Total
85 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-35633 | 2026-04-09 | N/A | 5.3 MEDIUM | ||
| OpenClaw before 2026.3.22 contains an unbounded memory allocation vulnerability in remote media HTTP error handling that allows attackers to trigger excessive memory consumption. Attackers can send crafted HTTP error responses with large bodies to remote media endpoints, causing the application to allocate unbounded memory before failure handling occurs. | |||||
| CVE-2026-35186 | 2026-04-09 | N/A | N/A | ||
| Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler backend contains a bug where translating the table.grow operator causes the result to be incorrectly typed. For 32-bit tables this means that the result of the operator, internally in Winch, is tagged as a 64-bit value instead of a 32-bit value. This invalid internal representation of Winch's compiler state compounds into further issues depending on how the value is consumed. The primary consequence of this bug is that bytes in the host's address space can be stored/read from. This is only applicable to the 16 bytes before linear memory, however, as the only significant return value of table.grow that can be misinterpreted is -1. The bytes before linear memory are, by default, unmapped memory. Wasmtime will detect this fault and abort the process, however, because wasm should not be able to access these bytes. Overall this this bug in Winch represents a DoS vector by crashing the host process, a correctness issue within Winch, and a possible leak of up to 16-bytes before linear memory. Wasmtime's default compiler is Cranelift, not Winch, and Wasmtime's default settings are to place guard pages before linear memory. This means that Wasmtime's default configuration is not affected by this issue, and when explicitly choosing Winch Wasmtime's otherwise default configuration leads to a DoS. Disabling guard pages before linear memory is required to possibly leak up to 16-bytes of host data. This vulnerability is fixed in 36.0.7, 42.0.2, and 43.0.1. | |||||
| CVE-2026-39882 | 1 Opentelemetry | 1 Opentelemetry | 2026-04-09 | N/A | 5.3 MEDIUM |
| OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1.43.0, the otlp HTTP exporters (traces/metrics/logs) read the full HTTP response body into an in-memory bytes.Buffer without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is attacker-controlled (or a network attacker can mitm the exporter connection). This vulnerability is fixed in 1.43.0. | |||||
| CVE-2025-62600 | 2 Debian, Eprosima | 2 Debian Linux, Fast Dds | 2026-04-09 | N/A | 8.6 HIGH |
| eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an Out-Of-Memory (OOM) condition, resulting in remote termination of Fast-DDS. If the fields of PID_IDENTITY_TOKEN or PID_PERMISSION_TOKEN in the DATA Submessage — specifically by tampering with the length field in readBinaryPropertySeq— are modified, an integer overflow occurs, leading to an OOM during the resize operation. This vulnerability is fixed in 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1. | |||||
| CVE-2025-62599 | 2 Debian, Eprosima | 2 Debian Linux, Fast Dds | 2026-04-09 | N/A | 8.6 HIGH |
| eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an Out-Of-Memory (OOM) condition, resulting in remote termination of Fast-DDS. If the fields of PID_IDENTITY_TOKEN or PID_PERMISSION_TOKEN in the DATA Submessage — specifically by tampering with the length field in readPropertySeq — are modified, an integer overflow occurs, leading to an OOM during the resize operation. This vulnerability is fixed in 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1. | |||||
| CVE-2026-39312 | 2026-04-08 | N/A | 7.5 HIGH | ||
| SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. In 5.2.5188 and earlier, a pre-authentication denial-of-service vulnerability exists in SoftEther VPN Developer Edition 5.2.5188 (and likely earlier versions of Developer Edition). An unauthenticated remote attacker can crash the vpnserver process by sending a single malformed EAP-TLS packet over raw L2TP (UDP/1701), terminating all active VPN sessions. | |||||
| CVE-2026-24146 | 2026-04-08 | N/A | 7.5 HIGH | ||
| NVIDIA Triton Inference Server contains a vulnerability where insufficient input validation and a large number of outputs could cause a server crash. A successful exploit of this vulnerability might lead to denial of service. | |||||
| CVE-2026-35549 | 2026-04-03 | N/A | 6.5 MEDIUM | ||
| An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the caching_sha2_password authentication plugin is installed, and some user accounts are configured to use it, a large packet can crash the server because sha256_crypt_r uses alloca. | |||||
| CVE-2026-24030 | 2026-04-01 | N/A | 5.3 MEDIUM | ||
| An attacker might be able to trick DNSdist into allocating too much memory while processing DNS over QUIC or DNS over HTTP/3 payloads, resulting in a denial of service. In setups with a large quantity of memory available this usually results in an exception and the QUIC connection is properly closed, but in some cases the system might enter an out-of-memory state instead and terminate the process. | |||||
| CVE-2026-24158 | 1 Nvidia | 1 Triton Inference Server | 2026-03-31 | N/A | 7.5 HIGH |
| NVIDIA Triton Inference Server contains a vulnerability in the HTTP endpoint where an attacker may cause a denial of service by providing a large compressed payload. A successful exploit of this vulnerability may lead to denial of service. | |||||
| CVE-2026-28253 | 1 Trane | 5 Tracer Concierge, Tracer Sc, Tracer Sc\+ and 2 more | 2026-03-27 | N/A | 7.5 HIGH |
| A Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to cause a denial-of-service condition | |||||
| CVE-2026-33174 | 1 Rubyonrails | 1 Rails | 2026-03-24 | N/A | 7.5 HIGH |
| Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when serving files through Active Storage's proxy delivery mode, the proxy controller loads the entire requested byte range into memory before sending it. A request with a large or unbounded Range header (e.g. `bytes=0-`) could cause the server to allocate memory proportional to the file size, possibly resulting in a DoS vulnerability through memory exhaustion. Versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 contain a patch. | |||||
| CVE-2026-32941 | 1 Bishopfox | 1 Sliver | 2026-03-24 | N/A | 6.5 MEDIUM |
| Sliver is a command and control framework that uses a custom Wireguard netstack. Versions 1.7.3 and below contain a Remote OOM (Out-of-Memory) vulnerability in the Sliver C2 server's mTLS and WireGuard C2 transport layer. The socketReadEnvelope and socketWGReadEnvelope functions trust an attacker-controlled 4-byte length prefix to allocate memory, with ServerMaxMessageSize allowing single allocations of up to ~2 GiB. A compromised implant or an attacker with valid credentials can exploit this by sending fabricated length prefixes over concurrent yamux streams (up to 128 per connection), forcing the server to attempt allocating ~256 GiB of memory and triggering an OS OOM kill. This crashes the Sliver server, disrupts all active implant sessions, and may degrade or kill other processes sharing the same host. The same pattern also affects all implant-side readers, which have no upper-bound check at all. The issue was not fixed at the the time of publication. | |||||
| CVE-2026-32836 | 1 Mackron | 1 Dr Libs | 2026-03-20 | N/A | 5.5 MEDIUM |
| dr_libs dr_flac.h version 0.13.3 and earlier contain an uncontrolled memory allocation vulnerability in drflac__read_and_decode_metadata() that allows attackers to trigger excessive memory allocation by supplying crafted PICTURE metadata blocks. Attackers can exploit attacker-controlled mimeLength and descriptionLength fields to cause denial of service through memory exhaustion when processing FLAC streams with metadata callbacks. | |||||
| CVE-2026-26931 | 2026-03-20 | N/A | 5.7 MEDIUM | ||
| Memory Allocation with Excessive Size Value (CWE-789) in the Prometheus remote_write HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation (CAPEC-130). | |||||
| CVE-2026-2456 | 1 Mattermost | 1 Mattermost Server | 2026-03-18 | N/A | 5.3 MEDIUM |
| Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 Mattermost fails to limit the size of responses from integration action endpoints, which allows an authenticated attacker to cause server memory exhaustion and denial of service via a malicious integration server that returns an arbitrarily large response when a user clicks an interactive message button.. Mattermost Advisory ID: MMSA-2026-00571 | |||||
| CVE-2026-25780 | 1 Mattermost | 1 Mattermost Server | 2026-03-18 | N/A | 4.3 MEDIUM |
| Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to bound memory allocation when processing DOC files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted DOC file.. Mattermost Advisory ID: MMSA-2026-00581 | |||||
| CVE-2026-26246 | 1 Mattermost | 1 Mattermost Server | 2026-03-18 | N/A | 4.3 MEDIUM |
| Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to bound memory allocation when processing PSD image files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted PSD file. Mattermost Advisory ID: MMSA-2026-00572 | |||||
| CVE-2026-29776 | 1 Freerdp | 1 Freerdp | 2026-03-17 | N/A | 3.1 LOW |
| FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, Integer Underflow in update_read_cache_bitmap_order Function of FreeRDP's Core Library This vulnerability is fixed in 3.24.0. | |||||
| CVE-2026-27809 | 1 Psd-tools Project | 1 Psd-tools | 2026-03-02 | N/A | 9.1 CRITICAL |
| psd-tools is a Python package for working with Adobe Photoshop PSD files. Prior to version 1.12.2, when a PSD file contains malformed RLE-compressed image data (e.g. a literal run that extends past the expected row size), decode_rle() raises ValueError which propagated all the way to the user, crashing psd.composite() and psd-tools export. decompress() already had a fallback that replaces failed channels with black pixels when result is None, but it never triggered because the ValueError from decode_rle() was not caught. The fix in version 1.12.2 wraps the decode_rle() call in a try/except so the existing fallback handles the error gracefully. | |||||