Skip to main content

Denial Of Service

36497 CVEs technique

Monthly

CVE-2026-13846 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome for macOS before 150.0.7871.47 lets an attacker who has already compromised the renderer process break out of the browser sandbox by exploiting a use-after-free in the USB subsystem via a crafted HTML page. Rated High by Chromium and CVSS 9.6, it functions as a second-stage escalation primitive rather than a standalone entry point. There is no public exploit identified at time of analysis, and EPSS is low at 0.21% (11th percentile).

Memory Corruption Denial Of Service Use After Free Google Suse
NVD VulDB
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-13845 HIGH PATCH This Week

Arbitrary code execution in Google Chrome's DOM implementation lets a remote attacker run code within the renderer sandbox by luring a victim to a crafted HTML page. All desktop Chrome builds before 150.0.7871.47 are affected; Chromium rates the flaw High severity. No public exploit has been identified and EPSS probability is low (0.26%), but the vendor patch is already available and should be applied promptly.

Memory Corruption Google Denial Of Service Use After Free RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-13844 HIGH PATCH This Week

Local OS-level privilege escalation in Google Chrome on Windows (versions prior to 150.0.7871.47) arises from a use-after-free in the Chrome Updater component, letting a local attacker who can plant a malicious file on the system elevate to higher OS privileges. Google rates the Chromium severity as High and has released a fixed Stable channel build; there is no public exploit identified and it is not listed in CISA KEV. EPSS is low at 0.13% (3rd percentile), consistent with a bug that requires local access and user interaction rather than mass remote exploitation.

Memory Corruption Google Microsoft Denial Of Service Use After Free +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-13832 HIGH PATCH This Week

Sandbox escape in Google Chrome's Headless component (versions prior to 150.0.7871.47) lets a remote attacker who has already compromised the renderer process break out of the browser sandbox by serving a crafted HTML page. Rated High by Chromium and CVSS 8.3, it is a CWE-416 use-after-free with no public exploit identified at time of analysis; EPSS is low at 0.21% (11th percentile) and CISA SSVC records no known exploitation.

Memory Corruption Denial Of Service Use After Free Google Suse
NVD VulDB
CVSS 3.1
8.3
EPSS
0.2%
CVE-2026-13830 HIGH PATCH This Week

Remote code execution in Google Chrome's Chromoting (Chrome Remote Desktop) component on Linux allows an adjacent-network attacker to run arbitrary code by sending malicious network traffic to a vulnerable client before version 150.0.7871.47. The flaw is a use-after-free memory-corruption issue rated High by Chromium and carries a CVSS 8.8. There is no public exploit identified at time of analysis, it is not in CISA KEV, and EPSS is low (0.24%, 15th percentile), indicating no observed exploitation activity yet.

Memory Corruption Google Denial Of Service Use After Free RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-13827 HIGH PATCH This Week

Local privilege escalation in Google Chrome's Updater component on macOS versions prior to 150.0.7871.47 lets an attacker abuse a use-after-free (CWE-416) via a malicious file to gain the elevated privileges under which the updater runs. Google rates the Chromium severity as High, and the CVSS 3.1 base score is 7.8; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. EPSS is low at 0.13% (3rd percentile), consistent with the SSVC exploitation status of 'none'.

Memory Corruption Google Denial Of Service Use After Free Privilege Escalation +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-13823 HIGH PATCH This Week

Use after free in Glic in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Memory Corruption Denial Of Service Use After Free Google Suse
NVD VulDB
CVSS 3.1
8.3
EPSS
0.2%
CVE-2026-13821 HIGH PATCH This Week

Remote code execution in Google Chrome desktop versions prior to 150.0.7871.47 stems from a use-after-free in the Canvas component, letting a remote attacker run arbitrary code within the renderer sandbox when a victim opens a crafted HTML page. The flaw carries a CVSS 8.8 (High) rating and requires user interaction (visiting a malicious page), but no authentication. There is no public exploit identified at time of analysis, and EPSS is low at 0.26% (17th percentile).

Memory Corruption Google Denial Of Service Use After Free RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-13815 HIGH PATCH This Week

Remote code execution in Google Chrome's Blink rendering engine (versions prior to 150.0.7871.47) allows a remote attacker to run arbitrary code inside the renderer sandbox by luring a victim to a crafted HTML page. The flaw is a use-after-free (CWE-416) rated High by Chromium and 8.8 (CVSS 3.1); it requires user interaction (visiting a malicious page) and no privileges. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, with a low EPSS of 0.26% (17th percentile).

Memory Corruption Google Denial Of Service Use After Free RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-13814 HIGH PATCH This Week

Heap corruption via a use-after-free in the Views UI component of Google Chrome allows a remote attacker who serves a crafted HTML page and lures a user into performing specific UI gestures to potentially execute code in the browser process. All desktop Chrome builds prior to 150.0.7871.47 are affected; Google rates the Chromium severity as High and has shipped a fix. No public exploit identified at time of analysis, and EPSS is low (0.21%, 11th percentile).

Memory Corruption Denial Of Service Use After Free Google Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-13811 HIGH PATCH This Week

Renderer-process remote code execution in Google Chrome desktop before 150.0.7871.47 stems from a use-after-free in the Input Method Editor (IME) component, letting a remote attacker run arbitrary code within the browser's sandbox when a victim visits a crafted HTML page. Rated High by Chromium and CVSS 8.8, it requires user interaction (visiting a page) but no authentication. No public exploit identified at time of analysis, and the EPSS score is low (0.26%, 17th percentile), indicating no evidence of widespread exploitation yet.

Memory Corruption Google Denial Of Service Use After Free RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-13807 HIGH PATCH This Week

Remote code execution in Google Chrome on iOS prior to 150.0.7871.47 stems from a use-after-free in the browser's Import component, allowing a remote attacker who lures a victim into opening a malicious file and performing specific UI gestures to execute arbitrary code. Rated High by Chromium and CVSS 7.5, the flaw has no public exploit identified at time of analysis and a low EPSS of 0.24% (15th percentile), consistent with its high attack complexity and required user interaction. A vendor patch is available in the June 2026 Stable channel update.

Memory Corruption Google Apple Denial Of Service Use After Free +2
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-13805 HIGH PATCH This Week

Remote code execution in Google Chrome for macOS prior to 150.0.7871.47 stems from a use-after-free in the GFX (graphics) component, allowing a remote attacker to run arbitrary code after a victim opens a crafted HTML page. Chromium rates the severity High and the CVSS is 8.8, but exploitation requires user interaction (visiting a malicious page). There is no public exploit identified at time of analysis and EPSS is low (0.26%, 17th percentile), indicating no observed weaponization yet.

Memory Corruption Google Denial Of Service Use After Free RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-13804 HIGH PATCH This Week

Sandbox escape in Google Chrome's Chromecast component (versions before 150.0.7871.47) lets an attacker who has already compromised the renderer process break out of the browser sandbox and reach the host via a crafted HTML page. Rooted in a use-after-free (CWE-416) memory-corruption bug rated High by Chromium, it carries a CVSS 8.3 driven by a scope change and full CIA impact, but requires a pre-existing renderer compromise, high attack complexity, and user interaction. No public exploit identified at time of analysis, and the low EPSS (0.21%) plus SSVC 'exploitation: none' indicate it is not currently being exploited.

Memory Corruption Denial Of Service Use After Free Google Suse
NVD VulDB
CVSS 3.1
8.3
EPSS
0.2%
CVE-2026-13802 HIGH PATCH This Week

Remote code execution in Google Chrome (Views UI component) prior to 150.0.7871.47 allows a remote attacker to execute arbitrary code by luring a victim to a crafted HTML page and inducing specific UI gestures that trigger a use-after-free. Rated High by Chromium and CVSS 7.5, the flaw is elevated in complexity by its requirement for user interaction, and no public exploit has been identified at time of analysis; EPSS probability is low at 0.26%.

Memory Corruption Google Denial Of Service Use After Free RCE +1
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-13799 HIGH PATCH This Week

Heap corruption in Google Chrome's QUIC networking stack (versions prior to 150.0.7871.47) stems from a use-after-free that a remote attacker can trigger through crafted network traffic, potentially leading to arbitrary code execution in the affected browser process. Google rated the Chromium security severity as High and has shipped a fixed Stable-channel build; there is no public exploit identified at time of analysis and CISA's SSVC records exploitation status as 'none'. EPSS is low (0.19%, 9th percentile), indicating no observed weaponization despite a total technical-impact rating.

Memory Corruption Denial Of Service Use After Free Google Suse
NVD VulDB
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-13792 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome for macOS versions prior to 150.0.7871.47 stems from a use-after-free in the Touchbar component, letting a remote attacker who lures a victim to a crafted HTML page potentially break out of the renderer sandbox. Reported through Google's internal Chrome security process and rated High by Chromium, it carries a CVSS 9.6 due to scope change and full CIA impact, though there is no public exploit identified at time of analysis and EPSS exploitation probability is low at 0.21%. SSVC assesses current exploitation as none, indicating this is a patch-now-but-not-panic item.

Memory Corruption Denial Of Service Use After Free Google Suse
NVD VulDB
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-13789 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's GPU process (versions prior to 150.0.7871.47) lets a remote attacker who has already compromised the renderer process break out of the browser sandbox via a crafted HTML page. Rated High by Chromium and CVSS 9.6 due to a scope-changing (S:C) full-impact outcome, this is a use-after-free (CWE-416) memory-corruption bug. No public exploit identified at time of analysis; EPSS is low (0.21%, 11th percentile) and CISA SSVC lists exploitation as none, so it is a serious-but-not-yet-exploited patch priority.

Memory Corruption Denial Of Service Use After Free Google
NVD VulDB
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-13788 HIGH PATCH This Week

Remote code execution in Google Chrome for Android before 150.0.7871.47 stems from a use-after-free in the Fullscreen component, letting a remote attacker who lures a victim to a crafted HTML page corrupt memory and run arbitrary code in the renderer. Chromium rates the flaw Critical, though CVSS scores it 8.8 because exploitation requires the victim to open the malicious page. There is no public exploit identified at time of analysis, and the EPSS probability is low (0.26%, 17th percentile), with CISA SSVC showing no known exploitation.

Memory Corruption Google Denial Of Service Use After Free RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-13787 HIGH PATCH This Week

Remote code execution in Google Chrome's Chromoting (Chrome Remote Desktop) component on Windows affects all desktop builds prior to 150.0.7871.47, where a use-after-free (CWE-416) lets a remote attacker corrupt memory via malicious network traffic. Google rates the Chromium severity Critical, and a vendor patch is available, but there is no public exploit identified at time of analysis and EPSS is low at 0.24%. High attack complexity (AC:H) means the memory-corruption race is non-trivial to win reliably, tempering the CVSS 8.1 score.

Memory Corruption Google Microsoft Denial Of Service Use After Free +2
NVD VulDB
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-13786 HIGH PATCH This Week

Remote code execution in Google Chrome's Ozone platform-abstraction layer prior to 150.0.7871.47 lets a remote attacker execute arbitrary code by luring a victim to a crafted HTML page. The flaw is a use-after-free (CWE-416) rated Critical by Chromium and CVSS 8.8, requiring the victim to visit a malicious page (UI:R) but no privileges. No public exploit has been identified at time of analysis and EPSS probability is low (0.26%), but the memory-corruption class and 'total' technical impact make it a high-priority browser patch.

Memory Corruption Google Denial Of Service Use After Free RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-13785 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on macOS before 150.0.7871.47 stems from a use-after-free in the browser's Bluetooth component, letting a remote attacker who lures a user into specific UI gestures on a crafted HTML page corrupt memory and break out of the renderer sandbox. Rated Critical by Chromium and CVSS 9.6, though no public exploit has been identified and EPSS is low (0.22%, 13th percentile). A vendor fix is available and CISA SSVC currently marks exploitation as 'none'.

Memory Corruption Denial Of Service Use After Free Google Suse
NVD VulDB
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-13784 HIGH PATCH This Week

Use-after-free in Google Chrome's Views UI framework prior to 150.0.7871.47 lets a remote attacker trigger heap corruption after luring a user to a crafted HTML page and performing specific UI gestures, potentially achieving code execution in the renderer/browser process. Chromium rates the flaw Critical, though the CVSS is 8.8 due to required user interaction. No public exploit identified at time of analysis, and EPSS is low (0.22%, 13th percentile); SSVC lists exploitation as none but technical impact as total.

Memory Corruption Denial Of Service Use After Free Google Suse
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-13783 HIGH PATCH This Week

Use-after-free in Google Chrome's Views UI framework, fixed in 150.0.7871.47, lets a remote attacker who lures a victim into performing specific UI gestures on a crafted HTML page trigger heap corruption and potentially achieve code execution in the browser process. Chromium rates the flaw Critical, though the CVSS is 8.8 due to required user interaction; there is no public exploit identified at time of analysis and EPSS exploitation probability is low at 0.22%.

Memory Corruption Denial Of Service Use After Free Google Suse
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-13782 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome desktop versions prior to 150.0.7871.47 lets a remote attacker who has already compromised the renderer process break out of the sandbox and gain broader code execution on the host via a crafted HTML page. Chromium rates the underlying use-after-free as Critical, though there is no public exploit identified at time of analysis and EPSS exploitation probability is low (0.21%). A vendor patch is available and the flaw is a classic second-stage chain component rather than a standalone entry point.

Memory Corruption Denial Of Service Use After Free Google Suse
NVD VulDB
CVSS 3.1
10.0
EPSS
0.2%
CVE-2026-13779 HIGH PATCH This Week

Remote code execution in Google Chrome on ChromeOS (versions prior to 150.0.7871.47) stems from a use-after-free in the Chromoting (Chrome Remote Desktop) component, letting a remote attacker corrupt memory and execute arbitrary code through malicious network traffic. Google rates the Chromium severity as Critical, and CVSS scores it 8.1 with a high attack complexity. As of this analysis there is no public exploit identified and it is not listed in CISA KEV; EPSS is low at 0.24% (15th percentile), and SSVC records exploitation status as none.

Memory Corruption Google Denial Of Service Use After Free RCE +1
NVD VulDB
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-13778 HIGH PATCH This Week

Local arbitrary code execution in Google Chrome for macOS (versions prior to 150.0.7871.47) stems from a use-after-free in the WebUSB implementation, which Chromium rates Critical. A local attacker who can present a malicious USB peripheral to a victim who authorizes it can corrupt renderer memory and run attacker-controlled code within the browser's context. There is no public exploit identified at time of analysis, and EPSS is low (0.16%, 5th percentile), reflecting limited likelihood of widespread opportunistic exploitation.

Memory Corruption Google Denial Of Service Use After Free RCE +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-13775 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome desktop prior to 150.0.7871.47 stems from a use-after-free in the GPU process, letting a remote attacker who has already compromised the renderer break out of the browser sandbox via a crafted HTML page. Google rates the Chromium severity as Critical, and a fix is available in the Stable channel update. There is no public exploit identified at time of analysis, and EPSS exploitation probability is low at 0.22% (13th percentile).

Memory Corruption Denial Of Service Use After Free Google Suse
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-13774 HIGH PATCH This Week

Arbitrary code execution in Google Chrome desktop versions prior to 150.0.7871.47 stems from a use-after-free flaw in the Extensions component, which Chromium rated Critical severity. An attacker who convinces a victim to install a malicious extension can trigger the dangling-pointer condition through a crafted extension to run arbitrary code in the affected process. There is no public exploit identified at time of analysis, EPSS is low (0.16%, 6th percentile), and CISA/SSVC records no observed exploitation.

Memory Corruption Google Denial Of Service Use After Free RCE +1
NVD VulDB
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-57204 PyPI MEDIUM PATCH This Month

Memory exhaustion in pypdf prior to 6.13.3 allows unauthenticated remote attackers to cause denial of service by supplying a maliciously crafted PDF. The MAX_DECLARED_STREAM_LENGTH safety cap - designed to bound memory allocation during stream parsing - is bypassed when a PDF content stream omits the /Length value, enabling unbounded memory growth. No active exploitation is confirmed (not in CISA KEV), but the attack surface encompasses any Python application that parses attacker-supplied PDFs, a common pattern in document pipelines and web upload handlers.

Python Denial Of Service Pypdf
NVD GitHub
CVSS 4.0
6.9
EPSS
0.3%
CVE-2026-52196 HIGH This Week

Denial of service in the UTT nv518G gateway/router (firmware nv518GV3v3.2.7-210919-161313) lets a remote, unauthenticated attacker crash the device by triggering a buffer overflow in the gohead web-service function sub_416f28 (FUN_00416f28). Publicly available exploit code exists (referenced PoC on GitHub), though the flaw is not listed in CISA KEV and EPSS scores it at just 0.22% (13th percentile), indicating low observed exploitation activity. Impact is limited to availability - no code execution or data exposure is claimed in the source data.

Denial Of Service Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-56365 NuGet MEDIUM PATCH This Month

Memory exhaustion via denial of service in ImageMagick before 7.1.2-19 allows remote attackers to trigger a persistent memory leak in the PNG encoder by supplying crafted MNG image input that induces an encoder failure condition. Affected deployments include any service that accepts user-supplied images and processes them through ImageMagick's MNG write path. No public exploit code or active exploitation has been identified at time of analysis, but the network-reachable attack surface in image-processing pipelines makes this a realistic DoS risk against unpatched instances.

Denial Of Service Imagemagick
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.3%
CVE-2026-56364 NuGet LOW PATCH Monitor

Memory exhaustion denial of service in ImageMagick before 7.1.2-13 allows a local attacker with write access to the OpenCL cache directory to crash the application by placing malformed XML files that trigger an unpatched memory leak in LoadOpenCLDeviceBenchmark(). The root cause is CWE-401: memory allocated during XML parsing of unclosed device elements is never freed, enabling a resource exhaustion attack. No public exploit code has been identified and exploitation has not been confirmed by CISA KEV; however, a patch commit and upstream advisory are available.

Denial Of Service Imagemagick
NVD GitHub
CVSS 4.0
1.8
EPSS
0.1%
CVE-2026-56363 NuGet MEDIUM PATCH This Month

Division by zero in ImageMagick's binomial kernel processing path, affecting all versions before 7.1.2-22, allows an attacker to crash the application by supplying a crafted image with an oversized binomial kernel value. The integer overflow corrupts the kernel size calculation, and a subsequent division by the resulting zero value causes an unhandled exception and process termination. No public exploit code has been identified and the vulnerability is not listed in CISA KEV; however, automated image-processing pipelines that accept untrusted uploads are at elevated practical risk despite the local-vector CVSS rating.

Integer Overflow Denial Of Service Imagemagick
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2026-54696 LOW Monitor

Heap buffer overflow in the Ruby JSON gem's streaming generator (versions 2.9.0-2.19.8) enables reliable process crash via attacker-controlled serialized data. When applications invoke `JSON.dump(obj, io)` or `JSON::State#generate(obj, io)` to stream JSON to an IO object, the C-level generator can write past its internal buffer if the serialized object contains a string near 16 KB in size. Impact is confined to denial of service - reliable process termination - with no evidence of confidentiality or integrity impact. No public exploit code and no CISA KEV listing are identified at time of analysis; the CVSS score of 3.7 (Low) appropriately reflects the constrained attack conditions.

Heap Overflow Denial Of Service Buffer Overflow Json
NVD GitHub
CVSS 3.1
3.7
EPSS
0.3%
CVE-2026-44628 HIGH CISA Act Now

Denial of service in OFFIS DCMTK's DICOM worklist server (wlmscpfs) allows a remote, unauthenticated attacker to crash the service with a single crafted DICOM query when the server is provisioned with a valid Called AE Title, a storage directory, the expected lockfile, and at least one matching worklist record. The flaw stems from a type-confusion condition (CWE-843) and carries a CVSS 4.0 base score of 8.7 driven entirely by high availability impact (VA:H). There is no public exploit identified at time of analysis, and it is not listed in CISA KEV, though it was reported through the ICS-CERT/ICSMA medical-advisory channel.

Memory Corruption Denial Of Service Dcmtk Toolkit
NVD GitHub
CVSS 4.0
8.7
EPSS
0.4%
CVE-2025-36319 MEDIUM PATCH This Month

Temporary denial of service in IBM watsonx.data intelligence 5.2.0 through 5.3.0 is achievable by authenticated users who submit specially crafted HTTP requests, exploiting improper resource throttling allocation (CWE-770). The impact is limited to availability - confidentiality and integrity are unaffected - and the disruption is described as temporary rather than persistent. No public exploit code or active exploitation has been identified at the time of analysis.

IBM Denial Of Service Watsonx Data Intelligence
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2026-11906 MEDIUM This Month

Denial of service in IBM Db2 11.5.0-11.5.9 and 12.1.0-12.1.4 allows an authenticated low-privileged user to crash or hang the database server by submitting a crafted SQL query exploiting improper neutralization of special elements in XMLTable-derived column processing logic. The CVSS vector (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) confirms this is remotely triggerable with minimal privileges, posing a realistic insider-threat or compromised-credential availability risk. No public exploit code or active exploitation has been identified at time of analysis.

IBM Denial Of Service Microsoft Db2
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2026-10560 CRITICAL Act Now

Information disclosure and denial of service in IBM Langflow OSS 1.0.0 through 1.9.6 stem from missing authentication on the /api/v1/build_public_tmp/ endpoints, letting an unauthenticated attacker who supplies a valid job identifier read build event data or cancel running jobs. The flaw carries a CVSS 9.1 (AV:N/AC:L/PR:N/UI:N) and CWE-287 classification; there is no public exploit identified at time of analysis, and EPSS is low at 0.25% (17th percentile) with CISA SSVC recording no observed exploitation but flagging it as automatable.

Authentication Bypass IBM Denial Of Service Information Disclosure Langflow
NVD VulDB
CVSS 3.1
9.1
EPSS
0.3%
CVE-2026-9002 MEDIUM PATCH This Month

Denial of service in IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 allows adjacent unauthenticated attackers to crash the WebSphere Application Server JVM by sending malformed XDF-encoded Protocol Buffers messages to the data grid. The XDF decoder fails to enforce bounds on recursive protobuf message nesting depth and attacker-supplied length prefixes, triggering either a StackOverflowError or OutOfMemoryError that takes down the JVM process. No public exploit has been identified at time of analysis, and IBM has released a patch via their support advisory.

IBM Denial Of Service Websphere Extreme Scale
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2026-49835 Go MEDIUM PATCH GHSA This Month

Unbounded memory exhaustion in Sigstore's timestamp-authority server allows any unauthenticated remote attacker to crash or degrade the service by flooding it with high-cardinality HTTP requests. The root cause is the global `wrapMetrics` Prometheus middleware, which permanently registers a new time-series entry for every unique combination of raw request path and HTTP method it observes - including requests for unmatched paths that return 404 - causing heap memory to grow without bound under attacker-controlled input. No public exploit code has been identified at time of analysis, but exploitation requires no authentication and no special configuration, making any publicly exposed timestamp-authority endpoint a realistic target for denial-of-service attacks against software signing and CI/CD pipelines.

Denial Of Service
NVD GitHub
CVSS 3.1
5.9
CVE-2023-46118 MEDIUM PATCH GHSA This Month

### Summary Responsibly disclosed by @NSEcho. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Red Hat Suse
NVD GitHub
CVSS 3.1
4.9
EPSS
1.1%
CVE-2026-10655 MEDIUM PATCH This Month

Use-after-free in Zephyr's asynchronous SNTP client (sntp_close_async, v4.2.0-v4.4.0) can be triggered remotely by any network peer or off-path attacker capable of dropping or delaying UDP NTP responses, exploiting a race between the system workqueue thread and the socket-service poll thread. The most probable outcome is a crash of the networking subsystem thread (denial of service); where the freed net_context pool slot is rapidly reallocated, memory corruption is possible. The vulnerability is on the normal SNTP timeout path, making it reliably and periodically triggerable when NET_CONFIG_SNTP_INIT_RESYNC is enabled. No public exploit code and no CISA KEV listing have been identified at time of analysis.

Memory Corruption Buffer Overflow Denial Of Service Use After Free Zephyr
NVD GitHub
CVSS 3.1
5.9
EPSS
0.2%
CVE-2026-9263 HIGH PATCH This Week

Out-of-bounds read in the Zephyr RTOS Bluetooth controller's ISO Adaptation Layer (isoal.c) lets an adjacent attacker leak controller memory to the HCI host and potentially crash the device. A malicious CIS peer or a broadcaster the device is BIS-synced to sends a framed ISO PDU whose start-segment length field is 0-2, causing a uint8_t underflow (len-3 → 253-255) that copies up to ~255 bytes past the received PDU into an HCI ISO packet. Publicly available exploit code exists (SSVC: poc); it is not listed in CISA KEV, and EPSS is low at 0.17%, indicating no evidence of widespread active exploitation.

Denial Of Service Buffer Overflow Information Disclosure Zephyr
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-58369 MEDIUM PATCH This Month

Unauthenticated NULL pointer dereference in Woodpecker CI before 3.15.0 allows any network attacker to flood server logs by repeatedly probing the unprotected /api/orgs/lookup/ endpoint. The LookupOrg handler unconditionally dereferences the session user object, which is nil for unauthenticated callers, triggering a Go panic on every such request; gin's recovery middleware catches each panic and returns HTTP 500, keeping the server alive but writing approximately 37 lines of stack trace per request to the error log. No active exploitation is confirmed in CISA KEV, but the zero-prerequisite attack surface - no credentials, no special configuration, no user interaction - makes low-bandwidth log-flooding trivially achievable by any unauthenticated network attacker.

