Tag: dos
-
SAP Patch Day Fixes Critical SQL Injection, DoS, and Code Injection Flaws
SAP released its monthly Security Patch Day updates, addressing 19 new security notes and one update to a previously released note. According to the official SAP Support Portal, these patches resolve severe vulnerabilities, including critical SQL injection, Denial of Service (DoS), and code injection flaws. SAP strongly advises all administrators to review these updates and…
-
New React Server Components Flaw Could Let Attackers Trigger DoS
A newly disclosed high-severity vulnerability in React Server Components could allow unauthenticated attackers to trigger a Denial of Service (DoS) condition. Tracked as CVE-2026-23869, this flaw poses a significant risk to web applications using specific server-side rendering packages. Because the exploit requires no privileges and involves low attack complexity, threat actors can easily target vulnerable…
-
GitLab Addresses Multiple Vulnerabilities Linked to DoS and Code Injection
GitLab has rolled out a crucial security update to fix multiple vulnerabilities across its Community Edition (CE) and Enterprise Edition (EE) platforms. Organizations utilizing self-managed GitLab instances are strongly advised by GitLab security experts to apply these updates immediately to prevent potential exploitation. Customers utilizing GitLab Dedicated or the cloud-hosted GitLab.com services are already protected…
-
(g+) Windows: Der Update-Guide für Secure Boot
Die Secure-Boot-Zertifikate laufen bald aus und müssen getauscht werden. Unser Leitfaden zeigt, welche To-dos auf Admins zukommen. First seen on golem.de Jump to article: www.golem.de/news/windows-der-update-guide-fuer-secure-boot-2604-207330.html
-
Fuse und Undertow – Schwachstellen in Red Hat ermöglichen DoS, Remote Code und Datendiebstahl
First seen on security-insider.de Jump to article: www.security-insider.de/red-hat-fuse-undertow-schwachstellen-dos-codeausfuehrung-a-d40b84bfce65f35d87287b9bb1b96fb6/
-
TP-Link Router Flaws Allowed Attackers to Launch DoS Attacks and Cause Crashes
TP-Link has recently addressed a batch of severe vulnerabilities affecting the Tapo C520WS security camera system. Security cameras are critical pieces of equipment for home and business safety, making device stability a top priority. When vulnerabilities allow threat actors to knock these devices offline or change their settings without permission, it poses a direct risk…
-
TP-Link Router Flaws Allowed Attackers to Launch DoS Attacks and Cause Crashes
TP-Link has recently addressed a batch of severe vulnerabilities affecting the Tapo C520WS security camera system. Security cameras are critical pieces of equipment for home and business safety, making device stability a top priority. When vulnerabilities allow threat actors to knock these devices offline or change their settings without permission, it poses a direct risk…
-
5-month-old F5 BIG-IP DoS bug becomes critical RCE exploited in the wild
/run/bigtlog.pipe and /run/bigstart.ltm and makes changes to system binaries, including /usr/bin/umount and /usr/sbin/httpd. Attackers have also been observed modifying the sys-eicheck utility, which relies on RPM integrity checks to verify on-disk executables.Log analysis can reveal patterns related to the attack. The user “f5hubblelcdadmin” accessing the iControl REST API from localhost, SELinux disable commands in auditd…
-
Node.js Fixes Critical Flaws, Patches DoS Risk in Latest Security Update
The Node.js project has issued a series of security updates addressing multiple vulnerabilities across its active release lines. The update covers versions in the 20.x, 22.x, 24.x, and 25.x branches, and includes fixes for several high, medium, and low severity issues. Among the most notable concerns is CVE-2026-21637, which appears prominently in the release due…
-
Node.js Releases Urgent Patches for Multiple Vulnerabilities Exposing Systems to DoS and Crashes
The Node.js project issued a critical security update for its Long-Term Support (LTS) branch, marking version 20.20.2 ‘Iron’ as a security release. This urgent patch addresses seven distinct vulnerabilities impacting TLS error handling, HTTP/2 flow control, cryptographic timing, and permission models. Several of these issues can be exploited remotely without authentication, posing an immediate risk…
-
Fehler in Node.js-Projekten – IBM App Connect durch DoS-Angriffe gefährdet
First seen on security-insider.de Jump to article: www.security-insider.de/ibm-app-connect-enterprise-kritische-schwachstellen-dos-a-1f0050cd51875d8992057cfff1568d86/
-
CrackArmor Flaws Expose Linux Systems to Privilege Escalation
CrackArmor AppArmor flaws let local Linux users gain root, break containers and enable DoS attacks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/crackarmor-linux-privilege/
-
CrackArmor Flaws Expose Linux Systems to Privilege Escalation
CrackArmor AppArmor flaws let local Linux users gain root, break containers and enable DoS attacks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/crackarmor-linux-privilege/
-
DR-DOS rises again rebuilt from scratch, not open source
Project claims legal clarity and zero legacy code, but offers binaries only First seen on theregister.com Jump to article: www.theregister.com/2026/03/11/drdos_9/
-
Microsoft’s March 2026 Patch Tuesday Addresses 83 CVEs (CVE-2026-21262, CVE-2026-26127)
8Critical 75Important 0Moderate 0Low Microsoft addresses 83 CVEs including two vulnerabilities that were publicly disclosed prior to a patch being released. Microsoft patched 83 CVEs in its March 2026 Patch Tuesday release, with eight rated critical and 75 rated as important. Our counts omitted one CVE (CVE-2026-26030) assigned by GitHub. This month’s update includes patches…
-
Apache ActiveMQ Flaw Enables DoS Attacks via Malformed Network Packets
Security researchers have uncovered a significant vulnerability in Apache ActiveMQ, a popular open-source message broker used by enterprises to route data between applications. Tracked as CVE-2025-66168, this security flaw allows malicious actors to trigger unexpected broker behavior and potential denial-of-service (DoS) conditions by sending specifically crafted, malformed network packets. A successful attack against a message…
-
New MongoDB Vulnerability Allows Attackers to Crash Servers, Exposing Critical Data
Cato CTRL’s senior security researcher, Vitaly Simonovich, has uncovered a high-severity dos vulnerability in MongoDB, tracked as CVE-2026-25611, that lets unauthenticated attackers crash any exposed MongoDB server.”‹ CVE-2026-25611 is rooted in MongoDB’sOP_COMPRESSED wire protocol, a compression feature introduced in version 3.4 and enabled by default since version 3.6. The flaw is classified underCWE-405 (Asymmetric Resource Consumption),…
-
14 old software bugs that took way too long to squash
Tags: access, api, attack, authentication, automation, bug-bounty, communications, computer, control, credentials, cve, cvss, cyber, data, data-breach, dns, dos, encryption, exploit, flaw, hacker, Hardware, infosec, infrastructure, Internet, kaspersky, linux, malicious, malware, microsoft, mitigation, network, nist, open-source, password, programming, remote-code-execution, risk, service, software, stuxnet, supply-chain, technology, theft, threat, tool, update, usa, vulnerability, windows, zero-dayAge: 30 yearsDate introduced: 1995Date fixed: February 2026Researchers unearthed a legacy flaw in the widely used libpng open-source library that had existed since the technology was first released more than 30 years ago.The heap buffer overflow vulnerability (CVE-2026-25646) meant that applications using the flawed software would crash when presented with a maliciously constructed PNG raster…
-
14 old software bugs that took way too long to squash
Tags: access, api, attack, authentication, automation, bug-bounty, communications, computer, control, credentials, cve, cvss, cyber, data, data-breach, dns, dos, encryption, exploit, flaw, hacker, Hardware, infosec, infrastructure, Internet, kaspersky, linux, malicious, malware, microsoft, mitigation, network, nist, open-source, password, programming, remote-code-execution, risk, service, software, stuxnet, supply-chain, technology, theft, threat, tool, update, usa, vulnerability, windows, zero-dayAge: 30 yearsDate introduced: 1995Date fixed: February 2026Researchers unearthed a legacy flaw in the widely used libpng open-source library that had existed since the technology was first released more than 30 years ago.The heap buffer overflow vulnerability (CVE-2026-25646) meant that applications using the flawed software would crash when presented with a maliciously constructed PNG raster…
-
Researchers Uncover DoS Vulnerabilities in Socomec DIRIS M-70 IIoT Power Meter via Thread Emulation Fuzzing
Selective thread emulation and coverage-guided fuzzing have exposed six denial-of-service (DoS) vulnerabilities in the Socomec DIRIS M-70 IIoT power-monitoring gateway, all of which are now patched under Cisco’s Coordinated Disclosure Policy. The Socomec DIRIS M-70 gateway is a central communications node for energy monitoring, supporting RS485 and Ethernet plus protocols such as Modbus RTU, Modbus…
-
DoS und RCE – Forscher entdecken 12 OpenSSL-Zero-Days mit KI
First seen on security-insider.de Jump to article: www.security-insider.de/ki-entdeckt-openssl-zero-day-sicherheitsluecken-a-866c81ab14207cf6043c6a8f33bc77d3/
-
Axios Vulnerability Allows Attackers to Trigger DoS and Crash Node.js Servers
A serious security flaw has been discovered in Axios, one of the most popular HTTP client libraries for Node.js, allowing attackers to crash servers and trigger denial-of-service (DoS) attacks. The vulnerability, tracked as CVE-2026-25639, affects all versions up to and including 1.13.4. Axios Vulnerability The vulnerability exploits Axios’s mergeConfig function, which processes configuration objects before making HTTP…
-
Critical Django Flaw Allows DoS and SQL Injection Attacks
The Django Software Foundation has issued emergency security patches addressing six critical vulnerabilities affecting multiple versions of the popular Python web framework. Released on February 3, 2026, the updates fix severe flaws that could enable attackers to execute SQL injection attacks, cause denial-of-service conditions, and enumerate user accounts.”‹ Django is a widely used open-source Python…
-
SCADA Flaw Enables DoS Condition, Impacting Availability of Affected Systems
A vulnerability affecting the Mitsubishi Electric Iconics Suite, a widely deployed supervisory control and data acquisition (SCADA) system used across industrial sectors, including automotive, energy, and manufacturing. The flaw, tracked as CVE-2025-0921, carries a CVSS score of 6.5 (Medium severity) and enables attackers to trigger denial-of-service (DoS) conditions on affected systems, compromising operational availability. Vulnerability…
-
Forescout sieht 84% Anstieg bei Cyberangriffen mit OT-Protokollen
Bedrohungsakteure investieren deutlich mehr Aufwand in die Aufklärung: Erkundungsaktivitäten machen inzwischen 91 % der Post-Exploitation-Maßnahmen aus, sagte Daniel dos Santos, Vice President of Research bei Forescout First seen on infopoint-security.de Jump to article: www.infopoint-security.de/forescout-sieht-84-anstieg-bei-cyberangriffen-mit-ot-protokollen/a43501/
-
EU’s answer to CVE solves dependency issue, adds fragmentation risks
Tags: access, ai, china, cisco, cve, cyber, cybersecurity, data, dos, exploit, finance, governance, grc, infrastructure, intelligence, international, nvd, open-source, risk, service, software, threat, tool, vulnerability, vulnerability-managementCoordinated disclosure: Nik Kale, principal engineer and product architect at Cisco Systems, says GCVE’s main challenge comes from building a platform that the security community can rely on for coordinated disclosure and remediation.”Viability depends far more on governance than on the data itself,” Kale says. “That includes clear attribution rules, transparent CNA processes, predictable decision-making,…
-
React Server Components Flaws Enable DoS Attacks
High-severity flaws in React Server Components enable unauthenticated denial-of-service attacks that can disrupt application availability. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/react-server-components-flaws-enable-dos-attacks/