Denial of Service

Denial of service vulnerability in CairoSVG (Python SVG rendering library) caused by exponential amplification through recursive <use> SVG elements without depth limits. An attacker can cause 100% CPU exhaustion indefinitely with a tiny 1,411-byte SVG file, affecting any service that processes SVG input (thumbnails, PDFs, avatars). A working proof-of-concept is publicly available, patches have been released, and while not in KEV, the vulnerability has a 7.5 CVSS score with network-based, unauthenticated exploitation.

Integer overflow in Rust's Yamux implementation allows unauthenticated remote attackers to crash target nodes by sending specially crafted WindowUpdate frames that trigger arithmetic overflow in stream send-window accounting. An attacker can establish a Yamux session and transmit malicious frames without authentication, causing a panic in the connection state machine and resulting in denial of service. A patch is available to address this high-severity vulnerability.

Denial-of-service vulnerability in Gokapi, a file-sharing server, wherein an authenticated attacker can send unbounded request bodies to an API endpoint without size restrictions, causing out-of-memory (OOM) conditions that crash the service and deny access to all users. The vulnerability requires valid authentication credentials but no special privileges, and is classified as high-severity (CVSS 6.5) due to guaranteed availability impact. Patch availability exists in version 2.2.4 and later.

A denial of service vulnerability in FreeRDP (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

An uncontrolled resource consumption vulnerability in the Hex.pm package manager allows authenticated attackers to cause denial of service by uploading oversized packages that exhaust server memory during extraction. The vulnerability affects hexpm versions before commit 495f01607d3eae4aed7ad09b2f54f31ec7a7df01 and hex.pm installations before March 10, 2026, with a CVSS 4.0 score of 7.1 indicating high availability impact. No active exploitation has been reported (not in KEV), no public proof-of-concept exists, and EPSS data is not available.

Path traversal via dagRunId in DAG execution endpoints.

A remote code execution vulnerability in A flaw (CVSS 7.5). High severity vulnerability requiring prompt remediation.

A remote code execution vulnerability (CVSS 6.9) that allows denial of service. Remediation should follow standard vulnerability management procedures. Vendor patch is available.

High severity vulnerability in wpDiscuz (WordPress plugin). wpDiscuz before 7.6.47 contains an unauthenticated denial of service vulnerability that allows anonymous users to trigger mass notification emails by exploiting the checkNotificationType() function. Attackers can repeatedly call the wpdiscuz-ajax.php endpoint with arbitrary postId and comment_id parameters to flood subscribers with notifications, as the handler lacks nonce verification, authent...

Node.js Undici's response deduplication feature accumulates response bodies in memory instead of streaming them, allowing remote attackers to trigger denial of service through large or concurrent responses from untrusted endpoints. Applications using the deduplicate() interceptor are vulnerable to out-of-memory crashes when processing large or chunked responses. No patch is currently available.

Node.js undici WebSocket client denial-of-service vulnerability allows remote attackers to crash the process by sending a malformed permessage-deflate compression parameter that bypasses validation and triggers an uncaught exception. The vulnerability exists because the client fails to properly validate the server_max_window_bits parameter before passing it to zlib, enabling any WebSocket server to terminate connected clients. No patch is currently available.

Node.js undici WebSocket client denial-of-service via decompression bomb in permessage-deflate processing allows remote attackers to crash or hang affected processes through unbounded memory consumption. An attacker controlling a malicious WebSocket server can send specially crafted compressed frames that expand to extremely large sizes in memory without triggering any decompression limits. No patch is currently available for this vulnerability.

Medium severity vulnerability in Ella Networks Core. Ella Core panics when processing a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings, resulting in a denial of service.

Medium severity vulnerability in ImageMagick. # Specially crafted SVG file make segmentation fault and generate trash files in "/tmp", possible to leverage DoS.

command line text editor. From 9.1.0011 to versions up to 9.2.0137 is affected by null pointer dereference (CVSS 5.3).

Undici fails to normalize HTTP header names when processing arrays, allowing duplicate Content-Length headers with case-variant names (e.g., "Content-Length" and "content-length") to be sent in malformed requests. Applications using undici's low-level APIs with user-controlled header inputs are vulnerable to request rejection by strict HTTP parsers or potential HTTP request smuggling attacks if intermediaries and backend servers interpret conflicting header values inconsistently. No patch is currently available.

Heap buffer overflow vulnerability in LibreDWG versions v0.13.3.7571 up to v0.13.3.7835 allows a crafted DWG file to cause a Denial of Service (DoS) via the function decompress_R2004_section at decode.c.

flatted is a circular JSON parser. versions up to 3.4.0 is affected by uncontrolled recursion (CVSS 7.5).

Silent event loss in Inspektor Gadget prior to 0.50.1 allows local attackers to cause denial of service by filling the 256KB ring-buffer, which triggers undetected data drops without alerting users or administrators. When the buffer becomes full, gadgets silently discard events and fail to report the loss count, potentially hiding critical system events from Kubernetes cluster and Linux host monitoring. A local attacker with limited privileges can exploit this to obscure malicious activity or system anomalies by saturating the instrumentation buffer.

High severity vulnerability in Python multipart. The `parse_options_header()` function in `multipart.py` uses a regular expression with an *ambiguous alternation*, which can cause *exponential backtracking (ReDoS)* when parsing maliciously crafted HTTP or multipart segment headers. This can be abused for **denial of service (DoS)** attacks against web applications using this library to parse request headers or `multipart/form-data` streams.

Jettweb Hazir Rent A Car Scripti V4 contains multiple SQL injection vulnerabilities in the admin panel that allow unauthenticated attackers to manipulate database queries through GET parameters. [CVSS 8.2 HIGH]

Use-after-free vulnerability in quickjs-ng through version 0.12.1 allows local attackers to corrupt memory and potentially execute arbitrary code via the js_iterator_concat_return function in quickjs.c. Public exploit code exists for this vulnerability. A local account is required to trigger the flaw, which affects confidentiality, integrity, and availability of the affected system.

Denial of service in yauzl 3.2.0 (Node.js zip parsing library) allows remote attackers to crash applications by submitting malformed zip files with specially crafted NTFS timestamp fields that trigger an out-of-bounds buffer read. The vulnerability affects any Node.js application that processes untrusted zip uploads and extracts file modification dates. No patch is currently available.

Use after free in WebView in Google Chrome on Android versions up to 146.0.7680.71 is affected by use after free (CVSS 8.8).

use after free in WindowDialog in Google Chrome versions up to 146.0.7680.71 is affected by use after free (CVSS 7.5).

Use after free in WebMIDI in Google Chrome versions up to 146.0.7680.71 is affected by use after free (CVSS 8.8).

Use after free in MediaStream in Google Chrome versions up to 146.0.7680.71 is affected by use after free (CVSS 8.8).

Use after free in TextEncoding in Google Chrome versions up to 146.0.7680.71 is affected by use after free (CVSS 8.8).

Use after free in Extensions in Google Chrome versions up to 146.0.7680.71 is affected by use after free (CVSS 8.8).

Use after free in WebMCP in Google Chrome versions up to 146.0.7680.71 is affected by use after free (CVSS 8.8).

Use after free in Agents in Google Chrome versions up to 146.0.7680.71 is affected by use after free (CVSS 8.8).

Quill before v0.7.1 is susceptible to denial of service through unbounded memory allocation when processing maliciously crafted Mach-O binaries. Environments accepting externally-submitted binaries for signing—such as CI/CD pipelines and shared signing services—face resource exhaustion attacks if they process attacker-controlled files. An authenticated local attacker can trigger excessive memory consumption by exploiting unvalidated size fields in code signing structures, causing the application to crash or hang.

Unbounded memory consumption in Quill's Apple notarization process allows denial of service when HTTP responses lack size validation, affecting environments with TLS-intercepting proxies or compromised certificate authorities where response manipulation is possible. An attacker positioned to intercept or modify notarization API responses can return arbitrarily large payloads to exhaust memory and crash the signing process. This impacts corporate networks and environments with trust boundary violations, though exploitation is not feasible under standard HTTPS conditions with proper certificate validation.

In versions of Tornado prior to 6.5.5, the only limit on the number of parts in `multipart/form-data` is the `max_body_size` setting (default 100MB). Since parsing occurs synchronously on the main thread, this creates the possibility of denial-of-service due to the cost of parsing very large multipart bodies with many parts. Tornado 6.5.5 introduces new limits on the size and complexity of multipart bodies, including a default limit of 100 parts per request. These limits are configurable if needed; see `tornado.httputil.ParseMultipartConfig`. It is also now possible to disable `multipart/form-data` parsing entirely if it is not required for the application.

SQL injection in WeGIA before 3.6.6.

Stack buffer overflow in RIOT OS coap_well_known_core_default_handler allows unauthenticated remote attackers to overwrite critical stack data including return addresses through oversized CoAP option responses. Affected IoT devices running RIOT 2026.01 and earlier are vulnerable to denial of service or arbitrary code execution without any user interaction required. No patch is currently available for this vulnerability.

Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service. [CVSS 3.6 LOW]

WinMPG iPod Convert 3.0 contains a buffer overflow vulnerability in the Register dialog that allows local attackers to crash the application by supplying an oversized payload. [CVSS 6.2 MEDIUM]

GetGo Download Manager 6.2.2.3300 contains a buffer overflow vulnerability that allows remote attackers to cause denial of service by sending HTTP responses with excessively long headers. [CVSS 7.5 HIGH]

RAR Password Recovery 1.80 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the registration dialog. [CVSS 6.2 MEDIUM]

Outlook Password Recovery 2.10 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. [CVSS 6.2 MEDIUM]

SQL Server Password Changer 1.90 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. Attackers can inject 6000 bytes of data into the User Name and Registration Code field to trigger a denial of service condition. [CVSS 6.2 MEDIUM]

Easy MP3 Downloader 4.7.8.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long unlock code. [CVSS 6.2 MEDIUM]

Folder Lock 7.7.9 contains a buffer overflow vulnerability in the serial number registration field that allows local attackers to crash the application by submitting an oversized payload. [CVSS 6.2 MEDIUM]

InputMapper 1.6.10 contains a buffer overflow vulnerability in the username field that allows local attackers to crash the application by entering an excessively long string. [CVSS 5.5 MEDIUM]

SpotIE Internet Explorer Password Recovery 2.9.5 contains a denial of service vulnerability in the registration key input field that allows local attackers to crash the application by supplying an excessively long string. [CVSS 6.2 MEDIUM]

cpp-httplib versions prior to 0.37.1 crash when the streaming API receives a malformed Content-Length header from any server, as the library fails to validate or handle exceptions from the underlying string parsing function. An attacker can exploit this denial of service condition by hosting a malicious server, performing a man-in-the-middle attack, or leveraging HTTP redirects to crash any client application using the vulnerable library. Currently no patch is available for this issue.

Kubernetes flagd feature flag daemon versions before 0.14.2 are vulnerable to denial of service through unbounded memory allocation on publicly accessible evaluation endpoints. An unauthenticated attacker can send HTTP requests with arbitrarily large payloads to exhaust memory and crash the service. This affects deployments without external authentication controls, allowing trivial process termination in containerized environments.

In devalue v5.6.3, `devalue.parse` and `devalue.unflatten` were susceptible to prototype pollution via maliciously crafted payloads. Successful exploitation could lead to Denial of Service (DoS) or type confusion.

Network interface denial of service in Cisco IOS XR on NCS 5500/5700 routers allows unauthenticated remote attackers to disable packet processing by sending crafted traffic that triggers EPNI Aligner interrupt corruption during heavy transit conditions. Successful exploitation causes the network processing unit and ASIC to stop functioning, rendering affected interfaces unable to forward traffic. No patch is currently available for this medium-severity vulnerability.

Cisco IOS XR Software's IS-IS routing implementation fails to properly validate incoming protocol packets, enabling an adjacent network attacker to trigger repeated process crashes and temporary routing outages. An attacker with Layer 2 adjacency can send malformed IS-IS packets to force denial of service conditions affecting network connectivity. No patch is currently available for this high-severity vulnerability.

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 versions up to 18.9.2 is affected by uncontrolled recursion (CVSS 7.5).

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 versions up to 18.7.6 contains a security vulnerability (CVSS 7.5).

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.0 versions up to 18.7.6 is affected by allocation of resources without limits or throttling (CVSS 7.5).

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 versions up to 18.7.6 is affected by allocation of resources without limits or throttling (CVSS 6.5).

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 versions up to 18.7.6 is affected by allocation of resources without limits or throttling (CVSS 6.5).

Easy Grade Pro 4.1.0.2 contains a file parsing logic flaw in the handling of proprietary .EGP gradebook files. By modifying specific fields at precise offsets within an otherwise valid .EGP file, an attacker can trigger an out-of-bounds memory read during parsing. [CVSS 3.3 LOW]

Denial of service in GNU C Library 2.36 on x86_64 systems occurs when nscd-backed functions trigger a race condition in the optimized memcmp implementation, allowing concurrent thread modification of input data to cause application crashes. This affects any application using NSS caching functionality under high load conditions. No patch is currently available.

OpenClaw versions2026.2.21-2 versions up to 2026.2.22 is affected by allocation of resources without limits or throttling (CVSS 7.5).

pypdf is a free and open-source pure-python PDF library. versions up to 6.8.0 is affected by allocation of resources without limits or throttling.

Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Prior to 0.11.14, a remote, unauthenticated attacker can trigger a denial of service in applications using vulnerable quinn versions by sending a crafted QUIC Initial packet containing malformed quic_transport_parameters. In quinn-proto parsing logic, attacker-controlled varints are decoded with unwrap(),...

Denial of service in file-type library versions prior to 21.3.1 allows remote attackers to hang Node.js event loops by submitting malformed ASF (WMV/WMA) files that trigger infinite loops during file type detection. Applications using file-type to analyze untrusted input are vulnerable, with a minimal 55-byte payload sufficient to stall processing. No patch is currently available for affected Node.js and File Type products.

OpenAPI documentation and client-server communication. versions up to 1.4.26 is affected by inefficient regular expression complexity (redos) (CVSS 7.5).

Android versions up to - is affected by improper check for unusual or exceptional conditions (CVSS 7.5).

Envoy proxy versions prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13 can be crashed by an authenticated attacker through improper state cleanup in the rate limit filter when both request and response phase limiting are enabled. When a response phase rate limit request fails, the gRPC client reuses stale internal state from the prior request phase, leading to a use-after-free condition that crashes the proxy. An attacker with network access and valid credentials can exploit this to cause a denial of service against Envoy instances.

Envoy proxy versions prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13 crash when processing scoped IPv6 addresses through the Utility::getAddressWithPort function, which is invoked by the original_src and dns filters in the data plane. This denial of service vulnerability can be triggered remotely without authentication, and public exploit code exists. No patch is currently available for affected deployments.

Envoy is a high-performance edge/middle/service proxy. [CVSS 5.3 MEDIUM]

DNG SDK versions 1.7.1 and earlier contain an integer overflow vulnerability that allows local attackers to crash affected applications through specially crafted files. Exploitation requires user interaction, as victims must open a malicious file to trigger the denial-of-service condition. No patch is currently available for this vulnerability.

Substance 3D Painter versions 11.1.2 and earlier contain a null pointer dereference that allows local attackers to crash the application by tricking users into opening malicious files. This denial-of-service vulnerability requires user interaction but requires no elevated privileges to exploit. No patch is currently available for this medium-severity issue.

Substance 3D Painter versions 11.1.2 and earlier contain a null pointer dereference that enables local denial-of-service attacks when users open specially crafted files. An attacker can crash the application to disrupt workflow, though exploitation requires user interaction and no patch is currently available. The vulnerability has a moderate CVSS score of 5.5 with zero percent estimated exploitation probability.

Substance 3D Painter versions 11.1.2 and earlier contain a null pointer dereference vulnerability that allows local attackers to crash the application by convincing users to open a malicious file. This denial-of-service impact disrupts application availability, though no patch is currently available. User interaction is required for exploitation, and the vulnerability affects local attack scenarios only.

Denial-of-service in Substance 3D Painter 11.1.2 and earlier stems from improper null pointer handling that crashes the application when processing malicious files. An attacker can trigger this crash by tricking a user into opening a specially crafted file, temporarily disrupting the victim's workflow. No patch is currently available to address this vulnerability.

Denial-of-service crashes in Adobe Substance 3D Painter versions 11.1.2 and earlier stem from a null pointer dereference vulnerability triggered when users open specially crafted files. An attacker can exploit this flaw to force application crashes and disrupt user workflows, though no patch is currently available. Exploitation requires social engineering to convince victims to open a malicious file.

Substance 3D Painter versions 11.1.2 and earlier contain a null pointer dereference vulnerability that allows local attackers to crash the application by tricking users into opening a malicious file. This denial-of-service condition disrupts workflow for affected users, though no patch is currently available. The vulnerability requires user interaction and does not enable code execution or data compromise.

iccDEV provides a set of libraries and tools for working with ICC color management profiles. versions up to 2.3.1.5 is affected by out-of-bounds read (CVSS 5.5).

iccDEV provides a set of libraries and tools for working with ICC color management profiles. versions up to 2.3.1.5 is affected by out-of-bounds read (CVSS 5.5).

iccDEV provides a set of libraries and tools for working with ICC color management profiles. versions up to 2.3.1.5 is affected by null pointer dereference (CVSS 7.8).

iccDEV provides a set of libraries and tools for working with ICC color management profiles. versions up to 2.3.1.5 is affected by use after free (CVSS 7.8).

StudioCMS prior to version 0.4.0 allows authenticated editors and above to revoke API tokens belonging to any user, including administrators and owners, due to insufficient authorization checks on the DELETE /studiocms_api/dashboard/api-tokens endpoint. An attacker with editor privileges can exploit this to disable critical integrations and automations by revoking tokens of higher-privileged accounts. No patch is currently available for affected versions.

Unauthenticated attackers can crash Parse Server instances by invoking Cloud Function endpoints with prototype property names, triggering infinite recursion and process termination. Additionally, attackers can bypass validation checks using prototype pollution techniques to elicit HTTP 200 responses for non-existent functions. All Parse Server versions prior to 8.6.13 and 9.5.1-alpha.2 are affected when the Cloud Function endpoint is exposed.

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. [CVSS 7.8 HIGH]

Uncontrolled resource allocation in ASP.NET Core enables unauthenticated remote attackers to exhaust system resources and cause denial of service without requiring user interaction. The vulnerability affects .NET applications exposed to network access, allowing attackers to trigger unbounded resource consumption from any network location. A patch is available to address this issue.

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. [CVSS 7.8 HIGH]

Unvalidated file path handling in SICAM SIAPP SDK versions below 2.1.7 permits local attackers to delete arbitrary files and sockets accessible to the application process, causing denial of service or service disruption. The vulnerability requires local access and specific conditions to exploit but carries no patching option currently. Organizations using affected SDK versions should implement access controls and monitor for unexpected file deletion activity until an update becomes available.

Stack overflow in SICAM SIAPP SDK versions prior to 2.1.7 allows local attackers to crash the server component by submitting oversized input that bypasses length validation, resulting in denial of service. The vulnerability stems from missing input length checks on certain variables processed by the SDK server. No patch is currently available for affected installations.

Stack overflow in SICAM SIAPP SDK versions below 2.1.7 results from missing input length validation on client-side variables, allowing local attackers to trigger denial of service by submitting oversized inputs that crash the affected process. The vulnerability requires local access and manual user interaction but carries no availability impact mitigation since no patch is currently available.

Insufficient input validation in SICAM SIAPP SDK versions prior to V2.1.7 enables stack overflow attacks, permitting local attackers to execute arbitrary code or trigger denial of service. The vulnerability affects all versions below the patched release, with no currently available remediation for deployed systems. Attackers with local access can leverage malformed input to corrupt the stack and gain code execution privileges.

Out-of-bounds write vulnerability in SICAM SIAPP SDK versions prior to V2.1.7 allows local attackers to corrupt memory and achieve arbitrary code execution or denial of service. The vulnerability requires local access and specific conditions to trigger, but no patch is currently available. Affected organizations using vulnerable SDK versions should immediately implement compensating controls or upgrade to V2.1.7 or later.

Privilege escalation in Windows DWM Core Library affects Windows 10 versions 21H2 and 1809 through a use-after-free memory corruption vulnerability that allows authenticated local attackers to gain system-level privileges. The vulnerability requires local access and valid user credentials but no user interaction, creating a significant risk for multi-user systems. No patch is currently available.

Windows Ancillary Function Driver for WinSock (AFD) in Windows 11 versions 24h2 and 26h1 contains a use-after-free vulnerability (CWE-416) that allows authenticated local attackers to escalate privileges through memory corruption. An attacker with local access could exploit this flaw to gain elevated system permissions, though no official patch is currently available.