Total
2693 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-4727 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-13 | N/A | 7.5 HIGH |
| Denial-of-service in the Libraries component in NSS. This vulnerability was fixed in Firefox 149 and Thunderbird 149. | |||||
| CVE-2026-4726 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-13 | N/A | 7.5 HIGH |
| Denial-of-service in the XML component. This vulnerability was fixed in Firefox 149 and Thunderbird 149. | |||||
| CVE-2026-4704 | 1 Mozilla | 1 Firefox | 2026-04-13 | N/A | 7.5 HIGH |
| Denial-of-service in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. | |||||
| CVE-2026-0889 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-13 | N/A | 7.5 HIGH |
| Denial-of-service in the DOM: Service Workers component. This vulnerability was fixed in Firefox 147 and Thunderbird 147. | |||||
| CVE-2025-9182 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-13 | N/A | 7.5 HIGH |
| Denial-of-service due to out-of-memory in the Graphics: WebRender component. This vulnerability was fixed in Firefox 142, Firefox ESR 140.2, Thunderbird 142, and Thunderbird 140.2. | |||||
| CVE-2025-55029 | 1 Mozilla | 1 Firefox | 2026-04-13 | N/A | 7.5 HIGH |
| Malicious scripts could bypass the popup blocker to spam new tabs, potentially resulting in denial of service attacks. This vulnerability was fixed in Firefox for iOS 142. | |||||
| CVE-2025-55028 | 1 Mozilla | 1 Firefox | 2026-04-13 | N/A | 6.5 MEDIUM |
| Malicious scripts utilizing repetitive JavaScript alerts could prevent client user interaction in some scenarios and allow for denial of service attacks. This vulnerability was fixed in Firefox for iOS 142. | |||||
| CVE-2026-34166 | 1 Liquidjs | 1 Liquidjs | 2026-04-10 | N/A | 3.7 LOW |
| LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, the replace filter in LiquidJS incorrectly accounts for memory usage when the memoryLimit option is enabled. It charges str.length + pattern.length + replacement.length bytes to the memory limiter, but the actual output from str.split(pattern).join(replacement) can be quadratically larger when the pattern occurs many times in the input string. This allows an attacker who controls template content to bypass the memoryLimit DoS protection with approximately 2,500x amplification, potentially causing out-of-memory conditions. This vulnerability is fixed in 10.25.3. | |||||
| CVE-2026-0049 | 1 Google | 1 Android | 2026-04-10 | N/A | 6.2 MEDIUM |
| In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2026-33204 | 1 Kelvinmo | 1 Simplejwt | 2026-04-10 | N/A | 7.5 HIGH |
| SimpleJWT is a simple JSON web token library written in PHP. Prior to version 1.1.1, an unauthenticated attacker can perform a Denial of Service via JWE header tampering when PBES2 algorithms are used. Applications that call JWE::decrypt() on attacker-controlled JWEs using PBES2 algorithms are affected. This issue has been patched in version 1.1.1. | |||||
| CVE-2026-34404 | 1 Nuxt | 1 Og Image | 2026-04-09 | N/A | 7.5 HIGH |
| Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /_og/d/ (and, in older versions, /og-image/) contains a Denial of Service (DoS) vulnerability. The issue arises because there is no restriction on the width and height parameters of the generated image. The vulnerability was reproduced using the standard configuration and the default templates. This issue has been patched in version 6.2.5. | |||||
| CVE-2026-26477 | 1 Dokuwiki | 1 Dokuwiki | 2026-04-09 | N/A | 4.3 MEDIUM |
| An issue in Dokuwiki v.2025-05-14b "Librarian" [56.2] allows a remote attacker to cause a denial of service via the media_upload_xhr() function in the media.php file | |||||
| CVE-2026-23869 | 2026-04-08 | N/A | 7.5 HIGH | ||
| A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack and react-server-dom-webpack (versions 19.0.0 through 19.0.4, 19.1.0 through 19.1.5, and 19.2.0 through 19.2.4). The vulnerability is triggered by sending specially crafted HTTP requests to Server Function endpoints.The payload of the HTTP request causes excessive CPU usage for up to a minute ending in a thrown error that is catchable. | |||||
| CVE-2024-6434 | 1 Leap13 | 1 Premium Addons For Elementor | 2026-04-08 | N/A | 3.1 LOW |
| The Premium Addons for Elementor plugin for WordPress is vulnerable to Regular Expression Denial of Service (ReDoS) in all versions up to, and including, 4.10.35. This is due to processing user-supplied input as a regular expression. This makes it possible for authenticated attackers, with Author-level access and above, to create and query a malicious post title, resulting in slowing server resources. | |||||
| CVE-2024-0842 | 1 Softaculous | 1 Backuply | 2026-04-08 | N/A | 7.5 HIGH |
| The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.6. This is due to direct access of the backuply/restore_ins.php file and. This makes it possible for unauthenticated attackers to make excessive requests that result in the server running out of resources. | |||||
| CVE-2026-31935 | 1 Oisf | 1 Suricata | 2026-04-07 | N/A | 7.5 HIGH |
| Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, flooding of craft HTTP2 continuation frames can lead to memory exhaustion, usually resulting in the Suricata process being shut down by the operating system. This issue has been patched in versions 7.0.15 and 8.0.4. | |||||
| CVE-2025-59440 | 1 Samsung | 40 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 37 more | 2026-04-07 | N/A | 7.5 HIGH |
| An issue was discovered in USIM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Improper handling of SIM card proactive commands leads to a Denial of Service. | |||||
| CVE-2025-54324 | 1 Samsung | 40 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 37 more | 2026-04-07 | N/A | 7.5 HIGH |
| An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Incorrect Handling of a DL NAS Transport packet leads to a Denial of Service. | |||||
| CVE-2025-58349 | 1 Samsung | 40 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 37 more | 2026-04-07 | N/A | 9.1 CRITICAL |
| An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Incorrect handling of LTE MAC packets containing many MAC Control Elements (CEs) leads to baseband crashes. | |||||
| CVE-2026-30405 | 1 Osrg | 1 Gobgp | 2026-04-07 | N/A | 7.5 HIGH |
| An issue in GoBGP gobgpd v.4.2.0 allows a remote attacker to cause a denial of service via the NEXT_HOP path attribute | |||||