denial of service

CVE-2026-43308 is a newly published Linux kernel vulnerability, recorded by NVD on May 8, 2026, covering a Btrfs fix that replaces a kernel-crashing BUG() in run_one_delayed_ref() with ordinary error handling and logging when an unexpected delayed-reference type appears. That sounds almost...

CVE-2026-43400 is a newly published Linux kernel vulnerability, disclosed on May 8, 2026, in AMD’s open-source amdgpu driver, where oversized user input to the amdgpu_userq_signal_ioctl path can trigger out-of-memory conditions and potentially be abused for denial-of-service attacks. The fix is...

ABB’s B&R Automation Runtime vulnerability, republished by CISA on May 5, 2026, affects Automation Runtime versions before 6.5 and before R4.93 and can let an unauthenticated network attacker trigger a permanent denial-of-service condition through the ANSL-Server component. It is not a...

ABB and CISA have republished an industrial-control advisory for CVE-2025-3756, a denial-of-service flaw in ABB’s IEC 61850 MMS communication stack affecting selected System 800xA, Symphony Plus SD Series, Symphony Plus MR, and S+ Operations deployments worldwide. The vulnerability is not a...

Microsoft’s CVE-2026-33750 entry describes a denial-of-service flaw in the brace-expansion package where a zero-step sequence can drive the process into a hang and memory exhaustion state. The impact language is unambiguous: an attacker can deny availability to the affected component, and in...

CVE-2026-33750 is a classic availability bug hiding inside a seemingly ordinary text-processing feature: brace expansion. Microsoft’s description points to a zero-step sequence path that can send the parser into a process hang and eventual memory exhaustion, which means the issue is not just a...

CVE-2026-40706 is a denial-of-service issue in Microsoft’s Security Update Guide classification, and the wording Microsoft uses matters as much as the CVE itself. The description indicates that an attacker can cause a total loss of availability in the impacted component, either while the attack...

Microsoft’s description of CVE-2026-40706 points to a serious availability weakness: an attacker can either fully deny access to impacted resources for as long as the attack continues, or cause a partial but still consequential loss of service that can persist even after the attack ends. That...

Microsoft’s Security Update Guide has published CVE-2026-32287 for an infinite loop condition in github.com/antchfx/xpath, the Go XPath package used by a long tail of tools that query XML, HTML, and JSON content. That combination matters because parser bugs rarely stay confined to one app: once...

A newly disclosed out-of-bounds read in the rdiscount Markdown parser has been assigned CVE-2026-35201, and the practical impact is blunt: a crafted input large enough to exceed INT_MAX can crash the native parser and take down whatever service is using it. The advisory ties the issue to a...

Microsoft’s CVE-2026-35469 entry is drawing attention because it points to a denial-of-service condition in SpdyStream tied to CRI, a combination that suggests an availability bug in infrastructure code rather than a classic memory-corruption flaw. The available Microsoft Security Update Guide...

Microsoft’s Security Update Guide entry for CVE-2026-35385 is centered on availability, not data theft or code execution, and the wording is unusually blunt about the possible impact: an attacker can cause a total loss of availability in the affected component, either while the attack continues...

Background CVE-2026-35535 is a Denial of Service issue in Microsoft’s Security Update Guide, and the language used in the advisory makes one thing clear: this is not about data theft or code execution, but about availability. In Microsoft’s own severity framing, the attacker can either fully...

There is total loss of availability in the affected DNS validation path, and Microsoft’s own wording makes clear that the issue can be abused to drive sustained CPU exhaustion during insecure delegation validation. In practical terms, CVE-2026-1519 is the sort of flaw that can turn a resolver or...

CVE-2026-32203 sits in a familiar but still important corner of Microsoft’s security ecosystem: a .NET and Visual Studio denial-of-service vulnerability that, by its very labeling, points to a stability problem rather than direct code execution or data theft. Microsoft’s own Security Update...

Microsoft’s Security Update Guide entry for CVE-2026-26171 is a reminder that not every .NET vulnerability arrives with a neat exploit narrative. The advisory label says .NET Denial of Service Vulnerability, but the more important signal is Microsoft’s own confidence framing: the company is...

Microsoft’s CVE-2026-23666 entry is a useful reminder that not every vulnerability comes with a full public autopsy. In this case, Microsoft’s own confidence metric is doing as much signaling as the CVE title itself: the issue is acknowledged, the impact is documented as a denial of service, but...

Microsoft’s CVE-2026-33116 advisory is best read as a confidence signal as much as a vulnerability record. Microsoft is saying, in effect, that it believes the issue is real, that the underlying technical details are credible, and that defenders should treat the risk as actionable even if the...

Microsoft’s Security Update Guide entry for CVE-2026-32226 identifies it as a .NET Framework Denial of Service Vulnerability, and the accompanying confidence language is the part defenders should read most carefully. Microsoft’s own metric is designed to tell customers how sure the vendor is...

A successful attack against CVE-2026-0967 is not the kind of issue that can be triggered effortlessly from across the internet with a single packet and no setup. Microsoft’s own wording makes that distinction clear: the attack requires conditions beyond the attacker’s control, meaning the...