Denial Of Service

nghttp2 before version 1.68.1 fails to properly validate internal state when session termination APIs are invoked, allowing an attacker to send a malformed frame that triggers an assertion failure and crashes the application. This denial of service vulnerability affects applications using the nghttp2 HTTP/2 library and can be triggered remotely without authentication or user interaction. No patch is currently available to remediate this issue.

This vulnerability is a race condition in the Linux kernel's F2FS file system that causes flag inconsistency between concurrent atomic commit and checkpoint write operations. The issue affects all Linux kernel versions with F2FS support (cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*), allowing information disclosure through incorrect inode state recovery after sudden power-off (SPO) scenarios. An attacker with local file system access during atomic write operations could trigger the race condition, leading to potential data inconsistency and information leakage when the system recovers.

A divide-by-zero vulnerability exists in the Linux kernel's rivafb framebuffer driver in the nv3_arb() function, which can be triggered by unprivileged userspace applications via the FBIOPUT_VSCREENINFO ioctl call on /dev/fb* devices. An attacker can crash the kernel by crafting a malicious or misconfigured PCI device that exposes a bogus PRAMDAC MCLK PLL configuration, causing the state->mclk_khz divisor to become zero. This is a Denial of Service vulnerability affecting the Linux kernel across multiple stable versions, with patches available in the kernel git repository.

A vulnerability in the Linux kernel's f2fs (Flash-Friendly File System) implementation fails to validate node footer integrity during asynchronous read and write I/O operations, allowing corrupted node page data to trigger a kernel BUG and cause denial of service. This affects all Linux kernel versions using f2fs, particularly those processing untrusted or fuzzed filesystem images. An attacker with the ability to craft a malicious f2fs filesystem image can trigger a kernel panic when the corrupted node page is written back, resulting in system unavailability.

A logic error in the Linux kernel's AMD GPU driver causes system crashes when two AMD GPUs are present and only one supports ASPM (Active State Power Management). The vulnerability stems from a commit that was erroneously reapplied after being removed in a prior refactoring, leading to incorrect ASPM state evaluation across multiple devices. Systems running affected Linux kernel versions with heterogeneous AMD GPU configurations (mixed ASPM support) will experience denial of service through kernel crashes.

This vulnerability is a memory leak in the Linux kernel's io_uring subsystem, specifically within the zero-copy receive (zcrx) implementation where a page array fails to be deallocated during scatter-gather initialization failures. The vulnerability affects all Linux kernel versions with the vulnerable io_uring/zcrx code path, allowing local attackers with the ability to trigger failed scatter-gather operations to exhaust kernel memory and cause denial of service. No active exploitation has been reported, but this is a kernel memory management issue with straightforward local triggering conditions.

A memory corruption vulnerability exists in the Linux kernel's Google Virtual Ethernet (gve) driver where dynamic queue count changes cause misalignment between the driver's stats region and the NIC's offset calculations. When queue counts increase, the NIC can write past the allocated stats region boundary causing heap corruption; when decreased, stats data becomes misaligned. This affects Linux kernel versions across multiple stable branches (as evidenced by patches in 5.10, 5.15, 6.1, 6.6, 6.7, 6.8, and 6.9 series). The vulnerability is not currently listed as actively exploited in KEV, but represents a critical reliability and security issue for systems using Google Cloud Platform infrastructure with the affected gve driver.

This vulnerability is a resource leak in the Linux kernel's NVMe/FC (NVMe over Fibre Channel) driver where the admin tag set and associated block I/O queue resources fail to be released if controller initialization encounters errors after the admin queue is allocated. The affected product is the Linux kernel across all versions that include the vulnerable nvme-fc code path. An attacker or malicious process could trigger repeated failed NVMe/FC controller initialization attempts to exhaust kernel memory through cumulative tag set leaks, potentially leading to denial of service. This is not actively exploited in the wild (not listed in CISA KEV), but patches are available across multiple kernel branches.

A memory leak vulnerability exists in the Linux kernel's regmap maple tree caching implementation where allocated memory is not freed when the mas_store_gfp() function fails during a write operation. This affects all Linux kernel versions containing the vulnerable regcache_maple_write() function, potentially allowing local attackers to exhaust kernel memory through repeated cache write failures. While no CVSS score or EPSS data is currently available, the vulnerability has been assigned CVE-2026-23260 and multiple stable kernel patches are available, indicating this is a recognized and actively addressed issue.

