denial of service

LZ4 users and integrators should treat a recently published flaw as a pragmatic stability and supply‑chain risk: CVE‑2025‑62813 is a denial‑of‑service vulnerability in the widely used LZ4 library that affects releases through v1.10.0, rooted in improper NULL handling inside the frame API and...

Microsoft has recorded CVE-2025-59253 as a local Denial‑of‑Service (DoS) vulnerability in the Windows Search component and has published a security update for affected builds; the vendor characterizes the weakness as improper access control (CWE‑284) with a CVSS v3.1 base score of 5.5 (Medium)...

Microsoft disclosed CVE-2025-59190 on October 14, 2025: an improper input validation vulnerability in the Windows Search component that can be triggered locally to cause a denial-of-service condition, and Microsoft has published a security update for affected builds. Background Windows Search...

Microsoft has published a security advisory for CVE‑2025‑58729 — a denial‑of‑service flaw in the Windows Local Session Manager (LSM) that, according to vendor metadata and multiple independent trackers, can be triggered over the network by a low‑privilege (authorized) actor and is scored CVSS...

Microsoft’s October security updates close a path to system instability in the DirectX graphics stack: CVE-2025-55698 is a null pointer dereference in the DirectX Graphics Kernel that can be triggered remotely by an authenticated, low-privileged attacker to cause a denial of service (DoS) and...

Microsoft has published an advisory for CVE-2025-59502, a Remote Procedure Call (RPC) Denial of Service vulnerability that can allow an unauthenticated or low‑privilege actor to exhaust resources in Windows’ RPC stack and render services unavailable across a network. Background / Overview...

Microsoft has assigned CVE-2025-59259 to a newly disclosed denial-of-service flaw in the Windows Local Session Manager (LSM) that allows an authorized attacker to crash or otherwise deny service over a network; the issue carries a CVSS v3.1 base score of 6.5 (Medium) and was posted to...

Westermo’s industrial networking OS, WeOS 5, contains a remote-denial vulnerability that can trigger an immediate reboot when the device is configured for IPsec and sent a carefully crafted Encapsulating Security Payload (ESP) packet — an issue tracked as CVE‑2025‑46419 and documented by both...

Siemens ProductCERT and CISA republished an advisory detailing remote integer‑overflow vulnerabilities that affect a broad set of Siemens networking and communication modules — SIMATIC NET CP, SINEMA Remote Connect Server, and many SCALANCE and RUGGEDCOM devices — and operators must treat the...

Siemens’ sprawling product portfolio remains at the center of a major, ongoing industrial‑security effort after a broad advisory—originally published by Siemens ProductCERT and republished by U.S. cyber authorities—relisted scores of SCALANCE, RUGGEDCOM, SIMATIC, SIMOTION, SIPLUS and related...

CVE-2025-54114 (Cdpsvc) — What you need to know now Author: Senior Security Writer, WindowsForum.com Date: September 9, 2025 TL;DR — There’s confusion about the CVE number you provided. Microsoft’s Security Update Guide entry for the Connected Devices Platform Service (Cdpsvc) DoS is widely...

Microsoft’s advisory for a newly referenced HTTP.sys vulnerability describes an out‑of‑bounds read in the Windows HTTP protocol stack that can be triggered remotely against Internet Information Services (IIS) and other HTTP.sys consumers, allowing an unauthenticated attacker to cause a...

CISA’s August 21, 2025 advisory bundle added three urgent entries to the growing list of industrial control system (ICS) and medical-device vulnerabilities security teams must treat as high priority this month. The agency published advisories for a denial-of-service vector in the Mitsubishi...

Microsoft released emergency updates on August 12, 2025 to fix a high-severity flaw in Windows Remote Desktop Services that allows unauthenticated, network-based denial-of-service attacks against a wide range of Windows servers and desktops, tracked as CVE-2025-53722. Background Remote Desktop...

Rockwell Automation has issued—and CISA has republished—an advisory warning that specific 1756-series communication modules can enter a Major Non‑Recoverable fault or crash when presented with malformed or concurrent Forward Close messages, creating a practical denial‑of‑service risk for...

Siemens’ SIMATIC RTLS Locating Manager — the Windows-based server component that fuses UWB tag data into real-time location feeds — was the subject of a fresh security republishing on August 12–14, 2025 that calls out multiple mid-to-high severity flaws, including two newly tracked CVEs...

Microsoft’s advisory lists CVE-2025-53722 as a denial-of-service flaw in Windows Remote Desktop Services caused by uncontrolled resource consumption, allowing an attacker who can send requests over the network to exhaust resources and render RDS unavailable. Background Remote Desktop Services...

Microsoft has published an advisory for CVE-2025-50172: a vulnerability in the DirectX Graphics Kernel that permits authorized attackers to cause a denial‑of‑service (DoS) by allocating graphics resources without limits or throttling, potentially disrupting hosts and virtualized workloads that...

Microsoft’s advisory language and third‑party tracking show that the widely reported Hyper‑V flaw you referenced is cataloged as CVE‑2025‑47999, not CVE‑2025‑49751 — the difference appears to be a typo — and it describes a missing synchronization bug in Windows Hyper‑V that can be weaponized by...

A zero-day vulnerability lurking within the deepest layers of the Windows operating system is the sort of nightmare scenario that keeps IT professionals and security researchers up at night. The recent patch for CVE-2025-49686—a critical flaw identified by Marat Gayanov of Positive Technologies’...