Denial Of Service

Windows Ancillary Function Driver for WinSock (AFD) in Windows 11 versions 24h2 and 26h1 contains a use-after-free vulnerability (CWE-416) that allows authenticated local attackers to escalate privileges through memory corruption. An attacker with local access could exploit this flaw to gain elevated system permissions, though no official patch is currently available.

Privilege escalation in Windows Authentication Methods (Windows 10 22H2, Windows 11 26H1) stems from a use-after-free memory vulnerability that allows authenticated local attackers to gain elevated system privileges. The flaw requires low user privileges and manual interaction but provides complete system compromise through code execution. No patch is currently available for this high-severity vulnerability.

Use after free in Windows Hyper-V allows an authorized attacker to elevate privileges locally. [CVSS 7.0 HIGH]

Microsoft Graphics Component on Windows 10 21H2, Windows Server 2016, and Windows 11 25H2 is vulnerable to a null pointer dereference that enables local denial of service attacks. An attacker with local access can trigger the vulnerability without requiring elevated privileges or user interaction to crash the graphics component and render the system unavailable. No patch is currently available for this medium-severity vulnerability.

Privilege escalation in Microsoft's Brokering File System on Windows 11 (24h2 and 25h2) stems from a use-after-free vulnerability that allows local attackers to gain elevated system privileges. An attacker with local access can exploit memory corruption to execute arbitrary code with higher privileges, potentially compromising system integrity. No patch is currently available for this vulnerability.

Privilege escalation in Windows Performance Counters via null pointer dereference affects Windows Server 2019 and Windows 11 systems, enabling authenticated local attackers to gain elevated privileges. The vulnerability impacts systems where users have standard account access, allowing them to escalate to higher privilege levels on affected machines. No patch is currently available.

A NULL Pointer Dereference vulnerability [CWE-476] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authenticated attacker to crash the HTTP daemon via crafted HTTP requests. [CVSS 2.7 LOW]

Privilege escalation in Windows Ancillary Function Driver for WinSock affects Windows 11 24H2, Windows Server 2022, and Windows Server 2025, allowing authenticated local attackers to gain system-level access through null pointer dereference. The vulnerability requires valid user credentials and local access but no user interaction to exploit. No patch is currently available.

Privilege escalation in Windows Connected Devices Platform Service (Cdpsvc) exploits a use-after-free memory vulnerability, affecting Windows 10 22h2 and Windows 11 (25h2, 26h1). An authenticated local attacker can leverage this flaw to gain system-level privileges on vulnerable systems. No patch is currently available for this high-severity vulnerability.

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. [CVSS 7.8 HIGH]

Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally. [CVSS 7.0 HIGH]

Remote code execution in Microsoft Windows Print Spooler Components via use-after-free memory corruption enables authenticated network attackers to execute arbitrary code with high privileges. The vulnerability requires valid credentials but no user interaction, presenting a significant risk to organizations where print services are accessible to untrusted internal or remote users. No patch is currently available.

CWE-404 Improper Resource Shutdown or Release vulnerability exists that could cause partial Denial of Service on Machine Expert protocol when an unauthenticated attacker sends malicious payload to occupy active communication channels.

Denial of service in a remote-enabled function module allows authenticated attackers to exhaust system resources by submitting requests with oversized loop parameters, rendering the affected system unavailable. The vulnerability requires valid user credentials and network access but no user interaction, making it exploitable by any authenticated user on the network. No patch is currently available to address this high-severity flaw.

SAP Business Warehouse Service API lacks proper authorization controls on RFC function modules, allowing authenticated attackers to modify configurations and disrupt request processing. An attacker with valid credentials could exploit this vulnerability to cause denial of service and alter system integrity without detection. No patch is currently available for this medium-severity vulnerability.

An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity (4.19) was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. [CVSS 7.5 HIGH]

An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity (4.19) was discovered in mscdex ssh2 v1.17.0. [CVSS 7.5 HIGH]

An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in Nexusoft NexusInterface v3.2.0-beta.2. [CVSS 7.5 HIGH]

An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in YMFE yapi v1.12.0 and allows attackers to cause a denial of service. [CVSS 7.5 HIGH]

GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF .debug_rnglists data. [CVSS 6.2 MEDIUM]

GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF loclists data. [CVSS 6.2 MEDIUM]

FreeBSD's blocklistd service leaks socket descriptors on each adverse event report, causing progressive service degradation until it can no longer block malicious IP addresses or process new reports. An attacker can exploit this by generating numerous fraudulent adverse events from disposable IP addresses to exhaust socket resources and disable the blocking mechanism before launching an actual attack. The vulnerability has a high severity rating (CVSS 7.5) and currently lacks a patch.

In some cases, the `tcp-setmss` handler may free the packet data and throw an error without halting the rule processing engine. A subsequent rule can then allow the traffic after the packet data is gone, resulting in a NULL pointer dereference. [CVSS 7.5 HIGH]

DefectDojo versions up to 2.55.4 contain a denial of service vulnerability in the SonarQubeParser and MSDefenderParser components where improper handling of ZIP file input allows authenticated remote attackers to crash the service. Public exploit code exists for this vulnerability, and administrators should upgrade to version 2.56.0 or later to remediate the issue.

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. [CVSS 7.5 HIGH]

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. [CVSS 7.5 HIGH]

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. [CVSS 7.5 HIGH]

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. [CVSS 7.5 HIGH]

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. [CVSS 7.5 HIGH]

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. [CVSS 7.5 HIGH]

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. [CVSS 7.5 HIGH]

In modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.. [CVSS 7.5 HIGH]

Delta Electronics COMMGR2 has Buffer Over-read DoS vulnerability. [CVSS 7.5 HIGH]

Crypt::Sodium::XS versions through 0.001000 for Perl has potential integer overflows. Combined aead encryption, combined signature creation, and bin2hex functions do not check that output size will be less than SIZE_MAX, which could lead to integer wraparound causing an undersized output buffer. [CVSS 7.5 HIGH]

Repeated denial of service attacks against Netmaker versions prior to 1.2.0 are possible when authenticated users invoke the /api/server/shutdown endpoint to forcibly terminate the server process. An attacker with valid credentials can cyclically crash the Netmaker service, causing intermittent unavailability with approximately 3-second restart intervals. No patch is currently available for affected deployments.

Remote denial of service in cpp-httplib prior to version 0.37.0 allows unauthenticated attackers to crash server processes by submitting HTTP POST requests with maliciously crafted RFC 5987 filename* parameters that trigger catastrophic backtracking in the regex parser. The vulnerability exploits the recursive stack-based implementation of libstdc++'s regex engine, causing uncontrolled stack growth and stack overflow. Public exploit code exists for this vulnerability.

dpkg-deb fails to properly validate zstd-compressed .deb archives during decompression, allowing unauthenticated remote attackers to trigger infinite loops that exhaust CPU resources on Debian systems. This denial of service condition affects the package management system without requiring user interaction or elevated privileges. No patch is currently available for this vulnerability.

Mercurius versions prior to 16.8.0 fail to validate GraphQL subscription query depth limits over WebSocket connections, allowing remote attackers to bypass depth restrictions that are properly enforced for HTTP queries. An attacker can exploit this to submit arbitrarily nested subscription queries that cause denial of service through exponential data resolution on schemas with recursive types. A patch is available in version 16.8.0.

DNS certificate verification can crash in systems handling X.509 certificate chains when processing certificates with empty DNS names paired with excluded name constraints, affecting applications performing direct certificate validation or using TLS. This denial of service condition requires no authentication or user interaction but depends on specific certificate chain configurations. No patch is currently available for this vulnerability.

Stellar-xdr prior to version 25.0.1 fails to validate string length constraints in the StringM::from_str function, allowing oversized strings to bypass maximum length checks and create invalid StringM objects. Applications relying on this type's length invariant for serialization, validation, or security decisions could process malformed data that violates expected constraints. Local attackers or malicious input sources could exploit this to cause unexpected behavior in dependent code.

A crafted JavaScript input executed with the QuickJS release 2025-09-13, fixed in commit fcd33c1afa7b3028531f53cd1190a3877454f6b3 (2025-12-11),`qjs` interpreter using the `-m` option and a low memory limit can cause an out-of-memory condition followed by an assertion failure in JS_FreeRuntime (list_empty(&rt->gc_obj_list)) during runtime cleanup. [CVSS 7.5 HIGH]

A crafted JavaScript input can trigger an internal assertion failure in QuickJS release 2025-09-13, fixed in commit 1dbba8a88eaa40d15a8a9b70bb1a0b8fb5b552e6 (2025-12-11), in file gc_decref_child in quickjs.c, when executed with the qjs interpreter using the -m option. [CVSS 6.5 MEDIUM]

GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. [CVSS 6.2 MEDIUM]

GNU Binutils thru 2.46 readelf contains a double free vulnerability when processing a crafted ELF binary with malformed relocation data. During GOT relocation handling, dump_relocations may return early without initializing the all_relocations array. [CVSS 7.5 HIGH]

GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dump_relocations returns early due to parsing errors, the internal all_relocations array may remain partially uninitialized. [CVSS 5.5 MEDIUM]

Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug_rnglists data. [CVSS 5.5 MEDIUM]

Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. [CVSS 5.5 MEDIUM]

An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed debug information. [CVSS 5.0 MEDIUM]

Coredns versions up to 1.14.2 contains a vulnerability that allows attackers to crash the DNS server by sending specially crafted DNS queries (CVSS 7.5).

eToolz 3.4.8.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying oversized input buffers. Attackers can create a payload file containing 255 bytes of data that triggers a buffer overflow condition when processed by the application. [CVSS 6.2 MEDIUM]

Mongoose Web Server 6.9 contains a denial of service vulnerability that allows remote attackers to crash the service by establishing multiple socket connections. [CVSS 7.5 HIGH]

AMPPS 2.7 contains a denial of service vulnerability that allows remote attackers to crash the service by sending malformed data to the default HTTP port. Attackers can establish multiple socket connections and transmit invalid payloads to exhaust server resources and cause service unavailability. [CVSS 7.5 HIGH]

Denial of service in SVGO versions 2.1.0-2.8.0, 3.0.0-3.3.2, and before 4.0.1 allows unauthenticated attackers to crash the Node.js process through XML entity expansion attacks, with a minimal 811-byte payload triggering heap exhaustion. Public exploit code exists for this vulnerability, and no patch is currently available. Affected users of SVGO, Node.js, and Golang implementations should restrict input sources until updates are released.

Jackson Core versions 3.0.0 through 3.0.x fail to enforce maximum nesting depth limits in UTF8DataInputJsonParser and ReaderBasedJsonParser, allowing attackers to craft deeply nested JSON documents that trigger StackOverflowError and crash the application. This denial of service vulnerability affects any Java application using the vulnerable Jackson Core versions to parse untrusted JSON input. A patch is available in version 3.1.0.

Melange versions 0.40.5 and earlier are vulnerable to disk exhaustion when the update-cache function downloads files from attacker-controlled URIs without enforcing size limits or timeouts. An attacker can craft a malicious melange configuration file to trigger unbounded disk writes on build systems, consuming all available storage and denying service to legitimate builds. No patch is currently available.

Prototype pollution in oRPC before 1.13.6. PoC and patch available.

Markus versions up to 2.9.4 is affected by improper restriction of recursive entity references in dtds (CVSS 4.9).

Acronis Cyber Protect 17 on Linux and Windows versions prior to build 41186 is vulnerable to denial of service through improper input validation in authentication logging functions. An unauthenticated remote attacker can crash the application or render it unavailable without requiring user interaction. No patch is currently available for this vulnerability.

Openclaw versions up to 2026.2.14 is affected by allocation of resources without limits or throttling (CVSS 5.5).

Openclaw versions up to 2026.2.14 is affected by allocation of resources without limits or throttling (CVSS 7.5).

OpenClaw versions up to 2026.2.13 is affected by allocation of resources without limits or throttling (CVSS 7.5).

Arbitrary file write in OpenClaw prior to version 2026.2.12 allows authenticated gateway clients to bypass path validation on the sessionFile parameter and write transcript data to any location on the host filesystem. An attacker with valid credentials can repeatedly append data to arbitrary files, potentially corrupting configurations or exhausting disk space to cause denial of service. A patch is available.

Openclaw versions up to 2026.2.14 is affected by allocation of resources without limits or throttling (CVSS 5.5).

OpenClaw versions before 2026.2.1 fail to properly validate access controls in the Twitch plugin when role restrictions are not configured, allowing unauthenticated remote attackers to trigger agent dispatch through Twitch chat mentions. Public exploit code exists for this vulnerability, enabling attackers to invoke the agent pipeline and potentially cause unintended actions or resource exhaustion. Organizations running affected versions with the Twitch plugin enabled should apply the available patch immediately.

Openclaw versions up to 2026.2.15 is affected by allocation of resources without limits or throttling (CVSS 6.5).

OliveTin versions prior to 3000.11.0 suffer from broken access control allowing unauthenticated users to invoke the KillAction RPC endpoint and terminate running shell command executions, bypassing authentication restrictions. Public exploit code exists for this vulnerability, enabling remote denial of service attacks against legitimate administrative actions. The vulnerability affects OliveTin deployments regardless of authentication settings and has been remediated in version 3000.11.0 and later.

OliveTin versions prior to 3000.10.3 are vulnerable to unauthenticated denial-of-service attacks when OAuth2 authentication is enabled, allowing remote attackers to crash the application by sending concurrent requests to the login endpoint. The vulnerability stems from unsynchronized access to shared state during OAuth2 processing, triggering a Go runtime panic. Public exploit code exists for this high-severity flaw, which is patched in version 3000.10.3 and later.

OliveTin versions prior to 3000.10.2 are vulnerable to unauthenticated denial of service through the PasswordHash API endpoint, which lacks request throttling or authentication controls and allows attackers to trigger excessive memory allocation via concurrent hashing requests. An attacker can exhaust container memory by sending multiple parallel requests, causing service degradation or complete outage. Public exploit code exists for this vulnerability, and a patch is available in version 3000.10.2 and later.

Traefik versions prior to 2.11.38 and 3.6.9 fail to limit memory allocation when processing ForwardAuth middleware responses, allowing a malicious or compromised authentication server to trigger unbounded memory consumption. An attacker controlling the auth server can return an arbitrarily large response body that causes the Traefik process to exhaust available memory and crash, resulting in denial of service for all proxied routes. A patch is available in the specified versions.

A denial-of-service (DoS) vulnerability was identified in Omada EAP610 v3. An attacker with adjacent network access can send crafted requests to cause the device’s HTTP service to crash. [CVSS 6.5 MEDIUM]

A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnBios64.sys kernel driver (version 1.2.0.0) in the IOCTL handler for code 0x80102058. [CVSS 7.8 HIGH]

Internet Security contains a vulnerability that allows attackers to deletion of protected files or directories and can lead to local privilege escal (CVSS 7.8).

Avira Internet Security's Software Updater fails to validate symbolic links when deleting files during updates, allowing a local attacker to redirect SYSTEM-level file deletion operations to arbitrary targets. An authenticated local user can exploit this improper link resolution to delete critical system files, potentially achieving privilege escalation, denial of service, or compromising system integrity. No patch is currently available.

Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. [CVSS 7.5 HIGH]

Sfx2100 Firmware versions up to - is affected by incorrect permission assignment for critical resource (CVSS 4.7).

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. [CVSS 7.5 HIGH]

Cisco Secure Firewall Threat Defense (FTD) devices can be forcibly rebooted by authenticated local attackers through improper input validation in CLI commands, resulting in denial of service. This vulnerability affects low-privileged accounts and requires no user interaction to exploit. No patch is currently available.

Denial of service in Cisco Secure Firewall ASA and Secure FTD devices results from improper validation of OSPF link-state update packets, allowing authenticated adjacent attackers with the OSPF secret key to trigger heap corruption and forced device reloads. An attacker can exploit this by crafting malicious OSPF packets to crash affected devices, causing service disruption. No patch is currently available for this vulnerability.

OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software is affected by buffer overflow (CVSS 6.8).

Memory corruption in Cisco Secure Firewall ASA and FTD OSPF packet processing allows adjacent, unauthenticated attackers to crash affected devices by sending crafted protocol packets. The vulnerability results in device reboot and denial of service, with no authentication or user interaction required. No patch is currently available.

Device denial of service in Cisco Secure Firewall ASA and Secure FTD Software occurs when an unauthenticated adjacent attacker sends specially crafted OSPF packets to trigger out-of-bounds memory writes during packet canonicalization processing. An attacker can exploit this by sending malicious OSPF LSU packets when debug logging is enabled, forcing the affected device to reload and become unavailable. No patch is currently available for this medium-severity vulnerability.

Memory exhaustion in Cisco ASA and FTD OSPF protocol implementation allows adjacent authenticated attackers to trigger denial of service by sending specially crafted packets that bypass input validation. An attacker with network access to the affected device can exploit improper packet parsing to consume available memory and crash the appliance. No patch is currently available for this vulnerability.

Insufficient input validation in Cisco Secure Firewall ASA and Secure FTD OSPF implementations allows adjacent attackers to trigger denial of service by sending malformed OSPF update packets that cause device reloads. Authentication bypass is possible if OSPF authentication is disabled, though knowing the secret key is required when authentication is enabled. No patch is currently available for this medium-severity vulnerability.

Unauthenticated remote attackers can trigger memory exhaustion on Cisco ASA and FTD devices by sending specially crafted packets to the SSL VPN service, exploiting insufficient input validation in the Remote Access SSL VPN, HTTP management, and MUS functionality. Successful exploitation causes a denial of service condition that requires manual device reboot. No patch is currently available.

Denial of service in Cisco Secure Firewall ASA and FTD Remote Access SSL VPN functionality allows authenticated attackers to exhaust device memory by sending specially crafted packets, forcing a device reload. The vulnerability stems from insufficient input validation on user-supplied data and requires valid VPN credentials to exploit. No patch is currently available.

Denial of service in Cisco Secure Firewall ASA and FTD Remote Access SSL VPN allows unauthenticated remote attackers to exhaust device memory through malformed packets, causing the VPN service to become unresponsive. The vulnerability stems from insufficient input validation on the SSL VPN server and currently has no available patch. While the management interface remains accessible, new VPN connections cannot be established during an attack.

Cisco Secure Firewall ASA and Secure FTD devices can be remotely rebooted by unauthenticated attackers through malformed SAML 2.0 authentication messages, causing service unavailability due to insufficient input validation. The vulnerability has a high attack surface as it requires no authentication or user interaction and affects the device's core authentication mechanism. No patch is currently available.

Cisco Secure Firewall ASA and FTD devices are vulnerable to a denial of service attack through the Remote Access SSL VPN feature, where authenticated attackers can trigger unvalidated input processing in the Lua interpreter to force device reloads. The vulnerability stems from insufficient input validation in the Lua interpreter and can be exploited by sending specially crafted HTTP packets over an existing VPN connection. No patch is currently available for this HIGH severity issue (CVSS 7.7).

Cisco Secure Firewall ASA devices fail to properly manage embryonic connection limits during TCP SYN flood attacks, allowing unauthenticated remote attackers to block all incoming TCP connections including management access and VPN services. An attacker can exploit this denial-of-service vulnerability by sending crafted traffic streams to management or data interfaces, effectively isolating the device from legitimate network access. No patch is currently available for this HIGH severity vulnerability.

Snort 3 detection engine contains a vulnerability that allows attackers to cause a DoS condition when the Snort 3 Detection Engine unexpectedly restarts (CVSS 5.8).