Total
152 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-34943 | 1 Bytecodealliance | 1 Wasmtime | 2026-04-20 | N/A | 7.5 HIGH |
| Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime contains a possible panic which can happen when a flags-typed component model value is lifted with the Val type. If bits are set outside of the set of flags the component model specifies that these bits should be ignored but Wasmtime will panic when this value is lifted. This panic only affects wasmtime's implementation of lifting into Val, not when using the flags! macro. This additionally only affects flags-typed values which are part of a WIT interface. This has the risk of being a guest-controlled panic within the host which Wasmtime considers a DoS vector. This vulnerability is fixed in 24.0.7, 36.0.7, 42.0.2, and 43.0.1. | |||||
| CVE-2026-34944 | 1 Bytecodealliance | 1 Wasmtime | 2026-04-20 | N/A | 5.7 MEDIUM |
| Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, On x86-64 platforms with SSE3 disabled Wasmtime's compilation of the f64x2.splat WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are disabled this can result in a uncaught segfault due to loading from unmapped guard pages. With guard pages disabled it's possible for out-of-sandbox data to be loaded, but this data is not visible to WebAssembly guests. This vulnerability is fixed in 24.0.7, 36.0.7, 42.0.2, and 43.0.1. | |||||
| CVE-2026-24175 | 1 Nvidia | 1 Triton Inference Server | 2026-04-16 | N/A | 7.5 HIGH |
| NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malformed request header to the server. A successful exploit of this vulnerability might lead to denial of service. | |||||
| CVE-2026-31812 | 2026-04-16 | N/A | N/A | ||
| Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Prior to 0.11.14, a remote, unauthenticated attacker can trigger a denial of service in applications using vulnerable quinn versions by sending a crafted QUIC Initial packet containing malformed quic_transport_parameters. In quinn-proto parsing logic, attacker-controlled varints are decoded with unwrap(), so truncated encodings cause Err(UnexpectedEnd) and panic. This is reachable over the network with a single packet and no prior trust or authentication. This vulnerability is fixed in 0.11.14. | |||||
| CVE-2024-3051 | 2026-04-15 | N/A | 7.5 HIGH | ||
| Malformed Device Reset Locally command classes can be sent to temporarily deny service to an end device. Any frames sent by the end device will not be acknowledged by the gateway during this time. | |||||
| CVE-2025-24836 | 2026-04-15 | N/A | 7.1 HIGH | ||
| With a specially crafted Python script, an attacker could send continuous startMeasurement commands over an unencrypted Bluetooth connection to the affected device. This would prevent the device from connecting to a clinician's app to take patient readings and ostensibly flood it with requests, resulting in a denial-of-service condition. | |||||
| CVE-2025-0657 | 2026-04-15 | N/A | N/A | ||
| A weakness in Automated Logic and Carrier i-Vu Gen5 router on driver version drv_gen5_106-01-2380, allows malformed packets to be sent through BACnet MS/TP network causing the devices to enter a fault state. This fault state requires a manual power cycle to return the device to network visibility. | |||||
| CVE-2025-53365 | 2026-04-15 | N/A | N/A | ||
| The MCP Python SDK, called `mcp` on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to version 1.10.0, if a client deliberately triggers an exception after establishing a streamable HTTP session, this can lead to an uncaught ClosedResourceError on the server side, causing the server to crash and requiring a restart to restore service. Impact may vary depending on the deployment conditions, and presence of infrastructure-level resilience measures. Version 1.10.0 contains a patch for the issue. | |||||
| CVE-2025-48997 | 2026-04-15 | N/A | N/A | ||
| Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.1 allows an attacker to trigger a Denial of Service (DoS) by sending an upload file request with an empty string field name. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to `2.0.1` to receive a patch. No known workarounds are available. | |||||
| CVE-2024-20137 | 2026-04-15 | N/A | 7.5 HIGH | ||
| In wlan driver, there is a possible client disconnection due to improper handling of exceptional conditions. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00384543; Issue ID: MSV-1727. | |||||
| CVE-2025-20097 | 2026-04-15 | N/A | 4.3 MEDIUM | ||
| Uncaught exception in OpenBMC Firmware for the Intel(R) Server M50FCP Family and Intel(R) Server D50DNP Family before version R01.02.0002 may allow an authenticated user to potentially enable denial of service via network access. | |||||
| CVE-2025-9124 | 2026-04-15 | N/A | N/A | ||
| A denial-of-service security issue in the affected product. The security issue stems from a fault occurring when a crafted CIP unconnected explicit message is sent. This can result in a major non-recoverable fault. | |||||
| CVE-2025-48430 | 2026-04-15 | N/A | 5.5 MEDIUM | ||
| Uncaught Exception (CWE-248) in the Command Centre Server allows an Authorized and Privileged Operator to crash the Command Centre Server at will. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 (MR2), 9.20 prior to vEL9.20.2819 (MR4), 9.10 prior to vEL9.10.3672 (MR7), 9.00 prior to vEL9.00.3831 (MR8), all versions of 8.90 and prior. | |||||
| CVE-2024-29076 | 2026-04-15 | N/A | 5.5 MEDIUM | ||
| Uncaught exception for some Intel(R) CST software before version 8.7.10803 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2025-8870 | 2026-04-15 | N/A | 4.9 MEDIUM | ||
| On affected platforms running Arista EOS, certain serial console input might result in an unexpected reload of the device.153 | |||||
| CVE-2025-54777 | 2026-04-15 | N/A | 4.3 MEDIUM | ||
| Uncaught exception issue exists in Multiple products in bizhub series. If a malformed file is imported as an S/MIME Email certificate, it may cause a denial-of-service issue that disable the Web Connection feature. | |||||
| CVE-2024-3052 | 2026-04-15 | N/A | 7.5 HIGH | ||
| Malformed S2 Nonce Get command classes can be sent to crash the gateway. A hard reset is required to recover the gateway. | |||||
| CVE-2025-7338 | 2026-04-15 | N/A | 7.5 HIGH | ||
| Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to version 2.0.2 to receive a patch. No known workarounds are available. | |||||
| CVE-2025-24883 | 2026-04-15 | N/A | N/A | ||
| go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.14.13. | |||||
| CVE-2024-13417 | 2026-04-15 | N/A | 4.6 MEDIUM | ||
| Specifically crafted payloads sent to the RFID reader could cause DoS of RFID reader. After the device is restarted, it gets back to fully working state. 2N has released an updated version 2.46 of 2N OS, where this vulnerability is mitigated. It is recommended that all customers update their devices to the latest 2N OS. | |||||