GHSA-CQGJ-H8VF-4W59 Acknowledgement extension out of memory

Impact Bad clients that always send a fixed batch value while the server is using the acknowledgement extension can cause the unacknowledged message queue to grow indefinitely, eventually resulting in an OutOfMemoryError. Such bad clients would always send: json "channel": "/meta/connect",...

ROS-20260605-73-0045

The vulnerability in Tomcat11 is related to unlimited resource allocation. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

CVE-2026-34939

PraisonAI is a multi-agent teams system. Prior to version 4.5.90, MCPToolIndex.searchtools compiles a caller-supplied string directly as a Python regular expression with no validation, sanitization, or timeout. A crafted regex causes catastrophic backtracking in the re engine, blocking the Python...

CVE-2025-15608

This vulnerability in AX53 v1 results from insufficient input sanitization in the device’s probe handling logic, where unvalidated parameters can trigger a stack-based buffer overflow that causes the affected service to crash and, under specific conditions, may enable remote code execution throug...

When your DDoS mitigation provider goes down: Why traffic control can’t be outsourced

Since the headline-grabbing outages of 2021, we’ve had recurring conversations with large enterprises asking some version of the same question. Do we really want our CDN, security, and routing control to live in the same place? This issue of control has become more urgent after a series of...

CVE-2026-29771

Netmaker makes networks with WireGuard. Prior to version 1.2.0, the /api/server/shutdown endpoint allows termination of the Netmaker server process via syscall.SIGINT. This allows any user to repeatedly shut down the server, causing cyclic denial of service with approximately 3-second restart...

The Future of Iran’s Internet Is More Uncertain Than Ever

Iran’s internet shutdown has reduced connectivity by 99 percent, with air strikes likely causing additional outages, and few workarounds remaining...

When Cloud Outages Ripple Across the Internet

Recent major cloud service outages have been hard to miss. High-profile incidents affecting providers such as AWS, Azure, and Cloudflare have disrupted large parts of the internet, taking down websites and services that many other systems depend on. The resulting ripple effects have halted...

PT-2026-6268

Name of the Vulnerable Software and Affected Versions apko versions 0.14.8 through 1.0.9 Description apko is a tool for building and publishing OCI container images from apk packages. A flaw exists in the expandapk.Split function where it drains the first gzip stream of an APK archive without...

Poland Thwarts Russian Wiper Malware Attack on Power Plants

Poland blocked a Russian wiper malware attack on power and heating plants, officials say, avoiding outages during winter and prompting tighter cyber rules...

XWiki's REST APIs don't enforce any limits, leading to unavailability and OOM in large wikis

Impact XWiki's REST API doesn't enforce any limits for the number of items that can be requested in a single request at the moment. Depending on the number of pages in the wiki and the memory configuration, this can lead to slowness and unavailability of the wiki. As an example, the...

Ruijie AP_RGOS 安全漏洞

Ruijie APRGOS is a general-purpose network operating system from China's Ruijie Ruijie Corporation. A security vulnerability exists in Ruijie APRGOS version 11.1.x. The vulnerability stems from a command injection in the webaction.do endpoint, which could lead to file disclosure and device outage...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a live lock issue in fuse synchronized file placement, which could make services unavailable...

Elena Lazar: Failures are Inevitable – Reliability is a Choice

Reliability engineer on why resilience must be designed, not patched, and how decades of global experience taught her to turn outages into insights...

Threat Landscape of the Building and Construction Sector Part Two: Ransomware

In this second installment of our two-part series on the construction industry, Rapid7 is looking at the specific threat ransomware poses, why the industry is particularly vulnerable, and ways in which threat actors exploit its weaknesses to great effect. You can catch up on the first part here:...

EUVD-2010-3681

Malware in sbrugna...

The vulnerability of the InnoDB component of the MySQL Database Server, which allows a hacker to cause a service failure

The vulnerability of the InnoDB component in the MySQL Database Management System is related to an uncontrolled consumption of resources. Exploiting this vulnerability can allow a malicious actor to cause service interruptions using the MySQL network protocol...

The vulnerability of the Demon Routing Protocol Daemon (RPD) in Juniper Networks’ Junos OS and Junos OS Evolved operating systems allows a attacker to cause a service failure.

The vulnerability of the Demon Routing Protocol Daemon RPD in Juniper Networks’ Junos OS and Junos OS Evolved operating systems is related to the use of the assert function. Exploiting this vulnerability allows a remote attacker to cause service interruptions...

From Backup to Cyber Resilience: Why IT Leaders Must Rethink Backup in the Age of Ransomware

With IT outages and disruptions escalating, IT teams are shifting their focus beyond simply backing up data to maintaining operations during an incident. One of the key drivers behind this shift is the growing threat of ransomware, which continues to evolve in both frequency and complexity...

The vulnerability of microprogrammed network boards from ASR Microelectronics, such as ASR1803L, ASR1806, ASR1901, and ASR1903L, arises due to improper cleaning or release of resources. This allows attackers to gain unauthorized access to protected information or cause service failures.

The vulnerability of microprogrammed network board software from ASR Microelectronics, including models ASR1803L, ASR1806, ASR1901, and ASR1903L, stems from improper cleaning or release of resources during the processing of the pb.c file router/phonebook/pb.c. Exploiting this vulnerability can...