DoS

A heap use-after-free vulnerability (CVE-2026-54897) exists in `Oj::Doc` iterators (`each_value`, `each_child`, `each_leaf`) in the `oj` Ruby gem, allowing an attacker to cause application crashes or unpredictable behavior when a Ruby block yielded during iteration reentrantly calls `doc.close` or `d.close`.

A vulnerability in the libssh2 library allows a remote, unauthenticated attacker to perform a Denial of Service (DoS) attack or disclose sensitive information, potentially leading to service disruption or unauthorized data exposure.

Multiple vulnerabilities in CloudCharge cloudcharge.se allow attackers to impersonate charging stations, hijack sessions, cause denial of service, and manipulate backend data, impacting energy and transportation sectors.

CVE-2026-21717 is a vulnerability in V8's string hashing mechanism within Node.js that allows attackers to cause hash collisions via predictable integer-like strings in JSON input, leading to denial-of-service by degrading the performance of the Node.js process.

WinMTR 0.91 is vulnerable to a denial-of-service attack where a malformed payload file containing a buffer overflow can crash the application (CVE-2018-25426).

CVE-2026-46835 is an easily exploitable vulnerability in Oracle Database Server's Net Service component, affecting versions 23.4.0 to 23.26.2, allowing an unauthenticated attacker with network access via TLS to cause a complete denial-of-service (DoS).

CVE-2026-46834 is a vulnerability in the Net Service component of Oracle Database Server versions 23.4.0 to 23.26.2 that allows an unauthenticated attacker with network access via TLS to cause a denial-of-service (DoS) condition.

An unauthenticated attacker with network access via HTTPS can exploit CVE-2026-46829 in Oracle REST Data Services versions 24.2.0 through 26.1.0, leading to a denial of service.

Multiple vulnerabilities in Langflow allow a remote, anonymous attacker to execute arbitrary code or cause a denial of service.

CVE-2026-44844 is a denial-of-service vulnerability in Microsoft's eml_parser due to recursion in nested message/rfc822 attachments, potentially causing a service outage.

IBM Langflow OSS versions 1.0.0 through 1.9.0 are vulnerable to a denial-of-service (DoS) attack due to uncontrolled resource consumption as tracked by CVE-2026-7528.

IBM Db2 versions 11.5.0 through 11.5.9 and 12.1.0 through 12.1.4 are vulnerable to a denial-of-service (DoS) attack via a specially crafted query when autonomous transactions are enabled, potentially leading to service disruption.

IBM WebSphere Application Server and WebSphere Liberty versions 8.5 and 9.0 are vulnerable to denial of service and potential remote code execution due to improper input validation as described in CVE-2026-9170.

IBM HTTP Server 8.5 and 9.0 is vulnerable to a denial of service (DoS) in configurations where an attacker possesses write access to server configuration files, as tracked by CVE-2026-8856.

IBM HTTP Server 8.5 and 9.0 are vulnerable to remote code execution and denial of service in configurations utilizing TLS mutual authentication (client authentication).

IBM HTTP Server 8.5 and 9.0 are vulnerable to a denial-of-service (DoS) attack due to a flaw in the optional `mod_mem_cache` module that can be triggered remotely.

IBM HTTP Server versions 8.5 and 9.0 are susceptible to an invalid pointer dereference, potentially allowing a privileged, authenticated user to expose sensitive information or cause a denial of service.

NordVPN version 6.14.31 is vulnerable to a denial-of-service attack (CVE-2018-25368) where an unauthenticated attacker can crash the application by submitting an excessively long string in the password field.

Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints, allowing an attacker to cause a denial of service via crafted oversized HTTP requests.

A vulnerability in Nginx allows a remote attacker to execute arbitrary code and cause a denial-of-service condition, affecting Nginx Open Source versions 1.x before 1.30.2, versions after 1.31.0 before 1.31.1, Nginx Plus versions 37.x before 37.0.1.1, and versions Rx before R36 P5 or R32 P7.

Multiple vulnerabilities in Tenable Sensor Proxy versions prior to 1.4.0 could allow a remote attacker to cause a denial of service, data confidentiality breaches, and other unspecified security impacts.

A remote, anonymous attacker can exploit multiple vulnerabilities in IBM App Connect Enterprise to execute arbitrary program code, manipulate data, conduct cross-site scripting attacks, disclose confidential information, or cause a denial-of-service condition.

A remote attacker can exploit multiple vulnerabilities in PHP to disclose information, cause a denial-of-service condition, perform a Server-Side Request Forgery (SSRF) attack, or achieve unknown impacts.

A remote, anonymous attacker can exploit a vulnerability in cPanel cPanel/WHM to potentially execute arbitrary code or cause a denial-of-service condition.

A memory exhaustion vulnerability exists in `@libp2p/gossipsub` due to unbounded subscription handling, allowing a single attacker to exhaust a Node.js heap by flooding unique topic subscriptions, leading to denial-of-service.

Multiple vulnerabilities in Progress MOVEit Automation allow for remote denial of service, security policy bypass, and unspecified security issues.

CVE-2026-44390 is a denial-of-service vulnerability in Microsoft products due to unbounded name compression.

CVE-2026-20171 describes a vulnerability in the Border Gateway Protocol (BGP) enforce-first-as feature of Cisco Nexus 3000 and 9000 Series Switches that could allow an unauthenticated, remote attacker to trigger BGP peer flaps, resulting in a denial-of-service (DoS) condition.

Multiple vulnerabilities in Mozilla Firefox ESR, Firefox, Firefox for iOS, and Thunderbird products can lead to arbitrary code execution, privilege escalation, and remote denial of service.

Multiple vulnerabilities in Suricata versions before 8.0.5 and 7.0.16 could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.

Multiple vulnerabilities in Symfony, including CVE-2026-45070, CVE-2026-45077, CVE-2026-45304, CVE-2026-45305, CVE-2026-45753, CVE-2026-45754, CVE-2026-45755, CVE-2026-45756, CVE-2026-46626, and CVE-2026-47212, can lead to remote denial of service, cross-site scripting (XSS), and cross-site request forgery (CSRF) attacks.

Multiple vulnerabilities exist in Atlassian products including Bamboo, Bitbucket, Confluence, Crucible, Fisheye, and Jira which could lead to arbitrary code execution, denial of service, information disclosure, cross-site scripting, and security bypass.

The dasel selector lexer is vulnerable to an index-out-of-range panic when tokenizing a quoted string that ends with a trailing backslash (e.g., `"\` or `'\`), leading to a process crash if an attacker can control the selector string.

A maliciously crafted SQL query with excessive nesting can cause a denial of service by exhausting resources when parsed by SQLFluff versions prior to 4.1.0; version 4.1.0 introduces a configurable recursion limit to mitigate this vulnerability.

Bandit's HTTP/1 chunked-body reader silently drops the request size cap, leading to excessive memory buffering. An unauthenticated attacker can crash Bandit-fronted Phoenix/Plug applications by sending a single 'Transfer-Encoding: chunked' request to any URL, causing BEAM memory exhaustion and a denial-of-service.

Mailpit is vulnerable to an unauthenticated remote memory-exhaustion denial-of-service attack due to missing size limits on incoming SMTP DATA and HTTP requests, leading to unbounded memory and disk growth, potentially crashing the application.

Multiple vulnerabilities in Atlassian Jira could allow an attacker to execute arbitrary code, manipulate and disclose data, conduct cross-site scripting attacks, or cause a denial-of-service condition.

A remote, anonymous attacker can exploit a vulnerability in libarchive and FreeBSD Project FreeBSD OS to execute arbitrary program code and potentially conduct a denial-of-service attack.

A remote attacker can exploit a vulnerability in libsndfile to execute arbitrary code or cause a denial of service, potentially leading to complete system compromise or service disruption.

An integer underflow vulnerability, CVE-2026-37459, in FRRouting (FRR) versions stable/10.0 to stable/10.6 allows a remote attacker to cause a Denial of Service (DoS) by sending a crafted BGP UPDATE message.

A remote attacker could exploit a flaw in GnuTLS's DTLS packet reordering logic (CVE-2026-42009) to cause unstable packet ordering or undefined behavior, resulting in a denial of service.

Multiple vulnerabilities in Joplin allow an attacker to perform a denial of service attack, disclose sensitive information, or overwrite arbitrary files, potentially leading to arbitrary code execution.

My Notes Safe 5.3 is vulnerable to a denial-of-service attack (CVE-2021-47971) where an attacker can crash the application by pasting excessively long character strings into note fields.

A malicious network peer can crash a Nimiq full node by publishing a crafted Kademlia DHT record due to unchecked Ed25519 signature length in `TaggedPublicKey::verify` (CVE-2026-40092).

Multiple vulnerabilities in PostgreSQL versions 14.x, 15.x, 16.x, 17.x and 18.x could allow for arbitrary code execution, remote denial of service, and data breach, potentially leading to complete system compromise.

Multiple vulnerabilities in Tenable Network Monitor versions prior to 6.5.4 can lead to remote denial of service, security policy bypass, and unspecified security issues.

Multiple vulnerabilities in PostgreSQL could be exploited by an attacker to execute arbitrary code, conduct a denial of service attack, disclose information, manipulate files, conduct a SQL injection attack, and bypass security measures.

Multiple vulnerabilities in GIMP could allow an attacker to execute arbitrary code, disclose sensitive information, manipulate data, or cause a denial-of-service condition.

CVE-2026-42920 describes a vulnerability where undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate when a Client SSL profile is configured with Allow Dynamic Record Sizing on a UDP virtual server.

CVE-2026-41227 describes a vulnerability in an F5 Networks product where undisclosed traffic on an HTTP/2 virtual server with Layer 7 DoS Protection enabled can lead to increased memory consumption and termination of the Traffic Management Microkernel (TMM) process.

CVE-2026-41218 describes a vulnerability in F5 BIG-IP PEM iRules where undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate, leading to a denial-of-service condition.

CVE-2026-40629 describes a vulnerability in F5 Networks products where, when SSL profiles are configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing new client connections, leading to a denial of service.

CVE-2026-40618 describes a vulnerability in F5 BIG-IP Virtual Edition (VE) where specific traffic can cause the Traffic Management Microkernel (TMM) to terminate when an SSL profile is configured without Intel QuickAssist Technology (QAT) or with crypto.hwacceleration disabled, potentially leading to a denial-of-service.

CVE-2026-40423 describes a vulnerability in F5 Networks products where undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate when a SIP profile is configured on a virtual server, leading to a denial-of-service condition.

A vulnerability exists in F5 BIG-IP APM where, when an APM access policy is configured on a virtual server, undisclosed network traffic can cause the apmd process to terminate, resulting in a denial of service (CVE-2026-40067).

CVE-2026-0264 is a heap-based buffer overflow vulnerability in Palo Alto Networks PAN-OS DNS proxy and DNS server features, allowing an unauthenticated attacker with network access to cause denial of service or potentially execute arbitrary code by sending crafted network traffic.

A buffer overflow vulnerability in Palo Alto Networks PAN-OS IKEv2 processing (CVE-2026-0263) allows unauthenticated network-based attackers to execute arbitrary code with elevated privileges or cause a denial of service, affecting versions 12.1, 11.2, and 11.1 when configured with Post Quantum Cryptography (PQC).

Unauthenticated attackers can cause a denial of service (DoS) condition on Palo Alto Networks PAN-OS firewalls by sending specially crafted network traffic, as described in CVE-2026-0262.

Multiple vulnerabilities in ArubaOS allow an attacker to execute arbitrary code, perform cross-site scripting attacks, or cause a denial-of-service condition.

Multiple vulnerabilities in OX Dovecot Pro could allow an attacker to perform SQL injection attacks, bypass security measures, manipulate or disclose data, or cause a denial-of-service condition.

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, and 2.4.4-p17 and earlier are vulnerable to a denial-of-service due to a dependency on a vulnerable third-party component, which an attacker can exploit to crash the application without user interaction.

Adobe Commerce versions 2.4.9-beta1 and earlier are vulnerable to uncontrolled resource consumption, potentially leading to application denial-of-service due to an attacker's ability to exhaust system resources without user interaction.

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are susceptible to an uncontrolled resource consumption vulnerability (CVE-2026-34650) that allows an unauthenticated attacker to cause a denial-of-service condition by exhausting system resources.

Adobe Commerce versions 2.4.9-beta1 and earlier are susceptible to an uncontrolled resource consumption vulnerability (CVE-2026-34649), allowing an unauthenticated attacker to trigger a denial-of-service condition by exhausting system resources.

CVE-2026-40413 is a null pointer dereference vulnerability in Windows TCP/IP that allows an unauthenticated attacker on an adjacent network to cause a denial-of-service condition.

CVE-2026-40405 describes a null pointer dereference vulnerability in Windows TCP/IP, allowing an unauthenticated attacker to cause a denial of service over a network.

CVE-2026-35424 is a denial-of-service vulnerability in the Windows Internet Key Exchange (IKE) Protocol caused by a missing release of memory after its effective lifetime, allowing an unauthenticated remote attacker to trigger a denial of service over a network.

Dalfox is vulnerable to an unauthenticated remote denial-of-service (DoS) vulnerability (CVE-2026-45090) due to a closed channel write in the `ParameterAnalysis` function, triggered by a crafted POST request that crashes the Dalfox server process.

Siemens SIMATIC CN 4100 versions before V5.0 are vulnerable to resource exhaustion due to processing a high volume of TCP SYN packets, leading to a denial-of-service condition.

A null pointer dereference vulnerability exists in affected devices while processing specially crafted IPv4 requests, potentially allowing a remote attacker to cause a denial of service, requiring a manual restart to recover the system.

Siemens SIMATIC CN 4100 versions before V5.0 are vulnerable to resource exhaustion due to improper restriction of unauthenticated connections, potentially leading to disruption of operations and unauthorized actions.

A remote, anonymous attacker can exploit a vulnerability in CODESYS Modbus to perform a denial of service attack.

A local attacker can exploit multiple vulnerabilities in ImageMagick to perform a denial of service attack or affect confidentiality, availability, and integrity.

A buffer overflow vulnerability in Zyxel NWA1100-N firmware allows a remote attacker to cause a denial-of-service by sending a crafted HTTP request to the webs binary.

CVE-2026-32226 is a denial of service vulnerability in the .NET Framework that can be mitigated by applying the latest security update.

Multiple vulnerabilities in Spring products could allow a remote attacker to execute arbitrary code, cause a denial of service, or breach data confidentiality.

Multiple vulnerabilities in HCL BigFix could allow an attacker to disclose information, execute arbitrary code, perform a denial of service attack, and manipulate files.

free5GC's SMF is vulnerable to an unauthenticated denial-of-service attack where a crafted POST request to the `/upi/v1/upNodesLinks` endpoint can trigger a `Fatalf` call, terminating the entire SMF process, effectively disrupting network services.

The @fastify/accepts-serializer package is vulnerable to a denial of service (DoS) attack due to unbounded cache growth, where an attacker can send many distinct Accept header variants, causing the cache to grow unbounded, exhausting the Node.js heap, and crashing the process.

A remote, anonymous attacker can exploit multiple unspecified vulnerabilities in Ruby to perform a denial of service attack or disclose sensitive information.

A vulnerability exists in MAXHUB Pivot client application versions prior to v1.36.2, where a hardcoded AES key allows attackers to decrypt tenant email addresses and associated metadata, and potentially cause a denial-of-service via unauthorized device enrollment through MQTT.

Multiple vulnerabilities in IBM SPSS can be exploited by an attacker to perform cross-site scripting (XSS) attacks, denial of service attacks, and to manipulate files.

A remote, authenticated attacker can exploit multiple vulnerabilities in CPython to manipulate files or cause a denial-of-service condition.

An unauthenticated or authenticated remote attacker can exploit vulnerabilities in Red Hat Enterprise Linux to perform cross-site scripting, cause denial of service, or disclose sensitive information.

An anonymous remote attacker can exploit multiple vulnerabilities in Red Hat OpenShift Service Mesh to manipulate files, disclose information, or cause a denial-of-service condition.

A vulnerability exists in the vm2 npm package (<= 3.10.5) where sandboxed code can bypass the timeout protection by calling Buffer.alloc() with an arbitrary size, leading to memory exhaustion on the host system.

A vulnerability in Apache HTTP Server's HTTP/2 protocol can lead to denial of service by crashing worker processes, and in specific configurations (APR with mmap), remote code execution.

A denial-of-service vulnerability exists in Mistune version 3.2.0 due to excessive parsing and CPU consumption when processing specially crafted reference links, leading to application hangs and service unavailability.

Multiple vulnerabilities in Cisco IoT Field Network Director Software could allow an authenticated, remote attacker to access files, execute commands, and cause denial-of-service (DoS) conditions on managed routers.

A remote, authenticated attacker can exploit a vulnerability in Red Hat Advanced Cluster Management and Multicluster engine for Kubernetes to execute arbitrary program code or cause a denial of service condition.

pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication, where a malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count, leading to CPU exhaustion.

A denial-of-service vulnerability (CVE-2025-11044) exists in ABB B&R Automation Runtime versions prior to 6.5 and R4.93, where an unauthenticated attacker can exploit a race condition to cause permanent denial-of-service.

A vulnerability in BusyBox allows a remote attacker on an adjacent network to execute arbitrary code or cause a denial-of-service condition.

A remote, anonymous attacker can exploit a vulnerability in Red Hat Enterprise Linux freeipmi to cause a denial of service condition or memory corruption, potentially allowing arbitrary code execution.

Multiple vulnerabilities in Apache HTTP Server versions prior to 2.4.67 can allow remote attackers to execute arbitrary code, escalate privileges, or cause a denial of service.

MeWare PDKS versions V16.20200313 before VMYR_3.5.2025117 are vulnerable to improper control of interaction frequency, potentially leading to flooding attacks.

Multiple vulnerabilities in Wireshark versions 4.4.x before 4.4.15 and 4.6.x before 4.6.5 could allow remote attackers to execute arbitrary code, cause a denial of service, or compromise data confidentiality.

Multiple vulnerabilities in SonicWall firewalls could allow an attacker to cause a remote denial of service and security policy bypass, potentially disrupting network services and compromising security controls.

A vulnerability in OpenTelemetry-Go related to the extraction of multi-value baggage headers can lead to excessive resource allocation, resulting in a remote denial-of-service amplification.

CoreDNS' DNS-over-QUIC (DoQ) server can be driven into large goroutine and memory growth by a remote client that opens many QUIC streams and stalls after sending only 1 byte, leading to denial of service in versions before 1.14.3.

The xmldom library is vulnerable to a denial-of-service (DoS) attack due to uncontrolled recursion in XML serialization leading to application crashes.

CVE-2026-34282 is a remotely exploitable vulnerability in the Networking component of Oracle Java SE and GraalVM that allows an unauthenticated attacker to cause a complete denial of service.

Multiple vulnerabilities in OpenBao can be exploited by an attacker to bypass security measures, conduct a denial of service attack, and conduct a SQL injection attack.

An unauthenticated attacker with network access via RDP can exploit CVE-2026-35245 in Oracle VM VirtualBox version 7.2.6 to cause a denial-of-service (DOS) condition.

An unauthenticated attacker can cause a denial-of-service (DoS) in zrok by sending a crafted HTTP request with a large cookie chunk count to an OAuth-protected proxy share, triggering unbounded memory allocation and leading to process termination.

Multiple vulnerabilities in libssh allow an attacker to manipulate files or cause a denial-of-service condition, potentially leading to data corruption or service disruption.

A buffer overflow vulnerability in the GIF image loading component of GIMP allows an attacker to write beyond an allocated buffer by processing a specially crafted GIF file, potentially leading to denial of service or arbitrary code execution.

CVE-2026-26171 is a vulnerability in .NET that allows an unauthorized attacker to perform a denial-of-service attack over a network due to uncontrolled resource consumption.

A remote, anonymous attacker can exploit multiple vulnerabilities in Red Hat Ansible Automation Platform to perform denial of service, execute arbitrary code, bypass security measures, manipulate data, disclose information, or conduct XSS attacks.

ImageMagick versions prior to 7.1.2-19 and 6.9.13-44 are susceptible to a denial-of-service (DoS) attack due to unbounded recursion during XML parsing, potentially leading to stack exhaustion.

A use-after-free vulnerability, tracked as CVE-2026-34856, exists in Huawei's communication module due to improper synchronization in concurrent execution, potentially leading to a denial-of-service condition.

MinIO's S3 Select feature is vulnerable to denial of service due to unbounded memory allocation when processing CSV files without newlines, leading to memory exhaustion and server crashes.

Unauthenticated attackers can exploit a resource exhaustion vulnerability (CVE-2026-33756) in Saleor e-commerce platform versions before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118 by sending a single HTTP request with a large number of GraphQL operations, bypassing query complexity limits and exhausting server resources.

A remote attacker can exploit an out-of-bounds access vulnerability (CVE-2026-39863) in Kamailio versions prior to 6.1.1, 6.0.6, and 5.8.8 by sending a specially crafted data packet over TCP, causing a denial-of-service condition.

SoftEtherVPN version 5.2.5188 and earlier is vulnerable to a pre-authentication denial-of-service attack where an unauthenticated remote attacker can crash the vpnserver process by sending a malformed EAP-TLS packet over raw L2TP (UDP/1701), terminating all active VPN sessions.

CVE-2026-21367 describes a transient denial-of-service vulnerability in Qualcomm products that occurs when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans, potentially leading to service disruption.

An unauthenticated attacker can cause a denial of service by crashing Microsoft VPN Browser+ 1.1.0.0 via oversized input to the search functionality, leading to application termination.

A denial-of-service vulnerability in Hirschmann HiOS devices allows remote attackers to crash or hang the device by sending crafted UDP EtherNet/IP packets with invalid length fields.

A denial of service vulnerability, CVE-2026-31935, exists in Suricata versions prior to 7.0.15 and 8.0.4, where flooding the system with crafted HTTP2 continuation frames leads to memory exhaustion and process termination.

Suricata versions prior to 7.0.15 are vulnerable to CVE-2026-31937, where inefficient DCERPC buffering can lead to a denial-of-service condition through performance degradation.

Specially crafted network traffic can cause Suricata to slow down, leading to a denial-of-service condition in versions prior to 7.0.15 and 8.0.4, as identified by CVE-2026-31933.

A remote, authenticated attacker with administrator rights can exploit multiple vulnerabilities in SonicWall Email Security Appliance to perform cross-site scripting, manipulate data, or cause a denial-of-service.

Multiple vulnerabilities in PowerDNS could be exploited by an attacker to disclose information, bypass security measures, cause a denial of service, and potentially execute code.

A remote, anonymous attacker can exploit multiple vulnerabilities in IBM App Connect Enterprise to cause a denial-of-service condition or bypass security measures, enabling cross-site scripting attacks.

Multiple vulnerabilities in ImageMagick could allow an attacker to perform a denial of service attack, execute arbitrary code, or manipulate data.

Multiple vulnerabilities in Grafana allow a remote attacker to conduct a denial-of-service attack, execute code, or disclose information.

Multiple vulnerabilities in Dovecot can be exploited by an attacker to perform SQL injection attacks, bypass authentication, disclose sensitive information, or cause a denial-of-service condition.

A denial-of-service vulnerability exists in the Protobuf PHP library due to maliciously crafted messages with negative varints or deep recursion, leading to application crashes and impacting service availability.

An unauthenticated remote attacker can exploit CVE-2026-3509 in the CODESYS Control runtime system to control the format string of messages processed by the Audit Log, leading to a denial-of-service (DoS) condition.

An anonymous remote attacker can exploit multiple vulnerabilities in IBM Tivoli Netcool/OMNIbus to achieve arbitrary code execution, information disclosure, file manipulation, or denial of service.

An authenticated remote attacker can exploit vulnerabilities in Asterisk and Digium Certified Asterisk to achieve arbitrary code execution, denial of service, or information disclosure.

Easy Chat Server 3.1 is vulnerable to a denial-of-service attack where a remote attacker can crash the application by sending oversized data in the message parameter via a POST request to the body2.ghp endpoint after establishing a session, leading to service unavailability.

A denial-of-service vulnerability (CVE-2026-33174) exists in Ruby on Rails Active Storage versions prior to 8.1.2.1, 8.0.4.1, and 7.2.3.1 due to unbounded memory allocation when handling large or unbounded Range headers in proxy delivery mode.

CVE-2024-45163 is a remote denial-of-service vulnerability affecting Mirai command and control (C2) infrastructure, potentially disrupting botnet operations and related malicious activities.

Multiple vulnerabilities exist in EV Energy ev.energy that could allow an attacker to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks.

An unauthenticated denial-of-service vulnerability in Phoenix's long-poll transport allows a remote client to exhaust server memory by sending a series of crafted HTTP requests, affecting LiveView apps with a public Longpoll socket or Phoenix.Socket with longpoll option.

Micronaut's `TimeConverterRegistrar` has an unbounded `formattersCache` that allows memory exhaustion via a crafted `Accept-Language` header, where an unauthenticated attacker can crash the JVM by sending requests with novel locale tags to `@Format`-annotated endpoints, growing the cache until heap memory is exhausted, affecting Micronaut applications with `micronaut-context` versions 4.3.0 and above, up to but not including 4.10.22.

Multiple vulnerabilities in GStreamer could be exploited by a remote, anonymous attacker to execute arbitrary code or cause a denial of service condition.

A remote, authenticated attacker can exploit multiple vulnerabilities in MediaWiki to execute arbitrary code, disclose information, perform a cross-site scripting attack, or cause a denial of service condition.

The basic-ftp library is vulnerable to a client-side denial of service. A malicious FTP server can send an unterminated multiline response during the initial FTP banner phase, before authentication, causing the client to buffer attacker-controlled data without limit.

CoreDNS is vulnerable to a denial-of-service attack where processing oversized DNS-over-HTTPS GET requests exhausts resources prior to returning an error.

The `kanban` npm package, used by the `cline` CLI, has a cross-origin WebSocket hijacking vulnerability. Due to the lack of Origin header validation, any website can connect to the kanban server via WebSocket and leak sensitive data, hijack running AI agent terminals leading to remote code execution, or kill running agent tasks, resulting in information disclosure, RCE, and denial of service.

free5GC's NEF component is vulnerable to a denial-of-service attack where an attacker can create a PFD subscription with an attacker-controlled `notifyUri`, and when a PFD change is triggered, NEF attempts to deliver a notification to the specified URI, and if the URI is unreachable, NEF terminates the entire process, causing a service outage, and this can be triggered without authentication in version 4.2.1, making it easily exploitable.

A specially constructed QUIC package can crash the Hysteria server due to an out-of-memory (OOM) condition when the 'sniff' option is enabled, leading to a denial of service.

free5GC's SMF is vulnerable to an unauthenticated denial-of-service attack where a crafted DELETE request to the /upi/v1/upNodesLinks/{ref} endpoint triggers a nil-pointer dereference, causing a panic and mutating the in-memory user-plane topology, impacting the selection of UPFs for legitimate UE sessions.