Total
2684 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-9182 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-13 | N/A | 7.5 HIGH |
| Denial-of-service due to out-of-memory in the Graphics: WebRender component. This vulnerability was fixed in Firefox 142, Firefox ESR 140.2, Thunderbird 142, and Thunderbird 140.2. | |||||
| CVE-2025-55029 | 1 Mozilla | 1 Firefox | 2026-04-13 | N/A | 7.5 HIGH |
| Malicious scripts could bypass the popup blocker to spam new tabs, potentially resulting in denial of service attacks. This vulnerability was fixed in Firefox for iOS 142. | |||||
| CVE-2025-55028 | 1 Mozilla | 1 Firefox | 2026-04-13 | N/A | 6.5 MEDIUM |
| Malicious scripts utilizing repetitive JavaScript alerts could prevent client user interaction in some scenarios and allow for denial of service attacks. This vulnerability was fixed in Firefox for iOS 142. | |||||
| CVE-2026-34166 | 1 Liquidjs | 1 Liquidjs | 2026-04-10 | N/A | 3.7 LOW |
| LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, the replace filter in LiquidJS incorrectly accounts for memory usage when the memoryLimit option is enabled. It charges str.length + pattern.length + replacement.length bytes to the memory limiter, but the actual output from str.split(pattern).join(replacement) can be quadratically larger when the pattern occurs many times in the input string. This allows an attacker who controls template content to bypass the memoryLimit DoS protection with approximately 2,500x amplification, potentially causing out-of-memory conditions. This vulnerability is fixed in 10.25.3. | |||||
| CVE-2026-0049 | 1 Google | 1 Android | 2026-04-10 | N/A | 6.2 MEDIUM |
| In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2026-33204 | 1 Kelvinmo | 1 Simplejwt | 2026-04-10 | N/A | 7.5 HIGH |
| SimpleJWT is a simple JSON web token library written in PHP. Prior to version 1.1.1, an unauthenticated attacker can perform a Denial of Service via JWE header tampering when PBES2 algorithms are used. Applications that call JWE::decrypt() on attacker-controlled JWEs using PBES2 algorithms are affected. This issue has been patched in version 1.1.1. | |||||
| CVE-2026-34404 | 1 Nuxt | 1 Og Image | 2026-04-09 | N/A | 7.5 HIGH |
| Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /_og/d/ (and, in older versions, /og-image/) contains a Denial of Service (DoS) vulnerability. The issue arises because there is no restriction on the width and height parameters of the generated image. The vulnerability was reproduced using the standard configuration and the default templates. This issue has been patched in version 6.2.5. | |||||
| CVE-2026-26477 | 1 Dokuwiki | 1 Dokuwiki | 2026-04-09 | N/A | 4.3 MEDIUM |
| An issue in Dokuwiki v.2025-05-14b "Librarian" [56.2] allows a remote attacker to cause a denial of service via the media_upload_xhr() function in the media.php file | |||||
| CVE-2026-23869 | 2026-04-08 | N/A | 7.5 HIGH | ||
| A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack and react-server-dom-webpack (versions 19.0.0 through 19.0.4, 19.1.0 through 19.1.5, and 19.2.0 through 19.2.4). The vulnerability is triggered by sending specially crafted HTTP requests to Server Function endpoints.The payload of the HTTP request causes excessive CPU usage for up to a minute ending in a thrown error that is catchable. | |||||
| CVE-2024-6434 | 1 Leap13 | 1 Premium Addons For Elementor | 2026-04-08 | N/A | 3.1 LOW |
| The Premium Addons for Elementor plugin for WordPress is vulnerable to Regular Expression Denial of Service (ReDoS) in all versions up to, and including, 4.10.35. This is due to processing user-supplied input as a regular expression. This makes it possible for authenticated attackers, with Author-level access and above, to create and query a malicious post title, resulting in slowing server resources. | |||||
| CVE-2024-0842 | 1 Softaculous | 1 Backuply | 2026-04-08 | N/A | 7.5 HIGH |
| The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.6. This is due to direct access of the backuply/restore_ins.php file and. This makes it possible for unauthenticated attackers to make excessive requests that result in the server running out of resources. | |||||
| CVE-2026-31935 | 1 Oisf | 1 Suricata | 2026-04-07 | N/A | 7.5 HIGH |
| Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, flooding of craft HTTP2 continuation frames can lead to memory exhaustion, usually resulting in the Suricata process being shut down by the operating system. This issue has been patched in versions 7.0.15 and 8.0.4. | |||||
| CVE-2025-59440 | 1 Samsung | 40 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 37 more | 2026-04-07 | N/A | 7.5 HIGH |
| An issue was discovered in USIM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Improper handling of SIM card proactive commands leads to a Denial of Service. | |||||
| CVE-2025-54324 | 1 Samsung | 40 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 37 more | 2026-04-07 | N/A | 7.5 HIGH |
| An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Incorrect Handling of a DL NAS Transport packet leads to a Denial of Service. | |||||
| CVE-2025-58349 | 1 Samsung | 40 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 37 more | 2026-04-07 | N/A | 9.1 CRITICAL |
| An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Incorrect handling of LTE MAC packets containing many MAC Control Elements (CEs) leads to baseband crashes. | |||||
| CVE-2026-30405 | 1 Osrg | 1 Gobgp | 2026-04-07 | N/A | 7.5 HIGH |
| An issue in GoBGP gobgpd v.4.2.0 allows a remote attacker to cause a denial of service via the NEXT_HOP path attribute | |||||
| CVE-2026-23940 | 1 Hex | 1 Hexpm | 2026-04-06 | N/A | 6.5 MEDIUM |
| Uncontrolled Resource Consumption vulnerability in hexpm hexpm/hexpm allows Excessive Allocation. Publishing an oversized package can cause Hex.pm to run out of memory while extracting the uploaded package tarball. This can terminate the affected application instance and result in a denial of service for package publishing and potentially other package-processing functionality. This issue affects hexpm: before 495f01607d3eae4aed7ad09b2f54f31ec7a7df01; hex.pm: before 2026-03-10. | |||||
| CVE-2026-21619 | 2 Erlang, Hex | 3 Rebar3, Hex, Hex Core | 2026-04-06 | N/A | 7.5 HIGH |
| Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerability in hexpm hex_core (hex_api modules), hexpm hex (mix_hex_api modules), erlang rebar3 (r3_hex_api modules) allows Object Injection, Excessive Allocation. This vulnerability is associated with program files src/hex_api.erl, src/mix_hex_api.erl, apps/rebar/src/vendored/r3_hex_api.erl and program routines hex_core:request/4, mix_hex_api:request/4, r3_hex_api:request/4. This issue affects hex_core: from 0.1.0 before 0.12.1; hex: from 2.3.0 before 2.3.2; rebar3: from 3.9.1 before 3.27.0. | |||||
| CVE-2026-22815 | 1 Aiohttp | 1 Aiohttp | 2026-04-06 | N/A | 7.5 HIGH |
| AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling could cause uncapped memory usage. This issue has been patched in version 3.13.4. | |||||
| CVE-2026-33541 | 1 Wikitide | 1 Tsportal | 2026-04-03 | N/A | 6.5 MEDIUM |
| TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 34, a flaw in TSPortal allowed attackers to create arbitrary user records in the database by abusing validation logic. While validation correctly rejected invalid usernames, a side effect within a validation rule caused user records to be created regardless of whether the request succeeded. This could be exploited to cause uncontrolled database growth, leading to a potential denial of service (DoS). Version 34 contains a fix for the issue. | |||||