Denial Of Service Null Pointer Dereference Woodpecker
NVD GitHub
CVSS 4.0
6.9
EPSS
0.4%
CVE-2026-10652 HIGH PATCH This Week

Out-of-bounds read in the Zephyr RTOS DNS resolver (subsys/net/lib/dns) lets a malicious, spoofed, or on-path DNS server - or any LAN node when mDNS/LLMNR is enabled - return crafted truncated TXT or SRV records that leak residual receive-pool memory to the application, and in some configurations crash the device. It affects Zephyr v4.3.0 and v4.4.0; the SSVC framework records a proof-of-concept, so publicly available exploit code exists, though EPSS is low (0.20%, 10th percentile) and there is no public evidence of active exploitation. The disclosed data is bounded (~64 bytes for TXT, ~6 for SRV) and read-only, but can expose stale contents of prior DNS packets.

Denial Of Service Buffer Overflow Information Disclosure Zephyr
NVD GitHub
CVSS 3.1
7.4
EPSS
0.2%
CVE-2026-44948 MEDIUM PATCH This Month

Path traversal in Rancher Fleet's ImageScan subsystem (CWE-23) allows authenticated remote attackers to escape intended directory boundaries and trigger denial of service across four active release branches (0.12.x through 0.15.x). The flaw appears to have been introduced in the 0.12.0 series and persisted undetected through at least sixteen subsequent patch releases, indicating the ImageScan component lacked adequate path sanitization for an extended period. No public exploit code or active exploitation has been identified; the CVSS 4.0 vector (PR:L) confirms exploitation requires authenticated access, materially limiting opportunistic attack surface.

Path Traversal Denial Of Service Rancher
NVD GitHub
CVSS 4.0
5.3
EPSS
0.3%
CVE-2026-8655 HIGH PATCH NEWS This Week

Denial of service in Citrix NetScaler ADC and NetScaler Gateway stems from multiple memory overflow conditions that produce unpredictable or erroneous behavior when the appliance is configured for specific DNS or load-balancing roles. Remote unauthenticated attackers can send crafted traffic to a vulnerable appliance to crash or destabilize it, with the CVSS 4.0 score of 8.8 driven primarily by high availability impact. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Citrix Oracle Denial Of Service Buffer Overflow Netscaler Application Delivery Controller +1
NVD VulDB
CVSS 4.0
8.8
EPSS
0.4%
CVE-2026-8452 HIGH PATCH NEWS This Week

Denial of service and memory corruption in Citrix NetScaler ADC and NetScaler Gateway allows remote unauthenticated attackers to trigger unpredictable or erroneous appliance behavior when the device is deployed as a Gateway (SSL VPN, ICA Proxy, CVPN, or RDP Proxy) or as an AAA virtual server. The CVSS 4.0 vector (AV:N/AC:L/PR:N/UI:N) indicates network-reachable, low-complexity exploitation with no authentication, and the high confidentiality impact suggests memory contents may be exposed alongside the DoS condition. There is no public exploit identified at time of analysis and the CVE is not on CISA KEV.

Citrix Denial Of Service Buffer Overflow Netscaler Application Delivery Controller Netscaler Gateway
NVD VulDB
CVSS 4.0
8.8
EPSS
0.4%
CVE-2026-58374 HIGH PATCH This Week

Denial of service in hostapd 2.11 through pre-2.12 development snapshots (built with CONFIG_IEEE80211BE) lets an unauthenticated attacker within wireless range crash the access-point daemon by sending a crafted Wi-Fi 7 (802.11be) Multi-Link association request. A malformed Multi-Link Element or Per-STA Profile subelement supplies a link_id of 15 that overruns the 15-entry (0-14) links[] array, causing an out-of-bounds write before the 4-way handshake. No public exploit identified at time of analysis; EPSS is low (0.29%, 20th percentile) and CISA SSVC rates exploitation as none.

Denial Of Service Buffer Overflow Hostapd
NVD VulDB
CVSS 3.1
7.1
EPSS
0.3%
CVE-2026-58016 CRITICAL PATCH Act Now

Denial of service in GNOME GLib (versions before 2.88.1) arises when g_dbus_node_info_new_for_xml() parses malformed D-Bus introspection XML that nests a <node> element inside <method>, <signal>, <property>, or <arg>. This state-confusion bug triggers an unsigned integer underflow/overflow (CWE-191) and a subsequent out-of-bounds read, crashing any application or service that parses attacker-influenced introspection data. No public exploit identified at time of analysis, EPSS is low (0.34%), and CISA SSVC rates exploitation as none with only partial technical impact.

Integer Overflow Denial Of Service Buffer Overflow Glib Enterprise Linux
NVD VulDB
CVSS 3.1
9.1
EPSS
0.3%
CVE-2026-58014 HIGH PATCH This Week

Denial of service (and a 1-byte out-of-bounds read) in GNOME GLib before 2.88.1 arises from an off-by-one error in g_key_file_get_locale_string_list() in gkeyfile.c when a parsed key file contains an empty value. Any application built on GLib that loads attacker-influenced .desktop/.ini-style key files can be crashed if the over-read crosses a page boundary, with a minor information-disclosure component from the single out-of-bounds byte. Publicly available exploit code exists (SSVC 'poc'), but it is not on CISA KEV and EPSS is low (0.24%, 15th percentile), indicating no evidence of widespread active exploitation.

Denial Of Service Glib Enterprise Linux
NVD VulDB
CVSS 3.1
8.6
EPSS
0.2%
CVE-2026-58013 HIGH PATCH This Week

Buffer over-read in GLib's giochannel line-reading code (g_io_channel_read_line_backend) affects the GNOME GLib library prior to version 2.88.1, where an application that configures a multi-byte custom line terminator triggers memcmp to read past the end of the internal GString buffer. Depending on memory layout, this leaks up to 7 bytes of adjacent heap memory (minor information disclosure) or crashes the process when the over-read crosses an unmapped page boundary (denial of service). There is no public exploit identified at time of analysis, EPSS is low (0.27%), and CISA SSVC rates exploitation as none.

Denial Of Service Buffer Overflow Information Disclosure Glib Enterprise Linux
NVD VulDB
CVSS 3.1
8.2
EPSS
0.3%
CVE-2026-58012 HIGH PATCH This Week

Buffer over-read in GNOME GLib's g_regex_replace() lets remote attackers leak 1-5 adjacent bytes of process memory and crash applications when regex replacement is performed with the G_REGEX_RAW compile flag combined with case-change replacement escapes. The internal string_append helper applies UTF-8 aware routines to matched substrings even though G_REGEX_RAW treats the buffer as raw bytes, reading past the intended boundary. There is no public exploit identified at time of analysis and EPSS is low (0.26%, 18th percentile), but the flaw is broadly reachable because GLib underpins the GNOME stack and ships across Red Hat Enterprise Linux 6-10.

Denial Of Service Buffer Overflow Information Disclosure Glib Enterprise Linux
NVD VulDB
CVSS 3.1
8.2
EPSS
0.3%
CVE-2026-58011 HIGH PATCH This Week

Out-of-bounds read of two bytes in GLib's g_date_time_get_ymd() (glib/gdatetime.c) lets attackers corrupt date output and trigger logic errors that may cause denial of service when an application processes an invalid GDateTime produced by g_date_time_add_full(). It affects the GNOME GLib core utility library shipped across Red Hat Enterprise Linux 6 through 10, with fixes in GLib 2.88.1 and 2.86.5. There is publicly available exploit code exists per SSVC (proof-of-concept), no confirmed active exploitation, and EPSS is low at 0.27% (19th percentile).

Denial Of Service Buffer Overflow Information Disclosure Glib Enterprise Linux
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-58010 HIGH PATCH This Week

Out-of-bounds read in GNOME GLib's GVariant serialiser allows remote attackers to leak a single byte of adjacent memory and to crash applications that deserialise untrusted GVariant data. The flaw sits in gvs_tuple_is_normal() in glib/gvariant-serialiser.c, where an alignment-padding bounds check uses '>' instead of '>=', reading one byte past the buffer; when that byte falls across a page boundary the process faults, producing a denial of service. No public exploit identified at time of analysis, and EPSS is low (0.26%), but GLib's near-universal presence on Linux systems makes the exposure broad.

Denial Of Service Buffer Overflow Information Disclosure Glib Enterprise Linux
NVD VulDB
CVSS 3.1
8.2
EPSS
0.3%
CVE-2026-13474 HIGH PATCH NEWS This Week

Denial of service in Citrix NetScaler ADC and NetScaler Gateway allows remote attackers to crash or render unresponsive the appliance by sending malformed HTTP/2 requests, but only when HTTP/2 is enabled in the HTTP Profile and bound to an LB, CS, or VPN virtual server or service. The CVSS 4.0 score of 8.7 reflects high availability impact with no confidentiality or integrity loss, exploitable over the network without authentication or user interaction. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Citrix Denial Of Service Netscaler Application Delivery Controller Netscaler Gateway
NVD VulDB
CVSS 4.0
8.7
EPSS
0.4%
CVE-2026-44946 CRITICAL PATCH Act Now

SAML assertion replay in Rancher's Assertion Consumer Service (ACS) handler lets a person-in-the-middle who captures a victim's SAML response reuse that assertion to authenticate as the victim, because the handler never enforces one-time use. Rancher 2.14.0 through 2.14.2 are affected, and because Rancher governs downstream Kubernetes clusters, a successful replay can yield administrative control. No public exploit identified at time of analysis; the issue is not on the CISA KEV list, and the carried CVSS 4.0 base score is 9.5 driven largely by the scope/subsequent-system impact.

Denial Of Service Rancher
NVD GitHub VulDB
CVSS 4.0
9.5
EPSS
0.3%
CVE-2026-53433 MEDIUM PATCH This Month

Denial of service in fzf's --listen mode HTTP server arises from quadratic-time (O(n²)) body processing caused by repeated string concatenation when reading POST request payloads. All fzf releases prior to 0.73.1 are affected when the --listen flag is explicitly activated to expose the embedded HTTP server. An attacker with access to the listening socket can send a single crafted POST request with many small body segments to monopolize the single-threaded server, blocking all other clients indefinitely. No public exploit identified at time of analysis; vendor-released patch is available in version 0.73.1.

Denial Of Service Fzf
NVD GitHub VulDB
CVSS 4.0
5.7
EPSS
0.1%
CVE-2026-53432 MEDIUM PATCH This Month

Integer overflow in fzf's FuzzyMatchV2 function causes a non-recoverable process crash (denial of service) when input lines reach approximately 2,200,000 bytes and a search pattern of ~999 bytes is active. The Go runtime detects the resulting invalid slice bounds and immediately terminates the process with a panic - there is no recovery path and no possibility of memory corruption or code execution. No public exploit code has been identified and this CVE is not listed in CISA KEV; the CVSS 4.0 score of 5.6 (AT:P, UI:A) reflects that exploitation requires atypical input volumes and active user or script interaction.

Integer Overflow Denial Of Service Fzf
NVD GitHub VulDB
CVSS 4.0
5.6
EPSS
0.1%
CVE-2026-57080 HIGH This Week

Remote memory exhaustion in the Net::BitTorrent Perl module (all versions through 2.0.1) lets any unauthenticated peer in a torrent swarm crash the downloading process by abusing the peer-wire protocol's length-prefix framing. Because the decoder buffers an entire announced message before processing and trusts an attacker-supplied length prefix of up to ~4 GiB, a single malicious peer can drive the victim's memory toward exhaustion. There is no public exploit identified at time of analysis and no CISA KEV listing, but the attack is trivial and requires no authentication; EPSS data was not provided.

Denial Of Service Net
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-50734 HIGH PATCH This Week

Denial of service in Apache ActiveMQ (Client, broker, and All distributions) before 5.19.8 and 6.x before 6.2.7 lets a remote unauthenticated attacker crash the broker by sending a crafted WireFormatInfo frame containing an oversized size value during the pre-authentication protocol negotiation. Because the size is consumed before any authentication occurs, the broker attempts a massive memory allocation, triggering an out-of-memory condition and process crash. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV; the fix is shipped in 6.2.7 and 5.19.8.

Denial Of Service Apache Apache Activemq Client Apache Activemq Apache Activemq All
NVD VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2026-50750 HIGH PATCH This Week

Remote denial of service in Apache ActiveMQ (versions 5.19.7 and 6.2.6) allows an unauthenticated attacker to exhaust broker heap memory and crash the service with an OutOfMemory error. The flaw is a regression introduced by the fix for CVE-2026-49270: an attacker repeatedly sends OpenWire BrokerInfo commands while never sending the expected ConnectionInfo, causing unbounded state accumulation until the broker dies. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the unauthenticated network reachability makes it a credible availability threat to exposed brokers.

Denial Of Service Apache Apache Activemq Broker Apache Activemq Apache Activemq All
NVD VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2026-13149 HIGH PATCH This Week

{}' brace groups to the expand() function, whose recursion is exponential in the number of such groups. Because brace-expansion is a near-ubiquitous transitive dependency (notably via minimatch/glob), any application that feeds untrusted input to expand() directly or indirectly is exposed. No public exploit was identified at time of analysis, though the CVSS 4.0 threat metric (E:P) indicates proof-of-concept maturity; the issue is not in CISA KEV.

Denial Of Service Brace Expansion Red Hat Suse
NVD GitHub
CVSS 4.0
7.7
EPSS
0.4%
CVE-2026-12610 MEDIUM This Month

Use-after-free in the SSSD PAM responder crashes the authentication daemon when a local attacker manipulates YubiKey or smartcard contents during an authentication attempt on Red Hat Enterprise Linux 6 through 10. The primary realized impact is a denial of service - the PAM responder crash disrupts all authentication - but the underlying memory corruption also presents a difficult-to-exploit privilege escalation path. No public exploit code exists at time of analysis, and the CVSS vector (AV:L/AC:H/PR:H) reflects a tightly constrained local attack requiring high privileges and significant complexity, limiting realistic blast radius to insider-threat and physical-access scenarios.

Privilege Escalation Denial Of Service Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 +6
NVD GitHub VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2026-45822 MEDIUM PATCH This Month

Super-linear algorithmic complexity in the decode-uri-component npm package (versions through 0.4.1) allows unauthenticated network attackers to cause severe CPU exhaustion and block the Node.js event loop by submitting crafted strings with large numbers of percent-encoded tokens. The decode() function splits input on '%' and iteratively invokes decodeComponents() in a pattern producing quadratic or worse time growth - 1,400 '%ab' tokens consume approximately 33 seconds of CPU, rendering single-threaded JavaScript runtimes effectively unresponsive. No public exploit is confirmed at time of analysis (CVSS E:U), but the deterministic algorithmic nature makes payload construction trivial for any attacker with a reachable input channel.

Denial Of Service Decode Uri Component
NVD GitHub
CVSS 4.0
6.6
EPSS
0.3%
CVE-2026-14164 HIGH PATCH This Week

Denial of service in libarchive's RAR5 reader allows remote attackers to crash applications that decompress untrusted RAR5 archives via a double-free (CWE-415) of the stale filtered_buf pointer. Reported by Red Hat and affecting libarchive as shipped across Red Hat Enterprise Linux 6 through 10, OpenShift Container Platform 4, and Red Hat Hardened Images, the flaw is triggered purely by parsing a malicious archive entry. No public exploit has been identified and the issue is not in CISA KEV; impact is limited to availability (CVSS 7.5, A:H only) with no code execution or data exposure claimed.

Denial Of Service Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 +5
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-12818 CRITICAL CISA Act Now

Resource exhaustion in Delta Electronics DVP12SE programmable logic controllers lets remote attackers crash or hang the device by overwhelming its Modbus TCP service, which lacks connection/resource throttling (CWE-770). Any host able to reach the PLC's Modbus TCP port can degrade or deny control of the affected industrial process. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, but the unauthenticated network attack surface makes it a meaningful availability risk in OT environments.

Denial Of Service Dvp 12Se
NVD VulDB
CVSS 4.0
9.3
EPSS
0.3%
CVE-2026-52197 HIGH This Week

Denial of service in the UTT nv518G router (firmware nv518GV3v3.2.7-210919-161313) allows a remote attacker to crash or hang the device by sending crafted input to the gohead/sub_44af70 (FUN_0044af70) component of its embedded web/management service. Rated CVSS 7.5 (availability-only impact), the flaw is network-reachable without authentication or user interaction but does not expose or alter data. A public technical writeup analyzing the vulnerable function exists on GitHub; there is no public evidence of active exploitation and EPSS scores it low (0.20%, 11th percentile).

Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-52195 HIGH This Week

Denial of service in the UTT nv518G gateway/router (firmware nv518GV3 v3.2.7-210919-161313) allows a remote, unauthenticated attacker to crash the device by triggering a buffer overflow in the gohead web-service handler at function sub_472f08 (FUN_00472f08). The CVSS 3.1 score of 7.5 reflects availability-only impact (A:H, C:N/I:N) over the network with no privileges or user interaction. EPSS is low (0.22%, 13th percentile) and the CVE is not in CISA KEV; a third-party technical write-up exists on GitHub, but no active exploitation is confirmed.

Denial Of Service Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-44840 Go HIGH POC PATCH GHSA This Week

DQL (Dgraph Query Language) injection in Dgraph's GraphQL-to-DQL query rewriter (versions <= v25.3.3) lets remote unauthenticated attackers inject arbitrary query blocks through the unauthenticated checkUserPassword GraphQL query. User-supplied password values are interpolated into a checkpwd() DQL call via fmt.Sprintf without escaping, so a double-quote breaks out of the string literal and appends attacker-controlled DQL. A working PoC exists (publicly available exploit code exists); the issue is not in CISA KEV and no active exploitation is reported, but server-side execution of injected blocks is confirmed, enabling schema/data enumeration and resource exhaustion.

Denial Of Service Nosql Injection
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2026-10648 MEDIUM PATCH This Month

Denial of service in Zephyr RTOS v4.4.0 allows an attacker with access to a serial, UART, or shell-console interface to crash an affected embedded device by exhausting the MCUmgr shared buffer pool and triggering a NULL pointer dereference. The defect in mcumgr_serial_process_frag() (CWE-476) was introduced during the MCUmgr rework and manifests in default builds where assertion checks are compiled out, making the write-through-NULL a hard fault rather than a caught assertion. No public exploit has been identified at time of analysis and no CISA KEV listing exists, but exploitation is straightforward for any attacker with interface access.

Denial Of Service Null Pointer Dereference Zephyr
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-7656 MEDIUM POC PATCH This Month

Forged IPv6 Neighbor Discovery acceptance in the Zephyr RTOS network stack (all releases through v4.4.0) lets an adjacent on-link attacker inject spoofed Router Advertisement, Neighbor Solicitation, and Neighbor Advertisement messages because an operator-precedence bug in subsys/net/ip/ipv6_nbr.c silently skips every RFC 4861 sanity check whenever the (always-present) ICMPv6 code is 0. Because the bypassed checks include the Hop-Limit==255 on-link proof, even off-link/remote attackers may have forged ND packets accepted, enabling default-router/DNS/SLAAC hijacking and neighbor-cache poisoning for man-in-the-middle, redirection, and denial of service. A vendor patch exists (commit 095f064c) but there is no public exploit identified at time of analysis and the issue is not in CISA KEV.

Denial Of Service Zephyr
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.2%
CVE-2026-53917 HIGH PATCH This Week

Denial of service in Apache ActiveMQ (versions before 5.19.8, and 6.0.0 before 6.2.7) lets an authenticated user crash the broker by sending a crafted OpenWire message whose property map declares an excessively large encoded size. Because the map is unmarshaled without validating the declared size against actual payload bounds, the broker pre-allocates massive memory and hits an OutOfMemory condition. No public exploit identified at time of analysis and the issue is not in CISA KEV, but the low attack complexity and availability of a vendor patch make it a practical operational concern for exposed brokers.

Denial Of Service Apache Activemq Activemq Broker
NVD VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2026-43720 MEDIUM PATCH This Month

Use-after-free memory corruption in Safari's web content rendering engine causes a denial-of-service crash on Apple platforms running Safari, iOS/iPadOS, and macOS Tahoe prior to version 26.5.2. An attacker who can lure a victim to visit a maliciously crafted webpage can reliably crash the Safari browser, with no code execution or data exfiltration indicated by the available CVSS impact scores (C:N/I:N). No public exploit code and no CISA KEV listing have been identified at time of analysis, placing this in the category of a significant but non-critical browser crash vulnerability.

Memory Corruption Apple Denial Of Service Use After Free Ios And Ipados
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2026-43717 MEDIUM PATCH This Month

Use-after-free memory corruption in Safari's web content rendering engine causes an unexpected application crash when processing maliciously crafted web content. Affected are Apple Safari, iOS and iPadOS, and macOS Tahoe - all prior to version 26.5.2. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) confirms that a remote unauthenticated attacker can trigger this condition simply by luring a user to visit a hostile page, with impact limited to availability (process crash/DoS). No public exploit code identified and not listed in CISA KEV at time of analysis; vendor-released patches are available.

Memory Corruption Apple Denial Of Service Use After Free Ios And Ipados
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-43726 MEDIUM PATCH This Month

Use-after-free memory corruption in Apple's WebKit browser engine causes an unexpected process crash when rendering maliciously crafted web content. Safari (all versions prior to 26.5.2), iOS and iPadOS (all versions prior to 26.5.2), and macOS Tahoe (all versions prior to 26.5.2) are affected across Apple's full consumer device ecosystem. No public exploit or CISA KEV listing exists at time of analysis; impact is confirmed as denial-of-service (process crash) only, with no confidentiality or integrity compromise.

Memory Corruption Apple Denial Of Service Use After Free Ios And Ipados
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-43706 MEDIUM PATCH This Month

Double free memory corruption in Apple's web content processing engine crashes the rendering process on iOS/iPadOS (pre-26.5.2) and macOS Tahoe (pre-26.5.2) when a device processes attacker-controlled web content. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) confirms network delivery with no authentication required, though a user must interact with the malicious content, and impact is limited to availability - no confidentiality or integrity compromise is indicated. No public exploit code and no CISA KEV listing exist at time of analysis, placing this in a lower active-risk tier despite the ubiquity of affected Apple platforms.

Apple Denial Of Service Ios And Ipados
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-43746 MEDIUM PATCH This Month

Use-after-free memory corruption in Safari's web content processing causes an unexpected application crash across Apple platforms. Affected are Safari, iOS, iPadOS, and macOS Tahoe prior to version 26.5.2; exploitation requires only that a user visits or loads maliciously crafted web content, making drive-by delivery via a malicious webpage the primary vector. Impact is confined to availability - a forced Safari crash (denial of service) - with no confirmed confidentiality or integrity consequences. No public exploit code or active exploitation has been identified at time of analysis.

Memory Corruption Apple Denial Of Service Use After Free Ios And Ipados
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-43727 MEDIUM PATCH This Month

Use-after-free in Safari's web content processing engine causes denial of service across Apple platforms, affecting Safari, iOS/iPadOS, and macOS prior to the 26.5.2 release line. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) confirms remote, unauthenticated triggering requiring only that a user visit attacker-controlled web content, with impact limited to availability - specifically an unexpected Safari crash. No active exploitation has been confirmed (not listed in CISA KEV), and no public exploit code has been identified at time of analysis.

Memory Corruption Apple Denial Of Service Use After Free Ios And Ipados
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-43704 MEDIUM PATCH This Month

Use-after-free memory corruption in Apple Safari (and the broader iOS/iPadOS/macOS Tahoe platform) allows a malicious web extension to trigger an unexpected process crash, resulting in a denial-of-service condition. Affected versions span all Safari, iOS/iPadOS, and macOS Tahoe releases prior to 26.5.2, with Apple-confirmed fixes available across all three platforms. No active exploitation is confirmed (not listed in CISA KEV) and no public exploit code has been identified at time of analysis; the high attack complexity and requirement for a pre-installed malicious extension meaningfully constrain real-world risk.

Memory Corruption Apple Denial Of Service Use After Free Ios And Ipados
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-43709 MEDIUM PATCH This Month

Use-after-free memory corruption in Apple's WebKit engine causes unexpected process crashes when processing maliciously crafted web content. Affected platforms include Safari, iOS 26, iPadOS 26, and macOS Tahoe - all versions prior to 26.5.2. An unauthenticated remote attacker can trigger a denial-of-service condition by luring a user to a malicious web page; no public exploit has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.

Memory Corruption Apple Denial Of Service Use After Free Ios And Ipados
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-43699 MEDIUM PATCH This Month

Use-after-free memory corruption in WebKit's web content processing causes unexpected process crashes across Safari, iOS, and iPadOS on all versions prior to 26.5.2. An unauthenticated remote attacker who can lure a user to visit a maliciously crafted web page can trigger this condition, resulting in a denial-of-service via browser process termination. No public exploit code has been identified at time of analysis and the vulnerability is absent from CISA KEV, though the use-after-free class in WebKit has historically been chained with other primitives to escalate impact.

Memory Corruption Apple Denial Of Service Use After Free Ios And Ipados
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-43734 MEDIUM PATCH This Month

Use-after-free memory corruption in Safari's web content processing engine causes an unexpected process crash when rendering maliciously crafted web pages. Affected products include Safari, iOS and iPadOS, and macOS Tahoe, all prior to version 26.5.2. No public exploit code has been identified at time of analysis and this vulnerability is not listed in CISA KEV, though the low attack complexity and no-privileges-required vector make user-targeted delivery straightforward.

Memory Corruption Apple Denial Of Service Use After Free Ios And Ipados
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-43742 MEDIUM PATCH This Month

Use-after-free memory corruption in Apple's WebKit rendering engine causes unexpected process crashes when processing maliciously crafted web content across Safari, iOS/iPadOS, and macOS Tahoe. All three platform variants prior to the 26.5.2 release train are affected, covering a substantial portion of Apple's consumer and enterprise device fleet. An unauthenticated remote attacker can trigger a denial-of-service condition by enticing a victim to visit a specially crafted webpage; no public exploit code or active exploitation (CISA KEV) has been identified at time of analysis.

Memory Corruption Apple Denial Of Service Use After Free Ios And Ipados
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-56018 HIGH PATCH This Week

Uncontrolled memory consumption in the Perl module JavaScript::Minifier::XS before version 0.16 lets remote attackers exhaust a long-lived process's memory by repeatedly triggering minify() calls. The XS cleanup code frees only the NodeSet structures while leaking every per-token contents buffer (and the entire NodeSet on the empty-list early-return paths), so each invocation leaks heap memory until the process is OOM-killed. CISA's SSVC marks exploitation as automatable with partial technical impact; no public exploit has been identified and it is not in CISA KEV, though the leak is trivially reachable in any service that minifies attacker-supplied JavaScript.

Denial Of Service JavaScript
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2026-56017 HIGH PATCH This Week

JavaScript::Minifier::XS versions before 0.16 for Perl crash with a NULL pointer dereference when the first meaningful token of the input is a slash. The regexp versus division disambiguator in JsTokenizeString (XS.xs) inspects the previous token's last byte to choose between a regexp literal and a division operator. When a slash is the first meaningful token, with the start of input or only whitespace and comments before it, there is no valid preceding token: the walk back over whitespace and comment nodes runs off the head of the node list to NULL, and the byte lookup reads through a NULL contents pointer at an underflowed length index. The following identifier check dereferences the same NULL pointer. The crash is reachable through the public minify() API, so input as small as a single slash byte crashes the calling process. A service that minifies untrusted or third-party JavaScript can be crashed by a remote request, causing denial of service.

Denial Of Service Null Pointer Dereference JavaScript
NVD VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2026-53426 HIGH PATCH This Week

Unauthenticated denial-of-service in MDEx, an Elixir/Erlang CommonMark parsing library, lets an attacker crash the entire BEAM virtual machine by feeding a crafted JSON document to MDEx.parse_document/2's {:json, ...} source. Because each unique node_type value is interned as a permanent BEAM atom that is never garbage collected, a single deeply nested document can mint hundreds of thousands of atoms and exhaust the ~1,048,576-atom table, aborting every process on the node. The flaw affects mdex 0.4.3 through 0.13.1, is fixed in 0.13.2, and has no public exploit identified at time of analysis.

Denial Of Service Mdex
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.1%
CVE-2026-54888 MEDIUM PATCH This Month

Stack exhaustion in the mdex and mdex_native Elixir Markdown libraries causes entire-node denial of service when processing attacker-controlled deeply nested Markdown. Two mutually recursive Rust NIF functions, ex_document_to_comrak_ast and comrak_ast_to_ex_document in document.rs, traverse the Comrak AST without enforcing a maximum nesting depth; a document with thousands of nested block quotes drives unbounded recursion that overflows the native C stack. Because the resulting SIGSEGV is raised inside a NIF, the Erlang runtime cannot catch it - the OS process hosting the BEAM terminates, killing every Elixir and Erlang process on the node. No public exploit has been identified at time of analysis, but the attack requires only crafted Markdown input with no authentication.

Denial Of Service Mdex Mdex Native
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2026-53429 MEDIUM PATCH This Month

Native Rust heap exhaustion in leandrocp mdex and mdex_native allows any attacker who can supply document content to MDEx.to_html/1 to crash the BEAM Erlang/Elixir node through unbounded memory accumulation. The Rust NIF permanently leaks memory by calling Box::leak on every escaped-tag literal string during document rendering, with no size cap or rate limit - leakage compounds across repeated renders proportional to literal_size multiplied by node_count, and the BEAM VM can never reclaim native allocations once surrendered this way. No public exploit code has been identified and the vulnerability is not listed in CISA KEV; vendor-released patches are available in mdex 0.12.3 and mdex_native 0.2.3.

Denial Of Service Mdex Mdex Native
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome for macOS before 150.0.7871.47 lets an attacker who has already compromised the renderer process break out of the browser sandbox by exploiting a use-after-free in the USB subsystem via a crafted HTML page. Rated High by Chromium and CVSS 9.6, it functions as a second-stage escalation primitive rather than a standalone entry point. There is no public exploit identified at time of analysis, and EPSS is low at 0.21% (11th percentile).

Memory Corruption Denial Of Service Use After Free +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Arbitrary code execution in Google Chrome's DOM implementation lets a remote attacker run code within the renderer sandbox by luring a victim to a crafted HTML page. All desktop Chrome builds before 150.0.7871.47 are affected; Chromium rates the flaw High severity. No public exploit has been identified and EPSS probability is low (0.26%), but the vendor patch is already available and should be applied promptly.

Memory Corruption Google Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local OS-level privilege escalation in Google Chrome on Windows (versions prior to 150.0.7871.47) arises from a use-after-free in the Chrome Updater component, letting a local attacker who can plant a malicious file on the system elevate to higher OS privileges. Google rates the Chromium severity as High and has released a fixed Stable channel build; there is no public exploit identified and it is not listed in CISA KEV. EPSS is low at 0.13% (3rd percentile), consistent with a bug that requires local access and user interaction rather than mass remote exploitation.

Memory Corruption Google Microsoft +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome's Headless component (versions prior to 150.0.7871.47) lets a remote attacker who has already compromised the renderer process break out of the browser sandbox by serving a crafted HTML page. Rated High by Chromium and CVSS 8.3, it is a CWE-416 use-after-free with no public exploit identified at time of analysis; EPSS is low at 0.21% (11th percentile) and CISA SSVC records no known exploitation.

Memory Corruption Denial Of Service Use After Free +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's Chromoting (Chrome Remote Desktop) component on Linux allows an adjacent-network attacker to run arbitrary code by sending malicious network traffic to a vulnerable client before version 150.0.7871.47. The flaw is a use-after-free memory-corruption issue rated High by Chromium and carries a CVSS 8.8. There is no public exploit identified at time of analysis, it is not in CISA KEV, and EPSS is low (0.24%, 15th percentile), indicating no observed exploitation activity yet.

Memory Corruption Google Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in Google Chrome's Updater component on macOS versions prior to 150.0.7871.47 lets an attacker abuse a use-after-free (CWE-416) via a malicious file to gain the elevated privileges under which the updater runs. Google rates the Chromium severity as High, and the CVSS 3.1 base score is 7.8; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. EPSS is low at 0.13% (3rd percentile), consistent with the SSVC exploitation status of 'none'.

Memory Corruption Google Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in Glic in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Memory Corruption Denial Of Service Use After Free +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome desktop versions prior to 150.0.7871.47 stems from a use-after-free in the Canvas component, letting a remote attacker run arbitrary code within the renderer sandbox when a victim opens a crafted HTML page. The flaw carries a CVSS 8.8 (High) rating and requires user interaction (visiting a malicious page), but no authentication. There is no public exploit identified at time of analysis, and EPSS is low at 0.26% (17th percentile).

Memory Corruption Google Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's Blink rendering engine (versions prior to 150.0.7871.47) allows a remote attacker to run arbitrary code inside the renderer sandbox by luring a victim to a crafted HTML page. The flaw is a use-after-free (CWE-416) rated High by Chromium and 8.8 (CVSS 3.1); it requires user interaction (visiting a malicious page) and no privileges. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, with a low EPSS of 0.26% (17th percentile).

Memory Corruption Google Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Heap corruption via a use-after-free in the Views UI component of Google Chrome allows a remote attacker who serves a crafted HTML page and lures a user into performing specific UI gestures to potentially execute code in the browser process. All desktop Chrome builds prior to 150.0.7871.47 are affected; Google rates the Chromium severity as High and has shipped a fix. No public exploit identified at time of analysis, and EPSS is low (0.21%, 11th percentile).

Memory Corruption Denial Of Service Use After Free +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Renderer-process remote code execution in Google Chrome desktop before 150.0.7871.47 stems from a use-after-free in the Input Method Editor (IME) component, letting a remote attacker run arbitrary code within the browser's sandbox when a victim visits a crafted HTML page. Rated High by Chromium and CVSS 8.8, it requires user interaction (visiting a page) but no authentication. No public exploit identified at time of analysis, and the EPSS score is low (0.26%, 17th percentile), indicating no evidence of widespread exploitation yet.

Memory Corruption Google Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote code execution in Google Chrome on iOS prior to 150.0.7871.47 stems from a use-after-free in the browser's Import component, allowing a remote attacker who lures a victim into opening a malicious file and performing specific UI gestures to execute arbitrary code. Rated High by Chromium and CVSS 7.5, the flaw has no public exploit identified at time of analysis and a low EPSS of 0.24% (15th percentile), consistent with its high attack complexity and required user interaction. A vendor patch is available in the June 2026 Stable channel update.

Memory Corruption Google Apple +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome for macOS prior to 150.0.7871.47 stems from a use-after-free in the GFX (graphics) component, allowing a remote attacker to run arbitrary code after a victim opens a crafted HTML page. Chromium rates the severity High and the CVSS is 8.8, but exploitation requires user interaction (visiting a malicious page). There is no public exploit identified at time of analysis and EPSS is low (0.26%, 17th percentile), indicating no observed weaponization yet.

Memory Corruption Google Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome's Chromecast component (versions before 150.0.7871.47) lets an attacker who has already compromised the renderer process break out of the browser sandbox and reach the host via a crafted HTML page. Rooted in a use-after-free (CWE-416) memory-corruption bug rated High by Chromium, it carries a CVSS 8.3 driven by a scope change and full CIA impact, but requires a pre-existing renderer compromise, high attack complexity, and user interaction. No public exploit identified at time of analysis, and the low EPSS (0.21%) plus SSVC 'exploitation: none' indicate it is not currently being exploited.

Memory Corruption Denial Of Service Use After Free +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote code execution in Google Chrome (Views UI component) prior to 150.0.7871.47 allows a remote attacker to execute arbitrary code by luring a victim to a crafted HTML page and inducing specific UI gestures that trigger a use-after-free. Rated High by Chromium and CVSS 7.5, the flaw is elevated in complexity by its requirement for user interaction, and no public exploit has been identified at time of analysis; EPSS probability is low at 0.26%.

Memory Corruption Google Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Heap corruption in Google Chrome's QUIC networking stack (versions prior to 150.0.7871.47) stems from a use-after-free that a remote attacker can trigger through crafted network traffic, potentially leading to arbitrary code execution in the affected browser process. Google rated the Chromium security severity as High and has shipped a fixed Stable-channel build; there is no public exploit identified at time of analysis and CISA's SSVC records exploitation status as 'none'. EPSS is low (0.19%, 9th percentile), indicating no observed weaponization despite a total technical-impact rating.

Memory Corruption Denial Of Service Use After Free +2
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome for macOS versions prior to 150.0.7871.47 stems from a use-after-free in the Touchbar component, letting a remote attacker who lures a victim to a crafted HTML page potentially break out of the renderer sandbox. Reported through Google's internal Chrome security process and rated High by Chromium, it carries a CVSS 9.6 due to scope change and full CIA impact, though there is no public exploit identified at time of analysis and EPSS exploitation probability is low at 0.21%. SSVC assesses current exploitation as none, indicating this is a patch-now-but-not-panic item.

Memory Corruption Denial Of Service Use After Free +2
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome's GPU process (versions prior to 150.0.7871.47) lets a remote attacker who has already compromised the renderer process break out of the browser sandbox via a crafted HTML page. Rated High by Chromium and CVSS 9.6 due to a scope-changing (S:C) full-impact outcome, this is a use-after-free (CWE-416) memory-corruption bug. No public exploit identified at time of analysis; EPSS is low (0.21%, 11th percentile) and CISA SSVC lists exploitation as none, so it is a serious-but-not-yet-exploited patch priority.

Memory Corruption Denial Of Service Use After Free +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome for Android before 150.0.7871.47 stems from a use-after-free in the Fullscreen component, letting a remote attacker who lures a victim to a crafted HTML page corrupt memory and run arbitrary code in the renderer. Chromium rates the flaw Critical, though CVSS scores it 8.8 because exploitation requires the victim to open the malicious page. There is no public exploit identified at time of analysis, and the EPSS probability is low (0.26%, 17th percentile), with CISA SSVC showing no known exploitation.

Memory Corruption Google Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Remote code execution in Google Chrome's Chromoting (Chrome Remote Desktop) component on Windows affects all desktop builds prior to 150.0.7871.47, where a use-after-free (CWE-416) lets a remote attacker corrupt memory via malicious network traffic. Google rates the Chromium severity Critical, and a vendor patch is available, but there is no public exploit identified at time of analysis and EPSS is low at 0.24%. High attack complexity (AC:H) means the memory-corruption race is non-trivial to win reliably, tempering the CVSS 8.1 score.

Memory Corruption Google Microsoft +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome's Ozone platform-abstraction layer prior to 150.0.7871.47 lets a remote attacker execute arbitrary code by luring a victim to a crafted HTML page. The flaw is a use-after-free (CWE-416) rated Critical by Chromium and CVSS 8.8, requiring the victim to visit a malicious page (UI:R) but no privileges. No public exploit has been identified at time of analysis and EPSS probability is low (0.26%), but the memory-corruption class and 'total' technical impact make it a high-priority browser patch.

