CVE-2025-32422

AutoGPT contains a DoS vulnerability in StepThroughItemsBlock leading to disk exhaustion via unbounded downloads to FileStoreBlock. Before version 0.6.63, StepThroughItemsBlock can iterate over an arbitrary list and trigger downloads to FileStoreBlock without limiting loop count, while FileStoreB...

GHSA-563Q-J3CM-6JXM Netty susceptible to HTTP/2 Reset Attack with different on-the-wire signature

Summary Netty HTTP/2 max header size handling produces attack similar to HTTP/2 Rapid Reset. Details There is a setting in the http2 specification called SETTINGSMAXHEADERLISTSIZE. According to the RFC: “This advisory setting informs a peer of the maximum field section size that the sender is...

Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS

Summary request.form accepts maxfields and maxpartsize to bound resource consumption while parsing form data. These limits are enforced for multipart/form-data, but silently ignored for application/x-www-form-urlencoded. An unauthenticated attacker can therefore send a urlencoded body with an...

CVE-2025-55652

A heap buffer overflow in the gfisomvpconfignew function isomedia/avcext.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

CVE-2025-55648

A heap buffer overflow in the gfopusparsepacketheader function mediatools/avparsers.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

PT-2026-49583

A Denial of Service DoS vulnerability exists in the @angular/common package of the Angular framework. The formatDate function, which is also utilized by the standard Angular DatePipe, does not properly limit or validate the length of the format parameter. When parsing a maliciously crafted,...

EulerOS Virtualization 2.13.1 : python-pyasn1 (EulerOS-SA-2026-2387)

According to the versions of the python-pyasn1 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the pyasn1 library is vulnerable to a Denial of Service DoS...

AlmaLinux 10 : openssl (ALSA-2026:25237)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:25237 advisory. openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing CVE-2026-7383 openssl: OpenSSL: Denial of Service due to...

RHEL 9 : containernetworking-plugins (RHSA-2026:25251)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:25251 advisory. The Container Network Interface CNI project consists of a specification and libraries for writing plug- ins for configuring network...

kernel: RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event()

A flaw was found in the Linux kernel's RDMA/mlx4 component. This vulnerability arises from the incorrect use of Read-Copy Update RCU in the mlx4srqevent function. An attacker could potentially trigger an event before the srq object is fully initialized, leading to a system crash. This could resul...

CVE-2026-41983

DoS vulnerability in the browser kernel. Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2026-36807

Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthUserPwd parameter of the formAddWebAuthUser function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

EUVD-2026-35884

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a denial-of-service vulnerability exists in the Ed25519 multisig delinearization code path. Ed25519PublicKey::delinearize in keys/src/multisig/mod.rs called...

GHSA-833P-95JQ-929Q PhoenixStorybook: Unbounded atom creation from LiveView event params (atom-table DoS)

Summary An attacker who can deliver psb-assign, psb-toggle, psb-set-theme, upper-tab-navigation, lower-tab-navigation, playground-change, or playground-toggle LiveView events to a mounted Phoenix Storybook playground can flood the BEAM atom table with attacker-controlled strings, permanently...

CVE-2026-36816

Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the wewifiWhiteUserInfo parameter of the formAddWewifiWhiteUser function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

CVE-2025-55659

A NULL pointer dereference in the cttsboxwrite function isomedia/boxcodebase.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

CVE-2025-55657

A NULL pointer dereference in the gfodfvvccfgwritebs function odf/descriptors.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

SUSE-SU-2026:2325-1 Security update for kubernetes1.26

This update for kubernetes1.26 fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265740. - CVE-2026-35469: github.com/moby/spdystream: memory amplification in SPDY frame parsing leads to denial of service...

Denial Of Service (DoS)

Netty is vulnerable to Denial of Service DoS. The vulnerability is due to unbounded accumulation of incomplete SCTP message fragments in nested CompositeByteBuf structures without limits on fragment count, size, or stream identifiers, which allows an attacker to exhaust memory and processing...

CVE-2026-41849 Spring Framework Denial of Service via Integer Overflow in SpEL Expressions

An integer overflow vulnerability exists in the evaluation logic of the Spring Expression Language SpEL. An attacker can exploit this by supplying a specially crafted SpEL expression that triggers excessive resource consumption, resulting in a Denial of Service DoS. Affected versions: Spring...