A memory management vulnerability exists in the Linux kernel's io_uring subsystem where allocated iovec buffers may fail to be properly freed when a read/write request cannot be recycled back to the rw_cache. This affects all Linux kernel versions with the vulnerable io_uring/rw code path, potentially allowing local attackers to trigger memory leaks that degrade system performance or enable denial of service conditions. The vulnerability has been patched in the Linux kernel stable trees as evidenced by the provided commit references.

A memory leak vulnerability exists in the Linux kernel's Liquidio network driver within the setup_nic_devices() function where the netdev pointer is not initialized in the oct->props[i].netdev structure before calling queue setup functions. If netif_set_real_num_rx_queues() or netif_set_real_num_tx_queues() fail, the allocated netdev memory is not freed because the cleanup function liquidio_destroy_nic_device() cannot locate it via the NULL pointer. This affects all Linux kernel versions with the Liquidio driver and allows for memory exhaustion through repeated device initialization failures.

A race condition vulnerability exists in the Linux kernel's /proc/net/ptype implementation where concurrent readers and writers violate RCU (Read-Copy-Update) synchronization rules, allowing information disclosure through unsafe access to device pointers. The vulnerability affects all Linux kernel versions with the vulnerable ptype_seq_show() and ptype_seq_next() functions. An attacker with local access can trigger RCU stalls, kernel panics, or read uninitialized kernel memory by racing concurrent packet type structure modifications against /proc/net/ptype reads, potentially leaking sensitive kernel data or causing denial of service.

A vulnerability in the Linux kernel's Generic Receive Offload (GRO) implementation for UDP traffic causes incorrect network offset calculations when processing encapsulated packets. The flaw affects all Linux kernel versions where the GRO subsystem handles UDP encapsulation, as specified in the CPE cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*. When hardware NICs, the tun driver, or veth setups inject packets with the encapsulation flag set, the udp4_gro_complete() function incorrectly computes the outer UDP header pseudo checksum using the inner network offset, leading to checksum validation failures that can disrupt packet processing and potentially cause denial of service or packet drops. No active exploitation has been reported in the wild, and no public proof-of-concept code is known to exist, though the vulnerability is triggered through normal network operations involving UDP-encapsulated traffic.

A resource leak vulnerability exists in the Linux kernel's btrfs filesystem implementation where reserved qgroup data fails to be freed in error paths during inline extent insertion operations. This affects all Linux versions with vulnerable btrfs code, and allows local attackers with filesystem write access to exhaust kernel memory resources through repeated failed inline extent insertions, potentially causing denial of service. No active exploitation in the wild has been reported, but kernel memory exhaustion vulnerabilities are routinely targeted by local privilege escalation chains.

A specially crafted Socket.IO packet can cause the server to allocate unbounded memory by waiting for and buffering a large number of binary attachments, leading to denial of service through memory exhaustion. The vulnerability affects socket.io-parser versions across multiple major releases (v2.x, v3.x, and v4.x) used by Socket.IO server and client implementations. No EPSS score or KEV listing is available, but patches have been released by the vendor.

A memory allocation failure vulnerability exists in the Linux kernel's XFS filesystem checking code where the xchk_xfile_*_descr macros call kasprintf with formatted strings that can exceed safe allocation limits, leading to potential denial of service or information disclosure. This affects Linux kernel versions 6.6 through 6.14 and later releases including 6.18.16, 6.19.6, and 7.0-rc1, with the vulnerability discoverable through syzbot fuzzing by researcher Jiaming Zhang. While no active exploitation has been confirmed, the issue represents a path to failure in a core filesystem validation component that could be triggered by malicious or malformed filesystem structures.

A null pointer dereference vulnerability exists in the XFS filesystem checker (xchk_scrub_create_subord) in the Linux kernel, where the function returns a mangled ENOMEM error instead of NULL, and callers fail to properly validate the return value. This affects Linux kernel versions 6.2 through 6.10 and later stable branches, potentially allowing a local attacker with filesystem access to trigger a denial of service condition through unhandled memory allocation failures during XFS filesystem integrity checks.

A null pointer dereference vulnerability exists in the Linux kernel's XFS filesystem repair code when revalidating B-tree structures during fsck operations. The vulnerability affects Linux kernel versions across multiple release branches (6.8, 6.12.75, 6.18.16, 6.19.6, and 7.0-rc1) when the xfs_scrub utility attempts to repair both the free space B-tree (bnobt) and count B-tree (cntbt) simultaneously. An authenticated attacker with fsck/scrub privileges can trigger a kernel crash (denial of service) by injecting corruption markers via XFS_IOC_ERROR_INJECTION ioctl, causing the kernel to crash when the second B-tree revalidation is attempted after the first one fails and nullifies a required cursor.

A Denial of Service vulnerability exists in pypdf (Python PDF library) where an attacker can craft a malicious PDF file that causes excessive runtime and memory consumption by exploiting improper handling of array-based streams with large numbers of entries. All versions of pypdf prior to 6.9.1 are affected. An attacker can remotely trigger resource exhaustion on any system processing untrusted PDF files with this library, potentially causing application crashes or service unavailability.

Frigate video surveillance software contains an authentication bypass vulnerability allowing users with viewer role privileges to delete administrator and other user accounts via an unrestricted API endpoint. The vulnerability affects the Frigate Python package (pkg:pip/frigate) and has been confirmed with a proof-of-concept demonstration successfully deleting the admin user on the demo.frigate.video instance. This leads to denial of service and compromises data integrity by allowing unauthorized account deletions.

The ujson Python library prior to version 5.12.0 contains an integer overflow/underflow vulnerability in the dumps() function that can crash the Python interpreter (segmentation fault) or cause an infinite loop, leading to denial of service. The vulnerability affects applications that allow untrusted users to control the indent parameter when serializing JSON, or that use large negative indent values with nested data structures. A proof-of-concept demonstrating both the segfault and infinite loop conditions is provided in the vulnerability disclosure, though there is no evidence of active exploitation (not in KEV).

ujson versions 5.4.0 through 5.11.0 contain a memory leak in JSON parsing of large integers outside the range [-2^63, 2^64 - 1], allowing remote denial of service attacks against services processing untrusted JSON input. An attacker can craft malicious JSON payloads with oversized integers to exhaust memory and crash vulnerable applications. A patch is available.

An Insecure Direct Object Reference (IDOR) vulnerability exists in the Langflow API key deletion endpoint that allows any authenticated user to delete API keys belonging to other users. The delete_api_key_route() function in langflow version prior to 1.7.2 fails to verify ownership of API keys before deletion, enabling attackers to enumerate and delete arbitrary API keys by manipulating the api_key_id UUID parameter. A patch is available from the vendor as of version 1.7.2, addressing this authentication bypass that could lead to account takeover and denial of service.

A memory allocation vulnerability exists in the Linux kernel's NVMe Persistent Reservation implementation where the nvme_pr_read_keys() function fails to properly handle large num_keys values passed from userspace, resulting in excessive memory allocation attempts up to 4MB that trigger page allocator warnings and potential denial of service. This affects Linux kernel versions across multiple stable branches (6.5, 6.12.77, 6.18.17, 6.19.7, and 7.0-rc3) and requires local access with ioctl privileges to trigger. The vulnerability is addressed through replacement of kzalloc() with kvzalloc() to support larger allocations via vmalloc fallback, and patches are available across multiple kernel stable branches.

A null pointer dereference vulnerability exists in the Linux kernel's RDMA/siw (Software iWARP) module in the TCP receive data path handler. When siw_get_hdr() returns an error before initializing the receive FPDU context, the error handling code attempts to dereference qp->rx_fpdu without null checking, potentially causing a kernel panic and denial of service. The vulnerability affects multiple Linux kernel versions across stable branches (5.10, 5.15, 6.1, 6.6, 6.12, and others) and has been patched across numerous kernel releases.

A denial-of-service vulnerability exists in the Linux kernel's ntfs3 file system driver where a malformed NTFS image with a zero-sized ATTR_LIST attribute triggers an infinite loop during file system mount operations. The vulnerability affects Linux kernel versions across multiple stable branches (5.15, 6.1, 6.6, 6.12, 6.18, 6.19, and 7.0-rc1) and can cause the kernel to hang indefinitely, preventing normal system operation. An attacker can exploit this by providing a crafted NTFS image file that triggers the loop when mounted, requiring no special privileges and resulting in complete denial of service for affected systems.