Memory Corruption Google Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome on macOS before 150.0.7871.47 stems from a use-after-free in the browser's Bluetooth component, letting a remote attacker who lures a user into specific UI gestures on a crafted HTML page corrupt memory and break out of the renderer sandbox. Rated Critical by Chromium and CVSS 9.6, though no public exploit has been identified and EPSS is low (0.22%, 13th percentile). A vendor fix is available and CISA SSVC currently marks exploitation as 'none'.

Memory Corruption Denial Of Service Use After Free +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use-after-free in Google Chrome's Views UI framework prior to 150.0.7871.47 lets a remote attacker trigger heap corruption after luring a user to a crafted HTML page and performing specific UI gestures, potentially achieving code execution in the renderer/browser process. Chromium rates the flaw Critical, though the CVSS is 8.8 due to required user interaction. No public exploit identified at time of analysis, and EPSS is low (0.22%, 13th percentile); SSVC lists exploitation as none but technical impact as total.

Memory Corruption Denial Of Service Use After Free +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use-after-free in Google Chrome's Views UI framework, fixed in 150.0.7871.47, lets a remote attacker who lures a victim into performing specific UI gestures on a crafted HTML page trigger heap corruption and potentially achieve code execution in the browser process. Chromium rates the flaw Critical, though the CVSS is 8.8 due to required user interaction; there is no public exploit identified at time of analysis and EPSS exploitation probability is low at 0.22%.

Memory Corruption Denial Of Service Use After Free +2
NVD VulDB
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome desktop versions prior to 150.0.7871.47 lets a remote attacker who has already compromised the renderer process break out of the sandbox and gain broader code execution on the host via a crafted HTML page. Chromium rates the underlying use-after-free as Critical, though there is no public exploit identified at time of analysis and EPSS exploitation probability is low (0.21%). A vendor patch is available and the flaw is a classic second-stage chain component rather than a standalone entry point.

Memory Corruption Denial Of Service Use After Free +2
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Remote code execution in Google Chrome on ChromeOS (versions prior to 150.0.7871.47) stems from a use-after-free in the Chromoting (Chrome Remote Desktop) component, letting a remote attacker corrupt memory and execute arbitrary code through malicious network traffic. Google rates the Chromium severity as Critical, and CVSS scores it 8.1 with a high attack complexity. As of this analysis there is no public exploit identified and it is not listed in CISA KEV; EPSS is low at 0.24% (15th percentile), and SSVC records exploitation status as none.

Memory Corruption Google Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local arbitrary code execution in Google Chrome for macOS (versions prior to 150.0.7871.47) stems from a use-after-free in the WebUSB implementation, which Chromium rates Critical. A local attacker who can present a malicious USB peripheral to a victim who authorizes it can corrupt renderer memory and run attacker-controlled code within the browser's context. There is no public exploit identified at time of analysis, and EPSS is low (0.16%, 5th percentile), reflecting limited likelihood of widespread opportunistic exploitation.

Memory Corruption Google Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome desktop prior to 150.0.7871.47 stems from a use-after-free in the GPU process, letting a remote attacker who has already compromised the renderer break out of the browser sandbox via a crafted HTML page. Google rates the Chromium severity as Critical, and a fix is available in the Stable channel update. There is no public exploit identified at time of analysis, and EPSS exploitation probability is low at 0.22% (13th percentile).

Memory Corruption Denial Of Service Use After Free +2
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Arbitrary code execution in Google Chrome desktop versions prior to 150.0.7871.47 stems from a use-after-free flaw in the Extensions component, which Chromium rated Critical severity. An attacker who convinces a victim to install a malicious extension can trigger the dangling-pointer condition through a crafted extension to run arbitrary code in the affected process. There is no public exploit identified at time of analysis, EPSS is low (0.16%, 6th percentile), and CISA/SSVC records no observed exploitation.

Memory Corruption Google Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Memory exhaustion in pypdf prior to 6.13.3 allows unauthenticated remote attackers to cause denial of service by supplying a maliciously crafted PDF. The MAX_DECLARED_STREAM_LENGTH safety cap - designed to bound memory allocation during stream parsing - is bypassed when a PDF content stream omits the /Length value, enabling unbounded memory growth. No active exploitation is confirmed (not in CISA KEV), but the attack surface encompasses any Python application that parses attacker-supplied PDFs, a common pattern in document pipelines and web upload handlers.

Python Denial Of Service Pypdf
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in the UTT nv518G gateway/router (firmware nv518GV3v3.2.7-210919-161313) lets a remote, unauthenticated attacker crash the device by triggering a buffer overflow in the gohead web-service function sub_416f28 (FUN_00416f28). Publicly available exploit code exists (referenced PoC on GitHub), though the flaw is not listed in CISA KEV and EPSS scores it at just 0.22% (13th percentile), indicating low observed exploitation activity. Impact is limited to availability - no code execution or data exposure is claimed in the source data.

Denial Of Service Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Memory exhaustion via denial of service in ImageMagick before 7.1.2-19 allows remote attackers to trigger a persistent memory leak in the PNG encoder by supplying crafted MNG image input that induces an encoder failure condition. Affected deployments include any service that accepts user-supplied images and processes them through ImageMagick's MNG write path. No public exploit code or active exploitation has been identified at time of analysis, but the network-reachable attack surface in image-processing pipelines makes this a realistic DoS risk against unpatched instances.

Denial Of Service Imagemagick
NVD GitHub VulDB
EPSS 0% CVSS 1.8
LOW PATCH Monitor

Memory exhaustion denial of service in ImageMagick before 7.1.2-13 allows a local attacker with write access to the OpenCL cache directory to crash the application by placing malformed XML files that trigger an unpatched memory leak in LoadOpenCLDeviceBenchmark(). The root cause is CWE-401: memory allocated during XML parsing of unclosed device elements is never freed, enabling a resource exhaustion attack. No public exploit code has been identified and exploitation has not been confirmed by CISA KEV; however, a patch commit and upstream advisory are available.

Denial Of Service Imagemagick
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Division by zero in ImageMagick's binomial kernel processing path, affecting all versions before 7.1.2-22, allows an attacker to crash the application by supplying a crafted image with an oversized binomial kernel value. The integer overflow corrupts the kernel size calculation, and a subsequent division by the resulting zero value causes an unhandled exception and process termination. No public exploit code has been identified and the vulnerability is not listed in CISA KEV; however, automated image-processing pipelines that accept untrusted uploads are at elevated practical risk despite the local-vector CVSS rating.

Integer Overflow Denial Of Service Imagemagick
NVD GitHub VulDB
EPSS 0% CVSS 3.7
LOW Monitor

Heap buffer overflow in the Ruby JSON gem's streaming generator (versions 2.9.0-2.19.8) enables reliable process crash via attacker-controlled serialized data. When applications invoke `JSON.dump(obj, io)` or `JSON::State#generate(obj, io)` to stream JSON to an IO object, the C-level generator can write past its internal buffer if the serialized object contains a string near 16 KB in size. Impact is confined to denial of service - reliable process termination - with no evidence of confidentiality or integrity impact. No public exploit code and no CISA KEV listing are identified at time of analysis; the CVSS score of 3.7 (Low) appropriately reflects the constrained attack conditions.

Heap Overflow Denial Of Service Buffer Overflow +1
NVD GitHub
EPSS 0% CVSS 8.7
HIGH Act Now

Denial of service in OFFIS DCMTK's DICOM worklist server (wlmscpfs) allows a remote, unauthenticated attacker to crash the service with a single crafted DICOM query when the server is provisioned with a valid Called AE Title, a storage directory, the expected lockfile, and at least one matching worklist record. The flaw stems from a type-confusion condition (CWE-843) and carries a CVSS 4.0 base score of 8.7 driven entirely by high availability impact (VA:H). There is no public exploit identified at time of analysis, and it is not listed in CISA KEV, though it was reported through the ICS-CERT/ICSMA medical-advisory channel.

Memory Corruption Denial Of Service Dcmtk Toolkit
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Temporary denial of service in IBM watsonx.data intelligence 5.2.0 through 5.3.0 is achievable by authenticated users who submit specially crafted HTTP requests, exploiting improper resource throttling allocation (CWE-770). The impact is limited to availability - confidentiality and integrity are unaffected - and the disruption is described as temporary rather than persistent. No public exploit code or active exploitation has been identified at the time of analysis.

IBM Denial Of Service Watsonx Data Intelligence
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Denial of service in IBM Db2 11.5.0-11.5.9 and 12.1.0-12.1.4 allows an authenticated low-privileged user to crash or hang the database server by submitting a crafted SQL query exploiting improper neutralization of special elements in XMLTable-derived column processing logic. The CVSS vector (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) confirms this is remotely triggerable with minimal privileges, posing a realistic insider-threat or compromised-credential availability risk. No public exploit code or active exploitation has been identified at time of analysis.

IBM Denial Of Service Microsoft +1
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Information disclosure and denial of service in IBM Langflow OSS 1.0.0 through 1.9.6 stem from missing authentication on the /api/v1/build_public_tmp/ endpoints, letting an unauthenticated attacker who supplies a valid job identifier read build event data or cancel running jobs. The flaw carries a CVSS 9.1 (AV:N/AC:L/PR:N/UI:N) and CWE-287 classification; there is no public exploit identified at time of analysis, and EPSS is low at 0.25% (17th percentile) with CISA SSVC recording no observed exploitation but flagging it as automatable.

Authentication Bypass IBM Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Denial of service in IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 allows adjacent unauthenticated attackers to crash the WebSphere Application Server JVM by sending malformed XDF-encoded Protocol Buffers messages to the data grid. The XDF decoder fails to enforce bounds on recursive protobuf message nesting depth and attacker-supplied length prefixes, triggering either a StackOverflowError or OutOfMemoryError that takes down the JVM process. No public exploit has been identified at time of analysis, and IBM has released a patch via their support advisory.

IBM Denial Of Service Websphere Extreme Scale
NVD
CVSS 5.9
MEDIUM PATCH This Month

Unbounded memory exhaustion in Sigstore's timestamp-authority server allows any unauthenticated remote attacker to crash or degrade the service by flooding it with high-cardinality HTTP requests. The root cause is the global `wrapMetrics` Prometheus middleware, which permanently registers a new time-series entry for every unique combination of raw request path and HTTP method it observes - including requests for unmatched paths that return 404 - causing heap memory to grow without bound under attacker-controlled input. No public exploit code has been identified at time of analysis, but exploitation requires no authentication and no special configuration, making any publicly exposed timestamp-authority endpoint a realistic target for denial-of-service attacks against software signing and CI/CD pipelines.

Denial Of Service
NVD GitHub
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

### Summary Responsibly disclosed by @NSEcho. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Red Hat Suse
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Use-after-free in Zephyr's asynchronous SNTP client (sntp_close_async, v4.2.0-v4.4.0) can be triggered remotely by any network peer or off-path attacker capable of dropping or delaying UDP NTP responses, exploiting a race between the system workqueue thread and the socket-service poll thread. The most probable outcome is a crash of the networking subsystem thread (denial of service); where the freed net_context pool slot is rapidly reallocated, memory corruption is possible. The vulnerability is on the normal SNTP timeout path, making it reliably and periodically triggerable when NET_CONFIG_SNTP_INIT_RESYNC is enabled. No public exploit code and no CISA KEV listing have been identified at time of analysis.

Memory Corruption Buffer Overflow Denial Of Service +2
NVD GitHub
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Out-of-bounds read in the Zephyr RTOS Bluetooth controller's ISO Adaptation Layer (isoal.c) lets an adjacent attacker leak controller memory to the HCI host and potentially crash the device. A malicious CIS peer or a broadcaster the device is BIS-synced to sends a framed ISO PDU whose start-segment length field is 0-2, causing a uint8_t underflow (len-3 → 253-255) that copies up to ~255 bytes past the received PDU into an HCI ISO packet. Publicly available exploit code exists (SSVC: poc); it is not listed in CISA KEV, and EPSS is low at 0.17%, indicating no evidence of widespread active exploitation.

Denial Of Service Buffer Overflow Information Disclosure +1
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Unauthenticated NULL pointer dereference in Woodpecker CI before 3.15.0 allows any network attacker to flood server logs by repeatedly probing the unprotected /api/orgs/lookup/ endpoint. The LookupOrg handler unconditionally dereferences the session user object, which is nil for unauthenticated callers, triggering a Go panic on every such request; gin's recovery middleware catches each panic and returns HTTP 500, keeping the server alive but writing approximately 37 lines of stack trace per request to the error log. No active exploitation is confirmed in CISA KEV, but the zero-prerequisite attack surface - no credentials, no special configuration, no user interaction - makes low-bandwidth log-flooding trivially achievable by any unauthenticated network attacker.

Denial Of Service Null Pointer Dereference Woodpecker
NVD GitHub
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Out-of-bounds read in the Zephyr RTOS DNS resolver (subsys/net/lib/dns) lets a malicious, spoofed, or on-path DNS server - or any LAN node when mDNS/LLMNR is enabled - return crafted truncated TXT or SRV records that leak residual receive-pool memory to the application, and in some configurations crash the device. It affects Zephyr v4.3.0 and v4.4.0; the SSVC framework records a proof-of-concept, so publicly available exploit code exists, though EPSS is low (0.20%, 10th percentile) and there is no public evidence of active exploitation. The disclosed data is bounded (~64 bytes for TXT, ~6 for SRV) and read-only, but can expose stale contents of prior DNS packets.

Denial Of Service Buffer Overflow Information Disclosure +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Path traversal in Rancher Fleet's ImageScan subsystem (CWE-23) allows authenticated remote attackers to escape intended directory boundaries and trigger denial of service across four active release branches (0.12.x through 0.15.x). The flaw appears to have been introduced in the 0.12.0 series and persisted undetected through at least sixteen subsequent patch releases, indicating the ImageScan component lacked adequate path sanitization for an extended period. No public exploit code or active exploitation has been identified; the CVSS 4.0 vector (PR:L) confirms exploitation requires authenticated access, materially limiting opportunistic attack surface.

Path Traversal Denial Of Service Rancher
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Denial of service in Citrix NetScaler ADC and NetScaler Gateway stems from multiple memory overflow conditions that produce unpredictable or erroneous behavior when the appliance is configured for specific DNS or load-balancing roles. Remote unauthenticated attackers can send crafted traffic to a vulnerable appliance to crash or destabilize it, with the CVSS 4.0 score of 8.8 driven primarily by high availability impact. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Citrix Oracle Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Denial of service and memory corruption in Citrix NetScaler ADC and NetScaler Gateway allows remote unauthenticated attackers to trigger unpredictable or erroneous appliance behavior when the device is deployed as a Gateway (SSL VPN, ICA Proxy, CVPN, or RDP Proxy) or as an AAA virtual server. The CVSS 4.0 vector (AV:N/AC:L/PR:N/UI:N) indicates network-reachable, low-complexity exploitation with no authentication, and the high confidentiality impact suggests memory contents may be exposed alongside the DoS condition. There is no public exploit identified at time of analysis and the CVE is not on CISA KEV.

Citrix Denial Of Service Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Denial of service in hostapd 2.11 through pre-2.12 development snapshots (built with CONFIG_IEEE80211BE) lets an unauthenticated attacker within wireless range crash the access-point daemon by sending a crafted Wi-Fi 7 (802.11be) Multi-Link association request. A malformed Multi-Link Element or Per-STA Profile subelement supplies a link_id of 15 that overruns the 15-entry (0-14) links[] array, causing an out-of-bounds write before the 4-way handshake. No public exploit identified at time of analysis; EPSS is low (0.29%, 20th percentile) and CISA SSVC rates exploitation as none.

Denial Of Service Buffer Overflow Hostapd
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Denial of service in GNOME GLib (versions before 2.88.1) arises when g_dbus_node_info_new_for_xml() parses malformed D-Bus introspection XML that nests a <node> element inside <method>, <signal>, <property>, or <arg>. This state-confusion bug triggers an unsigned integer underflow/overflow (CWE-191) and a subsequent out-of-bounds read, crashing any application or service that parses attacker-influenced introspection data. No public exploit identified at time of analysis, EPSS is low (0.34%), and CISA SSVC rates exploitation as none with only partial technical impact.

Integer Overflow Denial Of Service Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 8.6
HIGH PATCH This Week

Denial of service (and a 1-byte out-of-bounds read) in GNOME GLib before 2.88.1 arises from an off-by-one error in g_key_file_get_locale_string_list() in gkeyfile.c when a parsed key file contains an empty value. Any application built on GLib that loads attacker-influenced .desktop/.ini-style key files can be crashed if the over-read crosses a page boundary, with a minor information-disclosure component from the single out-of-bounds byte. Publicly available exploit code exists (SSVC 'poc'), but it is not on CISA KEV and EPSS is low (0.24%, 15th percentile), indicating no evidence of widespread active exploitation.

Denial Of Service Glib Enterprise Linux
NVD VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Buffer over-read in GLib's giochannel line-reading code (g_io_channel_read_line_backend) affects the GNOME GLib library prior to version 2.88.1, where an application that configures a multi-byte custom line terminator triggers memcmp to read past the end of the internal GString buffer. Depending on memory layout, this leaks up to 7 bytes of adjacent heap memory (minor information disclosure) or crashes the process when the over-read crosses an unmapped page boundary (denial of service). There is no public exploit identified at time of analysis, EPSS is low (0.27%), and CISA SSVC rates exploitation as none.

Denial Of Service Buffer Overflow Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Buffer over-read in GNOME GLib's g_regex_replace() lets remote attackers leak 1-5 adjacent bytes of process memory and crash applications when regex replacement is performed with the G_REGEX_RAW compile flag combined with case-change replacement escapes. The internal string_append helper applies UTF-8 aware routines to matched substrings even though G_REGEX_RAW treats the buffer as raw bytes, reading past the intended boundary. There is no public exploit identified at time of analysis and EPSS is low (0.26%, 18th percentile), but the flaw is broadly reachable because GLib underpins the GNOME stack and ships across Red Hat Enterprise Linux 6-10.

Denial Of Service Buffer Overflow Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Out-of-bounds read of two bytes in GLib's g_date_time_get_ymd() (glib/gdatetime.c) lets attackers corrupt date output and trigger logic errors that may cause denial of service when an application processes an invalid GDateTime produced by g_date_time_add_full(). It affects the GNOME GLib core utility library shipped across Red Hat Enterprise Linux 6 through 10, with fixes in GLib 2.88.1 and 2.86.5. There is publicly available exploit code exists per SSVC (proof-of-concept), no confirmed active exploitation, and EPSS is low at 0.27% (19th percentile).

Denial Of Service Buffer Overflow Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Out-of-bounds read in GNOME GLib's GVariant serialiser allows remote attackers to leak a single byte of adjacent memory and to crash applications that deserialise untrusted GVariant data. The flaw sits in gvs_tuple_is_normal() in glib/gvariant-serialiser.c, where an alignment-padding bounds check uses '>' instead of '>=', reading one byte past the buffer; when that byte falls across a page boundary the process faults, producing a denial of service. No public exploit identified at time of analysis, and EPSS is low (0.26%), but GLib's near-universal presence on Linux systems makes the exposure broad.

Denial Of Service Buffer Overflow Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Denial of service in Citrix NetScaler ADC and NetScaler Gateway allows remote attackers to crash or render unresponsive the appliance by sending malformed HTTP/2 requests, but only when HTTP/2 is enabled in the HTTP Profile and bound to an LB, CS, or VPN virtual server or service. The CVSS 4.0 score of 8.7 reflects high availability impact with no confidentiality or integrity loss, exploitable over the network without authentication or user interaction. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Citrix Denial Of Service Netscaler Application Delivery Controller +1
NVD VulDB
EPSS 0% CVSS 9.5
CRITICAL PATCH Act Now

SAML assertion replay in Rancher's Assertion Consumer Service (ACS) handler lets a person-in-the-middle who captures a victim's SAML response reuse that assertion to authenticate as the victim, because the handler never enforces one-time use. Rancher 2.14.0 through 2.14.2 are affected, and because Rancher governs downstream Kubernetes clusters, a successful replay can yield administrative control. No public exploit identified at time of analysis; the issue is not on the CISA KEV list, and the carried CVSS 4.0 base score is 9.5 driven largely by the scope/subsequent-system impact.

Denial Of Service Rancher
NVD GitHub VulDB
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

Denial of service in fzf's --listen mode HTTP server arises from quadratic-time (O(n²)) body processing caused by repeated string concatenation when reading POST request payloads. All fzf releases prior to 0.73.1 are affected when the --listen flag is explicitly activated to expose the embedded HTTP server. An attacker with access to the listening socket can send a single crafted POST request with many small body segments to monopolize the single-threaded server, blocking all other clients indefinitely. No public exploit identified at time of analysis; vendor-released patch is available in version 0.73.1.

Denial Of Service Fzf
NVD GitHub VulDB
EPSS 0% CVSS 5.6
MEDIUM PATCH This Month

Integer overflow in fzf's FuzzyMatchV2 function causes a non-recoverable process crash (denial of service) when input lines reach approximately 2,200,000 bytes and a search pattern of ~999 bytes is active. The Go runtime detects the resulting invalid slice bounds and immediately terminates the process with a panic - there is no recovery path and no possibility of memory corruption or code execution. No public exploit code has been identified and this CVE is not listed in CISA KEV; the CVSS 4.0 score of 5.6 (AT:P, UI:A) reflects that exploitation requires atypical input volumes and active user or script interaction.

Integer Overflow Denial Of Service Fzf
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Remote memory exhaustion in the Net::BitTorrent Perl module (all versions through 2.0.1) lets any unauthenticated peer in a torrent swarm crash the downloading process by abusing the peer-wire protocol's length-prefix framing. Because the decoder buffers an entire announced message before processing and trusts an attacker-supplied length prefix of up to ~4 GiB, a single malicious peer can drive the victim's memory toward exhaustion. There is no public exploit identified at time of analysis and no CISA KEV listing, but the attack is trivial and requires no authentication; EPSS data was not provided.

Denial Of Service Net
NVD GitHub VulDB
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Denial of service in Apache ActiveMQ (Client, broker, and All distributions) before 5.19.8 and 6.x before 6.2.7 lets a remote unauthenticated attacker crash the broker by sending a crafted WireFormatInfo frame containing an oversized size value during the pre-authentication protocol negotiation. Because the size is consumed before any authentication occurs, the broker attempts a massive memory allocation, triggering an out-of-memory condition and process crash. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV; the fix is shipped in 6.2.7 and 5.19.8.

Denial Of Service Apache Apache Activemq Client +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote denial of service in Apache ActiveMQ (versions 5.19.7 and 6.2.6) allows an unauthenticated attacker to exhaust broker heap memory and crash the service with an OutOfMemory error. The flaw is a regression introduced by the fix for CVE-2026-49270: an attacker repeatedly sends OpenWire BrokerInfo commands while never sending the expected ConnectionInfo, causing unbounded state accumulation until the broker dies. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the unauthenticated network reachability makes it a credible availability threat to exposed brokers.

Denial Of Service Apache Apache Activemq Broker +2
NVD VulDB
EPSS 0% CVSS 7.7
HIGH PATCH This Week

{}' brace groups to the expand() function, whose recursion is exponential in the number of such groups. Because brace-expansion is a near-ubiquitous transitive dependency (notably via minimatch/glob), any application that feeds untrusted input to expand() directly or indirectly is exposed. No public exploit was identified at time of analysis, though the CVSS 4.0 threat metric (E:P) indicates proof-of-concept maturity; the issue is not in CISA KEV.

Denial Of Service Brace Expansion Red Hat +1
NVD GitHub
EPSS 0% CVSS 6.4
MEDIUM This Month

Use-after-free in the SSSD PAM responder crashes the authentication daemon when a local attacker manipulates YubiKey or smartcard contents during an authentication attempt on Red Hat Enterprise Linux 6 through 10. The primary realized impact is a denial of service - the PAM responder crash disrupts all authentication - but the underlying memory corruption also presents a difficult-to-exploit privilege escalation path. No public exploit code exists at time of analysis, and the CVSS vector (AV:L/AC:H/PR:H) reflects a tightly constrained local attack requiring high privileges and significant complexity, limiting realistic blast radius to insider-threat and physical-access scenarios.

Privilege Escalation Denial Of Service Red Hat Enterprise Linux 10 +8
NVD GitHub VulDB
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

Super-linear algorithmic complexity in the decode-uri-component npm package (versions through 0.4.1) allows unauthenticated network attackers to cause severe CPU exhaustion and block the Node.js event loop by submitting crafted strings with large numbers of percent-encoded tokens. The decode() function splits input on '%' and iteratively invokes decodeComponents() in a pattern producing quadratic or worse time growth - 1,400 '%ab' tokens consume approximately 33 seconds of CPU, rendering single-threaded JavaScript runtimes effectively unresponsive. No public exploit is confirmed at time of analysis (CVSS E:U), but the deterministic algorithmic nature makes payload construction trivial for any attacker with a reachable input channel.

Denial Of Service Decode Uri Component
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in libarchive's RAR5 reader allows remote attackers to crash applications that decompress untrusted RAR5 archives via a double-free (CWE-415) of the stale filtered_buf pointer. Reported by Red Hat and affecting libarchive as shipped across Red Hat Enterprise Linux 6 through 10, OpenShift Container Platform 4, and Red Hat Hardened Images, the flaw is triggered purely by parsing a malicious archive entry. No public exploit has been identified and the issue is not in CISA KEV; impact is limited to availability (CVSS 7.5, A:H only) with no code execution or data exposure claimed.

