Total
3568 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-0889 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-01-22 | 7.5 High |
| Denial-of-service in the DOM: Service Workers component. This vulnerability affects Firefox < 147 and Thunderbird < 147. | ||||
| CVE-2023-6277 | 3 Fedoraproject, Libtiff, Redhat | 3 Fedora, Libtiff, Enterprise Linux | 2026-01-22 | 6.5 Medium |
| An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB. | ||||
| CVE-2026-22690 | 2 Py-pdf, Pypdf Project | 2 Pypdf, Pypdf | 2026-01-22 | 5.3 Medium |
| pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for missing /Root object with large /Size values. An attacker who uses this vulnerability can craft a PDF which leads to possibly long runtimes for actually invalid files. This can be achieved by omitting the /Root entry in the trailer, while using a rather large /Size value. Only the non-strict reading mode is affected. This issue has been patched in version 6.6.0. | ||||
| CVE-2026-22691 | 2 Py-pdf, Pypdf Project | 2 Pypdf, Pypdf | 2026-01-22 | 5.3 Medium |
| pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for malformed startxref. An attacker who uses this vulnerability can craft a PDF which leads to possibly long runtimes for invalid startxref entries. When rebuilding the cross-reference table, PDF files with lots of whitespace characters become problematic. Only the non-strict reading mode is affected. Only the non-strict reading mode is affected. This issue has been patched in version 6.6.0. | ||||
| CVE-2025-11681 | 1 M-files | 2 M-files Server, Server | 2026-01-21 | 6.5 Medium |
| Denial-of-service condition in M-Files Server versions before 25.11.15392.1, before 25.2 LTS SR2 and before 25.8 LTS SR2 allows an authenticated user to cause the MFserver process to crash. | ||||
| CVE-2025-66019 | 1 Pypdf Project | 1 Pypdf | 2026-01-20 | 5.3 Medium |
| pypdf is a free and open-source pure-python PDF library. Prior to version 6.4.0, an attacker who uses this vulnerability can craft a PDF which leads to a memory usage of up to 1 GB per stream. This requires parsing the content stream of a page using the LZWDecode filter. This issue has been patched in version 6.4.0. | ||||
| CVE-2025-67835 | 1 Paessler | 1 Prtg Network Monitor | 2026-01-20 | 6.5 Medium |
| Paessler PRTG Network Monitor before 25.4.114 allows Denial-of-Service (DoS) by an authenticated attacker via the Notification Contacts functionality. | ||||
| CVE-2025-59529 | 1 Avahi | 1 Avahi | 2026-01-16 | 5.5 Medium |
| Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions up to and including 0.9-rc2, the simple protocol server ignores the documented client limit and accepts unlimited connections, allowing for easy local DoS. Although `CLIENTS_MAX` is defined, `server_work()` unconditionally `accept()`s and `client_new()` always appends the new client and increments `n_clients`. There is no check against the limit. When client cannot be accepted as a result of maximal socket number of avahi-daemon, it logs unconditionally error per each connection. Unprivileged local users can exhaust daemon memory and file descriptors, causing a denial of service system-wide for mDNS/DNS-SD. Exhausting local file descriptors causes increased system load caused by logging errors of each of request. Overloading prevents glibc calls using nss-mdns plugins to resolve `*.local.` names and link-local addresses. As of time of publication, no known patched versions are available, but a candidate fix is available in pull request 808, and some workarounds are available. Simple clients are offered for nss-mdns package functionality. It is not possible to disable the unix socket `/run/avahi-daemon/socket`, but resolution requests received via DBus are not affected directly. Tools avahi-resolve, avahi-resolve-address and avahi-resolve-host-name are not affected, they use DBus interface. It is possible to change permissions of unix socket after avahi-daemon is started. But avahi-daemon does not provide any configuration for it. Additional access restrictions like SELinux can also prevent unwanted tools to access the socket and keep resolution working for trusted users. | ||||
| CVE-2026-0992 | 1 Redhat | 3 Enterprise Linux, Jboss Core Services, Openshift | 2026-01-16 | 2.9 Low |
| A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated <nextCatalog> elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition. | ||||
| CVE-2025-13837 | 1 Python | 2 Cpython, Python | 2026-01-15 | 5.5 Medium |
| When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues | ||||
| CVE-2026-22239 | 1 Bluspark Global | 1 Bluvoyix | 2026-01-15 | N/A |
| The vulnerability exists in BLUVOYIX due to design flaws in the email sending API. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable email sending API. Successful exploitation of this vulnerability could allow the attacker to send unsolicited emails to anyone on behalf of the company. | ||||
| CVE-2025-55128 | 2 Aquaplatform, Revive | 2 Revive Adserver, Adserver | 2026-01-14 | N/A |
| HackerOne community member Dang Hung Vi (vidang04) has reported an uncontrolled resource consumption vulnerability in the “userlog-index.php”. An attacker with access to the admin interface could request an arbitrarily large number of items per page, potentially leading to a denial of service. | ||||
| CVE-2023-41173 | 1 Adguard | 1 Adguard Dns | 2026-01-14 | 7.5 High |
| AdGuard DNS before 2.2 allows remote attackers to cause a denial of service via malformed UDP packets. | ||||
| CVE-2025-66863 | 1 Gnu | 1 Binutils | 2026-01-14 | 7.5 High |
| An issue was discovered in function d_discriminator in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file. | ||||
| CVE-2025-66861 | 1 Gnu | 1 Binutils | 2026-01-14 | 2.5 Low |
| An issue was discovered in function d_unqualified_name in file cp-demangle.c in BinUtils 2.26 allowing attackers to cause a denial of service via crafted PE file. | ||||
| CVE-2026-21485 | 2 Color, Internationalcolorconsortium | 2 Iccdev, Iccdev | 2026-01-14 | 8.8 High |
| iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are prone to have Undefined Behavior (UB) and Out of Memory errors. This issue is fixed in version 2.3.1.2. | ||||
| CVE-2023-29153 | 2 Intel, Netapp | 4 Server Platform Services, Hci Bootstrap Os, Hci Compute Node and 1 more | 2026-01-14 | 4.9 Medium |
| Uncontrolled resource consumption for some Intel(R) SPS firmware before version SPS_E5_06.01.04.002.0 may allow a privileged user to potentially enable denial of service via network access. | ||||
| CVE-2024-43105 | 1 Mattermost | 1 Mattermost Channel Export | 2026-01-14 | 4.3 Medium |
| Mattermost Plugin Channel Export versions <=1.0.0 fail to restrict concurrent runs of the /export command which allows a user to consume excessive resource by running the /export command multiple times at once. | ||||
| CVE-2025-40944 | 1 Siemens | 15 Simatic Et 200al Im 157-1 Pn, Simatic Et 200mp Im 155-5 Pn Hf, Simatic Et 200sp Im 155-6 Mf Hf and 12 more | 2026-01-14 | 7.5 High |
| A vulnerability has been identified in SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0) (All versions), SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0) (All versions >= V4.2.0), SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0) (All versions), SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants) (All versions < V1.3), SIMATIC ET 200SP IM 155-6 PN R1 (6ES7155-6AU00-0HM0) (All versions < V6.0.1), SIMATIC ET 200SP IM 155-6 PN/2 HF (6ES7155-6AU01-0CN0) (All versions >= V4.2.0), SIMATIC ET 200SP IM 155-6 PN/3 HF (6ES7155-6AU30-0CN0) (All versions < V4.2.2), SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0) (All versions), SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0) (All versions < V6.0.0), SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-2AC0) (All versions >= V4.2.0), SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-7AC0) (All versions >= V4.2.0), SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL (6AG2155-5AA00-1AC0) (All versions >= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-2CN0) (All versions >= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-7CN0) (All versions >= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL (6AG2155-6AU01-1CN0) (All versions >= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF TX RAIL (6AG2155-6AU01-4CN0) (All versions >= V4.2.0), SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0) (All versions < V6.0.0). Affected devices do not properly handle S7 protocol session disconnect requests. When receiving a valid S7 protocol Disconnect Request (COTP DR TPDU) on TCP port 102, the devices enter an improper session state. This could allow an attacker to cause the device to become unresponsive, leading to a denial-of-service condition that requires a power cycle to restore normal operation. | ||||
| CVE-2025-67133 | 2026-01-13 | 7.5 High | ||
| An issue in Hero Motocorp Vida V1 Pro 2.0.7 allows a local attacker to cause a denial of service via the BLE component | ||||