An infinite loop vulnerability exists in the Linux kernel's ntfs3 filesystem implementation that allows attackers to trigger a denial-of-service condition through malformed NTFS directory entries. A crafted dentry with the HAS_SUB_NODE flag and manipulated VCN pointer can cause the indx_find() function to repeatedly allocate 4 KB memory blocks without proper loop detection, leading to memory exhaustion and kernel out-of-memory crashes. The vulnerability affects multiple stable Linux kernel versions across 5.15, 6.1, 6.6, 6.12, 6.18, and 6.19 series, and patches have been released for all affected branches.

An infinite loop vulnerability exists in the Linux kernel's NTFS3 file system implementation within the attr_load_runs_range() function, triggered by inconsistent metadata where an attribute header claims to be empty (evcn=-1) while directory entries reference it as containing actual data. This vulnerability affects Linux kernel versions across multiple stable branches (5.15, 6.1, 6.6, 6.12, 6.18, 6.19, and 7.0-rc1) and can be exploited by an attacker mounting a malformed NTFS image to cause a Denial-of-Service condition by inducing infinite CPU consumption in kernel space.

A buffer overflow vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Unauthenticated remote attackers can exhaust memory in Red Hat Build of Keycloak 26.4 and 26.4.10 by sending highly compressed SAML requests that bypass decompression size limits, triggering denial of service. The vulnerability affects SAML Redirect Binding implementations that fail to enforce resource constraints during DEFLATE decompression, allowing attackers to crash the application with OutOfMemoryError conditions. No patch is currently available.

OpenClaw versions before 2026.2.19 are vulnerable to regex injection and denial of service through unescaped Feishu mention metadata in the stripBotMention function. An unauthenticated network attacker can craft malicious mention metadata containing nested-quantifier patterns or regex metacharacters to trigger catastrophic backtracking, block message processing, or remove unintended content before model processing, with a CVSS score of 6.5 indicating medium severity with integrity and availability impact. Patch availability exists from the vendor via GitHub commits, and proof-of-concept details are available through VulnCheck advisory references.

A Regular Expression Denial of Service (ReDoS) vulnerability exists in aaPanel v7.57.0's VirtualHost configuration handling and parser component, allowing attackers to trigger catastrophic backtracking in regex pattern matching through specially crafted input. This vulnerability affects the aaPanel web server control panel management system, enabling unauthenticated or authenticated attackers to exhaust server resources and cause service unavailability. The vulnerability has been documented in public repositories including the mbiesiad vulnerability research project, indicating proof-of-concept or technical details may be available.

Giflib 5.2.2 contains a buffer overflow in the EGifGCBToExtension function that fails to validate allocated memory when processing Graphic Control Extension blocks, enabling remote attackers to trigger denial of service conditions. Public exploit code exists for this vulnerability, though no patch is currently available. The flaw affects any application using the vulnerable giflib version to process GIF files from untrusted sources.

A resource exhaustion vulnerability in IBM i 7.6 allows unauthenticated remote attackers to cause a denial of service by overwhelming the system with failed authentication attempts. The vulnerability stems from improper resource allocation during authentication processing, enabling attackers to consume system resources without valid credentials. While no active exploitation or proof-of-concept has been reported, the high CVSS score of 7.5 reflects the ease of remote exploitation without authentication.

CVE-2026-32256 is a security vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation.

A denial of service vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

A bypass vulnerability in fast-xml-parser allows attackers to circumvent entity expansion limits through numeric character references (&#NNN;) and standard XML entities, causing denial of service via excessive memory allocation and CPU consumption. The vulnerability affects fast-xml-parser versions 5.x through 5.5.5, completely bypassing security controls added in the previous CVE-2026-26278 fix. A proof-of-concept demonstrates that even with strict limits configured (maxTotalExpansions=10), an attacker can inject 100,000+ numeric entities to consume hundreds of megabytes of memory.

A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause a crash in applications using the MongoDB C driver.

PowerShell Universal versions before 2026.1.4 contain an improper input validation vulnerability in the apps and endpoints configuration system that allows authenticated users with creation or modification permissions to inject malicious URL paths that override existing application or system routes. This vulnerability can result in unintended request routing where legitimate traffic is redirected to attacker-controlled endpoints, as well as denial of service conditions through route conflicts. The vulnerability requires high-level authentication privileges (PR:H) but has been formally documented in the ENISA EUVD database (EUVD-2026-12636) and poses a real risk to multi-tenant PowerShell Universal deployments where administrative controls may not be strictly enforced.

Denial of service in dr_libs 0.13.3 and earlier enables local attackers with user privileges to exhaust system memory by supplying malicious PICTURE metadata blocks with oversized length fields in FLAC streams. The vulnerability resides in improper bounds checking during metadata parsing, allowing uncontrolled memory allocation that crashes applications processing affected audio files. No patch is currently available.

Miniaudio versions 0.11.25 and earlier are vulnerable to a heap out-of-bounds read in the WAV BEXT metadata parser when processing specially crafted WAV files. An attacker can exploit improper null-termination handling in the coding history field to trigger memory access violations, causing application crashes or denial of service. No patch is currently available for affected Debian and Miniaudio distributions.

Stack-based buffer overflow in Wazuh manager versions 3.9.0 through 4.14.3 allows remote attackers with high privileges to crash the `wazuh-analysisd` service via malformed JSON events, resulting in denial of service. The vulnerability stems from unsafe use of sprintf with floating-point format specifiers in the Security Configuration Assessment decoder, and may potentially enable remote code execution on affected Wazuh installations.

Unbounded heap memory consumption in Micronaut HTTP Server versions 4.7.0 through 4.10.7 allows remote attackers to trigger denial of service via crafted exception messages that pollute an uncapped cache. By manipulating request parameters reflected in error responses, an unauthenticated attacker can exhaust server memory and cause OutOfMemoryError conditions. A patch is available in version 4.10.7 and later.

Parse Server contains a denial-of-service vulnerability in its LiveQuery feature where remote attackers can crash the server by subscribing with an invalid regular expression pattern. The vulnerability affects npm package parse-server across versions and allows unauthenticated network-based attacks with high attack complexity, resulting in complete service disruption for all connected clients. A patch is available from the vendor, and the attack does not require user interaction or special privileges.

Stack-based buffer overflow in Wazuh 4.4.0 through 4.14.2 allows authenticated remote attackers with high privileges to trigger an integer underflow in the database synchronization module, causing denial of service or potential code execution. The vulnerability exists in SQL query construction logic within wdb_delta_event.c where improper size calculations on buffers exceeding 2048 bytes can corrupt the stack. A patch is available in version 4.14.3.

Denial of service in Wazuh 4.3.0 through 4.14.2 allows unauthenticated attackers to exhaust API resources by sending crafted Bearer token requests that trigger blocking disk I/O operations in the authentication middleware, preventing the single-threaded event loop from processing legitimate connections. The vulnerability exists because synchronous file operations are called on every API request without proper resource constraints, enabling attackers to starve the application of CPU availability with relatively low request volumes. No patch is currently available.

Parse Server is vulnerable to denial of service when remote attackers craft malicious cloud function names that exploit prototype chain traversal, allowing them to trigger stack overflows and crash the server process. The vulnerability stems from improper property lookup restrictions during function name resolution. A patch is available that limits lookups to own properties only.

CVE-2026-32941 is a security vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Parse Server contains a vulnerability that allows an unauthenticated remote attacker to crash the server process through a single HTTP request containing deeply nested query condition operators. This denial of service vulnerability affects parse-server versions before 8.6.45 and alpha versions 9.0.0 through 9.6.0-alpha.21. The vulnerability is classified as high severity with a CVSS score of 8.7, and patches are available from the vendor.

The kube-router proxy module fails to validate Service externalIPs and LoadBalancer IPs against configured IP ranges, allowing namespace-scoped users to bind arbitrary VIPs on all cluster nodes and hijack traffic to critical services like kube-dns. This affects all kube-router v2.x versions including v2.7.1, primarily impacting multi-tenant clusters where untrusted users have Service creation permissions. A detailed proof-of-concept demonstrates single-command cluster DNS takedown and arbitrary VIP binding with traffic redirection to attacker-controlled pods, though EPSS scoring is not available for this recently disclosed vulnerability.

The pyasn1 library suffers from an uncontrolled recursion vulnerability when parsing deeply nested ASN.1 structures, allowing remote attackers to trigger a denial of service through stack exhaustion or memory consumption. Any service using pyasn1 to parse untrusted ASN.1 data (including LDAP, SNMP, Kerberos, and X.509 parsers) can be crashed remotely with a small crafted payload under 100KB. A working proof-of-concept is publicly available, and while not currently in CISA KEV, the vulnerability has a CVSS score of 7.5 indicating high severity.

Next.js image optimization caches unbounded disk space by default, enabling attackers to exhaust storage and cause denial of service by requesting numerous image variants. The vulnerability affects applications using the default `/_next/image` optimization feature without explicit cache size limits. A patch is available that introduces configurable cache size limits with LRU eviction.

Unbounded request body buffering in Next.js App Router with Partial Prerendering enabled allows remote attackers to trigger denial of service through oversized `next-resume` POST requests that bypass size enforcement in non-minimal deployments. An attacker can exhaust server memory by sending specially crafted resume payloads without authentication or user interaction. The vulnerability affects applications with experimental PPR features enabled and has been patched with consistent size limit enforcement.

NULL Pointer Dereference vulnerability in Softing Industrial Automation GmbH smartLink SW-HT (Webserver modules) allows HTTP DoS.This issue affects smartLink SW-HT: 1.43.

SQL injection in the Katello plugin for Red Hat Satellite 6 allows authenticated remote attackers to execute arbitrary SQL commands via the sort_by parameter in the /api/hosts/bootc_images endpoint. An attacker can exploit this flaw to trigger database errors causing denial of service or conduct blind SQL injection attacks to extract sensitive information from the database. No patch is currently available for this vulnerability.

HTTP/2 server implementations in libsoup across Debian and Red Hat Enterprise Linux versions contain a use-after-free vulnerability that allows unauthenticated remote attackers to trigger application crashes through specially crafted requests. Exploitation results in denial of service by forcing the application to access freed memory, causing instability. No patch is currently available for this medium-severity flaw.

Denial of service in libucl allows remote attackers to crash affected applications by submitting maliciously crafted UCL configuration files containing null bytes in object keys, triggering a segmentation fault in the ucl_object_emit function. The vulnerability requires user interaction but has high impact potential with no available patch, affecting systems that parse untrusted UCL input. An attacker can remotely exploit this with low complexity to disable services relying on libucl for configuration parsing.

Docker TUS resumable upload handler allows authenticated users to trigger arbitrary `after_upload` hooks unlimited times by supplying a negative value in the Upload-Length header, causing command execution with zero bytes actually uploaded. The integer overflow flaw in the completion logic (CWE-190) bypasses file upload requirements and enables privilege escalation through hook execution. No patch is currently available.

Mattermost versions 11.3.0 and earlier, 11.2.2 and earlier, and 10.11.10 and earlier contain an array length handling vulnerability in the calls plugin that allows unauthenticated remote attackers to trigger out-of-memory (OOM) errors and crash the server by sending maliciously crafted msgpack frames over websocket connections. With a CVSS score of 5.8 and network-based attack vector requiring no privileges or user interaction, this denial-of-service vulnerability poses a moderate but easily exploitable availability risk to any exposed Mattermost deployment.

SandboxJS 0.8.34 contains a race condition where a shared global tick state allows concurrent sandboxes to interfere with each other's execution quotas during timer callback compilation. An attacker in a multi-tenant environment can exploit this to bypass resource limits and exhaust CPU/memory on the host system. A patch is available.

The @dicebear/converter library before version 9.4.0 fails to validate SVG dimension attributes, allowing attackers to trigger excessive memory allocation by providing crafted SVGs with extremely large width and height values. Server-side applications processing untrusted or user-supplied SVGs through the conversion functions (toPng, toJpeg, toWebp, toAvif) are vulnerable to denial of service attacks. A patch is available in version 9.4.0 and users should upgrade immediately if processing external SVG inputs.

A remote code execution vulnerability in HCL AION (CVSS 1.8). Remediation should follow standard vulnerability management procedures.

Denial of service in Open5GS through version 2.7.6 affects the CCA Handler component's callback functions, allowing unauthenticated remote attackers to crash the service. Public exploit code is available for this vulnerability. Upgrading to version 2.7.7 resolves the issue.

Mattermost versions 11.3.0, 11.2.2, and 10.11.10 and earlier lack proper memory bounds checking when processing DOC file uploads, enabling authenticated attackers to trigger server memory exhaustion and denial of service. An attacker with valid credentials can upload a specially crafted DOC file to exhaust available memory and crash the Mattermost server. This vulnerability currently lacks a patch and affects multiple active versions of the platform.

Mattermost 10.11.x through 11.3.x fails to validate password length, allowing unauthenticated attackers to trigger denial of service by submitting multi-megabyte passwords during login attempts that consume excessive CPU and memory resources. The vulnerability affects all versions up to 10.11.10, 11.2.2, and 11.3.0, with no patch currently available.

Mattermost fails to properly bound memory allocation when processing PSD (Photoshop) image files, allowing authenticated attackers to exhaust server memory and trigger denial of service by uploading a specially crafted PSD file. The vulnerability affects Mattermost versions 11.3.0 and earlier, 11.2.2 and earlier, and 10.11.10 and earlier. With a CVSS score of 4.3 and a low attack complexity requirement, this represents a moderate but exploitable risk for organizations running affected versions where user file upload is permitted.

Mattermost fails to enforce response size limits on integration action endpoints, allowing an authenticated attacker to trigger server memory exhaustion and denial of service by clicking an interactive message button that connects to a malicious integration server returning arbitrarily large responses. This vulnerability affects Mattermost versions 11.3.0, 11.2.x up to 11.2.2, and 10.11.x up to 10.11.10. While the CVSS score of 5.3 is moderate, the attack requires user interaction (UI:R) and network access, but can be reliably triggered by any authenticated user interacting with crafted messages.

libexpat before version 2.7.5 contains a NULL pointer dereference vulnerability in the setContext function that occurs when the library retries operations following an out-of-memory condition. This flaw affects all users of vulnerable libexpat versions and can result in application crashes leading to denial of service. While the CVSS score of 2.9 is low and exploitation requires specific local conditions and high complexity, this vulnerability represents a stability risk for XML parsing operations in memory-constrained or stressed environments.

libexpat before version 2.7.5 contains an infinite loop vulnerability triggered during DTD (Document Type Definition) parsing, allowing local attackers to cause a denial of service condition. The vulnerability affects all applications and libraries that depend on libexpat for XML parsing, with a CVSS score of 4.0 reflecting limited severity due to local-only attack vector and availability impact. While the CVSS base score is moderate, the infinite loop condition presents a real denial of service risk for services that parse untrusted XML documents containing malicious DTD content.

libexpat before version 2.7.5 contains a NULL pointer dereference vulnerability triggered by malformed XML containing empty external parameter entity content, resulting in denial of service through application crashes. The vulnerability affects all versions of libexpat prior to 2.7.5 across multiple platforms and applications that embed this XML parsing library. An attacker with local access can craft a malicious XML document to crash any application using vulnerable libexpat, though the impact is limited to availability (CVSS 4.0) with no code execution or data compromise possible.

Mumble before version 1.6.870 contains an out-of-bounds array access vulnerability (CWE-125) that allows remote attackers to crash the client application, resulting in denial of service. The vulnerability requires network access but no authentication or user interaction, affecting all users of vulnerable Mumble client versions. While the CVSS score of 3.7 is relatively low and only impacts availability with no confidentiality or integrity compromise, this vulnerability poses a practical risk to voice communication availability in production deployments.

Smart Switch versions prior to 3.7.69.15 contain an improper authentication vulnerability that allows adjacent network attackers to trigger denial of service conditions without requiring user privileges or interaction. The vulnerability has a CVSS score of 6.9 with medium-to-high availability impact, making it a notable threat in local network environments where Smart Switch is deployed.

An unauthenticated arbitrary file upload vulnerability in Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 allows remote attackers to upload malicious files and execute code through improperly enabled WebDAV HTTP methods. Attackers can achieve remote code execution or denial of service without any authentication, making this a critical risk for exposed devices. Multiple proof-of-concept exploits are publicly available through security research publications.

An unauthenticated remote reboot vulnerability exists in the Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0, allowing attackers to trigger device restarts without any authentication by sending specially crafted POST requests to the lte.cgi endpoint. This vulnerability has a publicly available proof-of-concept exploit and enables denial of service attacks against affected routers. The vulnerability has been assigned a high CVSS score of 7.5 due to the complete availability impact and lack of authentication requirements.

An out-of-bounds memory access (OOB) in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers to access sensitive information and cause a Denial of Service (DoS) via supplying a crafted packet.

In Forgejo through 13.0.3, the attachment component allows a denial of service by uploading a multi-gigabyte file attachment (e.g., to be associated with an issue or a release).

GoBGP gobgpd version 4.2.0 is vulnerable to denial of service attacks when processing malformed NEXT_HOP path attributes, allowing unauthenticated remote attackers to crash the BGP daemon without authentication or user interaction. This vulnerability affects BGP infrastructure relying on the vulnerable version and has no available patch at this time. The attack requires only network access to the BGP service, making it easily exploitable in environments running affected versions.

SQL injection vulnerabilities in RealtyScript 4.0.2 allow unauthenticated remote attackers to manipulate database queries through vulnerable parameters in admin panel files (/admin/users.php and /admin/mailer.php). Attackers can extract sensitive database information using time-based blind SQL injection or cause denial of service. A public proof-of-concept exploit is available on Exploit-DB, though the vulnerability is not currently in CISA's KEV catalog.

Arduino-TuyaOpen before version 1.2.1 contains a null pointer dereference vulnerability in its WiFiUDP component that allows unauthenticated attackers on the same local network to trigger a denial-of-service condition by flooding the device with malicious UDP packets. The vulnerability causes memory exhaustion leading to application crashes; while not actively exploited in the wild (KEV status unknown from provided data), the local network attack vector and high availability impact (CVSS 6.5) warrant prompt patching for affected IoT deployments.

A vulnerability has been found in Radare2 5.9.9.

A buffer overflow vulnerability in A flaw (CVSS 6.1) that allows an attacker. Remediation should follow standard vulnerability management procedures.

Heap-based buffer overflow (out-of-bounds read) in GNU Binutils' BFD linker component that affects RHEL 6, 7, 8, and 10, as well as multiple Debian and Ubuntu releases. An attacker can exploit this vulnerability by distributing a malicious XCOFF object file, which when processed by a user, may disclose sensitive information from process memory or crash the application. While the CVSS score of 6.1 indicates medium severity with user interaction required, the vulnerability impacts widely-deployed enterprise Linux distributions across Red Hat, Debian, and Ubuntu ecosystems.

The STM32 USB device driver in Zephyr contains a logic error that can trigger an infinite loop, allowing a local attacker with user-level privileges to cause a denial of service by halting system responsiveness. No patch is currently available for this medium-severity defect that affects the USB subsystem's operational stability.

The file-type library's ZIP file type detection functions fail to limit decompression output for known-size inputs, allowing attackers to craft small compressed ZIP files that expand to hundreds of megabytes in memory during processing. Applications processing untrusted file uploads are vulnerable to denial-of-service attacks that cause excessive memory consumption and potential crashes. Public exploit code exists for this vulnerability, though a patch is available.

Stack overflow in HMS Networks Ewon Flexy/Cosy+ firmware.

CVE-2026-25819 is an unauthenticated denial of service vulnerability affecting HMS Networks Ewon industrial IoT gateways (Flexy and Cosy+ models) that allows remote attackers to reboot devices through specially crafted HTTP requests to the web GUI. With a CVSS score of 7.5 (High) but low EPSS score (0.02%), this vulnerability has not been added to CISA KEV and shows minimal exploitation activity in the wild.

IBM Aspera Console versions 3.3.0 through 3.4.8 contain an improper rate-limiting vulnerability in the email service that allows authenticated users to trigger a denial of service condition. An attacker with valid credentials can abuse the email functionality by sending requests at excessive frequencies, exhausting service resources and rendering the email feature unavailable to legitimate users. This vulnerability requires authentication and does not provide confidentiality or integrity impact, resulting in a moderate CVSS score of 5.3.

IBM Aspera Console 3.3.0 through 3.4.8 could allow a privileged user to cause a denial of service due to improper enforcement of behavioral workflow.

Rust Yamux prior to version 0.13.10 is vulnerable to denial of service when processing specially crafted inbound stream frames that combine the SYN flag with oversized body lengths, causing the connection handler to panic due to improper state cleanup. An unauthenticated remote attacker can trigger this panic over any normal Yamux session without special privileges, crashing affected applications. No patch is currently available for this high-severity vulnerability.

LibreChat versions prior to 0.8.3-rc1 contain a Denial of Service vulnerability in the DELETE /api/convos endpoint where authenticated attackers can crash the Node.js server process by sending malformed requests lacking the required req.body.arg parameter. The vulnerability exploits improper destructuring without validation, causing an unhandled TypeError that bypasses Express middleware and triggers process.exit(1), resulting in complete service unavailability. No evidence of active exploitation in the wild or public POC has been identified at this time.