Dos

MeWare PDKS versions V16.20200313 before VMYR_3.5.2025117 are vulnerable to improper control of interaction frequency, potentially leading to flooding attacks.

Multiple vulnerabilities in Wireshark versions 4.4.x before 4.4.15 and 4.6.x before 4.6.5 could allow remote attackers to execute arbitrary code, cause a denial of service, or compromise data confidentiality.

Multiple vulnerabilities in SonicWall firewalls could allow an attacker to cause a remote denial of service and security policy bypass, potentially disrupting network services and compromising security controls.

A vulnerability in OpenTelemetry-Go related to the extraction of multi-value baggage headers can lead to excessive resource allocation, resulting in a remote denial-of-service amplification.

CoreDNS' DNS-over-QUIC (DoQ) server can be driven into large goroutine and memory growth by a remote client that opens many QUIC streams and stalls after sending only 1 byte, leading to denial of service in versions before 1.14.3.

The xmldom library is vulnerable to a denial-of-service (DoS) attack due to uncontrolled recursion in XML serialization leading to application crashes.

CVE-2026-34282 is a remotely exploitable vulnerability in the Networking component of Oracle Java SE and GraalVM that allows an unauthenticated attacker to cause a complete denial of service.

Multiple vulnerabilities in OpenBao can be exploited by an attacker to bypass security measures, conduct a denial of service attack, and conduct a SQL injection attack.

An unauthenticated attacker with network access via RDP can exploit CVE-2026-35245 in Oracle VM VirtualBox version 7.2.6 to cause a denial-of-service (DOS) condition.

An unauthenticated attacker can cause a denial-of-service (DoS) in zrok by sending a crafted HTTP request with a large cookie chunk count to an OAuth-protected proxy share, triggering unbounded memory allocation and leading to process termination.

Multiple vulnerabilities in libssh allow an attacker to manipulate files or cause a denial-of-service condition, potentially leading to data corruption or service disruption.

A buffer overflow vulnerability in the GIF image loading component of GIMP allows an attacker to write beyond an allocated buffer by processing a specially crafted GIF file, potentially leading to denial of service or arbitrary code execution.

CVE-2026-26171 is a vulnerability in .NET that allows an unauthorized attacker to perform a denial-of-service attack over a network due to uncontrolled resource consumption.

A remote, anonymous attacker can exploit multiple vulnerabilities in Red Hat Ansible Automation Platform to perform denial of service, execute arbitrary code, bypass security measures, manipulate data, disclose information, or conduct XSS attacks.

ImageMagick versions prior to 7.1.2-19 and 6.9.13-44 are susceptible to a denial-of-service (DoS) attack due to unbounded recursion during XML parsing, potentially leading to stack exhaustion.

A use-after-free vulnerability, tracked as CVE-2026-34856, exists in Huawei's communication module due to improper synchronization in concurrent execution, potentially leading to a denial-of-service condition.

MinIO's S3 Select feature is vulnerable to denial of service due to unbounded memory allocation when processing CSV files without newlines, leading to memory exhaustion and server crashes.

Unauthenticated attackers can exploit a resource exhaustion vulnerability (CVE-2026-33756) in Saleor e-commerce platform versions before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118 by sending a single HTTP request with a large number of GraphQL operations, bypassing query complexity limits and exhausting server resources.

A remote attacker can exploit an out-of-bounds access vulnerability (CVE-2026-39863) in Kamailio versions prior to 6.1.1, 6.0.6, and 5.8.8 by sending a specially crafted data packet over TCP, causing a denial-of-service condition.

SoftEtherVPN version 5.2.5188 and earlier is vulnerable to a pre-authentication denial-of-service attack where an unauthenticated remote attacker can crash the vpnserver process by sending a malformed EAP-TLS packet over raw L2TP (UDP/1701), terminating all active VPN sessions.

CVE-2026-21367 describes a transient denial-of-service vulnerability in Qualcomm products that occurs when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans, potentially leading to service disruption.

An unauthenticated attacker can cause a denial of service by crashing Microsoft VPN Browser+ 1.1.0.0 via oversized input to the search functionality, leading to application termination.

A denial-of-service vulnerability in Hirschmann HiOS devices allows remote attackers to crash or hang the device by sending crafted UDP EtherNet/IP packets with invalid length fields.

A denial of service vulnerability, CVE-2026-31935, exists in Suricata versions prior to 7.0.15 and 8.0.4, where flooding the system with crafted HTTP2 continuation frames leads to memory exhaustion and process termination.

Suricata versions prior to 7.0.15 are vulnerable to CVE-2026-31937, where inefficient DCERPC buffering can lead to a denial-of-service condition through performance degradation.

Specially crafted network traffic can cause Suricata to slow down, leading to a denial-of-service condition in versions prior to 7.0.15 and 8.0.4, as identified by CVE-2026-31933.

A remote, authenticated attacker with administrator rights can exploit multiple vulnerabilities in SonicWall Email Security Appliance to perform cross-site scripting, manipulate data, or cause a denial-of-service.

Multiple vulnerabilities in PowerDNS could be exploited by an attacker to disclose information, bypass security measures, cause a denial of service, and potentially execute code.

A remote, anonymous attacker can exploit multiple vulnerabilities in IBM App Connect Enterprise to cause a denial-of-service condition or bypass security measures, enabling cross-site scripting attacks.

Multiple vulnerabilities in ImageMagick could allow an attacker to perform a denial of service attack, execute arbitrary code, or manipulate data.

Multiple vulnerabilities in Grafana allow a remote attacker to conduct a denial-of-service attack, execute code, or disclose information.

Multiple vulnerabilities in Dovecot can be exploited by an attacker to perform SQL injection attacks, bypass authentication, disclose sensitive information, or cause a denial-of-service condition.

A denial-of-service vulnerability exists in the Protobuf PHP library due to maliciously crafted messages with negative varints or deep recursion, leading to application crashes and impacting service availability.

An unauthenticated remote attacker can exploit CVE-2026-3509 in the CODESYS Control runtime system to control the format string of messages processed by the Audit Log, leading to a denial-of-service (DoS) condition.

An anonymous remote attacker can exploit multiple vulnerabilities in IBM Tivoli Netcool/OMNIbus to achieve arbitrary code execution, information disclosure, file manipulation, or denial of service.

An authenticated remote attacker can exploit vulnerabilities in Asterisk and Digium Certified Asterisk to achieve arbitrary code execution, denial of service, or information disclosure.

Easy Chat Server 3.1 is vulnerable to a denial-of-service attack where a remote attacker can crash the application by sending oversized data in the message parameter via a POST request to the body2.ghp endpoint after establishing a session, leading to service unavailability.

A denial-of-service vulnerability (CVE-2026-33174) exists in Ruby on Rails Active Storage versions prior to 8.1.2.1, 8.0.4.1, and 7.2.3.1 due to unbounded memory allocation when handling large or unbounded Range headers in proxy delivery mode.

CVE-2024-45163 is a remote denial-of-service vulnerability affecting Mirai command and control (C2) infrastructure, potentially disrupting botnet operations and related malicious activities.

Multiple vulnerabilities exist in EV Energy ev.energy that could allow an attacker to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks.

Multiple vulnerabilities in GStreamer could be exploited by a remote, anonymous attacker to execute arbitrary code or cause a denial of service condition.

CoreDNS is vulnerable to a denial-of-service attack where processing oversized DNS-over-HTTPS GET requests exhausts resources prior to returning an error.

A denial-of-service vulnerability exists in GoBGP version 4.3.0 where a malformed BGP UPDATE message containing an unrecognized Well-known Path Attribute triggers a nil pointer dereference, causing the BGP daemon to crash.