Total
3636 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-0382 | 1 M-files | 1 M-files Server | 2026-02-23 | 6.5 Medium |
| User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption. | ||||
| CVE-2025-59502 | 1 Microsoft | 21 Remote, Windows, Windows 10 and 18 more | 2026-02-22 | 7.5 High |
| Uncontrolled resource consumption in Windows Remote Procedure Call allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2023-4162 | 1 Broadcom | 1 Fabric Operating System | 2026-02-20 | 4.4 Medium |
| A segmentation fault can occur in Brocade Fabric OS after Brocade Fabric OS v9.0 and before Brocade Fabric OS v9.2.0a through the passwdcfg command. This could allow an authenticated privileged user local user to crash a Brocade Fabric OS swith using the cli “passwdcfg --set -expire -minDiff“. | ||||
| CVE-2023-4063 | 1 Hp | 84 1kr42a, 1kr42a Firmware, 1kr45a and 81 more | 2026-02-20 | 5.3 Medium |
| Certain HP OfficeJet Pro printers are potentially vulnerable to a Denial of Service when using an improper eSCL URL GET request. | ||||
| CVE-2019-10952 | 1 Rockwellautomation | 8 Armor Compact Guardlogix 5370, Armor Compact Guardlogix 5370 Firmware, Compactlogix 5370 L1 and 5 more | 2026-02-20 | 9.8 Critical |
| An attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote code execution caused by a stack-based buffer overflow vulnerability. A cold restart is required for recovering CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 - 30 and earlier. | ||||
| CVE-2026-25949 | 1 Traefik | 1 Traefik | 2026-02-20 | 7.5 High |
| Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.8, there is a potential vulnerability in Traefik managing STARTTLS requests. An unauthenticated client can bypass Traefik entrypoint respondingTimeouts.readTimeout by sending the 8-byte Postgres SSLRequest (STARTTLS) prelude and then stalling, causing connections to remain open indefinitely, leading to a denial of service. This vulnerability is fixed in 3.6.8. | ||||
| CVE-2021-21565 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | 5.3 Medium |
| Dell PowerScale OneFS versions 9.1.0.3 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses. | ||||
| CVE-2021-44228 | 13 Apache, Apple, Bentley and 10 more | 177 Log4j, Xcode, Synchro and 174 more | 2026-02-20 | 10 Critical |
| Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. | ||||
| CVE-2025-33068 | 1 Microsoft | 6 Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 and 3 more | 2026-02-20 | 7.5 High |
| Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2025-32724 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-02-20 | 7.5 High |
| Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-20139 | 1 Splunk | 3 Splunk, Splunk Cloud Platform, Splunk Enterprise | 2026-02-20 | 4.3 Medium |
| In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud Platform versions below 10.2.2510.3, 10.1.2507.8, 10.0.2503.9, and 9.3.2411.121, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload into the `realname`, `tz`, or `email` parameters of the `/splunkd/__raw/services/authentication/users/username` REST API endpoint when they change a password. This could potentially lead to a client‑side denial‑of‑service (DoS). The malicious payload might significantly slow page load times or render Splunk Web temporarily unresponsive. | ||||
| CVE-2025-48040 | 1 Erlang | 2 Erlang\/otp, Otp | 2026-02-20 | 5.3 Medium |
| Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12. | ||||
| CVE-2025-48038 | 1 Erlang | 2 Erlang\/otp, Otp | 2026-02-20 | 4.3 Medium |
| Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12. | ||||
| CVE-2025-48041 | 1 Erlang | 1 Erlang\/otp | 2026-02-20 | 4.3 Medium |
| Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12. | ||||
| CVE-2025-48039 | 1 Erlang | 2 Erlang\/otp, Otp | 2026-02-20 | 4.3 Medium |
| Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12. | ||||
| CVE-2026-21435 | 1 Quic-go | 1 Webtransport-go | 2026-02-19 | 5.3 Medium |
| webtransport-go is an implementation of the WebTransport protocol. Prior to v0.10.0, an attacker can cause a denial of service in webtransport-go by preventing or indefinitely delaying WebTransport session closure. A malicious peer can withhold QUIC flow control credit on the CONNECT stream, blocking transmission of the WT_CLOSE_SESSION capsule and causing the close operation to hang. This vulnerability is fixed in v0.10.0. | ||||
| CVE-2019-25401 | 1 Bematech | 1 Mp-4200 | 2026-02-19 | 7.5 High |
| Bematech (formerly Logic Controls, now Elgin) MP-4200 TH printer contains a denial of service vulnerability in the admin configuration page. Remote attackers can send crafted POST requests with malformed 'admin' and 'person' parameters to crash the printer's web service, causing a denial of service condition. | ||||
| CVE-2025-70347 | 1 Bellard | 1 Mquickjs | 2026-02-18 | 5.5 Medium |
| An issue in mquickjs before commit 74b7e (2026-01-15) allows a local attacker to cause a denial of service via a crafted file to the get_mblock_size function at mquickjs.c. | ||||
| CVE-2024-54192 | 1 Appneta | 1 Tcpreplay | 2026-02-18 | 5.5 Medium |
| An issue inTcpreplay v4.5.1 allows a local attacker to cause a denial of service via a crafted file to the tcpedit_dlt_getplugin function at src/tcpedit/plugins/dlt_utils.c. | ||||
| CVE-2026-25579 | 1 Navidrome | 1 Navidrome | 2026-02-18 | 6.5 Medium |
| Navidrome is an open source web-based music collection server and streamer. Prior to version 0.60.0, authenticated users can crash the Navidrome server by supplying an excessively large size parameter to /rest/getCoverArt or to a shared-image URL (/share/img/<token>). When processing such requests, the server attempts to create an extremely large resized image, causing uncontrolled memory growth. This triggers the Linux OOM killer, terminates the Navidrome process, and results in a full service outage. If the system has sufficient memory and survives the allocation, Navidrome then writes these extremely large resized images into its cache directory, allowing an attacker to rapidly exhaust server disk space as well. This issue has been patched in version 0.60.0. | ||||