Total
3984 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-41842 | 2 Spring, Vmware | 2 Spring Framework, Spring Framework | 2026-06-09 | 7.5 High |
| Spring MVC and WebFlux applications are vulnerable to Denial of Service (DoS) attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48. | ||||
| CVE-2026-11790 | 1 Redhat | 3 Directory Server, Enterprise Linux, Redhat Directory Server | 2026-06-09 | 4.9 Medium |
| A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password storage plugin does not enforce an upper bound on the iteration count extracted from stored password hashes. A privileged attacker who can modify a user's password hash can cause excessive CPU consumption during authentication, resulting in denial of service. | ||||
| CVE-2024-49075 | 1 Microsoft | 17 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 14 more | 2026-06-09 | 7.5 High |
| Windows Remote Desktop Services Denial of Service Vulnerability | ||||
| CVE-2024-49129 | 1 Microsoft | 7 Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 and 4 more | 2026-06-09 | 7.5 High |
| Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | ||||
| CVE-2024-49096 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-06-09 | 7.5 High |
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | ||||
| CVE-2025-21330 | 1 Microsoft | 17 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 14 more | 2026-06-09 | 7.5 High |
| Windows Remote Desktop Services Denial of Service Vulnerability | ||||
| CVE-2024-43575 | 1 Microsoft | 5 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 2 more | 2026-06-09 | 7.5 High |
| Windows Hyper-V Denial of Service Vulnerability | ||||
| CVE-2024-43545 | 1 Microsoft | 10 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 7 more | 2026-06-09 | 7.5 High |
| Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability | ||||
| CVE-2024-43544 | 1 Microsoft | 10 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 7 more | 2026-06-09 | 7.5 High |
| Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability | ||||
| CVE-2024-38149 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-06-09 | 7.5 High |
| BranchCache Denial of Service Vulnerability | ||||
| CVE-2024-43541 | 1 Microsoft | 10 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 7 more | 2026-06-09 | 7.5 High |
| Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability | ||||
| CVE-2024-43515 | 1 Microsoft | 25 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 22 more | 2026-06-09 | 7.5 High |
| Internet Small Computer Systems Interface (iSCSI) Denial of Service Vulnerability | ||||
| CVE-2024-43506 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-06-09 | 7.5 High |
| BranchCache Denial of Service Vulnerability | ||||
| CVE-2026-49762 | 1 Elixir-lang | 1 Elixir | 2026-06-09 | N/A |
| Uncontrolled Resource Consumption vulnerability in the Elixir standard library's Version module allows an attacker who controls a version string to cause a denial of service through CPU and memory exhaustion. The version parser converts numeric version components (major, minor, patch and numeric pre-release/build identifiers) to integers without bounding their length. A single large all-digit component therefore forces a super-linear, non-yielding base-10 to arbitrary-precision integer conversion (String.to_integer/1, i.e. :erlang.binary_to_integer/1) that pins a BEAM scheduler, and a larger component raises an uncaught SystemLimitError that crashes the calling process. A single moderately sized string (around one megabyte) is enough; no authentication is required. This is reachable from the public entry points Version.parse/1, Version.parse!/1, Version.match?/3, Version.compare/2, and Version.parse_requirement/1, which applications routinely call on untrusted input such as HTTP parameters, dependency-manifest fields, and package metadata. This vulnerability is associated with program files lib/version.ex and program routines 'Elixir.Version.Parser':parse_digits/2. This issue affects Elixir: from 1.5.0 before 1.20.1. | ||||
| CVE-2026-11611 | 1 Redhat | 3 Directory Server, Enterprise Linux, Redhat Directory Server | 2026-06-09 | 6.5 Medium |
| A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause crashes during connection teardown or shutdown. | ||||
| CVE-2026-40983 | 1 Spring | 1 Micrometer | 2026-06-09 | 7.5 High |
| In Micrometer, it is possible for a user to provide specially crafted gRPC requests that may cause a denial-of-service (DoS) condition. Affected versions: Micrometer 1.16.0 through 1.16.5; 1.15.0 through 1.15.11. | ||||
| CVE-2026-40984 | 1 Spring | 1 Micrometer | 2026-06-09 | 7.5 High |
| In Micrometer, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Affected versions: micrometer-core 1.16.0 through 1.16.5; 1.15.0 through 1.15.11; 1.14.0 through 1.14.15; 1.13.0 through 1.13.18; 1.9.0 through 1.9.17. micrometer-jetty11 1.16.0 through 1.16.5; 1.15.0 through 1.15.11; 1.14.0 through 1.14.15; 1.13.0 through 1.13.18. micrometer-jetty12 1.16.0 through 1.16.5; 1.15.0 through 1.15.11; 1.14.0 through 1.14.15; 1.13.0 through 1.13.18. | ||||
| CVE-2025-40944 | 1 Siemens | 15 Simatic Et 200al Im 157-1 Pn, Simatic Et 200mp Im 155-5 Pn Hf, Simatic Et 200sp Im 155-6 Mf Hf and 12 more | 2026-06-09 | 7.5 High |
| A vulnerability has been identified in SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0) (All versions), SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0) (All versions >= V4.2.0), SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0) (All versions), SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants) (All versions < V1.3), SIMATIC ET 200SP IM 155-6 PN R1 (6ES7155-6AU00-0HM0) (All versions < V6.0.1), SIMATIC ET 200SP IM 155-6 PN/2 HF (6ES7155-6AU01-0CN0) (All versions >= V4.2.0 < V4.2.5), SIMATIC ET 200SP IM 155-6 PN/3 HF (6ES7155-6AU30-0CN0) (All versions < V4.2.2), SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0) (All versions), SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0) (All versions < V6.0.0), SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-2AC0) (All versions >= V4.2.0), SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-7AC0) (All versions >= V4.2.0), SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL (6AG2155-5AA00-1AC0) (All versions >= V4.2.0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-2CN0) (All versions >= V4.2.0 < V4.2.5), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-7CN0) (All versions >= V4.2.0 < V4.2.5), SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL (6AG2155-6AU01-1CN0) (All versions >= V4.2.0 < V4.2.5), SIPLUS ET 200SP IM 155-6 PN HF TX RAIL (6AG2155-6AU01-4CN0) (All versions >= V4.2.0 < V4.2.5), SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0) (All versions < V6.0.0). Affected devices do not properly handle S7 protocol session disconnect requests. When receiving a valid S7 protocol Disconnect Request (COTP DR TPDU) on TCP port 102, the devices enter an improper session state. This could allow an attacker to cause the device to become unresponsive, leading to a denial-of-service condition that requires a power cycle to restore normal operation. | ||||
| CVE-2026-3116 | 1 Mattermost | 2 Mattermost, Mattermost Server | 2026-06-08 | 4.9 Medium |
| Mattermost Plugins versions <=11.4 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to validate incoming request size which allows an authenticated attacker to cause service disruption via the webhook endpoint. Mattermost Advisory ID: MMSA-2026-00589 | ||||
| CVE-2026-11478 | 1 Kokke | 1 Tiny-regex-c | 2026-06-08 | 3.3 Low |
| A flaw has been found in kokke tiny-regex-c up to f2632c6d9ed25272987471cdb8b70395c2460bdb. This vulnerability affects the function matchstar of the file re.c of the component Pattern Handler. This manipulation causes inefficient regular expression complexity. The attack is restricted to local execution. The exploit has been published and may be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The project was informed of the problem early through an issue report but has not responded yet. | ||||