Skip to main content

Denial of Service

other MEDIUM

Denial of Service attacks render applications or systems unavailable by overwhelming resources or triggering failure conditions.

How It Works

Denial of Service attacks render applications or systems unavailable by overwhelming resources or triggering failure conditions. Attackers exploit asymmetry: minimal attacker effort produces disproportionate resource consumption on the target. Application-level attacks use specially crafted inputs that trigger expensive operations—a regex engine processing malicious patterns can backtrack exponentially, or XML parsers recursively expand entities until memory exhausts. Network-level attacks flood targets with connection requests or amplify traffic through reflection, but application vulnerabilities often provide the most efficient attack surface.

The attack typically begins with reconnaissance to identify resource-intensive operations or unprotected endpoints. For algorithmic complexity attacks, adversaries craft inputs hitting worst-case performance—hash collision inputs filling hash tables with collisions, deeply nested JSON triggering recursive parsing, or pathological regex patterns like (a+)+b against strings of repeated 'a' characters. Resource exhaustion attacks open thousands of connections, upload massive files to unbounded storage, or trigger memory leaks through repeated operations. Crash-based attacks target error handling gaps: null pointer dereferences, unhandled exceptions in parsers, or assertion failures that terminate processes.

Impact

  • Service unavailability preventing legitimate users from accessing applications during attack duration
  • Revenue loss from downtime in e-commerce, SaaS platforms, or transaction processing systems
  • Cascading failures as resource exhaustion spreads to dependent services or database connections pool out
  • SLA violations triggering financial penalties and damaging customer trust
  • Security team distraction providing cover for data exfiltration or intrusion attempts running concurrently

Real-World Examples

CVE-2018-1000544 in Ruby's WEBrick server allowed ReDoS through malicious HTTP headers containing specially crafted patterns that caused the regex engine to backtrack exponentially, freezing request processing threads. A single attacker could saturate all available workers.

Cloudflare experienced a global outage in 2019 when a single WAF rule containing an unoptimized regex hit pathological cases on legitimate traffic spikes. The .*(?:.*=.*)* pattern exhibited catastrophic backtracking, consuming CPU cycles across their edge network until the rule was disabled.

CVE-2013-1664 demonstrated XML bomb vulnerabilities in Python's XML libraries. Attackers uploaded XML documents with nested entity definitions-each entity expanding to ten copies of the previous level. A 1KB upload could expand to gigabytes in memory during parsing, crashing applications instantly.

Mitigation

  • Strict input validation enforcing size limits, complexity bounds, and nesting depth restrictions before processing
  • Request rate limiting per IP address, API key, or user session with exponential backoff
  • Timeout enforcement terminating operations exceeding reasonable execution windows (typically 1-5 seconds)
  • Resource quotas limiting memory allocation, CPU time, and connection counts per request or tenant
  • Regex complexity analysis using linear-time algorithms or sanitizing patterns to eliminate backtracking
  • Circuit breakers automatically rejecting requests when error rates or latency thresholds indicate degradation
  • Load balancing and autoscaling distributing traffic across instances with automatic capacity expansion

Recent CVEs (36504)

EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in LLDAP v0.6.2 allows remote unauthenticated attackers to disrupt the authentication service by sending a crafted refresh-token header to the HTTP refresh endpoint. The flaw is a CWE-400 resource handling defect with CVSS 7.5 (availability-only impact); no public exploit is identified, though a referenced gist may contain proof-of-concept material. EPSS is low at 0.18% (8th percentile) and the issue is not on CISA KEV.

Denial Of Service N A
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Uncontrolled resource consumption in Datadog Vector v0.54.0 allows authenticated remote attackers to crash or degrade the observability pipeline by sending crafted HTTP requests to the /util/http/prelude.rs handler. The vulnerability is classified as CWE-400 and carries a CVSS 3.1 score of 6.5 (Medium), requiring low-privilege network access with no user interaction. No public exploit identified at time of analysis beyond a GitHub gist that may contain proof-of-concept material; EPSS sits at 0.15% (4th percentile), indicating very low observed exploitation probability in the broader threat landscape.

Denial Of Service N A
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM This Month

NULL pointer dereference in dhcpcd 10.3.0 allows an unauthenticated attacker on the same network segment to crash the DHCP client daemon by sending a crafted packet with unexpected or invalid option tokens. The fault occurs in parse_option() at src/if-options.c:1886, where a NULL return from option lookup is immediately dereferenced as a 'struct dhcp_opt' member without a null check, causing a runtime abort. No public exploit or CISA KEV listing exists, and EPSS sits at the 4th percentile, indicating low but real crash-level risk for any host running this specific dhcpcd version on a shared or adversarially accessible network segment.

Denial Of Service Null Pointer Dereference N A +2
NVD VulDB
EPSS 0% CVSS 8.0
HIGH This Week

An issue was discovered in Rakuten Send Anywhere (File Transfer) for Android (com.estmob.android.sendanywhere) 23.2.9. The vulnerability allows untrusted applications (with no permissions) to force arbitrary file downloads into the app's scoped storage. The resulting files appear in the application's trusted Received interface. These conditions establish a vector for arbitrary code execution if the payload is an APK file, or a denial-of-service condition through resource exhaustion from oversized transfers.

Denial Of Service Google RCE +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH This Week

Off-by-one buffer overflow in nanoMODBUS through v1.23.0 lets remote unauthenticated attackers write one attacker-controlled byte past a 260-byte receive buffer in the Modbus/TCP server's recv_msg_header() function. The corruption of the adjacent buffer-index field can cause denial of service on all targets and, on bare-metal/RTOS deployments without memory protection, leak one byte of memory and trigger unintended writes through the Write Multiple Registers (FC16) handler. No public exploit identified at time of analysis, but the bug is trivially reachable by sending a crafted MBAP frame with Length=255.

