Skip to main content

Denial of Service

other MEDIUM

Denial of Service attacks render applications or systems unavailable by overwhelming resources or triggering failure conditions.

How It Works

Denial of Service attacks render applications or systems unavailable by overwhelming resources or triggering failure conditions. Attackers exploit asymmetry: minimal attacker effort produces disproportionate resource consumption on the target. Application-level attacks use specially crafted inputs that trigger expensive operations—a regex engine processing malicious patterns can backtrack exponentially, or XML parsers recursively expand entities until memory exhausts. Network-level attacks flood targets with connection requests or amplify traffic through reflection, but application vulnerabilities often provide the most efficient attack surface.

The attack typically begins with reconnaissance to identify resource-intensive operations or unprotected endpoints. For algorithmic complexity attacks, adversaries craft inputs hitting worst-case performance—hash collision inputs filling hash tables with collisions, deeply nested JSON triggering recursive parsing, or pathological regex patterns like (a+)+b against strings of repeated 'a' characters. Resource exhaustion attacks open thousands of connections, upload massive files to unbounded storage, or trigger memory leaks through repeated operations. Crash-based attacks target error handling gaps: null pointer dereferences, unhandled exceptions in parsers, or assertion failures that terminate processes.

Impact

  • Service unavailability preventing legitimate users from accessing applications during attack duration
  • Revenue loss from downtime in e-commerce, SaaS platforms, or transaction processing systems
  • Cascading failures as resource exhaustion spreads to dependent services or database connections pool out
  • SLA violations triggering financial penalties and damaging customer trust
  • Security team distraction providing cover for data exfiltration or intrusion attempts running concurrently

Real-World Examples

CVE-2018-1000544 in Ruby's WEBrick server allowed ReDoS through malicious HTTP headers containing specially crafted patterns that caused the regex engine to backtrack exponentially, freezing request processing threads. A single attacker could saturate all available workers.

Cloudflare experienced a global outage in 2019 when a single WAF rule containing an unoptimized regex hit pathological cases on legitimate traffic spikes. The .*(?:.*=.*)* pattern exhibited catastrophic backtracking, consuming CPU cycles across their edge network until the rule was disabled.

CVE-2013-1664 demonstrated XML bomb vulnerabilities in Python's XML libraries. Attackers uploaded XML documents with nested entity definitions-each entity expanding to ten copies of the previous level. A 1KB upload could expand to gigabytes in memory during parsing, crashing applications instantly.

Mitigation

  • Strict input validation enforcing size limits, complexity bounds, and nesting depth restrictions before processing
  • Request rate limiting per IP address, API key, or user session with exponential backoff
  • Timeout enforcement terminating operations exceeding reasonable execution windows (typically 1-5 seconds)
  • Resource quotas limiting memory allocation, CPU time, and connection counts per request or tenant
  • Regex complexity analysis using linear-time algorithms or sanitizing patterns to eliminate backtracking
  • Circuit breakers automatically rejecting requests when error rates or latency thresholds indicate degradation
  • Load balancing and autoscaling distributing traffic across instances with automatic capacity expansion

Recent CVEs (36502)

EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Authentication bypass in Capgo's /build/upload/:jobId/* endpoint exposes all versions before 12.128.2 to unauthenticated denial of service. Remote attackers exploit HTTP OPTIONS request handling to sidestep authentication middleware entirely, forcing tusProxy to execute with invalid credentials and reliably producing HTTP 500 errors at scale. No public exploit code or CISA KEV listing exists at time of analysis, but the trivial attack mechanics - requiring no credentials, tools, or interaction - mean any internet-exposed Capgo instance is at risk of request flooding.

Authentication Bypass Denial Of Service Capgo
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM This Month

Unauthenticated PGP decryption exposure in AVideo through version 25.0 allows any remote attacker to submit private key material, ciphertext, and passphrases to the publicly accessible decryptMessage.json.php endpoint and receive plaintext in the server response - no credentials, session, or token required. The dual impact is confidentiality loss (private key material processed in server memory may be captured in application or web server logs) and availability degradation via unconstrained CPU consumption from repeated cryptographic operations. A publicly available proof-of-concept exists per the GHSA advisory; no vendor patch has been released as of this analysis.

Authentication Bypass Denial Of Service PHP +1
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Denial of service and potential memory corruption in vLLM versions 0.10.2 through 0.12.x stems from missing sparse tensor validation in multimodal embeddings processing, allowing authenticated remote users to submit crafted prompt-embedding requests with malformed tensor indices. Because PyTorch disables sparse tensor invariant checks by default, attackers can crash the inference server or exhaust resources, with potential out-of-bounds or write-what-where memory corruption. No public exploit identified at time of analysis; this continuation of CVE-2025-62164 addresses the root cause that the prior fix only masked by disabling the feature by default.

Denial Of Service Buffer Overflow Vllm
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Regular expression denial of service in vLLM versions 0.6.3 through 0.8.x exposes three distinct attack surfaces - the LoRA utility module, the phi4mini tool parser, and the OpenAI-compatible chat endpoint - to catastrophic regex backtracking, causing severe CPU exhaustion and service-wide denial of service. Authenticated API consumers can submit crafted inputs with deeply nested or repeated structures (e.g., `((((a|)+)+)+)`) to trigger unbounded processing in Python's backtracking NFA regex engine. No public exploit identified at time of analysis, though the GHSA advisory discloses the exact vulnerable patterns and example malicious inputs, substantially lowering the reproduction barrier for anyone with API access.

Denial Of Service Vllm Red Hat
NVD VulDB GitHub
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Unsafe pickle deserialization in picklescan before 1.0.1 allows unauthenticated remote attackers to create arbitrary zero-byte files on the server by crafting malicious pickle payloads that instantiate Python's standard-library logging.FileHandler class. This technique bypasses RCE-focused blocklists because it abuses legitimate standard library functionality rather than commonly blocked modules, making it a notable blocklist-evasion primitive. A publicly available proof-of-concept exploit exists; no public exploit identified at time of analysis for active KEV-confirmed exploitation, but the PoC demonstrates concrete filesystem impact including lock-file-based denial of service.

Deserialization Denial Of Service Picklescan
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Capgo's password policy configuration in versions before 12.128.2 can be exploited by an authenticated organization administrator to trigger an organization-wide account lockout by setting an arbitrarily large minimum password length - such as billions of characters - with no server-side upper-bound enforcement. Once the malicious policy is enabled, every organization member including other administrators is prevented from setting a compliant password, permanently blocking access to the organization and constituting an application-level denial of service. No public exploit code or CISA KEV listing has been identified at time of analysis, placing this in the insider-threat and compromised-admin-credential risk category.

Denial Of Service Capgo
NVD GitHub VulDB
EPSS 1% CVSS 9.3
CRITICAL PATCH Act Now

Flowise before 2.1.4 allows configuration to be injected into the Chainflow during execution via the overrideConfig option, supported in both the frontend web integration and the backend Prediction. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Denial Of Service +2
NVD GitHub VulDB
CVSS 6.5
MEDIUM PATCH This Month

OpenBao's transit secrets engine crashes the entire server process when an authenticated caller submits a key-creation request combining an asymmetric key type (rsa-*, ecdsa-*, ed25519) with the derived: true parameter. Affected versions confirmed as 2.5.2 and 2.5.4, with earlier versions also likely vulnerable per the GHSA advisory. The server returns no HTTP response, terminates with exit code 2, and the crash propagates to the entire cluster - making this a high-impact availability denial-of-service requiring only a single authenticated API request. Publicly available exploit code exists in the form of a detailed PoC curl command included in the security advisory; no CISA KEV listing is present at time of analysis.

Docker Denial Of Service Hashicorp +1
NVD GitHub
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Cross-tenant billing log tampering in Capgo (Cap-go/capgo) before 12.128.2 allows unauthenticated attackers holding only the public Supabase publishable anon key to insert or overwrite build_logs rows for arbitrary organizations via the SECURITY DEFINER PostgREST RPC public.record_build_time. Because the function is granted to the anon role and uses ON CONFLICT (build_id, org_id) DO UPDATE, attackers can inflate or alter another tenant's billable build time, producing financial-impact denial of service. No public exploit identified at time of analysis, though the vendor advisory (GHSA-42xj-3h9w-26h5) and a VulnCheck write-up describe the attack path in detail.

Authentication Bypass Denial Of Service Capgo
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Capgo's Enforce Password Policy feature in versions before 12.128.2 permanently locks Super Admins out of their organization through a backend state management flaw, constituting a targeted denial-of-service against administrative access. When a Super Admin enables the password policy and successfully changes their password to a policy-compliant value, the backend fails to mark the account compliant, trapping the account in an infinite forced-password-reset loop and severing all organization management access. No public exploit code has been identified and the vulnerability is not listed in CISA KEV; the CVSS 4.0 score of 6.9 reflects the high-privilege prerequisite and pure availability impact with no confidentiality or integrity consequence.

Authentication Bypass Denial Of Service Capgo
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Unauthenticated denial-of-service in Langflow versions prior to 1.0.19 allows remote attackers to render the application unusable for all users indefinitely by sending a single crafted POST to /api/v1/files/upload/ with a malformed multipart boundary containing a very large run of hyphens. The upload endpoint processes the multipart body before performing authentication or flow-ID validation, so no token, cookie, or valid flow UUID is required. A public proof-of-concept is included in the GitHub Security Advisory GHSA-qwqc-p3q8-wcg9, though there is no public exploit identified beyond the PoC at time of analysis and the issue is not listed in CISA KEV.

Python Microsoft Apple +4
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Denial of service in py7zr (a pure-Python 7-Zip library) versions 1.1.2 and earlier lets a remote, unauthenticated attacker exhaust CPU with a tiny crafted .7z archive. The flaw is in header parsing (PackInfo._read), so merely opening the archive with SevenZipFile() - no extraction - triggers the cost; a ~50 KB file consumes roughly 7 seconds of CPU. Publicly available exploit code exists (PoC published in the GHSA advisory), but there is no active exploitation identified and it is not listed in CISA KEV.

Python Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

The Kubernetes Ingress NGINX provider in Traefik v3.7.0-ea.1 through v3.7.4 fails open when BasicAuth or DigestAuth cannot be installed because the referenced auth-secret is unresolvable, silently publishing the intended-to-be-protected backend route without any authentication middleware to unauthenticated network clients. Operators who explicitly configure auth via nginx.ingress.kubernetes.io/auth-type and auth-secret annotations are left with a live, fully accessible backend route while Traefik logs a single controller-level error and routes traffic normally - a direct violation of the declared security intent. A detailed proof-of-concept covering eight distinct secret-failure scenarios was developed by the reporter and confirmed on both current master and v3.7.1; no public release of exploit code is confirmed and no CISA KEV listing exists at time of analysis.

Nginx Kubernetes Denial Of Service +3
NVD GitHub VulDB
CVSS 7.5
HIGH PATCH This Week

Prototype pollution in the npm package flat-to-nested (versions <= 1.1.1) lets attackers who control input records pollute Object.prototype by supplying a record with parent set to the string '__proto__'. The convert() function uses plain objects as lookup tables and writes attacker-controlled data through the prototype chain via initPush(), affecting any application that feeds untrusted flat records (REST input, DB rows, user-supplied data) into the library. No CISA KEV listing and no public exploit identified at time of analysis beyond the proof-of-concept embedded in the GitHub Security Advisory.

Privilege Escalation Denial Of Service
NVD GitHub
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Write-lock mutual exclusion in concurrent-ruby's ReadWriteLock is broken in versions prior to 1.3.7, allowing any thread with a reference to the lock object to prematurely release another thread's active write lock, enabling concurrent writers and data races on protected shared state. Additionally, calling release_read_lock without holding a read lock corrupts the internal atomic counter from 0 to -1, causing all subsequent read acquisitions to fail with Concurrent::ResourceLimitError. Both defects are confirmed reproducible via publicly available proof-of-concept code in the GitHub Security Advisory GHSA-6wx8-w4f5-wwcr; no CISA KEV listing exists, and exploitation is constrained to in-process thread scenarios.

Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Denial of service in the concurrent-ruby gem (versions through 1.3.6) allows attackers to cause CPU exhaustion and permanent thread hangs by forcing an externally-derived numeric value stored in a Concurrent::AtomicReference to become Float::NAN. Because Ruby evaluates Float::NAN == Float::NAN as false, any subsequent call to AtomicReference#update livelocks - endlessly re-running the caller's block and pinning a CPU core, as the included reporter PoC demonstrates (over 1.9 million spin iterations in 250 ms). Publicly available exploit code exists; there is no public exploit identified as being used in active attacks, and the issue is not listed in CISA KEV.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Heap corruption in the Ruby Oj JSON parser (`Oj.load`) is triggered when applications process attacker-controlled JSON strings larger than 2 GB containing an escape sequence, due to an integer overflow in `read_escaped_str` that wraps a 32-bit length to a negative value and is then cast to `size_t`, causing `memcpy` to copy ~2 GB out of bounds. Versions of the `oj` gem prior to 3.17.3 are affected, and no public exploit identified at time of analysis; CVSS and EPSS are not provided.

Integer Overflow Denial Of Service
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Use-after-free in the Oj Ruby JSON gem's SAJ parser allows an attacker who can influence parsed JSON content and the SAJ callback handler to crash the Ruby process and potentially corrupt memory. Oj::Parser fails to protect heap-allocated cached object keys of 35 bytes or more from garbage collection, so a GC cycle triggered from inside a hash_end callback frees the key while C code still holds a dangling VALUE pointer. No public exploit identified at time of analysis, but a working reproducer is published in the GHSA advisory.

Use After Free Memory Corruption Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Use-after-free in the Oj Ruby JSON gem (≤ 3.17.1) crashes the host process when Oj::Parser is configured in :usual mode with a custom array_class or hash_class. Because parser_mark fails to register those VALUEs with the Ruby GC, the class object can be reclaimed and the next parse() dereferences freed memory, producing a segfault. A reproducer is published in the GHSA advisory; there is no public exploit identified for remote use and the issue is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Heap corruption in the Oj Ruby JSON parser allows remote attackers to crash or potentially corrupt memory in applications that parse untrusted JSON with `Oj::Parser` in `:usual` mode when the `create_id` option is enabled. A 65,535-byte object key triggers an integer truncation in `form_attr` (ext/oj/usual.c:63) that turns the buffer length into `(size_t)-1`, causing `memcpy` to write `SIZE_MAX` bytes onto a fixed 65,536-byte cache slab. No public exploit identified at time of analysis beyond the maintainer-supplied reproduction script in GHSA-9cv6-qcjw-4grx.

Python Use After Free Memory Corruption +1
NVD GitHub
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Race condition in CoreWCF.UnixDomainSocket peer identity resolution can cause one connection's POSIX identity to be misattributed to another connection, or crash the host process under contention. The root cause is the library's use of the non-reentrant POSIX functions `getpwuid` and `getgrgid` in concurrent connection handling paths, affecting all CoreWCF.UnixDomainSocket versions below 1.8.1 and 1.9.x versions below 1.9.1. No public exploit or CISA KEV listing has been identified at time of analysis.

Race Condition Denial Of Service
NVD GitHub
EPSS 0% CVSS 7.4
HIGH PATCH This Week

SAML token signature bypass in CoreWCF (versions <1.8.1 and 1.9.0) allows remote attackers to forge authenticated SAML assertions when the service validates tokens via a non-X.509 signing method. The SamlSerializer silently skips the final SignatureValue verification step, enabling assertion tampering and authentication bypass against WS-Trust holder-of-key configurations using symmetric proof keys. No public exploit identified at time of analysis, but the GitHub Security Advisory (GHSA-rpj7-hr7h-w6p9) confirms the issue and patches are available.

Denial Of Service
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in CoreWCF net.tcp, net.pipe, and net.uds framing handshake allows unauthenticated remote attackers to pin a server thread-pool worker at 100% CPU per TCP connection, exhausting CPU resources with only a small number of concurrent connections. Affects CoreWCF.NetFramingBase versions below 1.8.1 and 1.9.0 through 1.9.0, with no public exploit identified at time of analysis. The CVSS 7.5 (High) score reflects pure availability impact reachable pre-authentication over the network.

Denial Of Service
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

{% case %}` tag that has no `{% when %}`, `{% else %}`, or closing `{% endcase %}`. Because the loop occurs at parse time, any application that renders untrusted or user-supplied Liquid templates can be frozen with a payload as small as `{% case x %}`. It is a pure availability issue (CWE-835) with no confidentiality or integrity impact; not listed in CISA KEV and no evidence of active exploitation, though the trivial trigger is documented in the vendor advisory.

Python Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Unbounded heap growth in libde265 prior to version 1.0.20 allows remote attackers to exhaust process memory by delivering a crafted H.265 bitstream, resulting in denial of service. The flaw in `decoder_context::read_slice_NAL()` (decctx.cc:481) unconditionally attaches slice segment headers to finished picture objects regardless of whether an active image unit exists; in continuous streaming contexts these headers are never freed, enabling attacker-controlled memory accumulation without bound. No active exploitation is confirmed (not listed in CISA KEV) and no public POC has been identified at time of analysis, but the network-accessible, no-privileges-required vector makes any application consuming untrusted H.265 content an exposure surface.

Denial Of Service Libde265
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in the Oj Ruby JSON parser (versions <3.17.3) allows remote unauthenticated attackers to crash any process that parses untrusted JSON via Oj::Doc.open followed by a recursive each_child call. A deeply nested JSON document drives doc->where past the 100-element where_path array, causing a subsequent memcpy to overflow an 800-byte stack buffer and trigger the stack canary (SIGABRT). No public exploit identified at time of analysis beyond the vendor-published PoC, and EPSS data was not supplied; the issue is not listed in CISA KEV.

Denial Of Service Information Disclosure Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Denial of service in the Faraday Ruby HTTP client library (versions up to and including 2.14.2) allows remote attackers to crash worker threads by submitting query strings with deeply nested bracket-notation parameters. The Faraday::NestedParamsEncoder recursively walks attacker-controlled nested Hash structures without a depth ceiling, raising an uncaught SystemStackError at roughly 3,000+ levels of nesting (~9.4 KB payload). Publicly available exploit code exists in the GHSA-98m9-hrrm-r99r advisory itself; no public exploit identified at time of analysis in the active-exploitation sense, and impact is limited to availability - no RCE, auth bypass, or data disclosure, despite the input tags listing those categories.

Denial Of Service Authentication Bypass Information Disclosure +1
NVD GitHub
CVSS 5.3
MEDIUM PATCH This Month

Denial of service in symfony/ux-live-component's BatchActionController allows authenticated users to exhaust server CPU, memory, and database connections by submitting a single _batch HTTP request containing an unbounded number of actions. Each action in the client-supplied array triggers a full HttpKernel sub-request - including event subscribers, validators, Doctrine queries, and rendering - with no upper limit on array size. Fixed in versions 2.36.0 and 3.1.0; no public exploit or KEV listing identified at time of analysis.

Denial Of Service
NVD GitHub
EPSS 0% CVSS 8.0
HIGH PATCH This Week

Arbitrary file write in py7zr versions 1.1.0 through 1.1.2 allows attackers to escape the destination directory during archive extraction by chaining malicious symbolic links that resolve outside the target path. A victim who calls extractall() on a crafted 7z archive can have files written to arbitrary host filesystem locations, potentially escalating to remote code execution, privilege escalation, or data corruption. Publicly available exploit code exists (PoC published in the GHSA advisory), but there is no public exploit identified for active campaigns at time of analysis.

