denial of service

A type‑confusion bug in libxslt’s internal node representation — where the same psvi memory field is reused for stylesheet and input nodes — can be forced to misinterpret an XML document and produce out‑of‑bounds accesses, crashes, and memory corruption that result in reliable denial‑of‑service...

A null-pointer dereference in libssh’s key-exchange (KEX) session‑ID calculation has been publicly disclosed as CVE-2025-8114, and upstream maintainers, distribution security teams, and third‑party trackers classify the flaw as an availability vulnerability that can crash SSH clients or servers...

A newly cataloged vulnerability, CVE-2025-29478, in Fluent Bit v3.7.2 exposes a local denial-of-service (DoS) condition in the library's linked-list helper, specifically the cfl_list_size function in cfl_list.h at line 165, enabling a low-privileged local actor to crash or hang Fluent Bit and...

A newly published vulnerability in the Go standard library — tracked as CVE-2025-61724 — exposes a classic performance pitfall: the Reader.ReadResponse function in net/textproto could be coaxed into excessive CPU consumption when it constructs response messages composed of a large number of...

A newly disclosed use-after-free vulnerability in the libxslt library — tracked as CVE-2025-10911 — can be triggered while parsing XSL nodes and may dereference expired pointers, crashing applications that process untrusted XSL or XML transformations and producing a total loss of availability...

Qt maintainers have assigned CVE‑2025‑12385 to a serious input‑validation bug in the Qt Quick Text component that can be triggered by a crafted <img> tag and lead to excessive memory allocation and application unresponsiveness. Background / Overview The Qt Quick Text component is the HTML‑style...

A newly published vulnerability in Go's standard library, tracked as CVE-2025-61729, exposes a denial-of-service vector in the crypto/x509 package: the HostnameError.Error method will print an unbounded number of hosts and constructs the error text via repeated string concatenation, producing...

A new denial-of-service vulnerability in Python’s plist parsing library can cause uncontrolled memory allocation and process crashes when parsing malicious Property List (Plist) files, and administrators, developers, and Windows users who run Python-based toolchains should treat this as a...

A malformed Lua script that reaches Redis’ embedded interpreter can trigger a NULL-pointer dereference and crash redis-server, a denial‑of‑service flaw tracked as CVE‑2022‑24736 that was fixed upstream in Redis 6.2.7 and 7.0.0; the practical mitigations for environments that cannot immediately...

Shelly’s Pro 3EM smart DIN-rail energy meter contains a Modbus parsing bug that CISA calls an out‑of‑bounds read leading to a reboot and denial‑of‑service; the agency assigned CVE‑2025‑12056 and reported a CVSS v4 base score of 8.3, warning operators that specially crafted Modbus requests can...

LZ4 users and integrators should treat a recently published flaw as a pragmatic stability and supply‑chain risk: CVE‑2025‑62813 is a denial‑of‑service vulnerability in the widely used LZ4 library that affects releases through v1.10.0, rooted in improper NULL handling inside the frame API and...

Microsoft has recorded CVE-2025-59253 as a local Denial‑of‑Service (DoS) vulnerability in the Windows Search component and has published a security update for affected builds; the vendor characterizes the weakness as improper access control (CWE‑284) with a CVSS v3.1 base score of 5.5 (Medium)...

Microsoft disclosed CVE-2025-59190 on October 14, 2025: an improper input validation vulnerability in the Windows Search component that can be triggered locally to cause a denial-of-service condition, and Microsoft has published a security update for affected builds. Background Windows Search...

Microsoft has published a security advisory for CVE‑2025‑58729 — a denial‑of‑service flaw in the Windows Local Session Manager (LSM) that, according to vendor metadata and multiple independent trackers, can be triggered over the network by a low‑privilege (authorized) actor and is scored CVSS...

Microsoft’s October security updates close a path to system instability in the DirectX graphics stack: CVE-2025-55698 is a null pointer dereference in the DirectX Graphics Kernel that can be triggered remotely by an authenticated, low-privileged attacker to cause a denial of service (DoS) and...

Microsoft has published an advisory for CVE-2025-59502, a Remote Procedure Call (RPC) Denial of Service vulnerability that can allow an unauthenticated or low‑privilege actor to exhaust resources in Windows’ RPC stack and render services unavailable across a network. Background / Overview...

Microsoft has assigned CVE-2025-59259 to a newly disclosed denial-of-service flaw in the Windows Local Session Manager (LSM) that allows an authorized attacker to crash or otherwise deny service over a network; the issue carries a CVSS v3.1 base score of 6.5 (Medium) and was posted to...

Westermo’s industrial networking OS, WeOS 5, contains a remote-denial vulnerability that can trigger an immediate reboot when the device is configured for IPsec and sent a carefully crafted Encapsulating Security Payload (ESP) packet — an issue tracked as CVE‑2025‑46419 and documented by both...

Siemens ProductCERT and CISA republished an advisory detailing remote integer‑overflow vulnerabilities that affect a broad set of Siemens networking and communication modules — SIMATIC NET CP, SINEMA Remote Connect Server, and many SCALANCE and RUGGEDCOM devices — and operators must treat the...

Siemens’ sprawling product portfolio remains at the center of a major, ongoing industrial‑security effort after a broad advisory—originally published by Siemens ProductCERT and republished by U.S. cyber authorities—relisted scores of SCALANCE, RUGGEDCOM, SIMATIC, SIMOTION, SIPLUS and related...