Denial Of Service Information Disclosure Buffer Overflow +1
NVD GitHub VulDB
CRITICAL Act Now

Divide-by-zero crash in GPAC's MP4Box tool allows denial of service when processing a crafted MP4 file containing a malformed Opus audio track header. The function gf_opus_parse_packet_header() in media_tools/av_parsers.c:11479 fails to validate that nb_frames is non-zero before performing arithmetic (max = header->nb_frames - 1), triggering a SIGFPE along the Opus dump path. A public proof-of-concept file is available, and no authentication or special privileges are required - only the ability to supply a crafted file to the tool. No confirmed active exploitation (not in CISA KEV); impact is limited to process crash with no code execution potential identified.

Microsoft Denial Of Service
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Stack-based buffer overflow in GPAC's MP4Box tool crashes the process when parsing a crafted MP4 file containing a malformed non-self-delimited Opus packet. The function gf_opus_read_length() in media_tools/av_parsers.c performs a 2-byte out-of-bounds write into a stack-allocated pckh structure at offset 568, confirmed by AddressSanitizer at line 11140. No active exploitation is confirmed in CISA KEV, but a public proof-of-concept MP4 file is available from the reporter, and the CVSS vector (PR:N, UI:R) indicates any user or automated pipeline invoking MP4Box on untrusted Opus-bearing MP4 files is at risk of a process crash.

Denial Of Service Stack Overflow Buffer Overflow
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

NULL pointer dereference in GPAC's MP4Box media tool crashes the process when importing a crafted MP4 file containing an unknown svcC box nested inside an av01 parent box. The unsupported-box handling path in the ISOBMFF parser leaves the sample entry pointer uninitialized; Track_SetStreamDescriptor() at isomedia/track.c:1677 subsequently dereferences this invalid pointer during bitrate update processing without validation, producing a SEGV. No active exploitation has been confirmed (not in CISA KEV), but a public proof-of-concept MP4 file is available at the reporter's GitHub repository, and the CVSS-assigned severity is 4.3 MEDIUM (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).

Denial Of Service Null Pointer Dereference
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Heap-based buffer overflow in GPAC's MP4Box Opus packet parser exposes file-processing pipelines to heap memory disclosure and application crash when handling a crafted MP4 containing a malformed Opus audio track. Processing a specially constructed file via MP4Box's XML dump mode (-dxml) triggers an out-of-bounds READ of 1 byte beyond a 3-byte heap allocation inside gf_opus_parse_packet_header() at av_parsers.c:11326, with adjacent heap memory potentially leaked as a secondary consequence. No public exploitation has been confirmed (not in CISA KEV), but a functional PoC MP4 file is publicly available on GitHub, lowering the barrier for targeted abuse in automated media-ingestion workflows.

Buffer Overflow Denial Of Service Heap Overflow
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Heap use-after-free in GPAC MP4Box's MPEG-4 LASeR/SVG processing path crashes the tool when parsing a crafted MP4 file with the -svg conversion flag. The flaw occurs in gf_svg_node_del() at svg_types.c:107, where an SVG node is freed and then read again during scene graph teardown via gf_sg_reset()/gf_node_unregister(), confirmed by AddressSanitizer. Impact is limited to availability (process crash/DoS); no confidentiality or integrity impact is demonstrated. A public proof-of-concept MP4 file exists on GitHub; no active exploitation has been confirmed by CISA KEV.

Denial Of Service Memory Corruption Use After Free +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

NULL pointer dereference in GPAC's MP4Box fragmentation pipeline allows unauthenticated remote attackers to crash the application by supplying a crafted MP4 file with corrupted Elementary Stream Descriptor (ESD) data. The function `gf_media_map_esd()` in `media_tools/isom_tools.c` at line 1359 calls `strlen()` on `esd->URLString` without verifying the pointer is non-NULL, triggering a SEGV when the ESD contains a missing or corrupted URLString field. A public proof-of-concept MP4 file exists; no active exploitation has been confirmed (not in CISA KEV). EPSS data is not available in the provided intelligence.

Denial Of Service Null Pointer Dereference Gpac
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Heap-based buffer overflow in GPAC MP4Box (all versions prior to fix commit 61bbfd2e89553373ba3449b8ec05b5f098d732a5) allows out-of-bounds heap READ when processing a crafted MP4 file containing corrupted stsz (sample-size box) data for an Opus audio track. When a user runs MP4Box with the -dxml flag against a malicious file, gf_opus_parse_packet_header() in av_parsers.c:11297 reads 1 byte beyond a 32-byte heap allocation, 1242 bytes past the base region allocated by Media_GetSample(), potentially leaking adjacent heap memory contents and crashing the process. A public proof-of-concept MP4 file is available; no active exploitation has been recorded in CISA KEV at time of analysis.

Buffer Overflow Denial Of Service Heap Overflow +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

NULL pointer dereference in GPAC's MP4Box crashes the application when importing a crafted MP4 file containing corrupted Sample Auxiliary Information (SAI) metadata with an invalid sai_samples count. The function gf_isom_copy_sample_info() in isomedia/isom_write.c:8164 fails to validate pointers after SAI merge handling fails, resulting in a SEGV read at address 0x0 and an application crash. A publicly available proof-of-concept MP4 file exists on GitHub; however, this CVE is not in CISA KEV, and exploitation is constrained to a denial-of-service (process crash) with no code execution or data exposure demonstrated.

Denial Of Service Null Pointer Dereference Gpac
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Integer overflow in GPAC's MP4Box causes an out-of-memory crash when processing crafted MP4 files with malformed Protection System Specific Header (PSSH) metadata during DASH segmentation. The function mp4_mux_cenc_insert_pssh() in filters/mux_isom.c fails to validate attacker-controlled kid_count and dataSize fields before using them in a buffer size calculation, causing realloc() to request approximately 61 GB (0xe40000100 bytes), which crashes the process. A public proof-of-concept MP4 file is available on GitHub; no active exploitation has been confirmed and no CISA KEV listing exists. The CVSS 3.1 score of 4.3 MEDIUM reflects the user-interaction requirement and limited availability impact.

Denial Of Service Integer Overflow Gpac
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Use-after-free memory corruption in GPAC's MP4Box triggers via gf_node_get_tag when parsing a crafted MP4 file containing an invalid BIFS GlobalQuantizer command. Any user or automated pipeline processing an attacker-supplied MP4 file with an affected GPAC build is exposed. Exploitation could yield arbitrary code execution or a reliable crash, depending on heap layout at the time of the free. No public exploit code or CISA KEV listing has been identified at time of analysis.

Denial Of Service Memory Corruption Use After Free +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Content injection in libreport's ABRT post-create event handler grants a low-privileged local user the ability to control file content that the root process writes into crash dump directories. When a monitored process crashes, the event handler script queries the systemd journal for matching log entries and writes the results directly to dump directory files without stripping embedded control characters - allowing an attacker who can write syslog messages to pre-position newline-delimited payloads that corrupt or inject arbitrary lines into those root-owned files. No public exploit code or CISA KEV listing has been identified at time of analysis, and exploitation is constrained to local access with low privileges.

Denial Of Service Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation in the abrt-dbus D-Bus service on Red Hat Enterprise Linux 6, 7, and 8 allows any unprivileged local user to win a TOCTOU race against the SetElement method, writing arbitrary text files into root-owned dump directories. By exploiting the gap between dump directory creation and post-create event execution, an attacker bypasses package validation and persists crash data for unpackaged binaries inside privileged paths, with no public exploit identified at time of analysis.

Denial Of Service Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Null pointer dereference in the Avira Antivirus scanning engine crashes the antivirus process when it parses a specially crafted malformed Windows PE file. All platform deployments - Windows, macOS, and Linux - running engine builds prior to 8.3.70.64 are affected, making this a cross-platform availability risk. No public exploit identified at time of analysis and no CISA KEV listing; however, the ease of crafting a malformed PE file as a trigger lowers the practical barrier for targeted disruption of endpoint protection.

Denial Of Service Microsoft Apple +2
NVD VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Denial of service in Capgo before 12.128.2 allows remote unauthenticated attackers to lock legitimate users out of the platform for 30 days by registering accounts with arbitrary unverified email addresses and immediately initiating account deletion, placing the targeted email in a pending-deletion lock state. The CVSS 4.0 score of 8.7 (High) reflects high availability impact achievable over the network without privileges or interaction; no public exploit identified at time of analysis, though the attack is trivially reproducible from the description.

Authentication Bypass Denial Of Service Capgo
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Unauthenticated denial-of-service in File Browser (filebrowser/filebrowser) versions <= 2.63.5 allows remote attackers to exhaust CPU and memory by submitting arbitrarily large passwords to the public /api/login endpoint, which are then passed unchecked into the bcrypt-style CheckPwd hashing routine. Publicly available exploit code exists in the GitHub advisory PoC, and concurrent abuse can crash the container and even destabilize the host Docker daemon. EPSS is low (0.04%) and the issue is not in CISA KEV, but the trivial AV:N/AC:L/PR:N exploitation profile makes it a real availability risk for any internet-exposed instance.

Docker Denial Of Service Python
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

Unbounded WebSocket stream allocation in Nezha Monitoring versions 1.0.0 through 2.1.x allows any authenticated dashboard user to exhaust server memory and crash the monitoring service. The two affected endpoints - POST /api/v1/terminal and POST /api/v1/file - each insert a long-lived ioStreamContext into a global Go map with no per-user rate limit, no global semaphore, and no per-server connection cap, making repeated calls a trivial denial-of-service vector. No public exploit code has been identified at time of analysis, and the issue is not listed in CISA KEV; the vendor released a patch in version 2.2.0.

Denial Of Service Nezha
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in IBM Qiskit SDK versions 0.43.0 through 2.5.0 allows remote attackers to crash the parser via uncontrolled recursion, triggering a segmentation fault. The CVSS 7.5 score (AV:N/AC:L/PR:N/UI:N) reflects unauthenticated network-reachable exploitation with high availability impact, though no public exploit identified at time of analysis. Affects quantum-computing workloads that ingest untrusted Qiskit/OpenQASM input.

Denial Of Service IBM Qiskit Sdk
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Concurrent map access without synchronization in pilinux/gorest's InMemorySecret2FA store causes an unrecoverable process crash across all versions through 1.12.1. Nine handler sites in login.go and twoFA.go share a bare Go map with no sync.RWMutex, meaning any two concurrent HTTP requests involving 2FA operations can trigger Go's built-in race detector to throw a fatal, non-catchable error that terminates the entire server process. No public exploit identified at time of analysis, though a proof-of-concept bash script is included in the GHSA advisory; vendor-released patch version 1.12.2 is confirmed.

Race Condition Denial Of Service
NVD GitHub
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Arbitrary file write in GeoServer's Master Password Dump web page allows an authenticated administrator to write attacker-controlled content to any absolute filesystem path the GeoServer process can write to, including JSP files in a Tomcat webapps directory. Because GeoServer enforces no maximum master password length, an admin can embed malicious JSP code into the master password and dump it to an executable location, escalating to remote code execution on the host. No public exploit identified at time of analysis and the issue is not in CISA KEV.

Microsoft Atlassian RCE +3
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Heap out-of-bounds read in NanaZip's Android Verified Boot (AVB) vbmeta image parser crashes the application and may leak heap memory contents when a victim opens a crafted .avb or .img file. Affected versions span 3.0.1000.0 through any release before 6.0.1698.0, covering a wide install base of Windows users. No public exploit code exists and EPSS sits at 0.05% (15th percentile), indicating low current exploitation interest, though the deterministic crash behavior lowers the bar for denial-of-service abuse.

Microsoft Information Disclosure Denial Of Service +3
NVD GitHub
EPSS 0%
MEDIUM This Month

Denial of service via gzip bomb in swift-nio-extras NIOHTTPRequestDecompressor affects any Swift server using the `.ratio(N)` decompression limit, allowing unauthenticated remote attackers to exhaust server memory without limit. The ratio enforcement logic incorrectly uses the attacker-supplied `Content-Length` request header as the denominator of the compression ratio check instead of the actual number of compressed bytes received, making the check trivially bypassable. No public exploit code has been identified at time of analysis, but the bypass technique is straightforward and requires no special tooling - any HTTP client capable of crafting a gzip payload with a falsified `Content-Length` header can trigger it repeatedly to sustain memory amplification.

Denial Of Service
NVD GitHub
EPSS 0%
HIGH This Week

Denial of service in Apple's SwiftNIO NIOHTTP1 module (versions <= 2.99.0) allows unauthenticated remote attackers to exhaust server memory or crash processes by submitting HTTP/1 requests containing an unbounded number of small, valid header fields. The HTTPDecoder previously enforced only an 80 KB per-field limit with no cap on cumulative header block size or field count, letting hundreds of thousands of headers accumulate before application code runs. No public exploit identified at time of analysis, but the attack is trivial and impacts any HTTP/1 server or client built on NIOHTTP1, including downstream frameworks like Hummingbird 2 (crashes) and Vapor 4 (memory inflation).

Microsoft Denial Of Service
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM POC PATCH This Month

Netty's HTTP/2 codec mishandles the SETTINGS_MAX_HEADER_LIST_SIZE client setting, enabling a denial-of-service attack functionally equivalent to HTTP/2 Rapid Reset (CVE-2023-44487) but with a distinct on-wire signature. Affected Netty versions prior to 4.1.135.Final and 4.2.15.Final fully process and proxy incoming requests to the origin before encountering an exception during response header serialization, consuming server resources without completing responses. No public exploit has been identified at time of analysis, and EPSS stands at 0.02% (5th percentile), though the attack technique parallels a well-documented catastrophic DDoS class.

Denial Of Service Netty Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Denial of service in Netty's io.netty:netty-codec-redis component (prior to 4.1.135.Final and 4.2.15.Final) allows remote attackers to trigger memory exhaustion by sending a crafted RESP array header that declares a huge element count, causing RedisArrayAggregator to pre-allocate an oversized ArrayList before any child messages arrive. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; EPSS data was not provided in the input.

Denial Of Service Netty
NVD GitHub VulDB
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Stateless reset token leakage in Netty's QUIC codec (io.netty:netty-codec-classes-quic prior to 4.2.15.Final) enables an on-path attacker to derive the reset token for active connections and terminate them via spoofed Stateless Reset packets. The default HMAC-based generators expose a deterministic relationship between the source connection ID visible in QUIC headers and the server's stateless reset token - after a source-CID rotation, an observer can compute the token from the new connection-ID bytes. No public exploit identified at time of analysis; the CVSS 4.8 Medium rating reflects the on-path attacker prerequisite (AC:H), which meaningfully limits opportunistic exploitation.

Information Disclosure Denial Of Service Netty
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Denial of service in the Netty HTTP/3 codec (io.netty:netty-codec-http3) prior to version 4.2.15.Final allows remote unauthenticated attackers to exhaust server memory by triggering creation of an unbounded number of blocked streams, leading to an OutOfMemoryError. The flaw affects any Java application or service using Netty as an HTTP/3 server. No public exploit identified at time of analysis, and EPSS probability is very low (0.05%, 17th percentile), but the network-reachable nature of the HTTP/3 protocol surface makes patching a priority for exposed endpoints.

Denial Of Service Netty
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Ticket panel resource exhaustion in Quest Bot (open-source Discord bot, all versions prior to 1.1.8) allows any Discord user with panel access to flood a server with unlimited ticket channels and database records. Each modal submission unconditionally spawns a new Discord channel and database entry with no duplicate-ticket check and no rate limiting, enabling trivial availability denial of the ticketing system. No active exploitation (KEV) or public exploit code has been identified; vendor-released patch version 1.1.8 is confirmed available.

Denial Of Service Questbot
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM This Month

Out-of-bounds heap write in QEMU's virtio-blk device allows a high-privileged guest to crash the host QEMU process. The flaw exists because the virtio-blk device omits validation of input descriptor sizes prior to writing data, enabling a malicious guest operator to submit a crafted virtio-blk SCSI request that writes beyond the allocated host heap buffer. The primary confirmed impact is a denial of service (DoS) of the QEMU process on the host; no public exploit code has been identified at time of analysis and it is not listed in the CISA KEV catalog.

Denial Of Service Heap Overflow Buffer Overflow +7
NVD VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Denial of service in CyberArk Privileged Access Manager (PAM) Self-Hosted Vault allows remote attackers to terminate the Vault service by sending unexpected input under specific configuration scenarios, affecting versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8. Disclosed by Palo Alto Networks (which now owns CyberArk) via Security Bulletin CA26-17 with no public exploit identified at time of analysis, the CVSS 4.0 base score of 8.7 reflects the network-reachable, unauthenticated attack path against a security-critical service. The flaw is a CWE-400 resource/input handling issue that produces a localized DoS rather than code execution or data exposure.

Denial Of Service Hashicorp Pam Sh Vault
NVD VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Memory disclosure and denial of service in MongoDB Server's server-side JavaScript engine allow an authenticated user with read privileges and JavaScript execution rights to read freed heap memory or crash the mongod process. The flaw is triggered during BSON-to-JavaScript array conversion when operators such as $where or $function are evaluated. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; it was self-reported by MongoDB.

Denial Of Service Memory Corruption Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Microsoft Use After Free Memory Corruption +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in Video in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Microsoft Use After Free Memory Corruption +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in GPU in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Google Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in GPU in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Google Use After Free Memory Corruption +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Autofill in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Google Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Use after free in Autofill in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Google Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in Cast in Google Chrome prior to 149.0.7827.115 allowed an attacker on the local network segment to potentially perform a sandbox escape via malicious network traffic. (Chromium security severity: High)

Google Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in Media in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Microsoft Use After Free Memory Corruption +3
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Use after free in Network in Google Chrome prior to 149.0.7827.115 allowed an attacker in a privileged network position to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: High)

Google Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in WebMIDI in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Microsoft Use After Free Memory Corruption +4
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Google Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Google Chrome on Windows prior to 149.0.7827.115 allows remote attackers to trigger a use-after-free condition in the Core component via a crafted HTML page, leading to arbitrary code execution within the renderer process. Chromium rates the severity as Critical, and no public exploit has been identified at time of analysis, but the bug class (UAF in Core) is historically a frequent target for in-the-wild exploitation against Chrome. The vulnerability requires the victim to visit attacker-controlled content (UI:R).

Microsoft Use After Free Memory Corruption +5
NVD VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Denial-of-service in MessagePack-CSharp's optional LZ4 decompression path (Lz4Block and Lz4BlockArray modes) allows remote unauthenticated attackers to crash .NET applications that deserialize untrusted MessagePack payloads. A crafted payload with manipulated LZ4 token/length fields triggers an out-of-bounds read raising an AccessViolationException, and may also leak limited adjacent memory before the process dies. No public exploit identified at time of analysis, but the vendor has published an advisory (GHSA-hv8m-jj95-wg3x) with patched releases 2.5.301 and 3.1.7.

Deserialization Denial Of Service
NVD GitHub
EPSS 0% CVSS 9.0
CRITICAL PATCH Act Now

Authentication bypass in Cloud Foundry UAA (User Account and Authentication) versions 2.0.0 through 78.13.0 allows remote attackers to forge SAML assertions and impersonate users by exploiting a logic flaw where XML encryption was accepted as a substitute for XML signature verification. Because the Service Provider's public encryption key is published in SAML metadata, any party - not just a trusted Identity Provider - can craft encrypted-but-unsigned assertions that UAA will decrypt and trust, breaking the identity-assurance guarantee of SAML. No public exploit identified at time of analysis, but the cryptographic confusion (CWE-347) is well-understood and the impact (full identity spoofing into the platform IAM) is severe.

Jwt Attack Denial Of Service Uaa +1
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Disk exhaustion in Summarize CLI (all versions before 0.17.0) allows remote attackers who control a podcast feed or media URL to cause denial of service by circumventing the tool's enforced media download size limit. The size cap can be bypassed through missing or misreported Content-Length headers, chunked transfer encoding, or deliberately failed HEAD requests, causing the CLI's temp-file download path to stream an unbounded response directly to local storage. No active exploitation has been confirmed (not listed in CISA KEV), no public proof-of-concept has been identified, and EPSS data is unavailable; however, the zero authentication requirement on the attacker side and low attack complexity make this a credible threat for users who process untrusted or third-party feeds.

Denial Of Service Summarize
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in Apache CXF versions 4.2.0 through 4.2.1 and all versions prior to 4.1.7 allows remote unauthenticated attackers to exhaust server resources by sending messages containing an unbounded number of attachment headers during deserialization. The flaw stems from missing input limits in the message deserialization path and can be triggered without authentication or user interaction. EPSS rates real-world exploitation probability as low (0.02%) and no public exploit identified at time of analysis, but SSVC flags the attack as automatable.

Apache Denial Of Service Cxf
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Improper access control in CyberArk Conjur Enterprise (Idira Secrets Manager Self-Hosted) versions 13.8.0 and earlier allows authenticated attackers with standard node-level credentials to abuse internal cluster endpoints to retrieve unauthorized secrets or trigger denial of service. The flaw is rated CVSS 4.0 base 8.4 with high confidentiality impact extending to subsequent systems, but no public exploit identified at time of analysis. CyberArk has published Security Bulletin CA26-20 alongside fixed releases.

Authentication Bypass Denial Of Service Conjur Enterprise
NVD VulDB
EPSS 0% CVSS 7.6
HIGH This Week

Heap buffer overflow in 389 Directory Server (389-ds-base) SASL I/O layer allows authenticated remote attackers to crash the LDAP service or achieve remote code execution after a successful SASL bind with integrity protection (SSF > 0). The flaw stems from an integer overflow in sasl_io_start_packet() that bypasses the nsslapd-maxsasliosize ceiling, enabling roughly 2 MB of attacker-controlled heap corruption. No public exploit identified at time of analysis, and the impact is amplified in FreeIPA and Red Hat Identity Management deployments where any enrolled user, host, or service principal qualifies as an authenticated attacker.

Integer Overflow RCE Denial Of Service +10
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Memory exhaustion and CPU starvation in python-zeroconf before 0.149.12 allows any unauthenticated LAN-adjacent host to OOM-kill or stall the zeroconf process by flooding TC-flagged mDNS queries over UDP/5353. The `AsyncListener.handle_query_or_defer` method retained all TC-bit packets in an unbounded `_deferred[addr]` dictionary - each entry up to 8,966 bytes of raw buffer plus parsed DNS state - with no cap on per-address queue depth or total distinct source addresses, and the per-arrival dedup scan ran O(N) causing quadratic CPU growth as queues expanded. Trivially spoofed source IPs multiply the memory footprint across `_deferred`/`_timers`; on Raspberry Pi-class hardware running Home Assistant, sustained flood traffic causes OOM termination; no public exploit identified at time of analysis.

Python Canonical Denial Of Service
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote memory exhaustion in Netty's netty-codec-http2 component allows unauthenticated remote peers to crash the JVM by triggering a ByteBuf reference-count leak in DelegatingDecompressorFrameListener. When crafted HTTP/2 frames cause the flow-controller to throw, pooled ByteBuf decompression chunks are not released, accumulating heap pressure until an OutOfMemoryError terminates the JVM. No public exploit has been identified at time of analysis, and this is not listed in CISA KEV, but the no-authentication, no-interaction attack path makes any internet-exposed HTTP/2 service using affected Netty versions susceptible to sustained DoS.

Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote denial of service in @grpc/grpc-js (the official gRPC library for Node.js) allows unauthenticated network attackers to crash any server process by sending a malformed HTTP/2 stream initiation frame. The flaw stems from an uncaught exception (CWE-248) triggered during stream setup, affecting all server applications built on this widely-used npm package across multiple release branches (1.9.x through 1.14.x). No public exploit identified at time of analysis, but the trivial attack complexity and absence of any workaround make patching the only mitigation.

Denial Of Service
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in the @grpc/grpc-js Node.js library allows remote attackers to crash any client or server process by sending an invalid compressed gRPC message. The flaw affects all versions prior to the fixed releases (1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, 1.14.4) and is exploitable over the network without authentication. No public exploit identified at time of analysis, and the vendor states there is no workaround other than upgrading.

Denial Of Service
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Denial of service in the joi npm validation library (< 18.2.1) is triggered by submitting deeply nested JSON objects against schemas that use recursive `link()` definitions, causing a JavaScript call stack overflow. The untrapped `RangeError` propagates out of joi's link resolver - crashing the Node.js process entirely when `validate()` is invoked without a surrounding `try/catch`, or silently breaking error-handling logic when a `RangeError` is returned where a structured `ValidationError` was expected. No confirmed active exploitation (not in CISA KEV) and no public exploit code identified at time of analysis, but the attack surface is inherently wide given joi's prevalence in Node.js web services.

Denial Of Service
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

BEAM atom table exhaustion in Elixir's membrane_mp4_plugin (versions 0.3.0-0.36.6) allows denial-of-service by submitting a crafted MP4 file to any application using the library's container parser. The parser passed attacker-controlled 4-byte MP4 box names to String.to_atom/1 without validation; because BEAM atoms are permanent allocations counted against a hard ceiling (~1,048,576 by default), an ~8 MB file with ~1.1 million distinct non-standard box names exhausts the table and aborts the entire BEAM node, collaterally terminating every application co-hosted on that node. No public exploit has been identified at time of analysis; vendor-released patch 0.36.7 resolves the issue.

Denial Of Service Membrane Mp4 Plugin
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

Uncontrolled resource consumption in GitLab CE/EE's file upload processing pipeline enables any authenticated user to trigger denial of service by submitting a specially crafted file. All self-managed GitLab instances running versions from 17.10 up through the patched releases (18.10.8, 18.11.5, 19.0.2) are affected across both Community and Enterprise Editions. A publicly available exploit exists on HackerOne (report #3517331), though no active exploitation has been confirmed by CISA KEV.

Gitlab File Upload Denial Of Service
NVD VulDB
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Denial of service in GitLab CE/EE versions 12.10 through 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 allows unauthenticated remote attackers to crash or degrade the API request parsing middleware via malformed input. Publicly available exploit code exists (HackerOne report 3671995), and the CVSS 7.5 (AV:N/AC:L/PR:N/UI:N/A:H) reflects trivially-reachable, no-auth exploitation against any internet-exposed GitLab instance. No CISA KEV listing at time of analysis.

Gitlab Denial Of Service
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Denial of service on the GitLab CI/CD Catalog page is achievable by any authenticated user across a broad version range (17.0 through pre-patch releases of 18.10, 18.11, and 19.0) due to improper sanitization of user-supplied content. The low-privilege, network-accessible attack vector means any GitLab account holder can trigger the condition without elevated permissions or complex setup. No public exploit code or CISA KEV listing has been identified at time of analysis, and the limited availability impact (A:L) constrains real-world severity, though the wide version exposure across three concurrent release branches broadens organizational risk.

Gitlab XSS Denial Of Service
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in vLLM 0.8.0 and later allows remote unauthenticated attackers to crash the inference server by sending a single OpenAI-compatible chat completion request containing a video/jpeg data URL with thousands of comma-separated base64-encoded JPEG frames. The VideoMediaIO.load_base64() method decodes every frame without enforcing a count limit, exhausting server memory. No public exploit identified at time of analysis, but an upstream fix commit is available on GitHub.

Denial Of Service Vllm Project Vllm
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Null pointer dereference in ImageMagick's distort operation crashes the processing process when an attacker supplies malformed distort arguments via a crafted image. Affected are all ImageMagick 6.x versions prior to 6.9.13-50 and all 7.x versions prior to 7.1.2-25. An unauthenticated remote attacker who can cause a target application to process a specially crafted image can trigger a DoS; no public exploit has been identified at time of analysis and this vulnerability is not listed in the CISA KEV catalog.

Denial Of Service Null Pointer Dereference Imagemagick +2
NVD GitHub VulDB
EPSS 0% CVSS 5.9
MEDIUM POC PATCH This Month

Heap-use-after-free in ImageMagick's CheckPrimitiveExtent function allows remote attackers to crash the image processing service by supplying crafted input that triggers a memory allocation failure, resulting in a denial-of-service condition. Affected are all releases of the 6.x branch prior to 6.9.13-50 and all 7.x releases prior to 7.1.2-25. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog; however, the network-accessible attack vector is relevant wherever ImageMagick processes untrusted images (e.g., web upload pipelines, CI/CD asset processors).

Use After Free Memory Corruption Denial Of Service +3
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in ImageMagick prior to 6.9.13-50 and 7.1.2-25 allows remote attackers to trigger an out-of-memory condition by submitting crafted images that bypass memory request validation in the AcquireAlignedMemory routine. The CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) vector reflects unauthenticated network exploitability with high availability impact but no confidentiality or integrity loss. No public exploit identified at time of analysis, and the issue is not present on the CISA KEV list.

Denial Of Service Imagemagick
NVD GitHub VulDB
EPSS 0% CVSS 5.6
MEDIUM This Month

Heap-based buffer overflow in OpenVPN's ovpn-dco-win Windows kernel driver (versions 2.0.0-2.8.3) allows a remote authenticated VPN peer to crash the host system by sending a crafted data packet that exploits an incorrect buffer size calculation in the epoch key generator. Because the vulnerable code executes in kernel mode, the resulting memory corruption causes a full system crash (BSOD), not a user-space fault. No public exploit code has been identified and this CVE is not listed in CISA KEV at time of analysis, though the kernel-level availability impact is severe when conditions are met.

Denial Of Service Buffer Overflow Ovpn Dco Win
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote unauthenticated denial-of-service in TDengine versions 3.4.0.0 through 3.4.1.5 allows attackers to crash the taosd server process by sending a single crafted RPC packet, with no credentials or prior session state required. The flaw is a CWE-191 integer underflow (vendor tags also reference Integer Overflow) in RPC packet handling, fixed in version 3.4.1.6. No public exploit identified at time of analysis, and the CVE is not listed in CISA KEV.

Integer Overflow Denial Of Service Tdengine
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Denial of service in kafka-python versions prior to 2.3.2 allows a malicious or man-in-the-middle Kafka broker to freeze the client's event loop during SCRAM authentication by returning an excessive PBKDF2 iteration count. Because ScramClient.process_server_first_message() forwards the broker-supplied value directly to hashlib.pbkdf2_hmac() without bounds checking, producers, consumers, admin clients, and group heartbeats all stall, leading to consumer-group eviction and reconnect loops. No public exploit identified at time of analysis, though VulnCheck has published a vendor-style advisory and an upstream patch has been merged.

Python Denial Of Service Kafka Python
NVD GitHub VulDB
EPSS 0%
MEDIUM PATCH This Month

Nil-pointer dereference in Incus daemon (incusd) versions before 7.1.0 allows any authenticated API user holding the standard can_create permission on any project to crash the entire incusd process by uploading a crafted backup tarball, causing denial of service across all projects on the affected cluster member. The vulnerable path in internal/server/storage/backend.go:795 dereferences Config.Volume without a nil guard while adjacent fields received nil-checks in sibling patches (GHSA-fwj8-62r8-8p8m, GHSA-r7w7-mmxr-47r9, GHSA-x5r6-jr56-89pv) released 2026-05-04. Publicly available exploit code exists in the form of a self-contained Go unit test and 2560-byte tarball builder included with the disclosure; no CISA KEV listing at time of analysis.

Null Pointer Dereference Denial Of Service Suse
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Unbounded memory allocation in the CRYPTO frame reassembler of AWS s2n-quic (all versions before v1.82.0) enables unauthenticated remote actors to degrade service availability by sending crafted QUIC Initial packets. Because QUIC Initial packets are processed prior to handshake completion, no session establishment or authentication is required to trigger the condition. No public exploit code or active exploitation has been identified at time of analysis, but the low-complexity, zero-authentication attack path makes this straightforwardly reachable on any exposed s2n-quic endpoint.

Denial Of Service S2N Quic
NVD GitHub
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Arbitrary directory deletion in julien040/anyquery 0.4.4 and earlier allows an authenticated low-privileged bearer-token holder to delete any directory accessible to the server process by submitting a SQL query that invokes clear_plugin_cache with a path-traversal payload. The flaw stems from path.Join silently resolving '..' segments before os.RemoveAll, and publicly available exploit code exists in the GitHub Security Advisory GHSA-j9rx-rppg-6hh4. Verified impact includes irreversible deletion of files outside the intended $XDG_CACHE_HOME/anyquery/plugins/ cache root, producing data loss and denial of service.

Python Docker Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in CometD Java server (versions 5.0.0-5.0.22, 6.0.0-6.0.18, 7.0.0-7.0.18, 8.0.0-8.0.8) allows a single remote unauthenticated client to exhaust server memory by repeatedly sending /meta/connect messages with a fixed ack value while the acknowledgement extension is enabled, causing the unacknowledged message queue to grow without bound and triggering an OutOfMemoryError. The CVSS 7.5 score reflects high availability impact with no confidentiality or integrity impact, and no public exploit identified at time of analysis, though the GitHub Security Advisory GHSA-cqgj-h8vf-4w59 provides clear protocol-level reproduction details.

Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Denial of service in Erlang/OTP erts (inet_drv SCTP handler) lets unauthenticated remote attackers crash the BEAM VM by sending a single crafted SCTP ERROR chunk to a listening SCTP port. The flaw is a stack-based buffer overflow (CWE-121) in sctp_parse_error_chunk, with the publicly disclosed advisory from the Erlang Ecosystem Foundation (EEF) and an upstream commit confirming the fix; no public exploit identified at time of analysis, and the overflow only permits writing 16-bit values interleaved with a fixed tag, limiting impact to DoS plus minor memory disclosure.

Denial Of Service Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Stack-based buffer overflow in Erlang OTP's erl_interface C library (`ei_s_print_term`) crashes processes when decoding Erlang terms containing very large integers, causing Denial of Service. Affected OTP releases span from 17.0 through unfixed branches of 27.x, 28.x, and 29.x, making this a wide-ranging availability risk for C-language nodes that interface with the Erlang runtime. Because overflow bytes are constrained exclusively to ASCII hex digits (0-9, A-F), arbitrary code execution is not feasible - confirmed impact is process crash only. No public exploit has been identified and this CVE is not listed in the CISA KEV catalog.

Denial Of Service Buffer Overflow Stack Overflow +2
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH POC PATCH Monitor

Denial of service in the image-size Node.js library through version 2.0.2 allows remote unauthenticated attackers to permanently hang the Node.js event loop by supplying a crafted JXL or HEIF image containing a box with a zero-valued size field. Publicly available exploit code exists and an upstream fix has been merged, making this a credible availability threat for any service that accepts user-supplied images and runs them through image-size. No active exploitation has been reported in CISA KEV at time of analysis.

Denial Of Service Node.js Image Size +2
NVD GitHub
EPSS 0% CVSS 8.7
HIGH POC PATCH This Week

Denial of service in the image-size Node.js library (versions up to and including 2.0.2) allows remote unauthenticated attackers to permanently stall the Node.js event loop by submitting a malformed ICNS image. The flaw stems from an infinite loop in the ICNS parser when an entry length field is zero, and publicly available exploit code exists per VulnCheck and an independent write-up; no public exploit identified at time of analysis indicates active exploitation, but the POC makes weaponization trivial.

Denial Of Service Node.js Image Size +2
NVD GitHub VulDB
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

Uncontrolled heap memory allocation in Ghidra's Mach-O binary parser (versions before 12.1.1) allows denial of service by crashing the Ghidra JVM. The parser reads the `ncmds` load command count field directly from a Mach-O file header and uses it to drive heap allocation without cross-validating it against the actual file size, enabling a crafted binary to exhaust JVM memory. No public exploit has been identified at time of analysis and this vulnerability is not listed in the CISA KEV catalog, though the attack primitive is straightforward to reproduce from the description.

Denial Of Service Ghidra
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

Uncontrolled memory allocation in Ghidra's rust_demangle function (versions before 12.0.3) allows a denial-of-service condition when a user analyzes a specially crafted binary containing malicious Rust symbol names. The affected function allocates output buffers without enforcing size limits, enabling exponential memory growth that crashes the Ghidra process. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis; however, the practical attack surface is real for teams that routinely analyze untrusted Rust binaries.

Denial Of Service Ghidra
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

Uncontrolled resource consumption in Ghidra's Mach-O binary parser (versions 10.2 through pre-12.1) allows a crafted binary to crash the entire JVM and destroy all unsaved analyst work. The ExportTrie.parseTrie() method lacks cycle detection when walking export trie structures, so a malicious Mach-O binary embedding circular trie references triggers unbounded queue growth and exponential string concatenation until an OutOfMemoryError terminates the JVM process. No public exploit has been identified at time of analysis and no CISA KEV listing exists, but the risk is materially elevated in adversarial research contexts where analysts routinely open untrusted binaries - exactly the workflow Ghidra is designed for.

Denial Of Service Ghidra
NVD GitHub
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability. Rated low severity (CVSS 2.1), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Ghidra
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH This Week

Remote denial-of-service in multiple Dahua video surveillance product lines (IPC, SD, NVR, XVR, EVS, VTO, VTH, ASI, TPC) allows unauthenticated network attackers to send a specially crafted packet that triggers an unhandled exception (CWE-617), forcing the device into an unexpected reboot. The CVSS 4.0 score of 8.7 reflects high availability impact with no required privileges or user interaction, and no public exploit identified at time of analysis.

Denial Of Service Dahua
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM This Month

Denial of service in Dahua IPC and SD (Speed Dome) camera devices allows an authenticated remote attacker to trigger an unexpected system reboot by sending a specially crafted network packet. The vulnerability is vendor-reported under advisory DHCC-SA-202606-001 and affects specific IPC and SD models with firmware built before March 26, 2026. No public exploit code has been identified at time of analysis, and the attack requires high-privilege authentication (PR:H), materially limiting the realistic attacker population.

Denial Of Service Dahua
NVD VulDB
EPSS 0% CVSS 1.2
LOW PATCH Monitor

NULL pointer dereference in QNAP QTS and QuTS hero NAS operating systems enables a remote, administrator-authenticated attacker to trigger a denial-of-service condition. Exploitation requires the attacker to first hold or acquire an administrator account on the target device, after which a crafted request can crash system services. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog at time of analysis.

Denial Of Service Null Pointer Dereference Qnap +2
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Resource exhaustion in QNAP File Station 5 (versions 5.5.0 through 5.5.6.5242) allows a remote attacker holding a low-privilege user account to exhaust shared resources, denying availability to other users, processes, or applications on the same system. The vulnerability is classified as a Denial-of-Service risk with no impact on confidentiality or data integrity. No public exploit code or CISA KEV listing has been identified at time of analysis; QNAP has released a patched version and published a security advisory.

Denial Of Service File Station 5
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

NULL pointer dereference in QNAP File Station 5 enables authenticated remote attackers to crash the service and cause a denial-of-service condition. Exploitation requires prior acquisition of a valid user account on the target QNAP NAS device, after which the attacker can trigger the dereference remotely over the network. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.

Denial Of Service Null Pointer Dereference File Station 5
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

NULL pointer dereference in QNAP QTS and QuTS hero NAS operating systems allows remote unauthenticated attackers to crash a network-facing service and cause a denial-of-service condition without any authentication or user interaction. Multiple active OS branches are affected - QTS 5.2.x and QuTS hero h5.2.x through h6.0.x - across a device population that is historically internet-exposed and frequently targeted. No public exploit has been identified and this vulnerability is not listed in CISA KEV, but the zero-authentication, network-accessible attack surface makes DoS attempts trivially repeatable against unpatched devices.

Denial Of Service Null Pointer Dereference Qnap +2
NVD VulDB
EPSS 0% CVSS 5.1
MEDIUM This Month

NULL pointer dereference in QNAP QuTS hero NAS operating system allows a remote attacker who has already obtained or possesses an administrator account to trigger a denial-of-service condition, crashing affected services. Affected branches span QuTS hero h5.2.x, h5.3.x, and h6.0.x series, with vendor-released patches available as of early-to-mid 2026. No public exploit code or CISA KEV listing has been identified at time of analysis, and the mandatory prerequisite of high-privilege authentication substantially constrains real-world impact.

Denial Of Service Null Pointer Dereference Qnap +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Remote denial-of-service in Espressif ESP-IDF's esp_http_server WebSocket handshake allows unauthenticated attackers to crash IoT devices by sending a malformed Sec-WebSocket-Protocol header. The flaw (CWE-476 NULL-pointer dereference) is triggered pre-authentication during subprotocol negotiation and affects ESP-IDF 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0; no public exploit identified at time of analysis, though upstream commits disclose the exact vulnerable code path.

Denial Of Service Null Pointer Dereference Esp Idf
NVD GitHub
EPSS 0% CVSS 7.1
HIGH This Week

Regex injection in BuddyPress 14.4.0's activity mention resolver allows authenticated WordPress users to manipulate a REGEXP clause against the users table when username compatibility mode is enabled, enabling boolean-based username inference and denial of service via catastrophic backtracking. CVSS 4.0 scores this 7.1 with low confidentiality impact and high availability impact, reflecting the dual data-leakage and DoS outcomes. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Denial Of Service Nosql Injection
NVD VulDB
Prev Page 14 of 406 Next

Quick Facts

Typical Severity
MEDIUM
Category
other
Total CVEs
36504

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy