CVE Daily
← All tags

Tag: Denial of Service (DoS)

All CVEs associated with "Denial of Service (DoS)". Page 2/331 • 39647 CVEs.

Subscribe CVEs: RSS for “Denial of Service (DoS)”  ·  RSS (High+Critical only)

About “Denial of Service (DoS)”

A curated feed of “Denial of Service (DoS)”-related CVEs appears below. We currently track 39647 CVEs for this tag (all time). In the last 365 days, 3219 were published. Average CVSS is 6.6 (all time; 6.6 over 365d), and 47% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-400 - Uncontrolled Resource Consumption, CWE-770 - Allocation of Resources Without Limits or Throttling, CWE-476 - NULL Pointer Dereference.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2026-05-26
Medium

CVE-2026-24197

NVIDIA Display Driver for Linux contains a vulnerability in the Multi-Instance GPU (MIG) partition management, where an insecure default initialization of memory subsystem routing resources could lea…

CVSS: 6.5 CWE: CWE-1188 - Initialization of a Resource with an Insecure Default View on NVD
High

CVE-2026-24196

NVIDIA Display Driver for Linux contains a vulnerability where a user could cause an out-of-bounds read. A successful exploit of this vulnerability might lead to denial of service and information dis…

CVSS: 7.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2026-24195

NVIDIA Display Driver for Linux contains a vulnerability in UVM, where a user could cause improper input validation. A successful exploit of this vulnerability might lead to denial of service.

CVSS: 7.1 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2026-24194

NVIDIA Display Driver for Linux contains a vulnerability in a kernel mode layer handler, where a user could cause improper permission handling. A successful exploit of this vulnerability might lead t…

CVSS: 7.8 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
High

CVE-2026-24193

NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to denial of service,…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2026-24192

NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause an incorrect conversion between numeric types, leading to a heap buffer overflow. A successful exploit of this v…

CVSS: 7.8 CWE: CWE-681 - Incorrect Conversion between Numeric Types View on NVD
High

CVE-2026-24191

NVIDIA Display Driver for Windows contains a vulnerability where an attacker could cause a time-of-check time-of-use issue. A successful exploit of this vulnerability might lead to denial of service,…

CVSS: 7.8 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
High

CVE-2026-24190

NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user could cause improper access to GPU resources. A successful exploit of this vulnerability mi…

CVSS: 7.8 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2026-24187

NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to denial of service, escalation of priv…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2026-24182

NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could leak held driver locks. A successful exploit of this vulnerability might lead to denial of service.

CVSS: 6.5 CWE: CWE-667 - Improper Locking View on NVD
Medium

CVE-2025-33221

NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of…

CVSS: 4.4 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2026-8852

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_fastcgi module.

CVSS: 6.2 CWE: CWE-617 - Reachable Assertion View on NVD
High

CVE-2026-8850

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_ibm_upload.

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2026-48864

A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker ca…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2026-48692

FastNetMon Community Edition through 1.2.9 exposes a gRPC API server on port 50052 with no authentication mechanism. The server is initialized with grpc::InsecureServerCredentials() (src/fastnetmon.c…

CVSS: 8.1 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
Medium

CVE-2026-9540

A vulnerability was identified in vllm-project vllm 0.19.0. This issue affects some unknown processing of the component OpenAI-compatible Serving Path. Such manipulation leads to denial of service. I…

CVSS: 5.3 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
Medium

CVE-2026-8479

IEC 60870-5-104 used in bidirectional mode in RTU500 is vulnerable for a NULL pointer dereferencing, if a specially crafted sequence of messages is sent for a certain time, causing Denial of Service…

CVSS: 6.9 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2026-7310

A heap-based buffer overflow vulnerability exists in XML parser functionality in the HiDraw. An authenticated malicious user with local access can exploit this vulnerability using a specially crafted…

CVSS: 4.4 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2026-48132

The Security Gateway does not correctly validate a length value in certain IKE packets when NAT-T is used (4500/UDP). As a result, a specially crafted or malformed packet can cause the VPN processing…

CVSS: 8.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2026-48131

The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause the service to terminate unexpectedly, r…

CVSS: 8.1 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2026-8047

The affected products perform improper length checking when parsing incoming HTTP requests, resulting in a size-limited out-of-bounds write. An unauthenticated remote attacker can exploit this flaw t…

CVSS: 7.5 CWE: CWE-1284 - Improper Validation of Specified Quantity in Input View on NVD
High

CVE-2026-9496

Versions of the package pacote from 11.2.7 are vulnerable to Denial of Service (DoS) via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSp…

CVSS: 7.5 CWE: CWE-1333 - Inefficient Regular Expression Complexity View on NVD
2026-05-25
Medium

CVE-2018-25378

Notebook Pro 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the notebook name field. Attackers can crea…

CVSS: 6.2 CWE: CWE-789 - Memory Allocation with Excessive Size Value View on NVD
Medium

CVE-2018-25369

Visual Ping 0.8.0.0 contains a buffer overflow vulnerability in input field handling that allows local attackers to crash the application by supplying oversized data. Attackers can inject malicious p…

CVSS: 6.2 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
High

CVE-2018-25368

Nord VPN 6.14.31 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting an excessively long string in the password field. Attackers ca…

CVSS: 7.5 CWE: CWE-789 - Memory Allocation with Excessive Size Value View on NVD
Medium

CVE-2018-25367

NASA openVSP 3.16.1 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the geometry name field. Attackers can tri…

CVSS: 6.2 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Medium

CVE-2026-4915

Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to filter nil elements from outgoing webhook attachment payloads before processing, which allows an…

CVSS: 6.5 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
2026-05-24
Medium

CVE-2026-9358

A vulnerability was determined in postcss up to 7.1.1. Affected is the function toString of the file src/selectors/container.js of the component AST Serialization. Executing a manipulation can lead t…

CVSS: 4.3 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
2026-05-22
Medium

CVE-2026-41069

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a malformed HEIF sequence file can trigger an out-of-bounds read in core sequence parsing logic, causing DoS.…

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2026-42626

HP ENVY 5000 series printers VERBASPP1N003.2237A.00 do not properly manage concurrent TCP connections to port 9100 (JetDirect/RAW printing). An unauthenticated remote attacker on the same network can…

CVSS: 5.9 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2026-25680

Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service.

CVSS: 6.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2026-5755

Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.2, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to validate the TIFF IFD offset in the image header before allocating memory, whic…

CVSS: 6.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2026-5308

Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints which allows an attacker to cause a den…

CVSS: 4.9 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2026-05-21
Medium

CVE-2026-36189

Buffer Overflow vulnerability in Uncrustify Project Affected v.Uncrustify_d-0.82.0-132-bcc41cbdc and Fixed in commit 68e67b9a1435a1bb173b106fedb4a4f510972bdc allows a local attacker to cause a denial…

CVSS: 6.2 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
Low

CVE-2026-44071

Netatalk 3.1.2 through 4.4.2 is compiled without FORTIFY_SOURCE, which disables built-in buffer overflow detection at runtime, potentially allowing a remote attacker to cause a minor denial of servic…

CVSS: 3.7 CWE: CWE-693 - Protection Mechanism Failure View on NVD
Low

CVE-2026-7835

A format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted input that triggers incorrect format string pro…

CVSS: 3.1 CWE: CWE-134 - Use of Externally-Controlled Format String View on NVD
Low

CVE-2026-44070

An unbounded memory reallocation in the charset conversion code in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted character convers…

CVSS: 3.1 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2026-44064

An out-of-bounds read in ASP session ID handling in Netatalk 1.3 through 4.4.2 allows an adjacent network attacker to obtain limited information or cause a denial of service via a crafted ASP request.

CVSS: 7.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2026-44062

A missing output length bounds check in pull_charset_flags() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2026-44060

An integer underflow in dsi_writeinit() in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attacker to cause a denial of service via a crafted DSI write request.

CVSS: 7.5 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
Medium

CVE-2026-44056

A stack-based buffer overflow in desktop.c in Netatalk 1.3 through 4.2.2 allows a remote authenticated attacker to cause a denial of service, obtain limited information, or modify limited data.

CVSS: 6.4 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
Medium

CVE-2026-44054

Netatalk 2.0.0 through 4.4.2 generates AFP session tokens derived from predictable process IDs, which allows a remote authenticated attacker to cause a denial of service by exploiting the reconnect m…

CVSS: 6.5 CWE: CWE-330 - Use of Insufficiently Random Values View on NVD
Critical

CVE-2026-44050

A heap-based buffer overflow in the CNID daemon comm_rcv() function in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code with escalated privileges or cause…

CVSS: 9.9 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2026-44049

An out-of-bounds write due to improper null termination in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of serv…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2026-44048

A stack-based buffer overflow via UCS-2 type confusion in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of servi…

CVSS: 8.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2026-44047

An SQL injection vulnerability in the MySQL CNID backend in Netatalk 3.1.0 through 4.4.2 allows a remote authenticated attacker to obtain unauthorized access to data, modify data, or cause a denial o…

CVSS: 8.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
Medium

CVE-2026-9149

A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. T…

CVSS: 6.5 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
2026-05-20
Medium

CVE-2026-9150

A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could…

CVSS: 6.5 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
Critical

CVE-2026-9102

A path traversal vulnerability exists in the Altium Enterprise Server ComparisonService due to missing filename sanitization in the Gerber file upload APIs. A regular authenticated workspace user can…

CVSS: 9.4 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2026-24218

NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH host keys to be deployed across multiple systems. The sharing of cr…

CVSS: 8.1 CWE: CWE-321 - Use of Hard-coded Cryptographic Key View on NVD
High

CVE-2026-24217

NVIDIA BioNeMo Core for Linux contains a vulnerability where a user could cause a path traversal by loading a malicious file. A successful exploit of this vulnerability might lead to code execution,…

CVSS: 8.8 CWE: CWE-29 - Path Traversal: '..filename' View on NVD
High

CVE-2026-24216

NVIDIA BioNemo for Linux contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, denial of serv…

CVSS: 7.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
Medium

CVE-2026-20240

In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129,…

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2026-20171

A vulnerability in the Border Gateway Protocol (BGP)&nbsp;enforce-first-as feature of&nbsp;Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow a…

CVSS: 6.8 CWE: CWE-670 - Always-Incorrect Control Flow Implementation View on NVD
Medium

CVE-2026-45498

Microsoft Defender Denial of Service Vulnerability

CVSS: 4.0 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2026-9064

A flaw was found in 389-ds-base. The get_ldapmessage_controls_ext() function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated a…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2026-44390

NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability when handling replies with very large RRsets that Unbound needs to perform name compression for. Malicious upstream responses…

CVSS: 5.3 CWE: CWE-407 - Inefficient Algorithmic Complexity View on NVD
High

CVE-2026-42959

NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash given malicious upstream replies. When Unbound constructs…

CVSS: 7.5 CWE: CWE-824 - Access of Uninitialized Pointer View on NVD
Medium

CVE-2026-42923

NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the DNSSEC validator where the code path to consult the negative cache for DS records does not take into account the limit…

CVSS: 5.3 CWE: CWE-407 - Inefficient Algorithmic Complexity View on NVD
High

CVE-2026-41292

NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degradation of service attack related to parsing long lists of incoming EDNS options. An adversary sending queries with too ma…

CVSS: 7.5 CWE: CWE-407 - Inefficient Algorithmic Complexity View on NVD
Critical

CVE-2026-33278

NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying…

CVSS: 9.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2026-32792

NLnet Labs Unbound 1.6.2 up to and including version 1.25.0 has a denial of service vulnerability when compiled with DNSCrypt support ('--enable-dnscrypt'). A bad DNSCrypt query could underflow Unbou…

CVSS: 5.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2026-24215

NVIDIA Triton Inference Server contains a vulnerability in the DALI backend, where an attacker could cause uncontrolled resource consumption. A successful exploit of this vulnerability might lead to…

CVSS: 5.7 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2026-24214

NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to code execution,…

CVSS: 8.0 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2026-24213

NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code executio…

CVSS: 8.0 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2026-24210

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to denial of service.

CVSS: 7.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2026-24209

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a path traversal issue. A successful exploit of this vulnerability might lead to denial of service.

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2026-24208

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a path traversal issue. A successful exploit of this vulnerability might lead to denial of service.

CVSS: 5.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Critical

CVE-2026-24207

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to code execution, escalation of…

CVSS: 9.8 CWE: CWE-288 - Authentication Bypass Using an Alternate Path or Channel View on NVD
High

CVE-2026-24206

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to escalation of privileges, deni…

CVSS: 7.3 CWE: CWE-288 - Authentication Bypass Using an Alternate Path or Channel View on NVD
High

CVE-2026-24163

NVIDIA TRT-LLM for any platform contains a vulnerability in RPC testing, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execut…

CVSS: 7.5 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
Medium

CVE-2026-24160

NVIDIA TRT-LLM for any platform contains a vulnerability where an attacker could cause an unchecked return value to a null pointer dereference. A successful exploit of this vulnerability might lead…

CVSS: 5.5 CWE: CWE-690 - Unchecked Return Value to NULL Pointer Dereference View on NVD
High

CVE-2025-33255

NVIDIA TRT-LLM for any platform contains a vulnerability in MPI server, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code executio…

CVSS: 7.5 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2026-05-19
Medium

CVE-2025-15645

Ledger Nano X, Flex, and Stax devices contain a denial of service vulnerability in the MCU firmware update process due to missing validation of the reset_handler parameter during firmware flashing. A…

CVSS: 4.6 CWE: CWE-1284 - Improper Validation of Specified Quantity in Input View on NVD
High

CVE-2026-32882

libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap buffer over-read in HeifPixelImage::overlay() in libheif/pixelimage.cc. When compositing an overla…

CVSS: 7.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2025-57798

Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.6.14 and prior contain a Denial of Service (DoS) vulnerability in the title input…

CVSS: 5.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2026-32739

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Box_stts::get_sample_duration(), consuming 1…

CVSS: 6.5 CWE: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop') View on NVD
Medium

CVE-2026-32738

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samples_per_chunk=0 in the stsc box causes an unsigned integer und…

CVSS: 6.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2026-33633

Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in load_image_data() that allows any process which can write to the terminal's stdin to crash ki…

CVSS: 7.5 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2026-42100

Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service (DoS) attack to be executed by sending an specially crafted SQL query. This causes the Pro Clou…

CVSS: 7.5 CWE: CWE-228 - Improper Handling of Syntactically Invalid Structure View on NVD
High

CVE-2026-7307

A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language (SAML) endpoint. This malicious input can cause high…

CVSS: 7.5 CWE: CWE-1286 - Improper Validation of Syntactic Correctness of Input View on NVD
Unknown

CVE-2026-43492

In the Linux kernel, the following vulnerability has been resolved: lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl() Yiming reports an integer underflow in mpi_read_raw_from_sgl()…

CVSS: N/A CWE: N/A View on NVD
High

CVE-2026-8813

This affects versions of the package exifreader before 4.39.0. A crafted image containing an ICC mluc tag can set an attacker-controlled record count together with a zero record size. During parsing,…

CVSS: 7.5 CWE: CWE-1284 - Improper Validation of Specified Quantity in Input View on NVD
Medium

CVE-2026-47307

NULL pointer dereference vulnerability in Samsung Open Source Walrus allows an attacker to cause a denial of service via a crafted WebAssembly module containing deeply nested instructions. This issu…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Low

CVE-2026-33565

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.

CVSS: 3.3 CWE: CWE-364 - Signal Handler Race Condition View on NVD
Low

CVE-2026-28751

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.

CVSS: 3.3 CWE: CWE-20 - Improper Input Validation View on NVD
Low

CVE-2026-27781

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.

CVSS: 3.3 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2026-25781

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered.

CVSS: 8.4 CWE: CWE-787 - Out-of-bounds Write View on NVD
Low

CVE-2026-25110

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.

CVSS: 3.3 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2026-33232

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.4.2 through 0.6.51 are vulnerable to an unauthenticated Denial of…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2026-05-18
Critical

CVE-2026-45230

DumbAssets through 1.0.11 contains a path traversal vulnerability in the POST /api/delete-file endpoint and filesToDelete array parameters that allows unauthenticated attackers to delete arbitrary fi…

CVSS: 9.1 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2025-56352

In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-18), the broker mishandles protocol violations during CONNECT packet parsing. When receiving a CONNECT packet with a zero-length C…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2026-42009

A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS pa…

CVSS: 7.5 CWE: CWE-475 - Undefined Behavior for Input to API View on NVD
Low

CVE-2026-4643

Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to prevent server-rendered content from closing an underlying application view in the Mattermost Desktop App which allows a malicious server…

CVSS: 3.5 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
Medium

CVE-2026-6340

Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to validate 7zip archive structure before processing which allows an authenticated attacker to cause server memory exh…

CVSS: 4.3 CWE: CWE-789 - Memory Allocation with Excessive Size Value View on NVD
Medium

CVE-2026-2325

Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to limit the size of the request body on the start meeting API endpoint, which allows an authenticated attacker to cau…

CVSS: 4.3 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2026-05-17
Medium

CVE-2026-8745

A vulnerability was identified in Open5GS up to 2.7.7. Affected by this vulnerability is the function ogs_timer_add in the library /src/ausf/nausf-handler.c of the component AUSF. The manipulation le…

CVSS: 4.3 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
Medium

CVE-2026-8744

A vulnerability was determined in Open5GS up to 2.7.7. Affected is the function ogs_sbi_subscription_data_add/ogs_sbi_nf_service_add in the library /lib/sbi/context.c of the component NRF. Executing…

CVSS: 4.3 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
Medium

CVE-2026-8731

A vulnerability has been found in Open5GS up to 2.7.7. Affected is the function ogs_sbi_client_add in the library /lib/sbi/client.c of the component NRF. The manipulation of the argument client_pool…

CVSS: 4.3 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
Medium

CVE-2026-8730

A flaw has been found in Open5GS up to 2.7.6. This impacts the function ogs_sbi_nf_instance_set_id in the library /lib/sbi/context.c of the component NRF. Executing a manipulation of the argument nfI…

CVSS: 4.3 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
Medium

CVE-2026-8729

A vulnerability was detected in Open5GS up to 2.7.7. This affects an unknown function in the library /lib/sbi/message.c of the component NRF. Performing a manipulation of the argument service-names/s…

CVSS: 4.3 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
Medium

CVE-2026-8728

A security vulnerability has been detected in Open5GS up to 2.7.7. The impacted element is the function ogs_sbi_discovery_option_parse_plmn_list in the library /lib/sbi/conv.c of the component NRF. S…

CVSS: 4.3 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
2026-05-16
High

CVE-2021-47973

Sticky Notes Widget 3.0.6 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can gener…

CVSS: 7.5 CWE: CWE-789 - Memory Allocation with Excessive Size Value View on NVD
High

CVE-2021-47972

Sticky Notes & Color Widgets 1.4.2 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers can p…

CVSS: 7.5 CWE: CWE-789 - Memory Allocation with Excessive Size Value View on NVD
High

CVE-2021-47971

My Notes Safe 5.3 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a pa…

CVSS: 7.5 CWE: CWE-789 - Memory Allocation with Excessive Size Value View on NVD
High

CVE-2021-47970

Macaron Notes 5.5 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers can generate a payload…

CVSS: 7.5 CWE: CWE-789 - Memory Allocation with Excessive Size Value View on NVD
High

CVE-2021-47969

Color Notes 1.4 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payl…

CVSS: 7.5 CWE: CWE-789 - Memory Allocation with Excessive Size Value View on NVD
Medium

CVE-2020-37234

Internet Download Manager 6.38.12 contains a buffer overflow vulnerability in the Scheduler component that allows local attackers to crash the application by supplying oversized input. Attackers can…

CVSS: 6.2 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
2026-05-15
Medium

CVE-2026-45317

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, an application-wide Cross-Site Request Forgery (CSRF) vulnerability was found Open-W…

CVSS: 4.6 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2026-8696

radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_pids_list() function within the GDB client core that allows remote attackers to cause a denial of service or potentially execute arbi…

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2026-8686

Missing bounds validation in the MQTT v5.0 property parser in coreMQTT before 5.0.1 allows an MQTT broker to cause a denial of service by sending a crafted packet. To remediate this issue, users s…

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2026-4054

Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 Fail to validate the response body of proxied images, which allows a remote attacker to enact client-side DoS via an SVG fi…

CVSS: 4.3 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
High

CVE-2021-47959

WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows unauthenticated attackers to exhaust server resources by sending batched GraphQL queries with duplicated fields…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2026-8695

radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_threads_list() function that allows remote attackers to trigger memory corruption by sending a valid qfThreadInfo response followed b…

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2026-38728

An issue in Nodemailer smtp_server before v.3.18.3 allows a remote attacker to cause a denial of service via the SMTPStream._write, lib/smtp-stream.js components

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2026-4683

The Smartcat Translator for WPML plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'routeData' REST endpoint in all versions up to, and…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-48516

Insecure default configuration state of DDR5 memory module by AGESA Bootloader Firmware could allow an attacker with local user privilege to abuse the unprotected PMIC interface to create a permanent…

CVSS: 6.9 CWE: CWE-276 - Incorrect Default Permissions View on NVD
Medium

CVE-2025-29944

A buffer overflow vulnerability within AMD Sensor Fusion Hub Driver can allow a local attacker to write out of bounds, potentially resulting in denial of service or crash

CVSS: 6.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
High

CVE-2025-29938

An unchecked return value within the AMD Platform Management Framework (PMF) could allow an attacker to write to an arbitrary memory address resulting in denial of service or arbitrary code execution.

CVSS: 7.1 CWE: CWE-252 - Unchecked Return Value View on NVD
Medium

CVE-2024-36332

Improper isolation of GPU HW register space could allow a privileged attacker in malicious Guest Virtual Machine (VM) to perform unauthorized access to specific victim range of GPU MMIO register spac…

CVSS: 6.8 CWE: CWE-1189 - Improper Isolation of Shared Resources on System-on-a-Chip (SoC) View on NVD