Denial Of Service Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 +7
NVD GitHub VulDB
EPSS 0% CVSS 9.3
CRITICAL Act Now

Resource exhaustion in Delta Electronics DVP12SE programmable logic controllers lets remote attackers crash or hang the device by overwhelming its Modbus TCP service, which lacks connection/resource throttling (CWE-770). Any host able to reach the PLC's Modbus TCP port can degrade or deny control of the affected industrial process. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, but the unauthenticated network attack surface makes it a meaningful availability risk in OT environments.

Denial Of Service Dvp 12Se
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in the UTT nv518G router (firmware nv518GV3v3.2.7-210919-161313) allows a remote attacker to crash or hang the device by sending crafted input to the gohead/sub_44af70 (FUN_0044af70) component of its embedded web/management service. Rated CVSS 7.5 (availability-only impact), the flaw is network-reachable without authentication or user interaction but does not expose or alter data. A public technical writeup analyzing the vulnerable function exists on GitHub; there is no public evidence of active exploitation and EPSS scores it low (0.20%, 11th percentile).

Denial Of Service N A
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in the UTT nv518G gateway/router (firmware nv518GV3 v3.2.7-210919-161313) allows a remote, unauthenticated attacker to crash the device by triggering a buffer overflow in the gohead web-service handler at function sub_472f08 (FUN_00472f08). The CVSS 3.1 score of 7.5 reflects availability-only impact (A:H, C:N/I:N) over the network with no privileges or user interaction. EPSS is low (0.22%, 13th percentile) and the CVE is not in CISA KEV; a third-party technical write-up exists on GitHub, but no active exploitation is confirmed.

Denial Of Service Buffer Overflow N A
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

DQL (Dgraph Query Language) injection in Dgraph's GraphQL-to-DQL query rewriter (versions <= v25.3.3) lets remote unauthenticated attackers inject arbitrary query blocks through the unauthenticated checkUserPassword GraphQL query. User-supplied password values are interpolated into a checkpwd() DQL call via fmt.Sprintf without escaping, so a double-quote breaks out of the string literal and appends attacker-controlled DQL. A working PoC exists (publicly available exploit code exists); the issue is not in CISA KEV and no active exploitation is reported, but server-side execution of injected blocks is confirmed, enabling schema/data enumeration and resource exhaustion.

Denial Of Service Nosql Injection
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Denial of service in Zephyr RTOS v4.4.0 allows an attacker with access to a serial, UART, or shell-console interface to crash an affected embedded device by exhausting the MCUmgr shared buffer pool and triggering a NULL pointer dereference. The defect in mcumgr_serial_process_frag() (CWE-476) was introduced during the MCUmgr rework and manifests in default builds where assertion checks are compiled out, making the write-through-NULL a hard fault rather than a caught assertion. No public exploit has been identified at time of analysis and no CISA KEV listing exists, but exploitation is straightforward for any attacker with interface access.

Denial Of Service Null Pointer Dereference Zephyr
NVD GitHub VulDB
EPSS 0% CVSS 6.8
MEDIUM POC PATCH This Month

Forged IPv6 Neighbor Discovery acceptance in the Zephyr RTOS network stack (all releases through v4.4.0) lets an adjacent on-link attacker inject spoofed Router Advertisement, Neighbor Solicitation, and Neighbor Advertisement messages because an operator-precedence bug in subsys/net/ip/ipv6_nbr.c silently skips every RFC 4861 sanity check whenever the (always-present) ICMPv6 code is 0. Because the bypassed checks include the Hop-Limit==255 on-link proof, even off-link/remote attackers may have forged ND packets accepted, enabling default-router/DNS/SLAAC hijacking and neighbor-cache poisoning for man-in-the-middle, redirection, and denial of service. A vendor patch exists (commit 095f064c) but there is no public exploit identified at time of analysis and the issue is not in CISA KEV.

Denial Of Service Zephyr
NVD GitHub VulDB
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Denial of service in Apache ActiveMQ (versions before 5.19.8, and 6.0.0 before 6.2.7) lets an authenticated user crash the broker by sending a crafted OpenWire message whose property map declares an excessively large encoded size. Because the map is unmarshaled without validating the declared size against actual payload bounds, the broker pre-allocates massive memory and hits an OutOfMemory condition. No public exploit identified at time of analysis and the issue is not in CISA KEV, but the low attack complexity and availability of a vendor patch make it a practical operational concern for exposed brokers.

Denial Of Service Apache Activemq +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Use-after-free memory corruption in Safari's web content rendering engine causes a denial-of-service crash on Apple platforms running Safari, iOS/iPadOS, and macOS Tahoe prior to version 26.5.2. An attacker who can lure a victim to visit a maliciously crafted webpage can reliably crash the Safari browser, with no code execution or data exfiltration indicated by the available CVSS impact scores (C:N/I:N). No public exploit code and no CISA KEV listing have been identified at time of analysis, placing this in the category of a significant but non-critical browser crash vulnerability.

Memory Corruption Apple Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Use-after-free memory corruption in Safari's web content rendering engine causes an unexpected application crash when processing maliciously crafted web content. Affected are Apple Safari, iOS and iPadOS, and macOS Tahoe - all prior to version 26.5.2. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) confirms that a remote unauthenticated attacker can trigger this condition simply by luring a user to visit a hostile page, with impact limited to availability (process crash/DoS). No public exploit code identified and not listed in CISA KEV at time of analysis; vendor-released patches are available.

Memory Corruption Apple Denial Of Service +2
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Use-after-free memory corruption in Apple's WebKit browser engine causes an unexpected process crash when rendering maliciously crafted web content. Safari (all versions prior to 26.5.2), iOS and iPadOS (all versions prior to 26.5.2), and macOS Tahoe (all versions prior to 26.5.2) are affected across Apple's full consumer device ecosystem. No public exploit or CISA KEV listing exists at time of analysis; impact is confirmed as denial-of-service (process crash) only, with no confidentiality or integrity compromise.

Memory Corruption Apple Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Double free memory corruption in Apple's web content processing engine crashes the rendering process on iOS/iPadOS (pre-26.5.2) and macOS Tahoe (pre-26.5.2) when a device processes attacker-controlled web content. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) confirms network delivery with no authentication required, though a user must interact with the malicious content, and impact is limited to availability - no confidentiality or integrity compromise is indicated. No public exploit code and no CISA KEV listing exist at time of analysis, placing this in a lower active-risk tier despite the ubiquity of affected Apple platforms.

Apple Denial Of Service Ios And Ipados
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Use-after-free memory corruption in Safari's web content processing causes an unexpected application crash across Apple platforms. Affected are Safari, iOS, iPadOS, and macOS Tahoe prior to version 26.5.2; exploitation requires only that a user visits or loads maliciously crafted web content, making drive-by delivery via a malicious webpage the primary vector. Impact is confined to availability - a forced Safari crash (denial of service) - with no confirmed confidentiality or integrity consequences. No public exploit code or active exploitation has been identified at time of analysis.

Memory Corruption Apple Denial Of Service +2
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Use-after-free in Safari's web content processing engine causes denial of service across Apple platforms, affecting Safari, iOS/iPadOS, and macOS prior to the 26.5.2 release line. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) confirms remote, unauthenticated triggering requiring only that a user visit attacker-controlled web content, with impact limited to availability - specifically an unexpected Safari crash. No active exploitation has been confirmed (not listed in CISA KEV), and no public exploit code has been identified at time of analysis.

Memory Corruption Apple Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Use-after-free memory corruption in Apple Safari (and the broader iOS/iPadOS/macOS Tahoe platform) allows a malicious web extension to trigger an unexpected process crash, resulting in a denial-of-service condition. Affected versions span all Safari, iOS/iPadOS, and macOS Tahoe releases prior to 26.5.2, with Apple-confirmed fixes available across all three platforms. No active exploitation is confirmed (not listed in CISA KEV) and no public exploit code has been identified at time of analysis; the high attack complexity and requirement for a pre-installed malicious extension meaningfully constrain real-world risk.

Memory Corruption Apple Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Use-after-free memory corruption in Apple's WebKit engine causes unexpected process crashes when processing maliciously crafted web content. Affected platforms include Safari, iOS 26, iPadOS 26, and macOS Tahoe - all versions prior to 26.5.2. An unauthenticated remote attacker can trigger a denial-of-service condition by luring a user to a malicious web page; no public exploit has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.

Memory Corruption Apple Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Use-after-free memory corruption in WebKit's web content processing causes unexpected process crashes across Safari, iOS, and iPadOS on all versions prior to 26.5.2. An unauthenticated remote attacker who can lure a user to visit a maliciously crafted web page can trigger this condition, resulting in a denial-of-service via browser process termination. No public exploit code has been identified at time of analysis and the vulnerability is absent from CISA KEV, though the use-after-free class in WebKit has historically been chained with other primitives to escalate impact.

Memory Corruption Apple Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Use-after-free memory corruption in Safari's web content processing engine causes an unexpected process crash when rendering maliciously crafted web pages. Affected products include Safari, iOS and iPadOS, and macOS Tahoe, all prior to version 26.5.2. No public exploit code has been identified at time of analysis and this vulnerability is not listed in CISA KEV, though the low attack complexity and no-privileges-required vector make user-targeted delivery straightforward.

Memory Corruption Apple Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Use-after-free memory corruption in Apple's WebKit rendering engine causes unexpected process crashes when processing maliciously crafted web content across Safari, iOS/iPadOS, and macOS Tahoe. All three platform variants prior to the 26.5.2 release train are affected, covering a substantial portion of Apple's consumer and enterprise device fleet. An unauthenticated remote attacker can trigger a denial-of-service condition by enticing a victim to visit a specially crafted webpage; no public exploit code or active exploitation (CISA KEV) has been identified at time of analysis.

Memory Corruption Apple Denial Of Service +2
NVD VulDB
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Uncontrolled memory consumption in the Perl module JavaScript::Minifier::XS before version 0.16 lets remote attackers exhaust a long-lived process's memory by repeatedly triggering minify() calls. The XS cleanup code frees only the NodeSet structures while leaking every per-token contents buffer (and the entire NodeSet on the empty-list early-return paths), so each invocation leaks heap memory until the process is OOM-killed. CISA's SSVC marks exploitation as automatable with partial technical impact; no public exploit has been identified and it is not in CISA KEV, though the leak is trivially reachable in any service that minifies attacker-supplied JavaScript.

Denial Of Service JavaScript
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

JavaScript::Minifier::XS versions before 0.16 for Perl crash with a NULL pointer dereference when the first meaningful token of the input is a slash. The regexp versus division disambiguator in JsTokenizeString (XS.xs) inspects the previous token's last byte to choose between a regexp literal and a division operator. When a slash is the first meaningful token, with the start of input or only whitespace and comments before it, there is no valid preceding token: the walk back over whitespace and comment nodes runs off the head of the node list to NULL, and the byte lookup reads through a NULL contents pointer at an underflowed length index. The following identifier check dereferences the same NULL pointer. The crash is reachable through the public minify() API, so input as small as a single slash byte crashes the calling process. A service that minifies untrusted or third-party JavaScript can be crashed by a remote request, causing denial of service.

Denial Of Service Null Pointer Dereference JavaScript
NVD VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Unauthenticated denial-of-service in MDEx, an Elixir/Erlang CommonMark parsing library, lets an attacker crash the entire BEAM virtual machine by feeding a crafted JSON document to MDEx.parse_document/2's {:json, ...} source. Because each unique node_type value is interned as a permanent BEAM atom that is never garbage collected, a single deeply nested document can mint hundreds of thousands of atoms and exhaust the ~1,048,576-atom table, aborting every process on the node. The flaw affects mdex 0.4.3 through 0.13.1, is fixed in 0.13.2, and has no public exploit identified at time of analysis.

Denial Of Service Mdex
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Stack exhaustion in the mdex and mdex_native Elixir Markdown libraries causes entire-node denial of service when processing attacker-controlled deeply nested Markdown. Two mutually recursive Rust NIF functions, ex_document_to_comrak_ast and comrak_ast_to_ex_document in document.rs, traverse the Comrak AST without enforcing a maximum nesting depth; a document with thousands of nested block quotes drives unbounded recursion that overflows the native C stack. Because the resulting SIGSEGV is raised inside a NIF, the Erlang runtime cannot catch it - the OS process hosting the BEAM terminates, killing every Elixir and Erlang process on the node. No public exploit has been identified at time of analysis, but the attack requires only crafted Markdown input with no authentication.

Denial Of Service Mdex Mdex Native
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Native Rust heap exhaustion in leandrocp mdex and mdex_native allows any attacker who can supply document content to MDEx.to_html/1 to crash the BEAM Erlang/Elixir node through unbounded memory accumulation. The Rust NIF permanently leaks memory by calling Box::leak on every escaped-tag literal string during document rendering, with no size cap or rate limit - leakage compounds across repeated renders proportional to literal_size multiplied by node_count, and the BEAM VM can never reclaim native allocations once surrendered this way. No public exploit code has been identified and the vulnerability is not listed in CISA KEV; vendor-released patches are available in mdex 0.12.3 and mdex_native 0.2.3.

Denial Of Service Mdex Mdex Native
NVD GitHub VulDB
Prev Page 8 of 406 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy