Skip to main content

Denial of Service

other MEDIUM

Denial of Service attacks render applications or systems unavailable by overwhelming resources or triggering failure conditions.

How It Works

Denial of Service attacks render applications or systems unavailable by overwhelming resources or triggering failure conditions. Attackers exploit asymmetry: minimal attacker effort produces disproportionate resource consumption on the target. Application-level attacks use specially crafted inputs that trigger expensive operations—a regex engine processing malicious patterns can backtrack exponentially, or XML parsers recursively expand entities until memory exhausts. Network-level attacks flood targets with connection requests or amplify traffic through reflection, but application vulnerabilities often provide the most efficient attack surface.

The attack typically begins with reconnaissance to identify resource-intensive operations or unprotected endpoints. For algorithmic complexity attacks, adversaries craft inputs hitting worst-case performance—hash collision inputs filling hash tables with collisions, deeply nested JSON triggering recursive parsing, or pathological regex patterns like (a+)+b against strings of repeated 'a' characters. Resource exhaustion attacks open thousands of connections, upload massive files to unbounded storage, or trigger memory leaks through repeated operations. Crash-based attacks target error handling gaps: null pointer dereferences, unhandled exceptions in parsers, or assertion failures that terminate processes.

Impact

  • Service unavailability preventing legitimate users from accessing applications during attack duration
  • Revenue loss from downtime in e-commerce, SaaS platforms, or transaction processing systems
  • Cascading failures as resource exhaustion spreads to dependent services or database connections pool out
  • SLA violations triggering financial penalties and damaging customer trust
  • Security team distraction providing cover for data exfiltration or intrusion attempts running concurrently

Real-World Examples

CVE-2018-1000544 in Ruby's WEBrick server allowed ReDoS through malicious HTTP headers containing specially crafted patterns that caused the regex engine to backtrack exponentially, freezing request processing threads. A single attacker could saturate all available workers.

Cloudflare experienced a global outage in 2019 when a single WAF rule containing an unoptimized regex hit pathological cases on legitimate traffic spikes. The .*(?:.*=.*)* pattern exhibited catastrophic backtracking, consuming CPU cycles across their edge network until the rule was disabled.

CVE-2013-1664 demonstrated XML bomb vulnerabilities in Python's XML libraries. Attackers uploaded XML documents with nested entity definitions-each entity expanding to ten copies of the previous level. A 1KB upload could expand to gigabytes in memory during parsing, crashing applications instantly.

Mitigation

  • Strict input validation enforcing size limits, complexity bounds, and nesting depth restrictions before processing
  • Request rate limiting per IP address, API key, or user session with exponential backoff
  • Timeout enforcement terminating operations exceeding reasonable execution windows (typically 1-5 seconds)
  • Resource quotas limiting memory allocation, CPU time, and connection counts per request or tenant
  • Regex complexity analysis using linear-time algorithms or sanitizing patterns to eliminate backtracking
  • Circuit breakers automatically rejecting requests when error rates or latency thresholds indicate degradation
  • Load balancing and autoscaling distributing traffic across instances with automatic capacity expansion

Recent CVEs (36514)

EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in Windows Container Isolation FS Filter Driver affects all supported Windows 10, Windows 11, and Windows Server versions through use-after-free memory corruption. Low-complexity attack requires only low-privileged local access to achieve full system compromise (SYSTEM-level privileges). Microsoft has released patches for all affected versions. No public exploit identified at time of analysis, but the low attack complexity (AC:L) and requirement for only low privileges

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Use-after-free memory corruption in Microsoft Office Word enables local code execution with high privileges when victims open malicious documents. Affects Microsoft 365 Apps for Enterprise and Office LTSC 2021/2024 for Windows and Mac (versions below 16.108.26041219 for Mac; click-to-run editions require latest security updates). CVSS 7.8 reflects local attack vector requiring user interaction, but exploitation grants complete system compromise (confidentiality, integrity, availability all rated High). No public exploit identified at time of analysis, though use-after-free vulnerabilities are well-understood exploitation primitives. Vendor-released patch available through Microsoft security updates.

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in Windows Server Update Service (WSUS) on Windows 11 version 26H1 allows low-privileged authenticated users to gain SYSTEM-level access via use-after-free memory corruption. Exploitation requires local access and high attack complexity (CVSS AC:H), indicating timing-dependent or race condition triggers. Microsoft has released patch version 10.0.28000.1836 to address this vulnerability. No public exploit code or active exploitation confirmed at time of analysis.

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Null pointer dereference in Windows Redirected Drive Buffering denies service to local authenticated users on Windows 11 version 26H1 (build 10.0.28000.0-10.0.28000.1835). An authorized attacker with local access can trigger the vulnerability to crash the affected system component, though code execution is not possible. Vendor-released patch available; no public exploit code identified at time of analysis.

Denial Of Service Null Pointer Dereference Microsoft
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Microsoft Excel memory corruption via use-after-free enables arbitrary code execution when victims open malicious spreadsheet files. This vulnerability affects all major Office deployments including Microsoft 365 Apps for Enterprise, Excel 2016, Office 2019, and Office LTSC 2021/2024 for both Windows and macOS, as well as Office Online Server. Attackers require user interaction to open a crafted file, but no authentication is needed (CVSS PR:N), making this exploitable through phishing or file-sharing attacks. Vendor patches are available through Microsoft Security Response Center. No public exploit or active exploitation confirmed at time of analysis, though the straightforward attack vector (local file + user click) and high impact (code execution with full system privileges) warrant prompt patching.

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows User Interface Core across Windows 10, 11, and Server 2019-2025 allows low-privileged authenticated attackers to achieve SYSTEM-level access via use-after-free memory corruption. The vulnerability requires high attack complexity and local access but enables container escape (scope change) with full confidentiality, integrity, and availability impact. Vendor-released patches are available for all affected versions. No public exploit identified at time of analysis, though the use-after-free primitive is a well-understood exploitation technique.

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Remote Desktop Client for Windows allows unauthenticated network attackers to execute arbitrary code by delivering a malicious connection file or server response, requiring user interaction. This use-after-free vulnerability (CWE-416) affects Windows 10 (versions 1607-22H2), Windows 11 (22H3-26H1), Windows Server (2012-2025), and standalone Remote Desktop client versions below 2.0.1070.0. With CVSS 8.8 (network-accessible, no authentication required, low comple

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.4
HIGH PATCH Exploit Unlikely This Week

Local code execution in Windows Universal Plug and Play (UPnP) Device Host across all supported Windows 10, 11, and Server versions allows unauthenticated attackers to achieve high-impact compromise via use-after-free memory corruption. The vulnerability affects Windows 10 versions 1607 through 22H2, Windows 11 versions 22H3 through 26H1, and Windows Server 2012 through 2025 (including Server Core installations). Despite requiring local access and high attack complexity (CVSS:3.1/AV:L/AC:H), the

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Local privilege escalation in Microsoft Desktop Window Manager (dwm.exe) affects all supported Windows 10, Windows 11, and Windows Server versions via a use-after-free memory corruption flaw. Authenticated local attackers with low privileges can exploit this CWE-416 weakness to gain SYSTEM-level access with low attack complexity, requiring no user interaction. No public exploit identified at time of analysis, and SSVC framework assesses exploitation status as 'none' with non-automatable attack r

Denial Of Service Use After Free Memory Corruption
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Desktop Window Manager (DWM) use-after-free vulnerability enables local privilege escalation to SYSTEM on Windows 11 and Server 2022/2025. Low-complexity attack requires only low-privileged authenticated access with no user interaction, affecting all current Windows 11 versions (22H2 through 26H1) and Server editions. Vendor-released patches available as of May 2026. CVSS 7.8 (High) reflects significant local privilege escalation risk; no public exploit identified at time of analysis, though the

Denial Of Service Use After Free Memory Corruption
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Speech Brokered API allows authenticated users to gain SYSTEM-level access via use-after-free memory corruption. All supported Windows 10, Windows 11, and Windows Server versions (2016-2025) are affected. Microsoft released patches in their April 2026 security update cycle. EPSS score of 0.04% (12th percentile) indicates low exploitation likelihood in the wild, and no active exploitation or public exploit code has been identified at time of analysis.

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Likely This Week

Local privilege escalation in Windows Universal Plug and Play (UPnP) Device Host allows authenticated attackers with low privileges to achieve system-level access through use-after-free memory corruption. Affects all supported Windows 10, Windows 11, and Windows Server versions from 2012 through 2025. Microsoft has released patches across all affected product lines. No public exploit identified at time of analysis, though the local attack vector and authentication requirement (PR:L) limit immedi

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation via use-after-free in Windows Ancillary Function Driver for WinSock (AFD.sys) affects all supported Windows versions from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012-2025. Authenticated local attackers with low privileges can exploit memory corruption to gain SYSTEM-level access, though high attack complexity suggests reliable exploitation requires sophisticated techniques. Vendor-released patches are available across all affected versions. No publi

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Remote denial-of-service in Windows Local Security Authority Subsystem Service (LSASS) allows unauthenticated network attackers to crash Windows systems through null pointer dereference exploitation. Affects Windows 10 (versions 1607-22H2), Windows 11 (22H3-26H1), and Windows Server (2016-2025) across multiple release channels. Microsoft has released patches for all affected versions. No public exploit identified at time of analysis, but the low attack complexity (AC:L) and unauthenticated netwo

Denial Of Service Null Pointer Dereference Microsoft
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Desktop Window Manager (DWM) in Windows 10 21H2/22H2, Windows 11 22H3/23H2, and Windows Server 2022 allows authenticated local attackers with low privileges to elevate to SYSTEM via a use-after-free memory corruption flaw. CVSS 7.8 (High). Vendor-released patch available. No public exploit identified at time of analysis, though EPSS data not provided. This is a post-authentication escalation requiring initial local foothold, not a remote intrusion vector.

Denial Of Service Use After Free Memory Corruption
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) across Windows 10, 11, and Server 2012 R2-2025 allows authenticated attackers with low privileges to gain SYSTEM-level access via use-after-free memory corruption. Microsoft released patches addressing versions from Windows 10 1607 through Windows 11 26H1 and Server 2012 R2 through Server 2025. CVSS 7.0 rating reflects high attack complexity; no public exploit identified at time of analysis. EPSS data not prov

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation via use-after-free memory corruption in Windows Universal Plug and Play (UPnP) Device Host affects all supported Windows versions from Server 2012 through Windows 11 26H1. Authenticated local attackers with low privileges can exploit this CWE-416 flaw to gain SYSTEM-level access with low attack complexity (CVSS:3.1 AV:L/AC:L/PR:L). Vendor-released patches are available across all affected Windows 10, Windows 11, and Windows Server product lines. No public exploit code

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Likely This Week

Use-after-free in Windows TDI Translation Driver (tdx.sys) allows local privilege escalation to SYSTEM by authenticated low-privileged users on Windows 10/11 and Server 2012-2025. Microsoft has released security updates addressing this CWE-416 memory corruption flaw across all supported Windows versions. CVSS 7.0 reflects high attack complexity but full system compromise if successfully exploited. No public exploit identified at time of analysis, though the vulnerability's local attack vector an

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Brokering File System on Windows 11 and Windows Server 2022/2025 allows authenticated users with low privileges to gain SYSTEM-level access via use-after-free memory corruption. The vulnerability affects all actively supported Windows 11 versions (22H3 through 26H1) and recent Windows Server editions. Exploitation requires local access and low-level user privileges (PR:L) but has low attack complexity (AC:L), enabling reliable exploitation once local access is obtained. No public exploit identified at time of analysis, though the use-after-free weakness class is well-understood by attackers.

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Windows Shell use-after-free memory corruption enables local privilege escalation to SYSTEM on Windows 11 (all versions 22H3 through 26H1) and Windows Server 2022/2025. Authenticated low-privileged users can exploit freed memory references in Shell components despite high attack complexity requirements. Vendor-released patches address all affected versions. EPSS data not available; no public exploit identified at time of analysis, though the vulnerability class (CWE-416) is well-understood and commonly weaponized in Windows privilege escalation chains.

Denial Of Service Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe InDesign Desktop versions 20.5.2, 21.2 and earlier allows unauthenticated attackers to execute malicious code with current user privileges through maliciously crafted files. The use-after-free vulnerability requires user interaction (opening a weaponized InDesign file) but offers high impact across confidentiality, integrity, and availability. EPSS data not provided; no public exploit identified at time of analysis. Exploitation likelihood increased by low attack complexity (CVSS AC:L) requiring only basic social engineering to deliver malicious files.

Denial Of Service Use After Free RCE +2
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Denial of service in Fortinet FortiWeb 7.0-8.0.3 via integer overflow allows authenticated remote attackers with high privileges to crash the application, resulting in service unavailability. The vulnerability has a CVSS score of 4.9 (Medium) and affects multiple FortiWeb versions across a wide range. No public exploit code or active exploitation has been confirmed at the time of analysis.

Fortinet Integer Overflow Denial Of Service
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Denial of service in Schneider Electric PowerChute Serial Shutdown versions 1.4 and prior allows authenticated Web Admin users to trigger uncontrolled resource consumption by flooding the system with POST requests to the /helpabout endpoint, causing excessive troubleshooting zip file creation and service degradation. Attack requires valid admin credentials and network access to the web interface; CVSS 5.3 reflects low availability impact with no confidentiality or integrity compromise.

Denial Of Service Powerchute Serial Shutdown
NVD GitHub
EPSS 0% CVSS 8.9
HIGH PATCH This Week

Soundness violation in SP1 V6 recursive proof verifier enables malicious provers to construct recursive proofs from invalid shard proofs that native verifiers would reject. The vulnerability affects SP1 zkVM versions 6.0.0 through 6.0.2 (Rust crates sp1_sdk, sp1_recursion_circuit, sp1_prover) and allows forgery of zero-knowledge proofs by exploiting missing consistency checks between commitment-side and evaluation-side trace shape witnesses in the jagged PCS verifier circuit. This permits misrepresentation of circuit structure itself, not just data, undermining the fundamental soundness guarantees of the proof system. No public exploit exists at time of analysis, though the vulnerability was identified through SP1's bug bounty program on Code4rena. CVSS 8.9 reflects high integrity impact to both vulnerable and subsequent system components.

Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

jq is a command-line JSON processor. In versions 1.8.1 and below, functions jv_setpath(), jv_getpath(), and delpaths_sorted() in jq's src/jv_aux.c use unbounded recursion whose depth is controlled by the length of a caller-supplied path array, with no depth limit enforced. An attacker can supply a JSON document containing a flat array of ~65,000 integers (~200 KB) that, when used as a path argument by a trusted jq filter, exhausts the C call stack and crashes the process with a segmentation fault (SIGSEGV). This bypass works because the existing MAX_PARSING_DEPTH (10,000) limit only protects the JSON parser, not runtime path operations where arrays can be programmatically constructed to arbitrary lengths. The impact is denial of service (unrecoverable crash) affecting any application or service that processes untrusted JSON input through jq's setpath, getpath, or delpaths builtins. This issue has been addressed in commit fb59f1491058d58bdc3e8dd28f1773d1ac690a1f.

Denial Of Service Jq
NVD GitHub VulDB
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, an off by one error in the MSL decoder could result in a crash when a malicous MSL file is read. This issue has been fixed in version 7.1.2-19.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below 7.1.2-19 and 6.9.13-44 contain a heap use-after-free vulnerability that can cause a crash when reading and printing values from an invalid XMP profile. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.

Denial Of Service Use After Free Memory Corruption +2
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Stack exhaustion in ImageMagick's XML tree parser allows remote unauthenticated attackers to trigger denial-of-service conditions by submitting specially crafted XML files with deeply nested structures. Affects all versions below 6.9.13-44 and 7.1.2-19 across multiple platforms including the Magick.NET wrapper. EPSS score of 0.04% (12th percentile) indicates low observed exploitation probability, though the network-accessible attack vector (AV:N) and lack of authentication requirements (PR:N) present theoretical risk for internet-facing deployments processing untrusted XML input.

Denial Of Service Imagemagick
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a stack overflow vulnerability in ImageMagick's FX expression parser allows an attacker to crash the process by providing a deeply nested expression. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH POC PATCH This Week

Unbounded GZIP decompression in Pillow's FITS image parser enables remote denial-of-service via crafted image files. Pillow versions 10.3.0 through 12.1.x process FITS images without limiting decompression output, allowing attackers to trigger out-of-memory crashes or severe performance degradation through maliciously compressed images. Vendor-released patch available in Pillow 12.2.0. No active exploitation confirmed (not in CISA KEV), but the attack vector is trivial for any application accept

Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

In viff encoder contains an integer truncation/wraparound issue on 32-bit builds that could trigger an out of bounds heap write that can result in a crash.

Denial Of Service Integer Overflow Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Shell command injection in NSA Emissary's Executrix.getCommand() allows authenticated users with place configuration authorship to achieve arbitrary OS command execution when any payload is processed. The framework constructs /bin/sh -c commands by directly substituting IN_FILE_ENDING and OUT_FILE_ENDING configuration values into temporary file paths without escaping or validation, despite implementing input sanitization for similar parameters (placeName). Vendor-released patch available (commit 1faf33f). CVSS 8.8 (high) reflects local attack vector requiring low privileges, but scope change to C indicates container/JVM breakout potential. No CISA KEV listing or public exploit identified at time of analysis, though detailed proof-of-concept exists in advisory including Docker-based reproduction and unit test.

Denial Of Service Command Injection Docker +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Null pointer dereference in the Linux kernel's RDS-over-InfiniBand (RDS/IB) subsystem allows a local low-privileged user to crash the kernel by sending an RDS_CMSG_RDMA_MAP control message before an IB connection is fully established. The impact is a complete denial of service (kernel panic) with no confidentiality or integrity exposure, scoring CVSS 5.5. No public exploit code has been identified at time of analysis, and EPSS exploitation probability is extremely low at 0.02%, consistent with the specialized InfiniBand hardware prerequisite.

Linux Null Pointer Dereference Denial Of Service +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel's netfilter x_tables subsystem allows a local attacker with CAP_NET_ADMIN privileges to crash the system by loading an NFPROTO_UNSPEC-registered xt_match or xt_target (e.g., xt_devgroup) into an ARP nftables chain via nft_compat, triggering a kernel panic and complete availability loss. CVSS 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) accurately reflects the local-only, availability-only impact, and EPSS at 0.02% (7th percentile) indicates very low real-world exploitation probability. No active exploitation confirmed (not in CISA KEV); vendor-released patches are available across multiple stable kernel branches.

Linux Null Pointer Dereference Denial Of Service +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel's net/sched cls_flow traffic classifier allows a local low-privileged attacker to crash the kernel (denial of service) by creating a flow filter on a shared traffic control block without a fully qualified baseclass. The crash occurs in flow_change() at net/sched/cls_flow.c:508, confirmed by a KASAN trace showing null-ptr-deref when block->q is dereferenced on a shared block where it is intentionally NULL. No active exploitation confirmed - not listed in CISA KEV - and EPSS stands at 0.02% (7th percentile), indicating negligible real-world exploitation probability at time of analysis.

Linux Null Pointer Dereference Denial Of Service
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel's cls_fw traffic classifier (net/sched/cls_fw.c) crashes the kernel when authenticated local users configure an old-method cls_fw filter on a shared tc block and traffic with a nonzero major skb mark is processed. The flaw exists because the old classification path in fw_classify() calls tcf_block_q() and dereferences q->handle, but shared blocks hold a NULL block->q pointer. The impact is limited to local denial of service (kernel panic); no confidentiality or integrity compromise is possible. EPSS is 0.02% (7th percentile), this vulnerability is not in CISA KEV, and no public exploit has been identified at time of analysis.

Linux Null Pointer Dereference Denial Of Service
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free in Linux kernel bonding driver allows local authenticated attackers with low privileges to trigger memory corruption via race condition during concurrent slave device operations. The vulnerability (CVSS 7.8, EPSS 0.02%) affects the bond_xmit_broadcast() function where concurrent slave enslave/release operations can mutate the slave list during RCU-protected iteration, causing the original skb to be double-consumed and double-freed. Vendor patches are available for kernel versions 6.18.22, 6.19.12, and 7.0. No public exploit or active exploitation confirmed at time of analysis.

Denial Of Service Linux Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Integer overflow in the Linux kernel's IPv6 sendmsg ancillary-data path allows a local user with CAP_NET_RAW (or namespaced CAP_NET_RAW via unprivileged user namespaces) to crash the kernel via skb_under_panic(), constituting a local denial of service. The 16-bit opt_flen accumulator in ip6_datagram_send_ctl() wraps around when flooded with large IPV6_DSTOPTS cmsgs, causing the transmit path to underallocate sk_buff headroom while dst1opt still references a large destination-options header - the mismatch triggers BUG() on subsequent packet transmission. A proof-of-concept (poc.c) was submitted with the bug report; no public exploit identified at time of analysis as actively exploited (no CISA KEV listing), and EPSS is very low at 0.03%.

Linux Denial Of Service
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM This Month

Stack overflow in HarmonyOS media platform allows authenticated local attackers to cause denial of service and potentially achieve limited information disclosure or integrity compromise through malicious user interaction. CVSS 6.1 reflects moderate severity with local attack vector, low complexity, and requirement for user interaction; EPSS and KEV status not provided. No public exploit code or active exploitation confirmed at time of analysis.

Denial Of Service
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

Deserialization of untrusted data in Samsung Open Source Escargot JavaScript engine prior to commit 97e8115ab1110bc502b4b5e4a0c689a71520d335 allows local attackers without privileges to trigger a denial of service condition via process abort. The vulnerability exploits unsafe deserialization of Java objects, resulting in application termination rather than code execution. No public exploit code or active exploitation has been identified at the time of analysis.

Deserialization Samsung Denial Of Service +1
NVD GitHub VulDB
EPSS 0% CVSS 8.4
HIGH This Week

Heap use-after-free in Nitro PDF Pro 14.41.1.4 for Windows allows local code execution via malicious PDF containing crafted JavaScript calling this.mailDoc(). The vulnerability stems from premature deallocation of an XID object whose freed pointer is passed to wcscmp() and other functions, where attacker-controlled strings in the freed heap region can manipulate program flow. CVSS 8.4 (AV:L/PR:N) indicates local attack vector requiring no privileges or user interaction. EPSS 0.01% suggests low immediate exploitation probability; no public exploit identified at time of analysis.

Denial Of Service Use After Free Microsoft +2
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

Stack overflow in tinyobjloader's experimental MTL file parser (tinyobj_loader_opt.h) allows local attackers to trigger denial of service by supplying a malformed .mtl file. The vulnerability affects the library's material file parsing logic and crashes the application via stack memory corruption, though with EPSS score of 0.01% and no confirmed active exploitation, real-world risk is minimal despite the moderate CVSS 6.2 rating.

Denial Of Service Stack Overflow Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Totara LMS versions up to 19.1.5 allow unauthenticated remote attackers to conduct email bombing attacks by abusing the forgot password API endpoint, which lacks rate limiting on target email addresses. With a CVSS score of 9.8, the vulnerability enables complete compromise of confidentiality, integrity, and availability. Despite the critical score, EPSS estimates only 0.02% exploitation probability (5th percentile), and no active exploitation is confirmed (not in CISA KEV). A public proof-of-concept exists on GitHub, demonstrating the abuse technique.

Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Denial of service in Parani M10 Motorcycle Intercom v2.1.3 via crafted Bluetooth RFCOMM frames allows unauthenticated attackers within wireless range to crash the device. The vulnerability exploits a buffer overflow in the RFCOMM service handler, causing high availability impact. A proof-of-concept exists but active exploitation has not been confirmed; EPSS score of 0.02% suggests limited real-world exploitation pressure despite the accessible attack vector.

Denial Of Service Buffer Overflow N A
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Resource deallocation flaw in FFmpeg 8.0.1's zmqsend.c utility enables remote denial of service through crafted input files. Attackers can trigger improper cleanup of allocated resources without authentication (CVSS AV:N/AC:L/PR:N/UI:N), exhausting system resources. EPSS score of 0.04% (11th percentile) indicates low real-world exploitation probability, and no active exploitation confirmed (not in CISA KEV). The vulnerability affects a non-core utility component used for ZeroMQ message sending, limiting practical attack surface compared to main FFmpeg libraries.

Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Nitro PDF Pro 14.41.1.4 for Windows crashes when processing maliciously crafted PDFs that invoke app.alert() with null arguments, causing denial of service through NULL pointer dereference in the JavaScript engine. Remote attackers can deliver weaponized PDF files requiring no authentication or user interaction beyond opening the document (AV:N/AC:L/PR:N/UI:N). No public exploit identified at time of analysis, with EPSS exploitation probability at 0.01% (2nd percentile), indicating low real-world targeting despite theoretical automation potential.

Denial Of Service Null Pointer Dereference Microsoft +1
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Out-of-bounds read in FFmpeg 8.0.1's AV1 decoder allows remote denial-of-service via malicious video files. Attackers craft inputs targeting read_global_param() in libavcodec/av1dec.c to trigger memory access violations, crashing the decoder. Affects applications processing untrusted AV1 video content (media servers, transcoders, browsers with FFmpeg). CVSS 7.5 (High) reflects network-exploitable DoS; EPSS 0.04% indicates low observed exploitation probability. No active exploitation confirmed (n

Denial Of Service Buffer Overflow Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Nitro PDF Pro for Windows version 14.41.1.4 crashes when processing maliciously crafted XFA (XML Forms Architecture) packets due to a NULL pointer dereference, enabling remote denial-of-service attacks without authentication. An attacker can deliver a weaponized PDF containing the crafted XFA packet, causing the application to terminate when opened. EPSS exploitation probability is very low (0.01%, 2nd percentile), no active exploitation confirmed (not in CISA KEV), and no public exploit code identified at time of analysis. Despite CVSS 7.5 (High), real-world risk is limited to availability impact only - no code execution, data theft, or privilege escalation possible.

Denial Of Service Null Pointer Dereference Microsoft
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Heap buffer overflow in FFmpeg 8.0.1's av_bprint_finalize() function enables remote denial-of-service attacks through maliciously crafted media files. Exploitation requires no authentication (CVSS AV:N/AC:L/PR:N/UI:N), making this accessible to any network-based attacker who can deliver manipulated input to vulnerable FFmpeg instances. EPSS score of 0.04% (12th percentile) indicates low observed exploitation probability, and no public exploit code or active exploitation has been identified at time of analysis. While CVSS rates this 7.5 HIGH due to availability impact, real-world risk is primarily limited to public-facing media processing services.

Heap Overflow Buffer Overflow Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Varnish Cache 9.0.0 crashes (denial of service) when a remote client exploits timing between timeout_linger and timeout_idle to trigger HTTP/1 request pipelining that causes a workspace overflow in the refactored HTTP/2 architecture. The vulnerability stems from incomplete code path handling during workspace rollback in the recent non-blocking port, allowing prefetched data to exceed workspace_client boundaries and panic the daemon. Vendor-released patch: version 9.0.1. No public exploit code identified at time of analysis, but the attack requires only network access and careful timing, making real-world exploitation feasible for sophisticated attackers.

Denial Of Service Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Varnish Enterprise before version 6.0.16r12 is vulnerable to a workspace overflow denial of service attack that crashes the daemon through the headerplus.write_req0() VCL function. Unauthenticated remote attackers can craft HTTP requests with excessive header fields to trigger a panic and terminate the Varnish server, particularly impacting deployments using shared VCL through Varnish Controller. CVSS base score of 4.0 reflects low availability impact with high attack complexity, and no public exploit code or confirmed active exploitation has been identified.

Denial Of Service Red Hat
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Denial of service via workspace overflow in Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows unauthenticated remote attackers to trigger daemon panic through HTTP/2 session upgrade with specific amounts of prefetched data. The vulnerability exploits improper buffer allocation during HTTP/1 to HTTP/2 transport upgrade, causing workspace exhaustion on subsequent pipelined fetch operations. EPSS score of 4.0 (low-to-medium risk) reflects attack complexity and limited scope (local availability impact only), though no public exploit code or active exploitation has been confirmed.

Denial Of Service Red Hat
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Integer underflow in libexif version 0.6.25 and earlier during Fuji and Olympus MakerNote decoding allows local attackers to crash applications or leak sensitive memory information. The vulnerability requires local access and specific user interaction (high complexity) but affects all applications linking libexif, creating a supply-chain exposure for image processing tools.

Denial Of Service Integer Overflow Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Integer overflow in libexif through 0.6.25 Nikon MakerNote handling allows local attackers on 32-bit systems to trigger crashes or read sensitive memory, requiring high attack complexity and no user interaction. This affects only 32-bit architectures due to the integer arithmetic involved; EPSS probability is low given the local-only attack vector and high complexity prerequisite, but patch availability is currently unconfirmed.

Denial Of Service Integer Overflow Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

BlueAuditor 1.7.2.0 contains a buffer overflow vulnerability in the registration key field that allows local attackers to crash the application by submitting an oversized key value. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption +1
NVD Exploit-DB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

SpotFTP Password Recover 2.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized buffer in the Name field during registration. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Spotftp Password Recover
NVD Exploit-DB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Tandoor Recipes versions prior to 2.6.5 suffer from a denial-of-service vulnerability in the recipe import functionality that allows authenticated users to crash the application server or severely degrade performance by uploading a specially crafted ZIP bomb file. The vulnerability affects recipe management and meal planning features accessible to authenticated users and has been patched in version 2.6.5.

Denial Of Service Recipes
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Authenticated teachers in Chamilo LMS can delete arbitrary student grades platform-wide through Insecure Direct Object Reference in gradebook result views. By manipulating delete_mark or resultdelete GET parameters, attackers bypass course-scope and ownership controls, enabling unauthorized grade deletion across all courses. Versions prior to 1.11.38 and 2.0.0-RC.3 lack server-side validation. No public exploit identified at time of analysis. CVSS 7.1 (High) reflects authenticated access requirement with high integrity impact and low availability impact.

Denial Of Service Null Pointer Dereference Chamilo Lms
NVD GitHub
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Request body size limit bypass in SvelteKit adapter-node allows unauthenticated attackers to submit oversized payloads, causing denial of service through resource exhaustion. Affects SvelteKit versions prior to 2.57.1 running adapter-node. Exploitation requires specific timing conditions (CVSS AT:P). Platform-level and WAF body size limits remain effective. No public exploit identified at time of analysis. Vulnerability exploits CWE-770 resource allocation flaw where BODY_SIZE_LIMIT enforcement fails under race conditions or specific request patterns.

Denial Of Service Kit
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Vikunja's file import endpoint bypasses configured maximum file size limits by trusting an attacker-controlled Size field in import metadata rather than validating actual decompressed file content. Authenticated users can upload small compressed zip files (e.g., ~25KB) containing files up to 25MB or larger, exhausting server storage and causing denial of service across all users. The vulnerability affects Vikunja v2.2.2 and earlier versions; a vendor-released patch is available in v2.3.0.

Python Denial Of Service
NVD GitHub
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

NASM up to version 3.02rc5 contains a heap use-after-free vulnerability in response file (-@) processing that allows remote attackers without authentication to cause data corruption or denial of service. The vulnerability arises from a dangling pointer stored in the global depend_file variable that is dereferenced after the response-file buffer has been freed. A proof-of-concept exploit exists, and CISA's SSVC framework rates this as automatable with partial technical impact, indicating moderate real-world risk despite the relatively modest CVSS score of 6.5.

Denial Of Service Use After Free Memory Corruption +1
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Heap buffer overflow in Netwide Assembler (NASM) 3.02rc5 obj_directive() function enables arbitrary code execution and denial of service when processing maliciously crafted .asm files. Missing bounds validation allows attackers to corrupt heap memory through specially constructed assembly source files. Publicly available exploit code exists. Impacts NASM users assembling untrusted input files, particularly automated build systems and development environments processing external assembly code.

RCE Denial Of Service Buffer Overflow +2
NVD GitHub VulDB
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

Improper synchronization of the userTokens map in Canonical Juju API server (versions 4.0.5, 3.6.20, and 2.9.56) enables authenticated users to trigger denial of service or reuse single-use discharge tokens due to a race condition. The vulnerability requires low privilege authentication and partial attacker timing control but allows complete availability impact to the server. EPSS score of 6.1 reflects moderate real-world exploitation risk, though no public exploit code or active exploitation has been confirmed.

Race Condition Canonical Denial Of Service
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Out-of-memory denial of service in Apache ActiveMQ allows unauthenticated remote attackers to exhaust broker memory via rapid TLSv1.3 KeyUpdate requests. Affects ActiveMQ Client, Broker, and All distributions versions <5.19.4 and 6.0.0-6.2.3 when NIO SSL transports are used. Vulnerability arises from improper handling of TLSv1.3 handshake KeyUpdate messages, enabling clients to trigger unbounded memory allocation in the SSL engine. No public exploit identified at time of analysis. CVSS 7.5 (AV:N/AC:L/PR:N) indicates network-accessible, low-complexity attack requiring no authentication.

Apache Denial Of Service Apache Activemq Client +3
NVD VulDB
EPSS 0% CVSS 8.1
HIGH This Week

Authenticated arbitrary file overwrite in Perfmatters WordPress plugin ≤2.5.9 allows low-privileged attackers (Subscriber-level and above) to corrupt critical server files via path traversal. The PMCS::action_handler() method processes bulk activate/deactivate actions without authorization checks or nonce verification, passing unsanitized $_GET['snippets'][] values through Snippet::activate()/deactivate() to file_put_contents(). Attackers can overwrite files like .htaccess or index.php with fixed PHP docblock content, causing denial of service. Exploitation requires authenticated access with minimal privileges. No public exploit identified at time of analysis.

WordPress PHP Path Traversal +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Regular expression denial of service (ReDoS) in jsVideoUrlParser library version 0.5.1 and earlier allows remote attackers to cause application availability loss by supplying a malicious timestamp argument to the getTime function in lib/util.js. The vulnerability exhibits inefficient regular expression complexity that can be triggered without authentication or user interaction. Publicly available exploit code exists, though the maintainer has not yet responded to early notification of the issue.

Denial Of Service
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

BGP session reset vulnerability in Juniper Networks Junos OS 25.2 and Junos OS Evolved 25.2-EVO allows adjacent unauthenticated attackers to trigger Denial of Service by sending malformed BGP packets within established sessions. Affects both eBGP and iBGP implementations across IPv4 and IPv6. Repeated exploitation enables sustained service disruption. Vulnerability confirmed actively exploited (CISA KEV). No public exploit identified at time of analysis. Adjacent network access required; attacker must be on same network segment as BGP peering.

Juniper Denial Of Service
NVD VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Denial of service in Juniper Networks Junos OS on SRX Series allows unauthenticated remote attackers to crash srxpfe process via malformed ICMPv6 packets during NAT64 translation. Repeated exploitation sustains DoS by forcing continuous process restarts. Affects wide range of Junos OS versions from 21.2 through 25.2 on SRX hardware. Vulnerability limited to ICMPv6 traffic; IPv4 and standard IPv6 cannot trigger. No public exploit identified at time of analysis.

Juniper Denial Of Service
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Denial of service in Juniper Networks Junos OS chassis control daemon (chassisd) on SRX1500, SRX4100, SRX4200, and SRX4600 allows local attackers with low privileges to crash the daemon via a specific 'show chassis' CLI command, causing complete traffic disruption until modules restart. The vulnerability affects Junos OS versions 23.2 before 23.2R2-S6, 23.4 before 23.4R2-S7, 24.2 before 24.2R2-S2, 24.4 before 24.4R2, and 25.2 before 25.2R1-S1 or 25.2R2. No public exploit code or active exploitation has been identified at time of analysis.

Juniper Denial Of Service
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Complete persistent denial of service in Juniper Networks Junos OS Evolved on PTX Series routers allows authenticated, low-privilege network attackers to crash the evo-aftmand service with no automatic recovery. The vulnerability triggers when PCEP-provisioned colored SRTE policy tunnels with 32-bit ASN values (greater than 65,535) in the Originator ASN field are monitored via gRPC, causing permanent forwarding plane failure until manual system restart. Affects multiple versions through 25.2 release train. No public exploit identified at time of analysis.

Juniper Denial Of Service
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Packet buffer allocation failure in Juniper EX4000 and QFX5000 Series switches allows adjacent unauthenticated attackers to cause persistent Denial of Service requiring manual device restart. Attack vector requires specific configuration: device configured as service-provider edge with L2PT enabled on UNI and VSTP enabled on NNI in VXLAN scenarios. Receiving VSTP BPDUs on UNI triggers buffer exhaustion, halting all traffic forwarding. Affects Junos OS 24.4 through 24.4R1, 25.2 through 25.2R1. No public exploit identified at time of analysis.

Juniper Denial Of Service
NVD
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Remote denial-of-service in Juniper Networks Junos OS (SRX/MX Series) allows unauthenticated attackers to crash IPsec daemons via malformed ISAKMP packets. Exploiting the improper input validation (CWE-1286) in kmd/iked IPsec library causes process restart, preventing new VPN security association establishment. Repeated attacks create sustained inability to establish VPN connections, severely degrading network connectivity for affected enterprise firewalls and routing platforms. No public exploit identified at time of analysis.

Juniper Denial Of Service
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Memory exhaustion in Juniper Networks Junos OS BroadBand Edge subscriber management daemon (bbe-smgd) on MX Series allows adjacent unauthenticated attackers to trigger persistent denial of service by sending authentication packets that do not match configured packet-type options. Each mismatched packet leaks memory, eventually consuming all available daemon heap memory and preventing new subscriber logins. Authentication packet-type configuration must be active for exploitation. No public exploit identified at time of analysis.

Juniper Denial Of Service
NVD
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Memory leak in Juniper Networks Junos OS jdhcpd daemon enables adjacent unauthenticated attackers to crash DHCP services on MX Series routers. Each DHCPv6 subscriber logout in PPPoE or VLAN configurations with active/bulk lease query leaks memory, eventually exhausting resources and triggering jdhcpd crash. Service remains unavailable until process restart completes. Affects all Junos OS versions before 22.4R3-S1, 23.2 versions before 23.2R2, and 23.4 versions before 23.4R2. No public exploit identified at time of analysis.

Juniper Denial Of Service
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Memory leak in Juniper Networks l2ald daemon allows adjacent attackers to crash Layer 2 services on EVPN-MPLS networks. Affects Junos OS and Junos OS Evolved across multiple versions. Unauthenticated attackers on the same network segment can trigger resource exhaustion by causing ESI route churn from multi-homed Provider Edge devices, forcing l2ald process crash and restart. No public exploit identified at time of analysis, but exploitation requires only network adjacency without authentication.

Juniper Denial Of Service
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Denial of service in Juniper Junos OS chassis control daemon (chassisd) on SRX1600, SRX2300, and SRX4300 devices allows local attackers with low privileges to trigger a complete crash via a specific 'show chassis' CLI command, causing temporary traffic disruption until module recovery. Junos OS 24.4 versions before 24.4R1-S3 and 24.4R2 are affected; no public exploit code identified at time of analysis.

Juniper Denial Of Service
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

OpenClaw before version 2026.3.25 processes JSON webhook request bodies before validating cryptographic signatures, allowing unauthenticated remote attackers to trigger denial of service by submitting malicious webhook payloads that force computationally expensive JSON parsing operations. The vulnerability exploits a logic-ordering defect where signature validation occurs after resource-intensive parsing, enabling attackers to exhaust server resources without valid credentials. No public exploit code has been identified at the time of analysis, though the attack requires only network access and is trivially exploitable.

Denial Of Service Openclaw
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

OpenClaw before 2026.3.22 processes cryptographic operations on inbound Nostr direct messages prior to validating sender identity and pairing status, allowing unauthenticated remote attackers to trigger denial of service through resource exhaustion by sending crafted messages. CVSS 6.9 reflects moderate impact with low integrity and availability degradation; no public exploit code or active exploitation has been confirmed.

Denial Of Service Openclaw
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Unauthenticated resource exhaustion in OpenClaw before 2026.3.22 allows remote attackers to cause denial of service by sending large or malicious webhook requests to the voice call handler, which buffers request bodies before validating provider signatures. The vulnerability requires only network access (AV:N, PR:N) and can be exploited with low complexity, making it a practical attack vector for disrupting service availability.

Denial Of Service Openclaw
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Unauthenticated buffer overflow in Juniper Networks Junos OS Evolved advanced forwarding toolkit (evo-aftmand/evo-pfemand) permits adjacent attackers to crash PTX Series and QFX5000 Series devices via crafted multicast packets. Exploitation triggers line card or device restart, sustaining denial of service under continuous attack. Affects multiple Junos OS Evolved release branches before patched versions. No public exploit identified at time of analysis. Attack requires adjacent network access but no authentication, making exploitation feasible in shared network segments.

Buffer Overflow Juniper Denial Of Service
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Unauthenticated resource exhaustion in PraisonAI versions prior to 4.5.128 allows remote attackers to drain OpenAI API credits and exhaust server resources. The /media-stream WebSocket endpoint in the call module accepts connections without authentication or Twilio signature validation, enabling unlimited concurrent sessions to OpenAI's Realtime API using the server's credentials. No public exploit identified at time of analysis. Affects PraisonAI deployments exposing the call module's WebSocket interface.

Denial Of Service Praisonai
NVD GitHub
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Memory exhaustion denial of service in PraisonAI's WSGI-based recipe registry server (server.py) affects versions prior to 4.5.128. The vulnerability allows unauthenticated local processes to send arbitrarily large POST requests by spoofing the Content-Length header, causing the server to allocate unbounded memory and crash. Authentication is disabled by default, eliminating any access control barrier. The Starlette-based alternative server (serve.py) includes a 10MB request size limit, but the WSGI implementation lacks equivalent protection. Vendor-released patch: version 4.5.128 or later.

Denial Of Service Praisonai
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

WordPress adivaha Travel Plugin 2.3 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Denial Of Service WordPress
NVD Exploit-DB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Wasmtime versions 25.0.0 through 36.0.6, 42.0.0-42.0.1, and 43.0.0 contain a compiler type-checking bug in the Winch backend where the table.grow operator returns incorrectly typed 64-bit values instead of 32-bit values for 32-bit tables, enabling read/write access to 16 bytes of host memory preceding linear memory and resulting in denial of service when Wasmtime detects the unauthorized access. The vulnerability requires explicit selection of the non-default Winch compiler backend and either disabled guard pages or modified memory layout to achieve information disclosure; default Wasmtime configurations using the Cranelift compiler and standard guard page placement are unaffected. No public exploit code or active exploitation has been identified, though the attack vector is remote and requires low-privilege authenticated access.

Denial Of Service Red Hat Suse
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote unauthenticated attackers can crash GnuTLS servers by sending malformed TLS handshake messages containing invalid Pre-Shared Key binder values, triggering a NULL pointer dereference. Red Hat Enterprise Linux versions 6-10, OpenShift Container Platform 4, and Red Hat Hardened Images are affected. Vendor patches are available. EPSS score of 0.08% (24th percentile) suggests low current exploitation probability despite network-accessible attack vector. SSVC framework classifies this as automatable with partial technical impact but no known exploitation, making this a medium-priority patching target focused on preventing service disruption rather than data breach.

Null Pointer Dereference Denial Of Service Red Hat Enterprise Linux 10 +6
NVD VulDB
EPSS 0% CVSS 2.7
LOW PATCH Monitor

Ubuntu Subiquity 24.04.4 leaks sensitive user credentials in crash report logs submitted to Launchpad during installation failures, potentially exposing plaintext Wi-Fi passwords and other credentials to unauthorized third parties. The vulnerability affects multiple Ubuntu versions (24.04.4, 25.04, and 25.10) and requires user interaction (submission of a crash report) but carries low real-world exploitation risk due to a CVSS score of 2.7 and absence of active exploitation signals. No public exploit code is known; vendor-released patches are available.

Denial Of Service Ubuntu
NVD GitHub
EPSS 0% CVSS 2.7
LOW PATCH Monitor

ubuntu-desktop-provision version 24.04.4 leaks user password hashes in crash report logs submitted to Launchpad during installation failures. An unauthenticated remote attacker can obtain sensitive credentials if a user opts to report the installation failure, requiring user interaction to trigger the vulnerability but resulting in direct exposure of authentication material. Patch available from Canonical via GitHub pull requests; EPSS and KEV status not actively exploited at time of analysis.

Denial Of Service Ubuntu
NVD GitHub
EPSS 0% CVSS 4.2
MEDIUM PATCH This Month

Denial of service in fast-jwt 5.0.0 through 6.2.0 allows authenticated remote attackers with user interaction to cause significant CPU consumption via crafted JWT tokens that trigger catastrophic backtracking in regular expression evaluation when the allowedAud verification option is configured with a regex pattern. The vulnerability exploits attacker-controlled aud claims evaluated against user-supplied regexes, resulting in ReDoS (regular expression denial of service). Vendor-released patch available in version 6.2.1.

Denial Of Service Fast Jwt
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Memory exhaustion in Orthanc DICOM Server versions ≤1.12.10 allows remote attackers to trigger denial of service by uploading specially crafted ZIP archives with forged uncompressed size metadata. The server allocates excessive memory buffers based on untrusted size fields during automatic extraction, enabling resource exhaustion attacks without authentication (CVSS:3.1 AV:N/AC:L/PR:N). EPSS probability of 0.02% (4th percentile) indicates low likelihood of imminent exploitation, with no public exploit identified at time of analysis.

Denial Of Service Dicom Server
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Memory exhaustion in Orthanc DICOM Server ≤1.12.10 allows unauthenticated remote attackers to trigger denial-of-service via gzip decompression bombs in HTTP requests. Attackers send maliciously crafted gzip-compressed payloads with inflated decompression metadata, forcing the server to allocate unbounded memory and crash. EPSS score of 0.02% (4th percentile) indicates low observed exploitation probability. No active exploitation confirmed (not in CISA KEV), and no public exploit code identified at time of analysis. CVSS 7.5 reflects network-reachable, low-complexity attack requiring no authentication, but impact limited to availability only.

Denial Of Service Dicom Server
NVD VulDB
Prev Page 37 of 406 Next

Quick Facts

Typical Severity
MEDIUM
Category
other
Total CVEs
36514

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy