. No public exploit has been identified at time of analysis, but the advisory documents the full reproduction path; the crash is repeatable after every restart, enabling persistent downtime.

Canonical Denial Of Service
NVD GitHub
CVSS 3.1
7.5
CVE-2026-52746 npm HIGH PATCH GHSA This Week

Denial of service in the JSONata JavaScript query/transformation library (npm 'jsonata') before 2.2.0 allows remote attackers to hang the event loop by supplying crafted, non-matching date strings to the $toMillis function, whose ISO-8601 validation regex is vulnerable to superlinear (catastrophic) backtracking. Any application that evaluates user-provided JSONata expressions or feeds attacker-controlled data into $toMillis is exposed. There is no public exploit identified at time of analysis and the flaw is not in CISA KEV, but EPSS/exploitation likelihood aside, the CVSS 7.5 (A:H) reflects a clean availability-only impact.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
CVE-2026-52739 Cargo MEDIUM PATCH GHSA This Month

Process abort in zebrad (Zcash Foundation's Rust node) up to v4.4.1 allows a malicious block producer to crash targeted nodes by submitting a child block that repeats a shielded V5 transaction from its non-finalized parent. The ordering bug in `Chain::push` causes an `assert_eq!` uniqueness check on `tx_loc_by_hash` to fire before the duplicate shielded-nullifier guard can cleanly reject the block; under Zebra's `panic = "abort"` release profile, this terminates the entire node process rather than returning a validation error. No public exploit or CISA KEV listing has been identified, but the vendor describes two concrete attack models requiring only modest mining hashrate, making targeted denial-of-service achievable in practice.

Denial Of Service Checkpoint
NVD GitHub
CVSS 3.1
5.9
CVE-2026-58381 MEDIUM This Month

Double-free memory corruption in GIMP's PSP file format parser exposes local users to denial of service and potential arbitrary code execution when opening a specially crafted Paint Shop Pro image file. The flaw in read_layer_block() allows heap memory corruption that reliably crashes GIMP and, in a more sophisticated exploitation scenario, could enable arbitrary code execution with the privileges of the victim user. No public exploit has been identified and this vulnerability does not appear in the CISA KEV catalog, though upstream tagging of the issue as RCE-capable warrants patching in environments where GIMP users may open untrusted image files.

Denial Of Service Buffer Overflow RCE Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 +2
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-52737 Cargo MEDIUM PATCH GHSA This Month

Repeated sync-stalling via a crafted P2P block response in Zebra (zebrad) v4.4.1 and earlier allows any unauthenticated peer to indefinitely delay a syncing node's chain catch-up by forcing 67-second global sync restart cycles. The root cause is that the AboveLookaheadHeightLimit error variant in the sync download pipeline does not carry the advertiser's peer address, so the offending peer is never scored or disconnected, and the restart cancels all in-flight downloads from honest peers on every cycle. No public exploit has been identified at time of analysis, but the vendor advisory confirms the attack requires no authentication, mining capability, or valid chain data - only a standard post-handshake P2P connection.

Denial Of Service
NVD GitHub
CVSS 3.1
5.3
CVE-2026-59092 HIGH PATCH This Week

Information disclosure and denial of service in JuiceFS through 1.3.1 lets remote attackers reach Go pprof debug and Prometheus metrics endpoints that are inadvertently exposed because handlers are registered on the shared http.DefaultServeMux. By fetching /debug/pprof/cmdline an attacker recovers the process command line, which embeds the metadata engine connection string and its database credentials, effectively yielding full read/write control over filesystem metadata; other pprof and profiling handlers leak internal state and can be abused to exhaust resources. Reported by VulnCheck with an upstream fix in commit a46979c; no public exploit identified at time of analysis and it is not listed in CISA KEV.

Authentication Bypass Denial Of Service Juicefs
NVD GitHub
CVSS 4.0
7.0
EPSS
0.3%
CVE-2026-52732 Cargo MEDIUM PATCH GHSA This Month

Mempool admission in zebrad up to v4.4.1 can be completely blocked by a single unauthenticated P2P peer using minimal bandwidth (~1 KB/s), exploiting absent per-peer slot accounting in the transaction download/verification pipeline. By advertising fake transaction IDs via inv messages, an attacker holding one TCP connection can monopolize all 25 MAX_INBOUND_CONCURRENCY slots, causing every subsequent inbound transaction from honest peers - and local RPC sendrawtransaction calls - to fail with MempoolError::FullQueue indefinitely. No public exploit has been identified at time of analysis; the issue is fixed in zebrad 4.5.0.

Denial Of Service
NVD GitHub
CVSS 3.1
5.3
CVE-2026-58578 HIGH POC PATCH This Week

Denial of service in LobeChat before 2.2.10-canary.15 lets an authenticated user hang the entire Node.js server by importing a GitHub-hosted skill whose repository URL path contains a catastrophic-backtracking regex pattern. Because the malicious basePath is compiled into a dynamic regular expression in findSkillMd and matched synchronously against archive entries, a single request blocks the shared event loop for tens of seconds, denying service to all concurrent users. Publicly available exploit code exists and a vendor patch is available, though there is no public exploit identified as being used in active exploitation.

Node.js Denial Of Service Lobehub
NVD GitHub
CVSS 4.0
7.1
EPSS
0.3%
CVE-2026-58465 HIGH PATCH This Week

Memory-exhaustion denial of service in Eclipse Wakaama (an OMA LwM2M client/server library) before snapshot 2026-05-26 allows unauthenticated remote attackers to crash the server by streaming CoAP Block1 PUT requests. The CoAP Block1 handler in coap/block.c appends each incoming block to a reassembly buffer without capping total size, so an attacker reaching the UDP registration endpoint can force unbounded reallocation until memory is exhausted. Reported by VulnCheck with a vendor patch available; no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Denial Of Service Wakaama
NVD GitHub
CVSS 4.0
8.7
EPSS
0.6%
CVE-2026-55950 HIGH PATCH This Week

Remote denial of service in Erlang/OTP's ssl application (dtls_packet_demux module) lets an unauthenticated attacker crash every active DTLS session on a listener by rapidly reconnecting from the same source IP and port. Because a single shared demux gen_server routes all UDP datagrams for a listener, its TOCTOU-induced crash takes down all clients, not just the attacker's, and can be repeated for a persistent outage. No public exploit is identified at time of analysis, and the issue is not listed in CISA KEV.

Denial Of Service Otp
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.4%
CVE-2026-54886 MEDIUM PATCH This Month

Infinite loop denial-of-service in Erlang OTP's ssh_sftpd module allows an authenticated SFTP user to permanently freeze individual SFTP channel processes by sending SSH_MSG_CHANNEL_EXTENDED_DATA frames. The affected function handle_data/4 tail-calls itself indefinitely when it receives extended-data channel messages (type != 0) with an empty pending buffer, because the SFTP protocol never expects such messages and the catch-all clause has no exit condition for them. No public exploit code or active exploitation has been identified at time of analysis; the vulnerability was disclosed and patched by the Erlang Ecosystem Foundation.

Denial Of Service Otp
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2026-55952 HIGH PATCH This Week

Denial of service in the Erlang/OTP ssl application (OTP 22.2 through 29.0.3, and the 28.5.x/27.3.x maintenance branches) lets an unauthenticated remote attacker permanently disable TLS 1.3 session ticket handling on a listener with a single crafted ClientHello. Because the pre-shared key extension's identity list and binder list are not length-checked before being handed to the session ticket handler, a mismatched OfferedPreSharedKeys record crashes that process, causing all subsequent TLS 1.3 handshakes to fail at ticket issuance until the ssl application is restarted. No public exploit identified at time of analysis and it is not on CISA KEV, but the CVSS 4.0 base score of 8.2 reflects the trivial, pre-authentication trigger.

Denial Of Service Otp
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.5%
CVE-2026-55113 HIGH PATCH This Week

Server-Side Request Forgery in Ubiquiti's UniFi Talk Application allows a network-positioned attacker to coerce the application into making unintended internal requests, resulting in a Denial of Service and an authentication bypass against certain UniFi Talk API endpoints. The flaw carries CVSS 7.5 (scope-changed, high availability impact) and is reachable by remote attackers without authentication (PR:N), though a high attack complexity (AC:H) constrains reliable exploitation. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

SSRF Ubiquiti Denial Of Service Unifi Talk Application
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-54405 HIGH PATCH This Week

Denial of service in Ubiquiti's UniFi Network Application allows a remote, unauthenticated attacker with network access to crash or render the application unavailable by sending malformed input that the application fails to properly validate (CWE-20). The flaw carries a CVSS 7.5 rating driven entirely by availability impact (C:N/I:N/A:H), with no confidentiality or integrity consequences. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Ubiquiti Denial Of Service Unifi Network Application
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-12166 MEDIUM This Month

NULL pointer dereference in the GFAC_Sys_x64.sys kernel driver of Little Orbit's GameFirst Anti-Cheat enables a local low-privileged attacker to crash the entire Windows system by sending crafted requests to the driver. All versions released up to 2025-07-07 are affected per EUVD-2026-41377. A public GitHub repository containing proof-of-concept exploit code covering this CVE alongside two sibling vulnerabilities (CVE-2026-12167, CVE-2026-12168) exists, though no active exploitation has been confirmed by CISA KEV.

Denial Of Service Gamefirst Anti Cheat
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-11946 HIGH PATCH This Week

Uncontrolled memory consumption in open62541's OPC UA Discovery Service allows a remote, unauthenticated attacker to crash or degrade servers by abusing the GetEndpoints request handling. Because the endpointUrl field length is never validated, an attacker can advertise a string up to ~4.09 GB and stream it across incomplete message chunks that the server buffers in RAM indefinitely until the SecureChannel times out, exhausting available memory. The flaw is pre-session and works against any encryption configuration; no public exploit is identified at time of analysis, and it is not listed in CISA KEV.

Denial Of Service Open62541 Red Hat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-9563 HIGH This Week

Denial of service in Eclipse Parsson before 1.1.8 lets remote unauthenticated attackers exhaust CPU and memory on any application that parses attacker-controlled JSON. Because the parser enforced no default cap on characters consumed per document, a single oversized payload - large arrays, strings, numbers, deep nesting, or whitespace - can hang or crash the service. No public exploit is identified at time of analysis; the fix (1.1.8) adds a configurable default limit of 15 million parser-consumed characters.

Denial Of Service Eclipse Parsson
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-33592 HIGH PATCH This Week

Remote memory exhaustion in open62541's FindServers Discovery Service lets an unauthenticated attacker crash or degrade OPC UA servers built on versions 1.4.0-1.4.16, 1.5.0-1.5.4, and master. Because the serverUris field of a FindServersRequest is never validated for length or array size, an attacker can declare a string of up to ~3.9 GB and stream it across chunks while withholding the final chunk, forcing the server to buffer everything in RAM until the SecureChannel times out. The attack is pre-session, requires no authentication, and bypasses all encryption configuration; no public exploit identified at time of analysis.

Denial Of Service Open62541
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-5821 HIGH This Week

Arbitrary file deletion in the Image Optimizer plugin for WordPress (versions up to and including 1.7.4) lets an authenticated attacker with Author-level access or higher delete any file the web server can write to, potentially causing denial of service, data loss, or removal of security-relevant files such as wp-config.php. The flaw stems from the plugin trusting attacker-controllable backup paths stored in post meta. This was reported by Wordfence; no public exploit identified at time of analysis, and it is not listed in CISA KEV.

WordPress Denial Of Service
NVD VulDB
CVSS 3.1
8.1
EPSS
0.4%
CVE-2026-52192 HIGH This Week

Denial of service in the UTT nv518G security gateway (firmware nv518GV3 v3.2.7-210919-210919/161313) lets a remote, unauthenticated attacker crash or hang the device by triggering uncontrolled resource consumption in the gohead/sub_445C5C (FUN_00445c5c) handler of the built-in GoAhead-style web management daemon. No public exploit is identified in the source data, though a GitHub technical write-up reverse-engineering the vulnerable function is available; EPSS is low (0.20%, 10th percentile) and the CVE is not on CISA KEV, so exploitation is theoretical rather than confirmed. Impact is limited to availability (network outage of the gateway) with no confidentiality or integrity loss.

Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-52187 HIGH This Week

Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_483ba0 component

Denial Of Service Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-52188 MEDIUM This Month

Denial-of-service via buffer overflow in UTT nv518G firmware (nv518GV3v3.2.7-210919-161313) allows an adjacent-network attacker to crash the device by sending a crafted request to the GoAhead embedded webserver's sub_497498 handler. The vulnerability is rooted in CWE-119 (improper bounds restriction) and requires no authentication, meaning any host on the same LAN segment can trigger device unavailability. A GitHub-hosted CVE report with technical detail exists, indicating publicly available exploit code, though EPSS at 0.22% (13th percentile) reflects low observed exploitation probability - consistent with the limited geographic and market footprint of UTT devices.

Denial Of Service Buffer Overflow N A
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-52191 HIGH This Week

Remote denial of service in the UTT nv518G security gateway/router (firmware nv518GV3v3.2.7-210919-161313) allows an unauthenticated attacker to crash the device by triggering a buffer overflow in the gohead/sub_444C8C function of its embedded web management service. The flaw impacts availability only - no code execution, data disclosure, or integrity loss is indicated - and CVSS rates it 7.5 (High). No public exploit identified at time of analysis, though a GitHub reverse-engineering report documents the vulnerable function; EPSS is low at 0.22% (13th percentile) and it is not on the CISA KEV list.

Denial Of Service Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-52189 HIGH This Week

Denial of service in the UTT nv518G security gateway/router (firmware nv518GV3v3.2.7-210919-161313) lets remote attackers crash the device by triggering a buffer overflow in the gohead web-management component's sub_487330 (FUN_00487330) function. The CVSS vector indicates unauthenticated network exploitation with availability-only impact, EPSS is low at 0.22% (13th percentile), and no active exploitation is recorded, though a public technical write-up of the flawed function exists on GitHub.

Denial Of Service Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-14426 HIGH PATCH This Week

Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Memory Corruption Google Denial Of Service Use After Free RCE +1
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-14394 HIGH PATCH This Week

Remote code execution risk in Google Chrome's V8 JavaScript engine (versions prior to 150.0.7871.46) arises from a use-after-free that a remote attacker can trigger by luring a victim to a crafted HTML page, leading to heap corruption and potential arbitrary code execution in the renderer. The CVSS 8.8 rating reflects high impact with only user interaction (visiting a page) required, though Google rated the Chromium security severity as Low and no public exploit is identified at time of analysis. EPSS is low at 0.18% (8th percentile) and CISA SSVC records no known exploitation.

Memory Corruption Denial Of Service Use After Free Google Suse
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-14432 HIGH PATCH This Week

Use-after-free in Chrome's V8 JavaScript engine (versions before 150.0.7871.46) lets a remote attacker achieve arbitrary code execution inside the renderer sandbox by luring a victim to a crafted HTML page. Chromium rated this Medium severity, but the CVSS 8.8 reflects high confidentiality, integrity, and availability impact requiring only a single user click; there is no public exploit identified at time of analysis and CISA's SSVC framework records no known exploitation. Because scope is unchanged (S:U), code execution is confined to the sandbox and does not by itself constitute a full host compromise.

Memory Corruption Google Denial Of Service Use After Free RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-14393 HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine (versions prior to 150.0.7871.46) allows an attacker to run arbitrary code inside the renderer sandbox when a victim visits a crafted HTML page. The flaw is a use-after-free (CWE-416) reported by Google's own Chrome team; Chromium rated it Medium severity while NVD assigns CVSS 8.8. No public exploit has been identified at time of analysis, and CISA's SSVC framework records exploitation status as 'none'.

Memory Corruption Google Denial Of Service Use After Free RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-14403 HIGH PATCH This Week

Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)

Memory Corruption Google Denial Of Service Use After Free RCE +1
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-14419 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's Skia graphics library affects all desktop Chrome builds prior to 150.0.7871.46, where a use-after-free (CWE-416) triggered by a crafted HTML page can let a remote attacker break out of the renderer sandbox. Google rates the Chromium severity Critical and CVSS is 9.6, but there is no public exploit identified at time of analysis and CISA's SSVC records exploitation status as none. A vendor patch is available in the June 2026 Stable channel release.

Memory Corruption Denial Of Service Use After Free Google Suse
NVD VulDB
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-14417 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's Dawn (WebGPU) component affects all desktop builds prior to 150.0.7871.46, where a use-after-free lets a remote attacker who lures a victim to a crafted HTML page potentially break out of the renderer sandbox. Google rates the Chromium severity Critical, and the CVSS 3.1 score of 9.6 reflects a scope-changing memory-corruption bug. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, though a vendor patch is already shipping in the Stable channel.

Memory Corruption Denial Of Service Use After Free Google Suse
NVD VulDB
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-14424 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on macOS (versions prior to 150.0.7871.46) stems from a use-after-free in Dawn, Chrome's WebGPU/graphics abstraction layer, and allows a remote attacker who lures a victim to a crafted HTML page to potentially break out of the renderer sandbox and gain higher-privileged code execution on the host. The flaw is rated High by Chromium and carries a CVSS 9.6 due to its network attack vector, low complexity, and scope change. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, and CISA's SSVC framework currently marks exploitation as 'none' though technical impact as 'total'.

Memory Corruption Denial Of Service Use After Free Google Suse
NVD
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-14425 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's ANGLE graphics component affects all desktop builds prior to 150.0.7871.46, where a use-after-free condition lets a remote attacker who lures a victim to a crafted HTML page potentially break out of the renderer sandbox. Chromium rates the severity High and a fixed stable-channel build is available, but SSVC records no observed exploitation and no public exploit identified at time of analysis. The high CVSS (9.6) is driven by the scope change inherent to sandbox escape rather than confirmed real-world abuse.

Memory Corruption Denial Of Service Use After Free Google Suse
NVD
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-14390 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's ANGLE graphics layer lets a remote attacker who lures a victim to a crafted HTML page break out of the renderer sandbox and gain code execution in a higher-privilege context. All Chrome desktop builds prior to 150.0.7871.46 are affected. Chromium rated the underlying use-after-free High severity; no public exploit has been identified at time of analysis and SSVC records exploitation status as none.

Memory Corruption Denial Of Service Use After Free Google Suse
NVD
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-14398 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's ANGLE graphics layer prior to version 150.0.7871.46 lets a remote attacker break out of the renderer sandbox when a victim opens a crafted HTML page. Rated Critical by Chromium with a 9.6 CVSS score, the flaw is a use-after-free (CWE-416) requiring only that the target visit a malicious site. No public exploit or active exploitation is identified at time of analysis, and CISA's SSVC assessment lists exploitation as none.

Memory Corruption Denial Of Service Use After Free Google Suse
NVD VulDB
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-52190 HIGH This Week

Denial of service in the UTT nv518G gateway/router (firmware nv518GV3v3.2.7-210919-161313) lets a remote attacker crash the device by sending crafted input to the gohead/sub_448384 (FUN_00448384) handler, triggering a stack-based buffer overflow. The CVSS 3.1 vector marks it network-reachable and unauthenticated with high availability impact but no confidentiality or integrity effect. Publicly available exploit code exists via a GitHub CVE report; there is no CISA KEV listing and no EPSS score in the provided data.

Buffer Overflow Denial Of Service Stack Overflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-38891 HIGH This Week

Denial of service in the gazebo_plugins package (v3.9.0), specifically the differential-drive controller gazebo_ros_diff_drive.cpp, lets attackers crash the affected simulation/robot-control node by publishing a specially crafted geometry_msgs::Twist velocity command. Any actor able to reach the relevant ROS topic can trigger the fault because the plugin fails to validate the incoming message before processing it (CWE-20). Reported via MITRE with a public proof-of-concept (demo video and technical write-up); not listed in CISA KEV, and EPSS exploitation probability is low at 0.15% (5th percentile).

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-54712 HIGH PATCH This Week

Denial of service in OpenTelemetry Java Instrumentation before 2.27.0 lets an attacker who can reach an RMI endpoint on an instrumented JVM send an oversized context-propagation payload that triggers excessive memory allocation. The RMI payload reader caps the number of context entries but never bounds the aggregate size of the strings it reads, so a single crafted request can exhaust heap and crash or stall the JVM. No public exploit is identified at time of analysis, EPSS is low (0.24%), and CISA SSVC records no observed exploitation, but the flaw is network-reachable and unauthenticated wherever RMI instrumentation is enabled and exposed.

Java Denial Of Service Opentelemetry Java Instrumentation
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-54260 PyPI LOW PATCH Monitor

Wagtail CMS versions prior to 7.0.8, 7.3.3, and 7.4.2 expose a resource exhaustion vector where authenticated admin users can submit purposefully crafted image filter specification strings that trigger disproportionately expensive rendition processing on the server, resulting in service degradation for all site users. The vulnerability is constrained to admin-level authenticated users and cannot be triggered by ordinary unauthenticated site visitors, materially limiting real-world attack surface. No public exploit code and no CISA KEV listing have been identified at time of analysis, placing this in the low-priority tier for most deployments.

Python Denial Of Service Wagtail
NVD GitHub
CVSS 3.1
2.7
EPSS
0.2%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in the vLLM LLM inference server (all versions prior to 0.24.0) allows a remote client to crash the shared engine worker by sending a specific multi-request speculative decoding workload. The rejection sampler produces a recovered token equal to the vocabulary-size boundary, which is coerced to -1, written back into the drafter's input ids, and later dereferenced by the embedding/attention path, triggering a GPU device-side assertion that kills the worker. There is no public exploit identified at time of analysis and this CVE is not in CISA KEV; per CVSS the impact is availability-only (C:N/I:N/A:H) with a low EPSS profile expected for a crash-only bug.

Denial Of Service Vllm
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

Null Pointer Dereference in Adobe DNG SDK versions 1.7.1 build 2536 and earlier allows an attacker to crash any application embedding the SDK by supplying a specially crafted DNG file. The flaw is strictly a denial-of-service with no confidentiality or integrity impact, and requires a victim to open the malicious file, constraining realistic exposure to imaging pipelines or end-user applications that ingest untrusted DNG content. No public exploit code and no active exploitation have been identified at time of analysis.

Denial Of Service Null Pointer Dereference Dng Sdk
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

Memory exhaustion in vLLM 0.22.0-0.23.0 allows authenticated API callers to crash or destabilize the inference server by uploading arbitrarily large audio files. The `/v1/audio/transcriptions` and `/v1/audio/translations` endpoints invoke `request.file.read()` to fully buffer multipart uploads into process memory before the `VLLM_MAX_AUDIO_CLIP_FILESIZE_MB` size guard is evaluated, meaning the size limit is checked only after the damage is done. No public exploit is identified at time of analysis; vendor-confirmed fix is available in version 0.24.0.

Denial Of Service Vllm
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Integer overflow in GIMP's PlayStation TIM image loader crashes the plug-in when processing a maliciously crafted TIM file, resulting in denial of service. The flaw affects GIMP as packaged on Red Hat Enterprise Linux 6 through 9, where the TIM loader multiplies two 16-bit unsigned short values (num_colors × num_cluts) without bounds checking, producing a 32-bit overflow that corrupts CLUT size calculation and triggers an abort. No public exploit code has been identified at time of analysis, and exploitation requires user interaction to open a crafted file, limiting real-world impact to targeted social engineering scenarios.

Integer Overflow Denial Of Service Red Hat Enterprise Linux 6 +3
NVD VulDB
EPSS 0% CVSS 3.8
LOW PATCH Monitor

Heap exhaustion in OP-TEE OS (versions 3.3.0 through 4.10.x) allows a low-privileged normal-world local caller to progressively degrade and ultimately deny service to all trusted applications running in the secure world. The root cause is a missing bitmask application in `cleanup_shm_refs()` that causes `mobj_reg_shm` reference objects to accumulate indefinitely on internal lists without being released. No public exploit code has been identified at time of analysis, and EPSS data was not supplied; however, the flaw is structurally straightforward to trigger through normal TEE invocation with non-contiguous shared memory parameters, making it feasible for any process with TEE access to exhaust the secure heap over time.

Linux Denial Of Service Optee Os
NVD GitHub VulDB
EPSS 1% CVSS 8.7
HIGH PATCH This Week

Denial-of-service in BeyondTrust Remote Support and Privileged Remote Access appliances lets an unauthenticated remote attacker exhaust or crash the network communication subsystem, taking the appliance offline. The flaw is pre-authentication and network-reachable (CVSS 4.0 8.7, availability-only impact), but affects availability only - no confidentiality or integrity loss. No public exploit identified at time of analysis, and it is not listed in CISA KEV.

Denial Of Service Remote Support Privileged Remote Access
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Stack-based memory corruption in GIMP's PNM image parser lets an attacker execute code or crash the application when a victim opens a malicious PNM/PBM/PGM/PPM file. The flaw is an off-by-one in pnmscanner_gettoken() that writes a null terminator one byte past a stack buffer; it is local and requires the user to open the crafted file (UI:R). No public exploit is identified at time of analysis, and EPSS is low (0.12%), consistent with the CISA SSVC 'Exploitation: none' judgment.

Denial Of Service Buffer Overflow RCE +4
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Uncontrolled memory consumption in the Perl module Imager::File::JPEG (before 1.003, and bundled in Imager before 1.032) lets remote attackers exhaust process memory by submitting a JPEG containing many repeated APP13 (Photoshop/IPTC) markers. The i_readjpeg_wiol handler leaks the heap payload of every APP13 marker except the last on each read, so long-lived services that decode attacker-supplied images accumulate leaks until the process is killed, causing denial of service. There is no public exploit identified at time of analysis and it is not in CISA KEV, but the fix (Imager::File::JPEG 1.003 / Imager 1.032) is available and the trigger is trivial to craft.

Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 8.6
HIGH PATCH This Week

Persistent denial of service in multiple WSO2 products - including WSO2 API Manager, WSO2 Universal Gateway, WSO2 Traffic Manager, and WSO2 API Control Plane - allows an unauthenticated remote attacker to send malicious JSON payloads to the throttling event handling mechanism, crashing or corrupting API Gateway state so that legitimate API traffic can no longer be processed. Because the outage is persistent and requires manual intervention to restore service, and the CVSS scope is changed (S:C), a single request can take down the entire API Gateway tier. There is no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Denial Of Service Wso2 Universal Gateway Wso2 Traffic Manager +2
NVD VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Uncontrolled memory allocation in the Elixir Mint HTTP client (Mint.HTTP1 module, versions 0.5.0 through 1.9.0) lets a malicious or compromised HTTP server exhaust a client's memory and force an out-of-memory crash. When decoding a chunked response, Mint buffers every byte of the current chunk in an unbounded iolist and withholds it from the caller until the full declared chunk length arrives, so a server that advertises a huge chunk size (e.g. 0x7FFFFFFF ≈ 2 GiB) and then dribbles bytes slowly drives client memory arbitrarily high. This CWE-770 flaw is a denial-of-service only (VA:H, no confidentiality or integrity impact) with no public exploit identified at time of analysis and no CISA KEV listing.

Denial Of Service Mint
NVD GitHub VulDB
EPSS 0% CVSS 7.7
HIGH This Week

Authenticated denial of service in Red Hat Advanced Cluster Security for Kubernetes (RHACS) 4 allows any user holding a valid API token to exhaust Central's resources. Because Central does not cap the nesting depth of queries served on its authenticated GraphQL API, a single deeply nested query can drive excessive CPU and memory consumption and take down the RHACS management plane. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV, but the low-privilege network vector makes it trivial for any token holder to trigger.

Kubernetes Red Hat Denial Of Service +1
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in Apache IoTDB versions 1.3.3 through 2.0.7 lets remote attackers crash the DataNode process by submitting a single query whose time span and aggregation interval are unbounded. Because the affected query interface enforces no reasonable limit on these parameters, a request combining a very large time range with a minimal interval forces the DataNode to materialize an enormous result set in memory, exhausting the Java heap. No public exploit has been identified at time of analysis and the issue is not in CISA KEV, but the fix is easy to reverse-engineer from the version bump to 2.0.8.

Java Denial Of Service Apache +1
NVD VulDB
EPSS 0% CVSS 1.9
LOW POC PATCH Monitor

Null pointer dereference in GPAC 26.02.0's nhmldump_send_frame function (src/filters/write_nhml.c) allows a local, low-privileged attacker to crash the application by supplying crafted media input to the NHML write filter. Impact is strictly limited to availability - a process-level denial of service with no confidentiality or integrity implications. A publicly available proof-of-concept exploit exists (GitHub issue #3596), though the vendor itself characterizes this class of issue as 'more bugs than vulns,' contextualizing it as a robustness fix rather than an urgent security incident.

Denial Of Service Null Pointer Dereference Gpac
NVD VulDB GitHub
EPSS 0% CVSS 1.9
LOW POC PATCH Monitor

Use-after-free in radare2's r_core_bin_load function (libr/core/cfile.c) affects all versions up to and including 6.1.6, allowing a local low-privileged user to trigger memory corruption resulting in a denial of service. A public proof-of-concept exists (GitHub issue #26049), confirmed by the CVSS 4.0 E:P exploitability modifier, though the vulnerability is not listed in CISA KEV and no confirmed widespread active exploitation is known. The CVSS 4.0 score of 4.8 (Medium) reflects the strictly local attack vector, limited availability impact, and absence of confidentiality or integrity compromise.

Memory Corruption Denial Of Service Use After Free +1
NVD VulDB GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Memory exhaustion via uncontrolled recursion in Mojo::JSON's pure-Perl decoder allows network-accessible callers to cause denial of service in Mojolicious applications. All versions before 9.47 are affected when the pure-Perl decode path is active - specifically when Cpanel::JSON::XS is absent or MOJO_NO_JSON_XS=1 is set. No public exploit has been identified and EPSS sits at 0.19% (8th percentile), but the attack is conceptually trivial given the published patch diff and OSS-Security advisory.

Denial Of Service Mojo
NVD GitHub VulDB
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Denial of service in NATS Server (nats-server) MQTT handler allows a remote, unauthenticated client to exhaust server memory by sending an MQTT CONNECT packet that declares a large variable-length 'remaining length' before authentication completes. Because the pre-connection MQTT parser failed to enforce the configured max_payload limit, the server would buffer attacker-controlled data unbounded, degrading or crashing the broker (CVSS 7.5, availability-only impact). There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the fix is confirmed by upstream commits, releases, and a GitHub Security Advisory.

Denial Of Service Nats Server
NVD GitHub VulDB
MEDIUM This Month

NULL pointer dereference in the error handler of gstavdemux.c within gstreamer1-libav can crash the GStreamer pipeline process when it encounters a malformed or crafted media stream during AV demuxing. The flaw resides specifically in error recovery logic - the code path meant to handle failures itself dereferences a NULL pointer, producing a denial-of-service condition in any application relying on this plugin for media playback or processing. No public exploit code or active exploitation has been identified at time of analysis; this appears to be a stability/reliability bug reported through Ubuntu's vendor channel.

Denial Of Service Red Hat
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in the mruby/c lightweight Ruby VM (all releases through 3.4.1) arises from a NULL pointer dereference in op_super()/OP_SUPER within src/vm.c, where a runtime guard for a top-level 'super' call is missing. When the interpreter executes a script that invokes 'super' outside of any method context, the VM dereferences a NULL pointer and crashes. There is no public exploit identified at time of analysis, and the low EPSS score (0.15%, 5th percentile) reflects limited exploitation interest; impact is confined to availability (CWE-476).

Denial Of Service Null Pointer Dereference N A
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Remote denial of service in the NATS Server (nats-io/nats-server) leafnode subsystem allows unauthenticated attackers to crash the entire server by sending a second INFO protocol message before CONNECT on the leafnode port, triggering a nil-pointer dereference (c.acc == nil) that panics the process. All server instances exposing a leafnode listener prior to v2.11.17 (2.11.x) and v2.12.8 (2.12.x) are affected. No public exploit has been identified, but the vendor's own regression test (TestLeafNodeSecondInfoBeforeConnectDoesNotPanic) demonstrates the exact crash payload, and the CVSS availability-only vector (7.5) reflects a single-packet, no-auth crash.

Denial Of Service Null Pointer Dereference Nats Server
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Out-of-bounds read in Zephyr RTOS's mDNS detection logic crashes devices resolving short-suffix hostnames when CONFIG_MDNS_RESOLVER is compiled in. The flaw in dns_resolve_name_internal() reads a fixed 7 bytes from a suffix pointer regardless of the actual string length, causing a 1-2 byte over-read past the NUL terminator for suffixes like .org, .com, .net, or .io. Under the specific runtime condition of a tightly-sized allocation adjacent to an unmapped boundary (guard page, MPU domain, or ASAN), the over-read faults and crashes the device; no public exploit has been identified at time of analysis and CVSS 3.7 with AC:H accurately reflects the narrow crash preconditions.

Denial Of Service Buffer Overflow Information Disclosure +1
NVD GitHub VulDB
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

NULL pointer dereference in the Zephyr RTOS MAX32xxx USB device controller driver (udc_max32.c) crashes devices running Zephyr v4.4.0 when a physically connected USB host aborts an in-flight EP0 control transfer by sending a new SETUP packet - a completely legal USB protocol action. The race condition between interrupt-queued transfer-completion events and asynchronous FIFO draining by the driver thread causes net_buf_add(NULL, ...) when udc_buf_get() returns NULL on an empty FIFO, producing a near-NULL pointer dereference and device fault. No active exploitation has been confirmed (not in CISA KEV), and no public proof-of-concept code has been identified at time of analysis; real-world risk is constrained by the physical access prerequisite and the specific MAX32xxx hardware dependency.

Denial Of Service Null Pointer Dereference Zephyr
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW POC PATCH Monitor

Use-after-free in radare2's regprofile handler crashes the application for local users on versions up to 6.1.6. The vulnerable function r_core_seek_arch_bits in libr/core/disasm.c mismanages memory during architecture bit-seeking operations, allowing a local attacker with standard user privileges to trigger application termination. No confidentiality or integrity impact is present; this is a denial-of-service class finding with a publicly available proof-of-concept and no confirmed active exploitation in the wild.

Memory Corruption Denial Of Service Use After Free +1
NVD VulDB GitHub
EPSS 0% CVSS 1.9
LOW Monitor

Uncontrolled memory allocation in HdrHistogram versions up to 2.2.2 allows a local low-privileged attacker to cause denial of service by passing a crafted byte buffer to the AbstractHistogram.decodeFromByteBuffer method with a malicious numberOfSignificantValueDigits value. The affected Java library fails to validate this argument before using it to drive heap allocation, allowing JVM memory exhaustion in any application that processes attacker-influenced histogram data. Publicly available exploit code exists; no patch has been released as the project maintainer has not responded to the coordinated disclosure.

Java Denial Of Service
NVD VulDB GitHub
EPSS 0% CVSS 1.9
LOW Monitor

Uncontrolled memory allocation in HdrHistogram up to version 2.2.2 allows a local attacker with low-privilege access to crash a dependent Java application by supplying a crafted `lengthOfCompressedContents` value to the `decodeFromCompressedByteBuffer` function, exhausting JVM heap space and causing a denial-of-service. A public proof-of-concept exists (E:P per CVSS 4.0), though the vulnerability is not listed in CISA KEV, indicating no confirmed widespread active exploitation. The CVSS 4.0 score of 1.9 reflects the strictly local attack vector and limited impact scope - only availability at the vulnerable system level is affected.

Java Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW Monitor

Local denial-of-service in the grass Rust-based Sass compiler (versions up to and including 0.13.4) is triggerable by a local, low-privileged user who supplies crafted UTF-8 input to the `grass_compiler::raw_to_parse_error` function. Publicly available exploit code exists (CVSS 4.0 E:P), though no CISA KEV listing has been issued. The project maintainer has explicitly stated in Issue #117 that DoS in Sass compilers is considered acceptable behavior due to the inherently exponential nature of the @extend algorithm and other compile-time constructs, significantly reducing the urgency of a vendor-released fix.

Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW POC Monitor

Denial-of-service in the grass Sass compiler (up to v0.13.4) allows a local attacker with low privileges to trigger exponential resource consumption via a crafted stylesheet using the CSS @extend directive. The affected functions are grass_compiler::selector::extend and grass_compiler::evaluate::visitor, where the @extend algorithm's inherently exponential complexity can be exploited with a maliciously constructed input to hang or crash the compiler process. A public exploit has been disclosed; however, the project maintainer explicitly contests the severity, noting that DoS conditions are an accepted and expected limitation of Sass compilers by design.

Denial Of Service Grass
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW Monitor

Denial of service in NousResearch hermes-agent (versions up to 2026.4.30) is triggered by manipulating the `todos` argument passed to the `AIAgent.run_conversation` function via the HTTP API in `run_agent.py`. An authenticated remote attacker can send a crafted request to crash or resource-exhaust the agent process, disrupting availability for legitimate users. No public exploit identified at time of analysis is incorrect here - a public exploit exists (E:P in CVSS 4.0 vector; GitHub Gist referenced), and the vendor has not responded to disclosure, leaving no patch available.

Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC PATCH Monitor

Denial of service in omec-project's 5G Access and Mobility Management Function (AMF) versions up to 2.0.2 and 2.1.1 allows remote low-privileged attackers to crash the AMF process by sending a malformed NGSetupRequest message over the NGAP interface. A publicly available proof-of-concept exploit exists via GitHub issue #677, lowering the exploitation barrier substantially. No CISA KEV listing exists, but given the AMF's role as the central mobility and registration anchor in 5G core infrastructure, even a partial service disruption can deny connectivity across entire served cell areas.

Denial Of Service Amf
NVD VulDB GitHub
EPSS 1% CVSS 2.1
LOW POC PATCH Monitor

Denial of service in omec-project AMF (Access and Mobility Management Function) versions up to 2.1.1 allows a low-privileged remote attacker to crash or degrade the NGAP Message Handler by submitting a crafted RRCInactiveTransitionReport message, exploiting improper resource release (CWE-404). The vulnerability affects the 5G core network control plane component responsible for UE mobility and session management, making it a high-value target in operator and research 5G deployments. No active exploitation is confirmed via CISA KEV, but a public proof-of-concept has been disclosed via GitHub issue #676 and a patch commit exists.

Denial Of Service Amf
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW POC PATCH Monitor

Denial of service in the Open5GS AMF component (versions up to 2.7.7) can be triggered remotely by a low-privileged attacker via improper resource handling in the `amf_nnrf_handle_nf_discover` function of `src/amf/nnrf-handler.c`. The AMF is a critical 5G core control-plane element; crashing or hanging it disrupts mobility management and NF discovery for all connected UEs and network functions. A public proof-of-concept exists (GitHub issue #4517), and a patch commit has been identified, though the fix originates in a fork rather than the mainline repository.

Denial Of Service Open5gs
NVD VulDB GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in Gitea, the self-hosted open-source Git service, allows a remote unauthenticated attacker to exhaust server CPU by triggering catastrophic backtracking in the regular-expression engine that evaluates CODEOWNERS pattern matching. All versions prior to the fixed 1.26.3/1.26.4 releases are affected, and the CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N, A:H only) confirms network-reachable, low-complexity, no-authentication abuse with availability-only impact. There is no public exploit identified at time of analysis and EPSS is low (0.16%, 6th percentile), so exploitation risk is real but not yet widespread.

Authentication Bypass Denial Of Service Gitea Open Source Git Server
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote code execution in Microsoft Edge (Chromium-based) stems from a use-after-free (CWE-416) memory-corruption flaw that an unauthorized, remote attacker can trigger to run arbitrary code. Exploitation requires the victim to interact with attacker-controlled web content, and the CVSS 3.1 vector marks high attack complexity (AC:H) despite requiring no privileges (PR:N). Microsoft has released a fix; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Memory Corruption Google Microsoft +3
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Remote code execution in Microsoft Edge (Chromium-based) stems from a use-after-free (CWE-416) memory-corruption flaw that an unauthenticated, network-based attacker can trigger to run arbitrary code in the browser process. Exploitation requires the victim to interact — typically by visiting a malicious or compromised web page — and the CVSS 3.1 score of 8.3 reflects high attack complexity plus a scope change consistent with a renderer sandbox escape. There is no public exploit identified at time of analysis and no CISA KEV listing, though the underlying Chromium engine origin (tags reference Google) means a shared upstream root cause across Chromium browsers is likely.

Memory Corruption Google Microsoft +3
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote code execution in Microsoft Edge (Chromium-based) stems from a use-after-free memory corruption flaw (CWE-416) that an unauthorized network attacker can trigger to run arbitrary code in the browser process. Exploitation requires the victim to interact with attacker-controlled content (UI:R) and involves high attack complexity (AC:H), so a user must be lured to a malicious or compromised page. No public exploit has been identified at time of analysis, and the issue is not listed in CISA KEV; Microsoft has released a fix.

Memory Corruption Google Microsoft +3
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote code execution in Microsoft Edge (Chromium-based) stems from a use-after-free memory-corruption bug (CWE-416) that an unauthorized attacker can trigger over the network to run arbitrary code in the browser's context. Exploitation requires the victim to interact with attacker-controlled web content and the CVSS vector flags high attack complexity, so successful attacks are not trivial. There is no public exploit identified at time of analysis and no CISA KEV listing, but a vendor patch is available from Microsoft.

Memory Corruption Google Microsoft +3
NVD VulDB
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Microsoft Edge (Chromium-based) stems from a use-after-free memory corruption flaw (CWE-416) that lets an unauthenticated attacker run arbitrary code when a victim visits a malicious web page. All Edge Chromium versions prior to the vendor-patched build are affected, and the CVSS 3.1 base score is 8.8 (High). There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; exploitation requires user interaction such as browsing to attacker-controlled content.

Memory Corruption Google Microsoft +3
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Remote code execution in Microsoft Edge (Chromium-based) allows an unauthorized attacker to run arbitrary code when a victim views attacker-controlled web content, stemming from a use-after-free memory-corruption flaw (CWE-416). The scope-changed CVSS vector (S:C) indicates the bug can breach the browser's sandbox boundary. Microsoft has released a fix; there is no public exploit identified at time of analysis (CVSS E:U) and it is not listed in CISA KEV.

Memory Corruption Google Microsoft +3
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote code execution in Microsoft Edge (Chromium-based) lets an unauthenticated attacker run arbitrary code when a victim is lured into loading attacker-controlled web content that triggers a use-after-free memory corruption. The flaw carries a CVSS 3.1 base of 7.5 and requires user interaction, and the CVSS temporal metrics (E:U, RL:O, RC:C) indicate the issue is confirmed and officially patched with no public exploit identified at time of analysis. Because Edge shares Chromium's rendering engine, the underlying defect is likely rooted in an upstream Chromium/Blink component (the intel tags also reference Google).

Memory Corruption Google Microsoft +3
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote code execution in Microsoft Edge (Chromium-based) stems from a use-after-free (CWE-416) memory-corruption flaw that an unauthenticated attacker can trigger over the network when a victim loads attacker-controlled web content. Microsoft has released an official fix and rates the issue 7.5 (High), tempered by high attack complexity and required user interaction; the CVSS temporal data marks exploit maturity as Unproven (E:U), so there is no public exploit identified at time of analysis and no CISA KEV listing. The vendor tags ('Google', 'Use After Free', 'Denial Of Service') indicate this most likely tracks an upstream Chromium engine defect inherited by Edge.

Memory Corruption Google Microsoft +3
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Gitea versions before 1.25.5 do not enforce a timeout on git grep searches, allowing expensive searches to consume server resources.

Denial Of Service Gitea Gitea Open Source Git Server
NVD GitHub
EPSS 0% CVSS 7.3
HIGH This Week

Heap-based buffer overflow in GIMP's Paint Shop Pro (PSP) image format parser lets an attacker achieve arbitrary code execution or crash the application when a victim opens a maliciously crafted PSP file. The flaw stems from incorrect buffer-size arithmetic on low bit-depth images, and affects GIMP as shipped across Red Hat Enterprise Linux 6 through 9. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV; exploitation requires local file-open interaction (CVSS 7.3).

Heap Overflow Denial Of Service Buffer Overflow +5
NVD VulDB
EPSS 0% CVSS 4.2
MEDIUM This Month

Two off-by-one errors in FreeIPA's ipa-otpd daemon expose RHEL 6 through 10 deployments configured with an external OAuth2/OIDC Identity Provider to out-of-bounds memory access during the device authorization flow. An attacker who controls or can man-in-the-middle the configured IdP endpoint can serve an oversized authorization response, triggering CWE-787 writes or reads one byte past a fixed-size buffer boundary. The most probable outcome is denial of service of the ipa-otpd daemon; no public exploit has been identified and the vulnerability is not listed in the CISA KEV catalog.

Memory Corruption Denial Of Service Buffer Overflow +6
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Integer overflow in Dell PowerProtect Data Domain across multiple release trains (main, LTS2024, LTS2025, LTS2026) exposes backup and data protection infrastructure to remote denial of service by an unauthenticated attacker. The CVSS vector (AV:N/AC:H/PR:N) confirms network-accessible, unauthenticated exploitation, though high attack complexity constrains practical exploitation to adversaries who can satisfy specific preconditions. No public exploit has been identified at time of analysis, and the vulnerability has not been added to the CISA Known Exploited Vulnerabilities catalog.

Integer Overflow Dell Denial Of Service +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Format string exploitation in Dell PowerProtect Data Domain enables remote high-privileged attackers to disclose memory contents and crash the service across multiple concurrent release trains. Affected versions span the mainline (7.7.1.0-8.7), LTS2026 (8.6.1.0-8.6.1.10), LTS2025 (8.3.1.0-8.3.1.30), and LTS2024 (7.13.1.0-7.13.1.70) branches, creating broad organizational exposure for enterprises running any supported Data Domain release. No public exploit or confirmed active exploitation has been identified at time of analysis; the mandatory high-privilege prerequisite substantially constrains the realistic attacker pool.

Dell Denial Of Service Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Remote denial of service in the IMS (IP Multimedia Subsystem) implementation of Unisoc mobile chipsets allows an unauthenticated remote attacker to crash the affected component via an out-of-bounds read triggered by a missing bounds check. The flaw spans a broad range of Unisoc SoCs (SC7731E, SC9832E, SC9863A, T310/T610/T618, T7200-series, T8100/T8200/T8300, T9100) commonly used in budget Android smartphones. It carries CVSS 7.5 with availability-only impact and no confidentiality or integrity effect; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Denial Of Service Buffer Overflow Sc7731E Sc9832E Sc9863A T310 T610 T618 T7200 T7225 T7250 T7255 T7280 T7300 T8100 T9100 T8200 T8300
NVD VulDB
EPSS 0% CVSS 8.7
HIGH This Week

Denial-of-service in WatchGuard Fireware OS lets a remote, unauthenticated attacker crash the IKEv2 VPN service by sending specially crafted IKEv2 messages that trigger a null pointer dereference (CWE-476). The flaw affects appliances running Mobile User VPN with IKEv2 or Branch Office VPN over IKEv2 with a dynamic gateway peer, spanning Fireware OS 11.10.2 through 2026.2. No public exploit identified at time of analysis; the CVSS 4.0 score of 8.7 reflects high availability impact with no confidentiality or integrity loss.

Watchguard Denial Of Service Microsoft +2
NVD VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Signature forgery and denial-of-service in Libreswan's IKEv1 RSA authentication allows a remote unauthenticated attacker to impersonate an IKE peer or crash the daemon. The flaw lives in RSA_authenticate_hash_signature_raw_rsa(), which fails to validate the length of the authentication hash inside a PKCS #1 (RFC 2313) encoded SIG payload; when a peer uses a small RSA public exponent such as e=3, a Bleichenbacher-style forgery becomes feasible. There is no public exploit identified at time of analysis and it is not in CISA KEV, but the impersonation impact against IKEv1 raw-RSA authentication makes this a high-severity issue (CVSS 8.1); remote code execution is explicitly not possible and X.509 certificate verification is unaffected.

Jwt Attack Denial Of Service RCE +1
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Peer impersonation and denial-of-service in Libreswan IPsec/IKEv2 arises from improper DER/ASN.1 digest verification in RSA_authenticate_hash_signature_pkcs1_1_5_rsa() when the IKEv2 AUTH payload uses RSASSA-PKCS1-v1_5 signatures. A remote unauthenticated attacker can mount a Bleichenbacher-style forgery to impersonate a peer when small RSA public exponents (e.g., e=3) are in use, or send an undersized hash to trip an assertion that aborts and restarts the daemon for sustained DoS. A vendor patch is available and there is no public exploit identified at time of analysis; RCE is not possible and X.509 certificate verification of the peer is unaffected.

Jwt Attack Denial Of Service RCE +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Denial of service in the Libreswan IPsec VPN's pluto daemon allows remote unauthenticated attackers to crash and repeatedly restart the daemon by sending an invalidly formatted IKEv2 fragment. The off-by-one flaw affects any deployment permitting IKEv2 connections that do not explicitly set fragmentation=no, with no authentication or user interaction required; repeated exploitation sustains the outage. No public exploit identified at time of analysis, and no remote code execution is possible despite the mislabeled 'RCE' tag.

Denial Of Service RCE Libreswan
NVD VulDB
CVSS 7.1
HIGH PATCH This Week

Authentication/authorization bypass in SimpleSAMLphp's SAML Service Provider ACS handler allows a lower-trust but trusted IdP to satisfy login state that was created for a different, expected IdP. Because the ACS only logs (rather than rejects) a mismatch between the saved ExpectedIssuer and the actual response issuer, and because the code accepts an unsigned samlp:Response/@InResponseTo when the signed assertion lacks its own InResponseTo, an attacker holding a signed IdP-initiated assertion from IdP B can bind it to SP state intended for IdP A. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; impact is conditional on multi-IdP deployments where authorization depends on the selected IdP.

Denial Of Service
NVD GitHub
CVSS 7.5
HIGH PATCH This Week

Denial-of-service in the simplesamlphp/saml2 PHP library (and its saml2-legacy variant, used by SimpleSAMLphp) allows unauthenticated remote attackers to exhaust CPU/memory by submitting SAML messages containing malicious XPath transforms in XML Signature elements. The fix restricts the number of transforms and rejects XPath transforms entirely, permitting only the transform algorithms named in the SAML 2.0 Core specification. No public exploit has been identified at time of analysis and the flaw carries CVSS 7.5 (availability-only impact); it is not in CISA KEV.

Denial Of Service
NVD GitHub
CVSS 7.5
HIGH PATCH This Week

Remote denial of service in the Zebra Zcash full-node (zebrad) up to and including v4.4.1 lets an unauthenticated peer deterministically crash any synced node running the standard Linux dual-stack configuration. By completing a P2P handshake over IPv4 to a `[::]` listener and then advertising a single invalid mempool transaction (e.g. a coinbase), the attacker triggers a reachable-assertion panic in the address book after a 30-second batch flush, and `panic = "abort"` terminates the process. No public exploit has been identified at time of analysis, but the advisory documents the full reproduction path; the crash is repeatable after every restart, enabling persistent downtime.

Canonical Denial Of Service
NVD GitHub
CVSS 7.5
HIGH PATCH This Week

Denial of service in the JSONata JavaScript query/transformation library (npm 'jsonata') before 2.2.0 allows remote attackers to hang the event loop by supplying crafted, non-matching date strings to the $toMillis function, whose ISO-8601 validation regex is vulnerable to superlinear (catastrophic) backtracking. Any application that evaluates user-provided JSONata expressions or feeds attacker-controlled data into $toMillis is exposed. There is no public exploit identified at time of analysis and the flaw is not in CISA KEV, but EPSS/exploitation likelihood aside, the CVSS 7.5 (A:H) reflects a clean availability-only impact.

Denial Of Service
NVD GitHub
CVSS 5.9
MEDIUM PATCH This Month

Process abort in zebrad (Zcash Foundation's Rust node) up to v4.4.1 allows a malicious block producer to crash targeted nodes by submitting a child block that repeats a shielded V5 transaction from its non-finalized parent. The ordering bug in `Chain::push` causes an `assert_eq!` uniqueness check on `tx_loc_by_hash` to fire before the duplicate shielded-nullifier guard can cleanly reject the block; under Zebra's `panic = "abort"` release profile, this terminates the entire node process rather than returning a validation error. No public exploit or CISA KEV listing has been identified, but the vendor describes two concrete attack models requiring only modest mining hashrate, making targeted denial-of-service achievable in practice.

Denial Of Service Checkpoint
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

Double-free memory corruption in GIMP's PSP file format parser exposes local users to denial of service and potential arbitrary code execution when opening a specially crafted Paint Shop Pro image file. The flaw in read_layer_block() allows heap memory corruption that reliably crashes GIMP and, in a more sophisticated exploitation scenario, could enable arbitrary code execution with the privileges of the victim user. No public exploit has been identified and this vulnerability does not appear in the CISA KEV catalog, though upstream tagging of the issue as RCE-capable warrants patching in environments where GIMP users may open untrusted image files.

Denial Of Service Buffer Overflow RCE +4
NVD
CVSS 5.3
MEDIUM PATCH This Month

Repeated sync-stalling via a crafted P2P block response in Zebra (zebrad) v4.4.1 and earlier allows any unauthenticated peer to indefinitely delay a syncing node's chain catch-up by forcing 67-second global sync restart cycles. The root cause is that the AboveLookaheadHeightLimit error variant in the sync download pipeline does not carry the advertiser's peer address, so the offending peer is never scored or disconnected, and the restart cancels all in-flight downloads from honest peers on every cycle. No public exploit has been identified at time of analysis, but the vendor advisory confirms the attack requires no authentication, mining capability, or valid chain data - only a standard post-handshake P2P connection.

Denial Of Service
NVD GitHub
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Information disclosure and denial of service in JuiceFS through 1.3.1 lets remote attackers reach Go pprof debug and Prometheus metrics endpoints that are inadvertently exposed because handlers are registered on the shared http.DefaultServeMux. By fetching /debug/pprof/cmdline an attacker recovers the process command line, which embeds the metadata engine connection string and its database credentials, effectively yielding full read/write control over filesystem metadata; other pprof and profiling handlers leak internal state and can be abused to exhaust resources. Reported by VulnCheck with an upstream fix in commit a46979c; no public exploit identified at time of analysis and it is not listed in CISA KEV.

Authentication Bypass Denial Of Service Juicefs
NVD GitHub
CVSS 5.3
MEDIUM PATCH This Month

Mempool admission in zebrad up to v4.4.1 can be completely blocked by a single unauthenticated P2P peer using minimal bandwidth (~1 KB/s), exploiting absent per-peer slot accounting in the transaction download/verification pipeline. By advertising fake transaction IDs via inv messages, an attacker holding one TCP connection can monopolize all 25 MAX_INBOUND_CONCURRENCY slots, causing every subsequent inbound transaction from honest peers - and local RPC sendrawtransaction calls - to fail with MempoolError::FullQueue indefinitely. No public exploit has been identified at time of analysis; the issue is fixed in zebrad 4.5.0.

Denial Of Service
NVD GitHub
EPSS 0% CVSS 7.1
HIGH POC PATCH This Week

Denial of service in LobeChat before 2.2.10-canary.15 lets an authenticated user hang the entire Node.js server by importing a GitHub-hosted skill whose repository URL path contains a catastrophic-backtracking regex pattern. Because the malicious basePath is compiled into a dynamic regular expression in findSkillMd and matched synchronously against archive entries, a single request blocks the shared event loop for tens of seconds, denying service to all concurrent users. Publicly available exploit code exists and a vendor patch is available, though there is no public exploit identified as being used in active exploitation.

Node.js Denial Of Service Lobehub
NVD GitHub
EPSS 1% CVSS 8.7
HIGH PATCH This Week

Memory-exhaustion denial of service in Eclipse Wakaama (an OMA LwM2M client/server library) before snapshot 2026-05-26 allows unauthenticated remote attackers to crash the server by streaming CoAP Block1 PUT requests. The CoAP Block1 handler in coap/block.c appends each incoming block to a reassembly buffer without capping total size, so an attacker reaching the UDP registration endpoint can force unbounded reallocation until memory is exhausted. Reported by VulnCheck with a vendor patch available; no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Denial Of Service Wakaama
NVD GitHub
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Remote denial of service in Erlang/OTP's ssl application (dtls_packet_demux module) lets an unauthenticated attacker crash every active DTLS session on a listener by rapidly reconnecting from the same source IP and port. Because a single shared demux gen_server routes all UDP datagrams for a listener, its TOCTOU-induced crash takes down all clients, not just the attacker's, and can be repeated for a persistent outage. No public exploit is identified at time of analysis, and the issue is not listed in CISA KEV.

Denial Of Service Otp
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Infinite loop denial-of-service in Erlang OTP's ssh_sftpd module allows an authenticated SFTP user to permanently freeze individual SFTP channel processes by sending SSH_MSG_CHANNEL_EXTENDED_DATA frames. The affected function handle_data/4 tail-calls itself indefinitely when it receives extended-data channel messages (type != 0) with an empty pending buffer, because the SFTP protocol never expects such messages and the catch-all clause has no exit condition for them. No public exploit code or active exploitation has been identified at time of analysis; the vulnerability was disclosed and patched by the Erlang Ecosystem Foundation.

Denial Of Service Otp
NVD GitHub VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Denial of service in the Erlang/OTP ssl application (OTP 22.2 through 29.0.3, and the 28.5.x/27.3.x maintenance branches) lets an unauthenticated remote attacker permanently disable TLS 1.3 session ticket handling on a listener with a single crafted ClientHello. Because the pre-shared key extension's identity list and binder list are not length-checked before being handed to the session ticket handler, a mismatched OfferedPreSharedKeys record crashes that process, causing all subsequent TLS 1.3 handshakes to fail at ticket issuance until the ssl application is restarted. No public exploit identified at time of analysis and it is not on CISA KEV, but the CVSS 4.0 base score of 8.2 reflects the trivial, pre-authentication trigger.

Denial Of Service Otp
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Server-Side Request Forgery in Ubiquiti's UniFi Talk Application allows a network-positioned attacker to coerce the application into making unintended internal requests, resulting in a Denial of Service and an authentication bypass against certain UniFi Talk API endpoints. The flaw carries CVSS 7.5 (scope-changed, high availability impact) and is reachable by remote attackers without authentication (PR:N), though a high attack complexity (AC:H) constrains reliable exploitation. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

SSRF Ubiquiti Denial Of Service +1
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in Ubiquiti's UniFi Network Application allows a remote, unauthenticated attacker with network access to crash or render the application unavailable by sending malformed input that the application fails to properly validate (CWE-20). The flaw carries a CVSS 7.5 rating driven entirely by availability impact (C:N/I:N/A:H), with no confidentiality or integrity consequences. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Ubiquiti Denial Of Service Unifi Network Application
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

NULL pointer dereference in the GFAC_Sys_x64.sys kernel driver of Little Orbit's GameFirst Anti-Cheat enables a local low-privileged attacker to crash the entire Windows system by sending crafted requests to the driver. All versions released up to 2025-07-07 are affected per EUVD-2026-41377. A public GitHub repository containing proof-of-concept exploit code covering this CVE alongside two sibling vulnerabilities (CVE-2026-12167, CVE-2026-12168) exists, though no active exploitation has been confirmed by CISA KEV.

Denial Of Service Gamefirst Anti Cheat
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Uncontrolled memory consumption in open62541's OPC UA Discovery Service allows a remote, unauthenticated attacker to crash or degrade servers by abusing the GetEndpoints request handling. Because the endpointUrl field length is never validated, an attacker can advertise a string up to ~4.09 GB and stream it across incomplete message chunks that the server buffers in RAM indefinitely until the SecureChannel times out, exhausting available memory. The flaw is pre-session and works against any encryption configuration; no public exploit is identified at time of analysis, and it is not listed in CISA KEV.

Denial Of Service Open62541 Red Hat
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Eclipse Parsson before 1.1.8 lets remote unauthenticated attackers exhaust CPU and memory on any application that parses attacker-controlled JSON. Because the parser enforced no default cap on characters consumed per document, a single oversized payload - large arrays, strings, numbers, deep nesting, or whitespace - can hang or crash the service. No public exploit is identified at time of analysis; the fix (1.1.8) adds a configurable default limit of 15 million parser-consumed characters.

Denial Of Service Eclipse Parsson
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote memory exhaustion in open62541's FindServers Discovery Service lets an unauthenticated attacker crash or degrade OPC UA servers built on versions 1.4.0-1.4.16, 1.5.0-1.5.4, and master. Because the serverUris field of a FindServersRequest is never validated for length or array size, an attacker can declare a string of up to ~3.9 GB and stream it across chunks while withholding the final chunk, forcing the server to buffer everything in RAM until the SecureChannel times out. The attack is pre-session, requires no authentication, and bypasses all encryption configuration; no public exploit identified at time of analysis.

Denial Of Service Open62541
NVD GitHub VulDB
EPSS 0% CVSS 8.1
HIGH This Week

Arbitrary file deletion in the Image Optimizer plugin for WordPress (versions up to and including 1.7.4) lets an authenticated attacker with Author-level access or higher delete any file the web server can write to, potentially causing denial of service, data loss, or removal of security-relevant files such as wp-config.php. The flaw stems from the plugin trusting attacker-controllable backup paths stored in post meta. This was reported by Wordfence; no public exploit identified at time of analysis, and it is not listed in CISA KEV.

WordPress Denial Of Service
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in the UTT nv518G security gateway (firmware nv518GV3 v3.2.7-210919-210919/161313) lets a remote, unauthenticated attacker crash or hang the device by triggering uncontrolled resource consumption in the gohead/sub_445C5C (FUN_00445c5c) handler of the built-in GoAhead-style web management daemon. No public exploit is identified in the source data, though a GitHub technical write-up reverse-engineering the vulnerable function is available; EPSS is low (0.20%, 10th percentile) and the CVE is not on CISA KEV, so exploitation is theoretical rather than confirmed. Impact is limited to availability (network outage of the gateway) with no confidentiality or integrity loss.

Denial Of Service N A
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_483ba0 component

Denial Of Service Buffer Overflow N A
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Denial-of-service via buffer overflow in UTT nv518G firmware (nv518GV3v3.2.7-210919-161313) allows an adjacent-network attacker to crash the device by sending a crafted request to the GoAhead embedded webserver's sub_497498 handler. The vulnerability is rooted in CWE-119 (improper bounds restriction) and requires no authentication, meaning any host on the same LAN segment can trigger device unavailability. A GitHub-hosted CVE report with technical detail exists, indicating publicly available exploit code, though EPSS at 0.22% (13th percentile) reflects low observed exploitation probability - consistent with the limited geographic and market footprint of UTT devices.

Denial Of Service Buffer Overflow N A
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Remote denial of service in the UTT nv518G security gateway/router (firmware nv518GV3v3.2.7-210919-161313) allows an unauthenticated attacker to crash the device by triggering a buffer overflow in the gohead/sub_444C8C function of its embedded web management service. The flaw impacts availability only - no code execution, data disclosure, or integrity loss is indicated - and CVSS rates it 7.5 (High). No public exploit identified at time of analysis, though a GitHub reverse-engineering report documents the vulnerable function; EPSS is low at 0.22% (13th percentile) and it is not on the CISA KEV list.

Denial Of Service Buffer Overflow N A
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in the UTT nv518G security gateway/router (firmware nv518GV3v3.2.7-210919-161313) lets remote attackers crash the device by triggering a buffer overflow in the gohead web-management component's sub_487330 (FUN_00487330) function. The CVSS vector indicates unauthenticated network exploitation with availability-only impact, EPSS is low at 0.22% (13th percentile), and no active exploitation is recorded, though a public technical write-up of the flawed function exists on GitHub.

Denial Of Service Buffer Overflow N A
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Memory Corruption Google Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution risk in Google Chrome's V8 JavaScript engine (versions prior to 150.0.7871.46) arises from a use-after-free that a remote attacker can trigger by luring a victim to a crafted HTML page, leading to heap corruption and potential arbitrary code execution in the renderer. The CVSS 8.8 rating reflects high impact with only user interaction (visiting a page) required, though Google rated the Chromium security severity as Low and no public exploit is identified at time of analysis. EPSS is low at 0.18% (8th percentile) and CISA SSVC records no known exploitation.

Memory Corruption Denial Of Service Use After Free +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use-after-free in Chrome's V8 JavaScript engine (versions before 150.0.7871.46) lets a remote attacker achieve arbitrary code execution inside the renderer sandbox by luring a victim to a crafted HTML page. Chromium rated this Medium severity, but the CVSS 8.8 reflects high confidentiality, integrity, and availability impact requiring only a single user click; there is no public exploit identified at time of analysis and CISA's SSVC framework records no known exploitation. Because scope is unchanged (S:U), code execution is confined to the sandbox and does not by itself constitute a full host compromise.

Memory Corruption Google Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's V8 JavaScript engine (versions prior to 150.0.7871.46) allows an attacker to run arbitrary code inside the renderer sandbox when a victim visits a crafted HTML page. The flaw is a use-after-free (CWE-416) reported by Google's own Chrome team; Chromium rated it Medium severity while NVD assigns CVSS 8.8. No public exploit has been identified at time of analysis, and CISA's SSVC framework records exploitation status as 'none'.

Memory Corruption Google Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)

Memory Corruption Google Denial Of Service +3
NVD
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's Skia graphics library affects all desktop Chrome builds prior to 150.0.7871.46, where a use-after-free (CWE-416) triggered by a crafted HTML page can let a remote attacker break out of the renderer sandbox. Google rates the Chromium severity Critical and CVSS is 9.6, but there is no public exploit identified at time of analysis and CISA's SSVC records exploitation status as none. A vendor patch is available in the June 2026 Stable channel release.

Memory Corruption Denial Of Service Use After Free +2
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's Dawn (WebGPU) component affects all desktop builds prior to 150.0.7871.46, where a use-after-free lets a remote attacker who lures a victim to a crafted HTML page potentially break out of the renderer sandbox. Google rates the Chromium severity Critical, and the CVSS 3.1 score of 9.6 reflects a scope-changing memory-corruption bug. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, though a vendor patch is already shipping in the Stable channel.

Memory Corruption Denial Of Service Use After Free +2
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on macOS (versions prior to 150.0.7871.46) stems from a use-after-free in Dawn, Chrome's WebGPU/graphics abstraction layer, and allows a remote attacker who lures a victim to a crafted HTML page to potentially break out of the renderer sandbox and gain higher-privileged code execution on the host. The flaw is rated High by Chromium and carries a CVSS 9.6 due to its network attack vector, low complexity, and scope change. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, and CISA's SSVC framework currently marks exploitation as 'none' though technical impact as 'total'.

Memory Corruption Denial Of Service Use After Free +2
NVD
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's ANGLE graphics component affects all desktop builds prior to 150.0.7871.46, where a use-after-free condition lets a remote attacker who lures a victim to a crafted HTML page potentially break out of the renderer sandbox. Chromium rates the severity High and a fixed stable-channel build is available, but SSVC records no observed exploitation and no public exploit identified at time of analysis. The high CVSS (9.6) is driven by the scope change inherent to sandbox escape rather than confirmed real-world abuse.

Memory Corruption Denial Of Service Use After Free +2
NVD
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's ANGLE graphics layer lets a remote attacker who lures a victim to a crafted HTML page break out of the renderer sandbox and gain code execution in a higher-privilege context. All Chrome desktop builds prior to 150.0.7871.46 are affected. Chromium rated the underlying use-after-free High severity; no public exploit has been identified at time of analysis and SSVC records exploitation status as none.

Memory Corruption Denial Of Service Use After Free +2
NVD
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's ANGLE graphics layer prior to version 150.0.7871.46 lets a remote attacker break out of the renderer sandbox when a victim opens a crafted HTML page. Rated Critical by Chromium with a 9.6 CVSS score, the flaw is a use-after-free (CWE-416) requiring only that the target visit a malicious site. No public exploit or active exploitation is identified at time of analysis, and CISA's SSVC assessment lists exploitation as none.

Memory Corruption Denial Of Service Use After Free +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in the UTT nv518G gateway/router (firmware nv518GV3v3.2.7-210919-161313) lets a remote attacker crash the device by sending crafted input to the gohead/sub_448384 (FUN_00448384) handler, triggering a stack-based buffer overflow. The CVSS 3.1 vector marks it network-reachable and unauthenticated with high availability impact but no confidentiality or integrity effect. Publicly available exploit code exists via a GitHub CVE report; there is no CISA KEV listing and no EPSS score in the provided data.

Buffer Overflow Denial Of Service Stack Overflow
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in the gazebo_plugins package (v3.9.0), specifically the differential-drive controller gazebo_ros_diff_drive.cpp, lets attackers crash the affected simulation/robot-control node by publishing a specially crafted geometry_msgs::Twist velocity command. Any actor able to reach the relevant ROS topic can trigger the fault because the plugin fails to validate the incoming message before processing it (CWE-20). Reported via MITRE with a public proof-of-concept (demo video and technical write-up); not listed in CISA KEV, and EPSS exploitation probability is low at 0.15% (5th percentile).

Denial Of Service
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in OpenTelemetry Java Instrumentation before 2.27.0 lets an attacker who can reach an RMI endpoint on an instrumented JVM send an oversized context-propagation payload that triggers excessive memory allocation. The RMI payload reader caps the number of context entries but never bounds the aggregate size of the strings it reads, so a single crafted request can exhaust heap and crash or stall the JVM. No public exploit is identified at time of analysis, EPSS is low (0.24%), and CISA SSVC records no observed exploitation, but the flaw is network-reachable and unauthenticated wherever RMI instrumentation is enabled and exposed.

Java Denial Of Service Opentelemetry Java Instrumentation
NVD GitHub
EPSS 0% CVSS 2.7
LOW PATCH Monitor

Wagtail CMS versions prior to 7.0.8, 7.3.3, and 7.4.2 expose a resource exhaustion vector where authenticated admin users can submit purposefully crafted image filter specification strings that trigger disproportionately expensive rendition processing on the server, resulting in service degradation for all site users. The vulnerability is constrained to admin-level authenticated users and cannot be triggered by ordinary unauthenticated site visitors, materially limiting real-world attack surface. No public exploit code and no CISA KEV listing have been identified at time of analysis, placing this in the low-priority tier for most deployments.

Python Denial Of Service Wagtail
NVD GitHub
Prev Page 6 of 406 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy