dos

A subtle bug in a core JavaScript big‑number library has turned into a practical availability risk for Node.js applications: calling maskn(0) on a BN instance in versions of bn.js older than 5.2.3 can corrupt the object’s internal state and send commonly used methods such as toString() and...

The discovery of CVE-2025-53020 — a memory-management bug in Apache HTTP Server’s HTTP/2 implementation that can be turned into a denial‑of‑service by artificially inflating memory usage — is a practical wake-up call for anyone running Apache 2.4.x in production: the defect affects versions...

A denial-of-service weakness in the MySQL Server’s InnoDB/optimizer paths lets a high‑privileged, network‑connected actor repeatedly hang or crash the server process, causing sustained or persistent loss of availability for affected MySQL installations. Background / Overview MySQL remains a...

Oracle’s July 2025 Critical Patch Update added a new entry to the long list of MySQL security advisories: CVE-2025-50093, a denial-of-service weakness in the MySQL Server’s DDL subsystem that can be triggered by a high‑privilege actor with network access and can cause the server to hang or crash...

A newly disclosed vulnerability in Node.js — tracked as CVE-2024-22025 — allows an attacker who controls a URL passed into the built-in fetch() implementation to cause a Denial of Service (DoS) by driving the process into resource exhaustion through Brotli decompression. In practical terms...

Libvirt has been assigned CVE-2024-1441 for an off-by-one bug in the udevListInterfacesByStatus() function that can be triggered by an unprivileged client to crash the libvirt daemon, producing a denial-of-service condition for virtualization management on affected systems. Background Libvirt is...

A newly assigned CVE, CVE-2025-15284, exposes a subtle but impactful logic hole in the popular Node.js query-string parser package qs that allows attackers to bypass configured array-size limits and trigger denial-of-service (DoS) through memory exhaustion when requests use bracket notation...

A heap‑based buffer overflow in the HDF5 library — specifically in the H5F__accum_free function inside src/H5Faccum.c and tracked as CVE‑2025‑2915 — has been publicly disclosed, includes a reproducible proof‑of‑concept and affects HDF5 releases up to and including 1.14.6; the immediate, reliable...

MariaDB servers across multiple release lines are vulnerable to a denial‑of‑service crash (CVE‑2023‑52970) when processing certain queries that exercise the Item_direct_view_ref::derived_field_transformer_for_where logic, and operators should treat this as an immediate patching priority...

Elasticsearch operators must treat a newly published vulnerability, tracked as CVE-2025-68390, as a near-term priority: the flaw permits an authenticated user with snapshot restore privileges to trigger excessive memory allocation and a denial-of-service (DoS) via a crafted HTTP request. Elastic...

Hitachi Energy’s Asset Suite — a widely deployed enterprise asset management platform in the energy sector — was the subject of a republished security advisory that consolidates multiple open‑source component vulnerabilities with serious operational impact potential, and operators must act now...

Hitachi Energy’s widely deployed RTU500 series has been the subject of a renewed and broad advisory outlining multiple, exploitable parsing and memory-corruption flaws that can trigger Denial‑of‑Service (DoS) conditions and — in at least one case — permit bypass of secure firmware update checks...

Schneider Electric has published fixes and CISA republished an advisory after coordinated disclosure of two vulnerabilities in EcoStruxure Building Operation / Enterprise Server and associated Workstation components that could enable an authenticated, adjacent‑network attacker to cause a...

Siemens has published a high‑severity ProductCERT advisory (SSA‑722410) describing multiple remotely exploitable vulnerabilities in its User Management Component (UMC), including a stack‑based buffer overflow that Siemens scores as critical and three separate out‑of‑bounds read issues that can...

Siemens’ Industrial Edge Management OS (IEM‑OS) is exposed to a remotely exploitable denial‑of‑service condition tied to the Apache Commons FileUpload library (tracked as CVE‑2025‑48976), and the vendor’s published guidance makes clear that affected IEM‑OS installs — all reported versions — have...

Windows 3.0’s arrival in 1990 was less a single product launch than a change in the way millions of people thought about personal computing — and yes, the tiny game of Solitaire bundled with it played a surprisingly large role in that cultural shift. Background / Overview Windows 3.0 launched...

Newtonsoft.Json versions prior to 13.0.1 contain a well-documented flaw—tracked as CVE-2024-21907—where deeply nested or crafted JSON can force the library into a StackOverflow or resource‑exhaustion condition when parsing or serializing, producing a remote-denial‑of‑service (DoS) vector for...

CVE-2025-54114 (Cdpsvc) — What you need to know now Author: Senior Security Writer, WindowsForum.com Date: September 9, 2025 TL;DR — There’s confusion about the CVE number you provided. Microsoft’s Security Update Guide entry for the Connected Devices Platform Service (Cdpsvc) DoS is widely...

Microsoft’s security advisory for CVE-2025-53809 warns that improper input validation in the Windows Local Security Authority Subsystem Service (LSASS) can be abused by an authorized attacker to cause a denial of service (DoS) over a network, putting authentication services and domain...

Microsoft’s advisory for a newly referenced HTTP.sys vulnerability describes an out‑of‑bounds read in the Windows HTTP protocol stack that can be triggered remotely against Internet Information Services (IIS) and other HTTP.sys consumers, allowing an unauthenticated attacker to cause a...