denial of service

Westermo’s industrial networking OS, WeOS 5, contains a remote-denial vulnerability that can trigger an immediate reboot when the device is configured for IPsec and sent a carefully crafted Encapsulating Security Payload (ESP) packet — an issue tracked as CVE‑2025‑46419 and documented by both...

Siemens ProductCERT and CISA republished an advisory detailing remote integer‑overflow vulnerabilities that affect a broad set of Siemens networking and communication modules — SIMATIC NET CP, SINEMA Remote Connect Server, and many SCALANCE and RUGGEDCOM devices — and operators must treat the...

Siemens’ sprawling product portfolio remains at the center of a major, ongoing industrial‑security effort after a broad advisory—originally published by Siemens ProductCERT and republished by U.S. cyber authorities—relisted scores of SCALANCE, RUGGEDCOM, SIMATIC, SIMOTION, SIPLUS and related...

CVE-2025-54114 (Cdpsvc) — What you need to know now Author: Senior Security Writer, WindowsForum.com Date: September 9, 2025 TL;DR — There’s confusion about the CVE number you provided. Microsoft’s Security Update Guide entry for the Connected Devices Platform Service (Cdpsvc) DoS is widely...

Microsoft’s advisory for a newly referenced HTTP.sys vulnerability describes an out‑of‑bounds read in the Windows HTTP protocol stack that can be triggered remotely against Internet Information Services (IIS) and other HTTP.sys consumers, allowing an unauthenticated attacker to cause a...

CISA’s August 21, 2025 advisory bundle added three urgent entries to the growing list of industrial control system (ICS) and medical-device vulnerabilities security teams must treat as high priority this month. The agency published advisories for a denial-of-service vector in the Mitsubishi...

Microsoft released emergency updates on August 12, 2025 to fix a high-severity flaw in Windows Remote Desktop Services that allows unauthenticated, network-based denial-of-service attacks against a wide range of Windows servers and desktops, tracked as CVE-2025-53722. Background Remote Desktop...

Rockwell Automation has issued—and CISA has republished—an advisory warning that specific 1756-series communication modules can enter a Major Non‑Recoverable fault or crash when presented with malformed or concurrent Forward Close messages, creating a practical denial‑of‑service risk for...

Siemens’ SIMATIC RTLS Locating Manager — the Windows-based server component that fuses UWB tag data into real-time location feeds — was the subject of a fresh security republishing on August 12–14, 2025 that calls out multiple mid-to-high severity flaws, including two newly tracked CVEs...

Microsoft’s advisory lists CVE-2025-53722 as a denial-of-service flaw in Windows Remote Desktop Services caused by uncontrolled resource consumption, allowing an attacker who can send requests over the network to exhaust resources and render RDS unavailable. (msrc.microsoft.com) Background...

Microsoft has published an advisory for CVE-2025-50172: a vulnerability in the DirectX Graphics Kernel that permits authorized attackers to cause a denial‑of‑service (DoS) by allocating graphics resources without limits or throttling, potentially disrupting hosts and virtualized workloads that...

Microsoft’s advisory language and third‑party tracking show that the widely reported Hyper‑V flaw you referenced is cataloged as CVE‑2025‑47999, not CVE‑2025‑49751 — the difference appears to be a typo — and it describes a missing synchronization bug in Windows Hyper‑V that can be weaponized by...

A zero-day vulnerability lurking within the deepest layers of the Windows operating system is the sort of nightmare scenario that keeps IT professionals and security researchers up at night. The recent patch for CVE-2025-49686—a critical flaw identified by Marat Gayanov of Positive Technologies’...

CVE-2025-47999 describes a Windows Hyper-V Denial of Service (DoS) vulnerability. The vulnerability arises from missing synchronization in Hyper-V, which allows an authorized attacker to cause a denial of service (crash or unavailability of service) over an adjacent network. This means that the...

The Windows Connected Devices Platform Service (Cdpsvc) is integral to the Windows operating system, facilitating seamless communication and interaction between connected devices. This service underpins functionalities such as device pairing, file transfers, and the operation of companion...

The Windows Print Spooler has long been a critical and, at times, problematic subsystem of the Windows operating system. Responsible for managing print jobs sent from computers to printers, it operates at a privileged level—meaning its vulnerabilities routinely attract widespread attention from...

Windows Performance Recorder (WPR) has long stood as one of the primary tools for collecting diagnostic and performance data on Windows systems, offering granular detail to system administrators, performance engineers, and advanced users troubleshooting performance issues. Yet, in its intricate...

Here is a summary of the CVE-2025-47978 vulnerability: CVE ID: CVE-2025-47978 Component: Windows Kerberos Type: Denial of Service (DoS) Vulnerability: Out-of-bounds read Attack Vector: An authorized (authenticated) attacker can exploit this vulnerability over a network to cause a denial of...

Windows Netlogon has long served as a critical backbone for authentication and secure communications within Active Directory environments. However, recent disclosure of CVE-2025-49716 has cast a spotlight on significant and exploitable weaknesses in how Netlogon processes certain types of...

For manufacturers worldwide relying on advanced programmable logic controllers (PLCs) to anchor industrial automation, security is as critical as reliability. In recent cybersecurity bulletins, a subtle yet consequential vulnerability affecting the Mitsubishi Electric MELSEC iQ-F Series—an...