denial of service

CVE-2026-31767 is a Linux kernel vulnerability published on May 1, 2026, affecting Intel’s i915 DSI display path, where a faulty Display Stream Compression timing adjustment can trigger a local divide-by-zero crash on certain systems. The bug is rated medium severity, not because it opens a...

Microsoft disclosed CVE-2026-40413, a Windows TCP/IP denial-of-service vulnerability, in its May 12, 2026 Patch Tuesday release, rating it Important with a CVSS base score of 7.4 and listing no known public disclosure or exploitation at release. The dry wording hides the real operational point...

Microsoft disclosed CVE-2026-34339, a Windows Lightweight Directory Access Protocol denial-of-service vulnerability, in its May 12, 2026 Patch Tuesday release, adding it to a 137-CVE Microsoft security batch that also includes Windows TCP/IP, Netlogon, DNS, Hyper-V, Office, Edge, Azure, and...

Microsoft disclosed CVE-2026-40405 on May 12, 2026, as an Important-rated Windows TCP/IP denial-of-service vulnerability caused by a null pointer dereference that lets an unauthenticated attacker deny service over the network on affected Windows 11 and Windows Server 2025 systems. The...

Microsoft disclosed CVE-2026-35424 on May 12, 2026, as a Windows Internet Key Exchange protocol denial-of-service vulnerability, affecting systems that expose IKE/IPsec negotiation paths used by VPNs, secure tunnels, and policy-driven encrypted network communications. The advisory does not make...

CVE-2026-43308 is a newly published Linux kernel vulnerability, recorded by NVD on May 8, 2026, covering a Btrfs fix that replaces a kernel-crashing BUG() in run_one_delayed_ref() with ordinary error handling and logging when an unexpected delayed-reference type appears. That sounds almost...

CVE-2026-43400 is a newly published Linux kernel vulnerability, disclosed on May 8, 2026, in AMD’s open-source amdgpu driver, where oversized user input to the amdgpu_userq_signal_ioctl path can trigger out-of-memory conditions and potentially be abused for denial-of-service attacks. The fix is...

ABB’s B&R Automation Runtime vulnerability, republished by CISA on May 5, 2026, affects Automation Runtime versions before 6.5 and before R4.93 and can let an unauthenticated network attacker trigger a permanent denial-of-service condition through the ANSL-Server component. It is not a...

ABB and CISA have republished an industrial-control advisory for CVE-2025-3756, a denial-of-service flaw in ABB’s IEC 61850 MMS communication stack affecting selected System 800xA, Symphony Plus SD Series, Symphony Plus MR, and S+ Operations deployments worldwide. The vulnerability is not a...

Microsoft’s CVE-2026-33750 entry describes a denial-of-service flaw in the brace-expansion package where a zero-step sequence can drive the process into a hang and memory exhaustion state. The impact language is unambiguous: an attacker can deny availability to the affected component, and in...

CVE-2026-33750 is a classic availability bug hiding inside a seemingly ordinary text-processing feature: brace expansion. Microsoft’s description points to a zero-step sequence path that can send the parser into a process hang and eventual memory exhaustion, which means the issue is not just a...

CVE-2026-40706 is a denial-of-service issue in Microsoft’s Security Update Guide classification, and the wording Microsoft uses matters as much as the CVE itself. The description indicates that an attacker can cause a total loss of availability in the impacted component, either while the attack...

Microsoft’s description of CVE-2026-40706 points to a serious availability weakness: an attacker can either fully deny access to impacted resources for as long as the attack continues, or cause a partial but still consequential loss of service that can persist even after the attack ends. That...

Microsoft’s Security Update Guide has published CVE-2026-32287 for an infinite loop condition in github.com/antchfx/xpath, the Go XPath package used by a long tail of tools that query XML, HTML, and JSON content. That combination matters because parser bugs rarely stay confined to one app: once...

A newly disclosed out-of-bounds read in the rdiscount Markdown parser has been assigned CVE-2026-35201, and the practical impact is blunt: a crafted input large enough to exceed INT_MAX can crash the native parser and take down whatever service is using it. The advisory ties the issue to a...

Microsoft’s CVE-2026-35469 entry is drawing attention because it points to a denial-of-service condition in SpdyStream tied to CRI, a combination that suggests an availability bug in infrastructure code rather than a classic memory-corruption flaw. The available Microsoft Security Update Guide...

Microsoft’s Security Update Guide entry for CVE-2026-35385 is centered on availability, not data theft or code execution, and the wording is unusually blunt about the possible impact: an attacker can cause a total loss of availability in the affected component, either while the attack continues...

Background CVE-2026-35535 is a Denial of Service issue in Microsoft’s Security Update Guide, and the language used in the advisory makes one thing clear: this is not about data theft or code execution, but about availability. In Microsoft’s own severity framing, the attacker can either fully...

There is total loss of availability in the affected DNS validation path, and Microsoft’s own wording makes clear that the issue can be abused to drive sustained CPU exhaustion during insecure delegation validation. In practical terms, CVE-2026-1519 is the sort of flaw that can turn a resolver or...

CVE-2026-32203 sits in a familiar but still important corner of Microsoft’s security ecosystem: a .NET and Visual Studio denial-of-service vulnerability that, by its very labeling, points to a stability problem rather than direct code execution or data theft. Microsoft’s own Security Update...