Python Privilege Escalation RCE +3
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Grafana Tempo and Enterprise Traces (GET) are vulnerable to an authenticated denial-of-service condition triggered by submitting a TraceQL query containing an excessively large exemplars hint value, causing the Tempo service to allocate unbounded memory until an out-of-memory crash occurs. Any authenticated user with query access - even low-privileged - can exploit this to take down the Tempo tracing backend, disrupting observability pipelines for the entire platform. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Grafana Denial Of Service Enterprise Traces Get +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial-of-service in urllib3 2.6.3 allows a malicious HTTP server to exhaust client memory via a Brotli decompression bomb that bypasses the streaming API's max_length safeguard added in 2.6.0 (CVE-2025-66471). Any Python application using urllib3 or requests with preload_content=False to stream Brotli-encoded responses from untrusted origins is exposed. No public exploit identified at time of analysis, though an upstream commit and GHSA-mf9v-mfxr-j63j confirm the regression.

Denial Of Service Urllib3 Urllib3 Suse
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Denial of service in js-toml versions up to and including 1.1.0 allows remote attackers to exhaust CPU resources by submitting a single TOML document containing an oversized hexadecimal, octal, or binary integer literal. The hand-written parseBigInt loop exhibits O(n²) complexity, and a ~500 kB literal pins one CPU core for ~40 seconds; no public exploit identified at time of analysis, but the patched commit and test suite serve as a clear blueprint. Applies to any service invoking load() on attacker-controlled TOML, such as configuration upload endpoints, CI/CD pipelines, IDE plugins, and build tools.

Apple Denial Of Service Js Toml
NVD GitHub
EPSS 0% CVSS 7.1
HIGH This Week

Out-of-bounds heap read in libaom's SVC layer ID control function allows remote attackers to leak approximately 40,728 bytes of heap memory or crash AV1 encoder processes by supplying a spatial_layer_id value exceeding the configured number of scalable video coding layers. The flaw affects network-facing services that pass attacker-influenced SVC encoder parameters into the reference AV1 codec, enabling information disclosure or denial of service. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Denial Of Service Information Disclosure Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

Arbitrary address write in libaom, the reference AV1 video codec implementation, allows remote attackers to corrupt memory by supplying crafted pixel values to an encoder that has Scalable Video Coding (SVC) enabled, leading to denial of service or potential code execution. The flaw stems from a missing bounds check in the SVC layer ID control function that lets pixel data inject an attacker-controlled pointer into the cyclic refresh map, after which ~1,200 bytes are written deterministically to the chosen address. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

RCE Memory Corruption Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 7.6
HIGH This Week

Heap buffer overflow in libaom's AV1 encoder allows attackers who influence encoder configuration to trigger a 232-byte out-of-bounds heap write on every frame after the second, when Look-Ahead Processing (LAP) mode is active with g_lag_in_frames >= 1. Affected deployments include transcoding pipelines and WebRTC servers that pass user-controlled encoder parameters to libaom. No public exploit identified at time of analysis, and the flaw primarily yields a reliable denial of service with a theoretical path to remote code execution via heap corruption.

RCE Heap Overflow Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Integer overflow in QEMU's virtio-snd virtual sound device allows a malicious guest VM to trigger unbounded host memory allocation by supplying out-of-bounds stream counts via PCM_INFO requests, resulting in a host-side denial of service. Affected deployments are those where QEMU exposes the virtio-snd device to guest VMs - particularly relevant in multi-tenant or cloud virtualization environments where guest workloads may be untrusted. No public exploit code and no active exploitation (CISA KEV) has been identified at the time of this analysis; the CVSS 5.5 Medium score reflects the constrained local attack vector.

Integer Overflow Denial Of Service
NVD
CVSS 6.1
MEDIUM PATCH This Month

Arbitrary local file disclosure in the Rust crate tract-onnx (by Sonos) allows an attacker who supplies a malicious ONNX model file to read arbitrary files from the victim's filesystem at model-load time, with file contents surfaced directly in inference tensor output. The root cause is that `get_external_resources()` in `onnx/src/tensor.rs` passes the attacker-controlled `location` field of ONNX external-data tensors directly to `PathBuf::join()` without sanitization, enabling both absolute-path overrides and relative `../` traversal. A secondary denial-of-service (panic) is possible via out-of-bounds `offset`/`length` values. Publicly available exploit code exists (full PoC confirmed on tract-onnx 0.21.16); no active exploitation has been confirmed by CISA KEV at time of analysis.

Path Traversal Denial Of Service Python +1
NVD GitHub
EPSS 0% CVSS 6.0
MEDIUM This Month

Memory exhaustion denial of service in NI grpc-device's BeginSidebandStream RPC endpoint allows authenticated network attackers to crash or destabilize the server by triggering a cumulative memory leak with each invocation. All versions of NI grpc-device up to and including 2.17.0 are affected, along with NI InstrumentStudio as a dependent product. No public exploit code exists and this vulnerability is not listed in CISA KEV; however, the network-accessible attack vector makes it relevant for any deployment where the grpc-device server is reachable by untrusted authenticated clients.

Denial Of Service Grpc Device Instrumentstudio
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH This Week

Denial of service in NI grpc-device 2.17.0 and earlier allows an authenticated remote attacker to crash or destabilize the gRPC server by sending a crafted BeginSidebandStream message containing an out-of-range enum value. The unchecked cast triggers undefined behavior in the server process, with no public exploit identified at time of analysis. The flaw is reported by the vendor and tracked under GHSA-prfr-q8h3-mqxv.

Denial Of Service Grpc Device Instrumentstudio
NVD GitHub
EPSS 0% CVSS 8.7
HIGH This Week

Denial of service in NI grpc-device 2.17.0 and prior allows remote unauthenticated attackers to crash the data moniker service by submitting an unknown value that triggers a NULL pointer dereference. The flaw also impacts deployments embedding the server via NI InstrumentStudio. No public exploit is identified at time of analysis, though the CVSS 4.0 base score of 8.7 reflects high availability impact reachable over the network without privileges.

Denial Of Service Null Pointer Dereference Grpc Device +1
NVD GitHub
EPSS 0% CVSS 8.7
HIGH This Week

Remote denial of service in NI grpc-device 2.17.0 and earlier allows unauthenticated network attackers to crash the streaming API by sending a specially crafted write request that triggers an out-of-bounds read (CWE-125). The flaw was reported by NI itself and is documented in both an NI security bulletin and a GitHub security advisory (GHSA-8rjh-429j-f6gw); no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Denial Of Service Information Disclosure Buffer Overflow +2
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Use-after-free in FFmpeg's RASC video decoder exposes Red Hat Enterprise Linux AI 3 and Red Hat OpenShift AI deployments to denial-of-service attacks via crafted media files. The decode_move() function retains a raw pointer into a heap-allocated decompressed buffer that is subsequently reallocated during move-table processing, leaving the pointer dangling; reading through it crashes the process. No public exploit or KEV listing has been identified at time of analysis, but the network-accessible attack vector (file delivery over the internet) and lack of authentication prerequisites make this a realistic threat to any environment that processes untrusted AVI content using the affected FFmpeg builds.

Use After Free Memory Corruption Denial Of Service +4
NVD VulDB
EPSS 0% CVSS 5.6
MEDIUM POC PATCH This Month

Use-after-free memory corruption in Cloudflare Quiche's FFI layer exposes applications built with the non-default FFI feature flag to remote denial of service and limited heap disclosure. Two FFI iterator functions - quiche_connection_id_iter_next and quiche_conn_retired_scid_next - return raw pointers to ConnectionId values that are immediately freed when their owning Rust scope exits, leaving callers holding dangling pointers. No public exploit has been identified at time of analysis and there is no CISA KEV listing, but the CVSS 5.6 (AV:N/AC:H) score correctly reflects the constrained preconditions imposed by the opt-in build flag.

Use After Free Memory Corruption Information Disclosure +2
NVD GitHub VulDB
EPSS 0% CVSS 7.7
HIGH This Week

Local privilege escalation and denial of service in Imagination Technologies Graphics DDK arises from a write use-after-free between the CPU-side driver and GPU firmware, where the driver frees a shared memory page before the GPU firmware finishes accessing it. Any unprivileged local user able to issue GPU system calls can trigger the race against multiple released DDK branches (1.18, 23.2, 24.2, 25.1-25.3, 26.1). No public exploit identified at time of analysis, but SSVC rates technical impact as total.

Use After Free Memory Corruption Denial Of Service +1
NVD VulDB
EPSS 0% CVSS 8.6
HIGH This Week

Remote denial-of-service in Hitachi Virtual Storage Platform (VSP) enterprise storage arrays allows unauthenticated network attackers to disrupt availability through the 10G iSCSI interface across a wide swath of VSP families including E-series, G/F-series, 5000-series, and legacy G1000/G1500/F1500 platforms. The flaw maps to CWE-770 (uncontrolled resource consumption) and carries a CVSS 3.1 base score of 8.6 with a scope-change indicator, meaning impact extends beyond the iSCSI front-end channel to dependent storage services. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Denial Of Service Hitachi Virtual Storage Platform E990 E1090 E1090H Hitachi Virtual Storage Platform E390 E590 E790 E390H E590H E790H +4
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Uncaught Exception in ts-deepmerge before 8.0.0 allows unauthenticated remote attackers to crash Node.js applications by supplying JSON payloads that contain Object.prototype method names (e.g., toString, valueOf) mapped to non-function values, causing any subsequent string-context operation on the merged object to throw a TypeError. The vulnerability is distinct from classic prototype pollution - it does not escalate privileges or leak data, but reliably corrupts the merged object's callable methods, making DoS trivially achievable against any network-exposed merge endpoint that accepts untrusted input. A public proof-of-concept exists (GitHub Gist, Snyk SNYK-JS-TSDEEPMERGE-17339141), and the CVSS 4.0 E:P supplemental metric confirms exploit code is available; no confirmed active exploitation (CISA KEV) has been identified at time of analysis.

Denial Of Service Ts Deepmerge
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Memory exhaustion via maliciously crafted container image in containerd causes an OOM kill of the containerd process, rendering the container runtime API unavailable and disrupting orchestration layers including Docker Engine and Kubernetes control-plane components. CVE-2026-47262 is rated Moderate by the containerd project - lower than the four co-patched Critical/High CVEs - and is fixed across the full active supported release tree in versions 2.3.2, 2.2.5, 2.1.9, 2.0.10, and 1.7.33. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog at time of analysis.

Docker Kubernetes Denial Of Service +1
NVD VulDB GitHub
EPSS 1% CVSS 8.7
HIGH PATCH This Week

Path traversal in PraisonAI's MultiAgentMonitor component (versions <= 1.5.114) lets remote attackers who can supply agent identifiers read, write, or overwrite arbitrary files on the host by embedding '../' sequences in agent IDs. The flaw, disclosed by VulnCheck and tracked as GHSA-766v-q9x3-g744, enables information disclosure, denial of service, and potential code execution in multi-agent AI deployments; no public exploit identified at time of analysis but a detailed PoC is included in the advisory.

Path Traversal Denial Of Service RCE +1
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

NILFS utilities (nilfs-utils) through version 2.3.0 crash when processing crafted NILFS2 filesystem images due to missing bounds validation on the s_log_block_size superblock field before performing bit-shift operations. Tools including nilfs-tune and dumpseg are affected: an attacker who can persuade a user to process a malicious image can trigger undefined behavior - either oversized shift operations or out-of-memory conditions - resulting in a denial of service via tool crash. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog.

Denial Of Service Nilfs Utils
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

NULL pointer dereference in pam_usb 0.9.1 and below crashes PAM-integrated authentication services (sudo, login) when loginctl returns an empty Remote field during session locality checks. The crash terminates the PAM module with SIGSEGV, and depending on PAM stack control flags (required vs. optional), can deny authentication to all users of the affected service - a local denial of service with potentially severe impact on system accessibility. No active exploitation confirmed (not in CISA KEV); vendor-released patch available in version 0.9.2, which also addresses 11 additional security findings discovered during an ongoing audit.

Denial Of Service Null Pointer Dereference Pam Usb
NVD GitHub VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Infinite loop denial-of-service in pam_usb 0.9.1 and earlier can permanently hang authentication processes such as sudo, sshd, or login on Linux systems using USB hardware authentication. The flaw is in usb_get_process_parent_id(), which fails to initialize *ppid on failure; pusb_local_login() reuses the same variable as both input and output in a process-tree traversal loop, so if /proc/<pid>/stat becomes unreadable mid-authentication (e.g., an ancestor process exits during the auth window), the PID is never advanced and the loop never terminates. No public exploit has been identified and KEV listing is absent; the vendor-released patch is version 0.9.2, which is strongly recommended given the criticality of the affected authentication stack components.

Denial Of Service Pam Usb
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Denial of service in Significant-Gravitas AutoGPT prior to 0.6.63 allows remote attackers to exhaust host disk space by chaining the unbounded StepThroughItemsBlock loop with MediaDurationBlock, which downloads videos to a temporary directory and never cleans them up. No public exploit identified at time of analysis, but the flaw is trivially triggerable through the normal agent-building UI in any AutoGPT instance reachable by an untrusted user.

Denial Of Service Autogpt
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Disk exhaustion denial-of-service in Significant Gravitas AutoGPT prior to version 0.6.63 allows authenticated platform users to crash the host by abusing the AddAudioToVideoBlock and StepThroughItemsBlock workflow components. By looping MediaDurationBlock through unbounded StepThroughItemsBlock iterations against URLs that trigger screenshots, attackers fill the working directory with undeleted temporary media files until disk space is exhausted. No public exploit identified at time of analysis, and EPSS data was not supplied.

Denial Of Service Autogpt
NVD GitHub
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Denial of service in AutoGPT prior to 0.6.63 allows remote unauthenticated users to exhaust host disk space by chaining the StepThroughItemsBlock with the ScreenshotWebPageBlock to capture an unbounded number of screenshots into a temporary directory. No public exploit identified at time of analysis, but the attack requires no authentication and CVSS 4.0 rates availability impact as High (8.7).

Denial Of Service Autogpt
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Denial of service in AutoGPT versions prior to 0.6.63 allows remote unauthenticated attackers to exhaust disk space on the host running the workflow automation platform by abusing the StepThroughItemsBlock to repeatedly drive FileStoreBlock downloads. The platform's `StepThroughItemsBlock` has no loop cap and `FileStoreBlock` enforces no working-directory disk quota, so an attacker can iteratively download moderately sized files (e.g., 100MB) until storage is exhausted. No public exploit identified at time of analysis, but the GitHub Security Advisory GHSA-9fr4-9jj9-mhh6 confirms the issue and the fix in 0.6.63.

Denial Of Service Autogpt
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Resource exhaustion denial-of-service in Significant Gravitas AutoGPT versions prior to 0.6.63 allows remote unauthenticated users to fill disk space by abusing the LoopVideoBlock's unbounded loop count parameter. The platform writes the resulting oversized video to disk, exhausting available storage and crashing the host. No public exploit identified at time of analysis, but CVSS 4.0 rates this 8.7 (High) due to network reachability and unauthenticated trigger path.

Denial Of Service Autogpt
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Denial of service in HAProxy through 3.4.0 allows remote unauthenticated attackers to crash worker processes by triggering HPACK dynamic table insertions under memory pressure. The flaw lives in hpack_dht_insert() in src/hpack-tbl.c, where the return value of hpack_dht_defrag() is not validated; when the memory pool is exhausted defrag returns NULL and the subsequent dereference crashes the worker. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Denial Of Service Null Pointer Dereference Haproxy
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Resource exhaustion in Hermes WebUI before 0.51.468 exposes an unauthenticated POST /api/onboarding/oauth/start endpoint that accumulates unbounded in-memory OAuth flow state and daemon polling threads with each incoming request, enabling remote denial of service without authentication. The root cause - confirmed by vendor release notes and fix commit ce272d9 - is the absence of any deduplication or serialization check before allocating a new flow entry and spawning a worker thread per request. No active exploitation is confirmed (not in CISA KEV) and no public exploit code has been identified at time of analysis.

Denial Of Service Hermes Webui
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Unauthenticated call-control abuse in pipecat-ai development runner (>=0.0.77, <1.4.0) allows remote attackers reaching an exposed `/ws` telephony WebSocket to inject an attacker-controlled `callSid` that the server then submits to Twilio, Telnyx, or Plivo REST APIs using the operator's own credentials, forcibly terminating victim calls. Publicly available exploit code exists (a full Dockerized PoC is published in the GHSA advisory) and the maintainers shipped a fix in v1.4.0; no CISA KEV listing at time of analysis.

Python Docker Denial Of Service +3
NVD GitHub VulDB
EPSS 0% CVSS 5.0
MEDIUM This Month

Use-after-free in 389 Directory Server's schema reload path crashes the server when administrative schema reloads race against active LDAP query worker threads. The `attr_syntax_swap_ht()` function bypasses the refcount-based deferred deletion mechanism used throughout the attribute syntax subsystem, directly freeing nodes that concurrent worker threads may still hold references to. Affected products span Red Hat Directory Server 11, 12, and 13 across RHEL 6 through 10; no public exploit or active exploitation (CISA KEV) has been identified at time of analysis, and the CVSS score of 5.0 reflects the high-complexity, high-privilege prerequisites that substantially reduce real-world risk.

Use After Free Memory Corruption Denial Of Service +8
NVD VulDB
CVSS 4.8
MEDIUM PATCH This Month

Denial-of-service via unbounded factorial evaluation affects NCalc (NCalc.Core and NCalcSync NuGet packages) prior to v6.1.1, allowing remote attackers to exhaust CPU resources or trigger non-terminating computation loops by submitting expressions with extremely large factorial operands such as 9223372036854775807! (Int64.MaxValue). The root cause is CWE-190 integer overflow in MathHelper.cs's factorial calculation logic, which previously lacked bounds validation, allowing operands well beyond any representable result to be passed directly to the computation loop. No public exploit or CISA KEV listing has been identified at time of analysis, though the triggering expressions are trivially constructable and documented in the advisory itself.

Integer Overflow Denial Of Service
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Prototype pollution in the Jodit WYSIWYG editor npm package (versions < 4.12.26) allows mutation of Object.prototype via the public helper API Jodit.modules.Helpers.set(). When an application passes user-controlled or partially user-controlled key paths to this function, an attacker can inject arbitrary properties into the global Object.prototype, enabling logic bypass, denial of service, or secondary security issues throughout the entire JavaScript runtime. A proof-of-concept is publicly available in the GitHub advisory (GHSA-vpmm-x3fm-qr5c); no public exploit identified at time of analysis beyond this PoC, and no CISA KEV listing exists.

Prototype Pollution Node.js Denial Of Service
NVD GitHub
EPSS 0% CVSS 7.1
HIGH This Week

Database-resource exhaustion in UBB.threads forum software (confirmed in version 7.7.5) allows an authenticated low-privileged user to deny service to the entire application by issuing concurrent profile-view requests. The flaw, reported by CERT-PL and tracked as CWE-405 (Asymmetric Resource Consumption), produces high availability impact (CVSS 4.0 VA:H, 7.1) with no confidentiality or integrity loss. There is no public exploit identified at time of analysis and the vulnerability is not on the CISA KEV list.

Denial Of Service Ubb Threads
NVD
EPSS 0% CVSS 10.0
CRITICAL Act Now

Persistent local denial of service in Google Android (Wear OS) is possible due to a missing permission check declared in AndroidManifest.xml, allowing a co-resident unprivileged app to invoke a protected component and render device functionality unavailable. No user interaction or elevated privileges are required, but exploitation is local rather than remote despite the headline CVSS 4.0 score of 10.0. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Denial Of Service Authentication Bypass
NVD VulDB
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Denial of service in Node.js HTTP/2 lets a remote peer exhaust process memory by driving unbounded growth of the connection's originSet, the structure that tracks origins advertised via HTTP/2 ORIGIN frames. It affects the 22.x, 24.x and 26.x release lines up to and including Node 22.22.3, 24.16.0 and 26.3.0, and is fixed in the June 2026 security release (26.3.1). There is no public exploit identified at time of analysis and EPSS exploitation probability is low (0.51%), but availability impact is rated High.

Denial Of Service Node Js Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Denial-of-service exposure in Node.js HTTP/2 handling stems from integration defects with the nghttp2 library, addressed in the Node.js 24.17.0 'Krypton' LTS security release on 2026-06-18. Remote, unauthenticated attackers (per CVSS:3.0/PR:N/AV:N) can trigger availability degradation through crafted HTTP/2 traffic exploiting the flawed nghttp2 integration layer. The fix, commit a8a0d12875 in nodejs/node#62891, pairs an nghttp2 bump to version 1.69.0 with corrective integration patches; no public exploit code or CISA KEV listing has been identified at time of analysis.

Denial Of Service Suse
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a buffer overflow vulnerability in the device registration function. This vulnerability could allow an attacker to cause a denial of service attack on the remote target device.

Denial Of Service Buffer Overflow N A
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

Resource exhaustion in joserfc (versions 1.3.4-1.6.5) is possible because the RFC7797 unencoded-payload (b64=false) JWS code path skips the configured JWSRegistry.max_payload_length check, while the standard compact and flattened JSON paths correctly raise ExceededSizeError. Remotely submitted, cryptographically valid b64=false JWS tokens with arbitrarily large payloads are deserialized without size enforcement, consuming memory or CPU on the verifying server. No public exploit has been identified and the vulnerability is not in the CISA KEV catalog; a vendor-released fix is available in version 1.6.7.

Python Denial Of Service Joserfc +2
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Local denial-of-service in the SignalRGB kernel driver (versions prior to 1.3.7.0) allows any process able to open a handle to the driver to crash the Windows kernel by sending an IOCTL with an empty input buffer. Seven of thirteen IOCTL handlers dereference the SystemBuffer pointer without a NULL check, producing a bugcheck (BSOD). No public exploit identified at time of analysis, EPSS is 0.14%, and a vendor patch is available.

Denial Of Service Signalrgb Kernel Driver
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Process-terminating denial of service in Deno's WebSocket client (versions <= 2.7.4) allows any server - or a network man-in-the-middle on an unencrypted ws:// connection - to crash a Deno application by returning non-visible-ASCII bytes (0x80-0xFF) in the Sec-WebSocket-Protocol or Sec-WebSocket-Extensions handshake response headers. The root cause is an unhandled Rust panic in the HTTP upgrade path: HeaderValue::to_str() returns an error for out-of-range bytes, and that error path was not caught, causing the entire Deno process to abort. No public exploit has been identified at time of analysis and this is not listed in the CISA KEV catalog; impact is strictly availability - the advisory explicitly states there is no information disclosure or memory-safety consequence.

Information Disclosure Denial Of Service
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Regular expression denial of service in HAPI FHIR's DSTU2 FHIRPathEngine allows unauthenticated remote attackers to exhaust server CPU by submitting FHIR resources or FHIRPath expressions containing catastrophically backtracking regexes against the matches() function. This is an incomplete-fix vulnerability stemming from CVE-2026-45367, where the DSTU2 module's matches() at FHIRPathEngine.java line 2462 was left calling raw String.matches() without the RegexTimeout wrapper applied to the other five FHIR version modules. No public exploit identified at time of analysis beyond the reporter's working PoC published in the GHSA advisory.

Java Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Pre-authentication denial of service in libssh2 through 1.11.1 allows a malicious SSH server to pin a connecting client's CPU at 100% for over 60 seconds by advertising an attacker-controlled SSH_MSG_EXT_INFO extension count of 0xFFFFFFFF during key exchange. The flaw is reachable before authentication completes, so any client that initiates an SSH session to a hostile or compromised server endpoint is exposed, and no public exploit identified at time of analysis though VulnCheck has published an advisory and the upstream PR diff is public.

Microsoft Denial Of Service Libssh2
NVD GitHub VulDB
EPSS 0% CVSS 7.6
HIGH PATCH This Week

SQL injection in LangChain4j's langchain4j-mariadb and langchain4j-pgvector embedding stores allows authenticated attackers who can influence metadata filter keys to execute arbitrary SQL via EmbeddingSearchRequest.filter(), enabling blind data exfiltration, denial of service through sleep functions, and deletion of arbitrary rows via removeAll(Filter). The flaw stems from string-concatenated filter keys (and MariaDB string values) being placed into SQL without escaping, and is particularly relevant where filter keys originate from LLM-generated output or untrusted user input. No public exploit identified at time of analysis, though the vendor advisory documents working proof-of-concept payloads such as pg_sleep(1) injection.

PostgreSQL SQLi Denial Of Service
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Denial of service in Envoy versions prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1 allows unauthenticated remote clients to trigger excessive memory consumption via crafted HTTP/2 requests, potentially causing OOM termination of the Envoy process. The flaw stems from cookie header bytes bypassing request header size validation combined with HPACK limits being enforced only on encoded bytes. No public exploit identified at time of analysis, but the network-reachable, no-auth attack profile makes it a credible availability threat for edge proxies.

Denial Of Service Envoy
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial-of-service in the undici WebSocket client (Node.js HTTP/WebSocket library) version 8.1.0 through versions prior to 8.5.0 allows a malicious or compromised WebSocket server to exhaust client memory by streaming many small fragmented frames that individually pass the per-frame maxPayloadSize check but cumulatively bypass any size limit. The flaw is a regression introduced in the 8.1.0 line; no public exploit identified at time of analysis. Impact is limited to availability (process crash via memory exhaustion) with no confidentiality or integrity consequence per the CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H vector.

Denial Of Service Undici Red Hat
NVD GitHub VulDB
EPSS 1% CVSS 9.1
CRITICAL Act Now

Authenticated remote command execution in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) allows administrators to run arbitrary OS commands and escalate to root via a crafted HTTP request. The flaw, tracked as CVE-2026-20181 and reported by Cisco with a CVSS 3.1 score of 9.1 (scope-changed), can also crash single-node deployments and deny network access to unauthenticated endpoints. There is no public exploit identified at time of analysis.

Path Traversal Cisco Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Memory exhaustion denial of service in the undici WebSocket client (versions 6.17.0 and later) allows a malicious or compromised WebSocket server to crash Node.js client processes by streaming an unbounded number of small or empty continuation frames. Because undici only caps cumulative payload bytes via maxPayloadSize and does not limit fragment count, attackers can drive unbounded memory growth without ever exceeding the configured size threshold. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Denial Of Service Undici
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

NULL pointer dereference in Autodesk Revit's 'Convert RFA to FormIt' feature causes the application to crash when processing a specially crafted RFA file, resulting in a denial-of-service condition. All tracked versions of Autodesk Revit are affected per CPE data, with the attack requiring local file access and deliberate user interaction to trigger the vulnerable conversion workflow. No public exploit code and no CISA KEV listing exist at time of analysis; a vendor-released patch is available through Autodesk Access.

Denial Of Service Null Pointer Dereference Revit
NVD VulDB
EPSS 1% CVSS 9.3
CRITICAL PATCH Act Now

Arbitrary file write in picklescan before 0.0.33 lets attackers bypass the tool's dangerous-call blocklist by abusing distutils.file_util.write_file inside crafted pickle payloads. Because picklescan is used as a safety gate before loading ML model pickles, a bypass means malicious models pass scanning and can overwrite files on disk to achieve denial of service or remote code execution. Publicly available exploit code exists in the GHSA advisory, though there is no public exploit identified at time of analysis indicating active exploitation.

Denial Of Service Deserialization RCE +1
NVD GitHub
EPSS 0% CVSS 7.1
HIGH This Week

Improper access control in Dell PowerFlex Manager allows a low-privileged remote attacker to trigger a denial-of-service condition and tamper with integrity-sensitive operations against the software-defined storage management plane. Dell disclosed the issue in advisory DSA-2026-066, and at the time of analysis no public exploit has been identified and the CVE is not on the CISA KEV list.

Dell Authentication Bypass Denial Of Service +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Dell PowerFlex Manager's improper access control (CWE-284) permits a remote, low-privileged attacker to cause a denial of service condition against the management platform. The CVSS vector (AV:N/AC:L/PR:L/UI:N) confirms the attack is network-reachable with minimal complexity once credentials are obtained, and is limited in scope to availability degradation (A:L). No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Dell Authentication Bypass Denial Of Service +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Missing authentication on a critical function in Dell PowerFlex Manager allows an adjacent-network attacker to invoke privileged operations without credentials, yielding code execution, denial of service, information disclosure, tampering, and unauthorized access. No public exploit identified at time of analysis, and the affected version range was not populated in the source advisory placeholder. Dell self-reported the issue under DSA-2026-066.

Information Disclosure Denial Of Service RCE +3
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Temperature parameter validation in vLLM (pip/vllm ≤ 0.23.0) can be bypassed by supplying NaN or positive Infinity as the temperature value, because Python's IEEE 754 float comparison operators silently return False for these inputs, allowing the values to propagate unchecked into GPU CUDA sampling kernels. The invalid inputs trigger undefined behavior or fatal CUDA errors that crash the inference worker process, dropping all in-flight requests and degrading service for every concurrent user sharing that worker. No public exploit has been identified at time of analysis, though the trigger condition is fully disclosed in the published GHSA-7h4p-rffg-7823 advisory and is trivially reproducible from that description alone.

Python Denial Of Service Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Local privilege escalation in the Pi coding agent (npm packages @earendil-works/pi-coding-agent 0.74.0-0.78.0 and @mariozechner/pi-coding-agent 0.50.0-0.73.1) allows a co-resident attacker on a shared Linux host to pre-stage attacker-controlled extension code in a predictable `os.tmpdir()/pi-extensions` path that pi later loads as the victim user. No public exploit identified at time of analysis, but the issue was reported by CrowdStrike researchers and patched in 0.78.1 of the renamed package. Affects shared dev boxes, CI runners, and HPC login nodes; Windows/macOS default per-user temp directories typically avoid exposure.

Microsoft Apple Crowdstrike +4
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

Stack-based buffer overflow in rxi microtar 0.1.0 allows remote attackers to crash or potentially execute arbitrary code in applications that parse attacker-supplied TAR archives. The flaw lies in raw_to_header() (src/microtar.c:112), which uses strcpy() on fixed-width 100-byte ustar name/linkname fields that are not guaranteed to be null-terminated, enabling a 356-byte out-of-bounds read confirmed via AddressSanitizer. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

RCE Stack Overflow Buffer Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in rxi microtar 0.1.0 allows remote attackers to hang any consumer of the library at 100% CPU by supplying a crafted tar archive whose header size field triggers a 32-bit integer overflow in mtar_next(). The flaw affects every application that parses untrusted tar streams with this lightweight C library, and no public exploit is identified at time of analysis, though the trigger is trivial to construct from the description alone.

Integer Overflow Denial Of Service Microtar
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Out-of-bounds write in Zephyr RTOS Bluetooth Classic Hands-Free Profile (HFP) parser allows an adjacent Bluetooth peer acting as an Audio Gateway to corrupt heap/static memory on devices with CONFIG_BT_HFP_HF enabled. A single malformed +CIND response sent during Service Level Connection setup can crash the Bluetooth host or corrupt adjacent connection state with no user interaction. No public exploit identified at time of analysis, and the upstream fix is available via commit cf7693a in the zephyrproject-rtos repository.

Denial Of Service Memory Corruption Buffer Overflow +1
NVD GitHub VulDB
EPSS 1% CVSS 6.9
MEDIUM PATCH This Month

The web management interface of the Teldat Regesta Smart HD-PLC (model TLDPH16D2, firmware 11.02.05.10.02) is susceptible to resource exhaustion via a Slow Loris attack, making the administrative interface unavailable to legitimate operators. An unauthenticated network attacker can trigger this condition without any prior registration or credentials, as the embedded web server imposes no connection-hold limits or timeouts per CWE-770. No public exploit code or active exploitation has been identified at time of analysis; a vendor-released patch is available through the Teldat support portal.

Denial Of Service Regesta Smart Hd Plc Tldph16D2
NVD
EPSS 0% CVSS 10.0
CRITICAL Act Now

Local privilege escalation in Google Android's NFC subsystem stems from a use-after-free condition in Nfc::eventCallback() within Nfc.h, triggerable via a race condition without user interaction or additional execution privileges. Affected devices covered by the Android Security Bulletin for Android 17 can have an unprivileged local process win the race and elevate to higher-privileged context. No public exploit identified at time of analysis; the vulnerability was disclosed by Google through the Android security bulletin process.

Privilege Escalation Denial Of Service Race Condition
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Unauthenticated remote denial of service in NLTK's WordNet Browser HTTP server (nltk.app.wordnet_app) through version 3.9.3 allows any network-reachable attacker to terminate the server process by sending a single GET request to /SHUTDOWN%20THE%20SERVER. The server binds to all interfaces by default and invokes os._exit(0) on receipt, with no public exploit identified at time of analysis but exploitation is trivial given the documented endpoint.

Authentication Bypass Denial Of Service Nltk Nltk +1
NVD VulDB
Prev Page 12 of 406 Next

Quick Facts

Typical Severity
MEDIUM
Category
other
Total CVEs
36502

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy