This page collects WhisperX intelligence signals tagged #dos. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A high-severity Denial of Service (DoS) vulnerability has been patched in the widely used `node-forge` cryptography library. The flaw, tracked as CVE-2026-33891, resides in the `BigInteger.modInverse()` function inherited from the bundled jsbn library. When this function is called with a zero value as input, the intern...
A critical security update for the widely-used `node-forge` cryptography library patches a high-severity Denial of Service (DoS) vulnerability. The flaw, tracked as CVE-2026-33891, resides in the `BigInteger.modInverse()` function. When this function is called with a zero value as input, it triggers an infinite loop in...
A critical security vulnerability in a widely used cryptographic library has forced an update within the RMB Business App's codebase. The dependency 'node-forge' was bumped from version 1.3.3 to 1.4.0 to patch a HIGH-severity Denial of Service (DoS) flaw. The vulnerability, tracked as CVE-2026-33891, resides in the `Bi...
Node.js 생태계의 핵심 유틸리티 패키지인 brace-expansion에서 중간(medium) 심각도의 보안 취약점이 공개됐다. 이 취약점은 특정 제로-스텝(zero-step) 시퀀스를 처리할 때 애플리케이션 프로세스를 무한정 정지시키고 시스템 메모리를 고갈시킬 수 있는 위험을 내포하고 있다. npm audit 도구를 통해 확인된 이 결함은 수많은 프로젝트의 빌드 체인과 개발 도구에 잠재적인 서비스 거부(DoS) 공격 벡터를 노출시켰다. 취약점은 패키지의 시퀀스 확장 로직에서 발생하며, 공식 GitHub 보안 권고(GHSA-f886-m6hf-6m8v)에 따라 '...
A critical security update has been issued for the widely-used `go-jose/v4` library, patching a high-severity denial-of-service vulnerability. The flaw, tracked as CVE-2026-34986 with a CVSS score of 7.5, could cause applications to crash when processing malformed encrypted data, posing a significant risk to service st...
Apollo GraphQL 官方发布安全公告,其核心服务器包 `@apollo/server` 的默认配置存在一个高危漏洞。该漏洞编号为 CVE-2026-23897,影响 `@apollo/server/standalone` 模块中的 `startStandaloneServer` 函数。在默认配置下,攻击者可以通过构造特定的请求体,对服务器发起拒绝服务攻击,导致服务不可用。 此次安全更新通过将 `@apollo/server` 依赖从 5.2.0 版本升级至 5.5.0 版本来修复此漏洞。根据自动化依赖管理工具 Renovate 生成的合并请求,此次更新属于常规安全维护。漏洞的直接影响是使运行在易受攻击配置下的 Apoll...
A critical heap-use-after-free vulnerability has been identified in the Rizin reverse engineering framework, exposing users to denial-of-service (DoS) attacks through a crafted binary file. The flaw resides within the library's LE (Linear Executable) format parser, specifically in the `le_load_fixup_record()` function ...
一个关键的依赖更新请求,暴露了广泛使用的 `serialize-javascript` 库中存在一个高危的拒绝服务(DoS)漏洞。该漏洞被追踪为 CVE-2026-34043,其核心风险在于攻击者可以通过构造一个特殊的“类数组”对象,触发 CPU 资源耗尽,从而导致服务中断。此次更新旨在将依赖版本从 `^7.0.3` 升级至 `^7.0.5`,以修复这一安全缺陷。 该漏洞的根源在于库的序列化逻辑在处理特定畸形数据时存在缺陷。具体而言,当一个对象继承自 `Array.prototype` 但拥有一个极大的 `length` 属性时,序列化过程会陷入 CPU 密集型循环,迅速消耗服务器资源,最终导致应用程序无法响应。这种攻击向量使得任...
A critical security flaw in the hub server leaves it vulnerable to denial-of-service attacks. The system lacks any rate limiting on incoming connections, allowing a malicious or even misconfigured client to rapidly connect and disconnect. This pattern can exhaust server goroutines, crippling the service. The vulnerabil...
A critical security flaw in the MoFA node's gateway exposes the system to a straightforward Denial of Service (DoS) attack, capable of crashing the node by exhausting its memory. The vulnerability resides in the `TokenBucketRateLimiter` implementation, which uses a `DashMap` to store rate-limit buckets for clients. Cru...
The node-forge cryptography library has released version 1.4.0 to patch a high-severity Denial of Service (DoS) vulnerability. The flaw, tracked as CVE-2026-33891, resides in the `BigInteger.modInverse()` function, which is inherited from the bundled jsbn library. When this function is called with a zero value as input...
A high-severity Denial-of-Service (DoS) vulnerability in Next.js has been patched, requiring immediate updates for projects using the framework. The flaw, tracked as CVE-2026-23869 (GHSA-q4gf-8mx6-v5v3), is network-exploitable and requires no authentication, earning a CVSS score of 7.5. It specifically affects Server C...
一个影响广泛使用的 Next.js 框架的高危漏洞,已触发自动化安全响应机制,强制进行紧急修复。该漏洞被标记为 GHSA-q4gf-8mx6-v5v3,CVSS 评分为 7.5(高危),其核心风险在于服务器组件中的资源分配无限制问题(CWE-770),可导致远程拒绝服务攻击。攻击者无需任何权限或用户交互,即可通过网络利用此漏洞,造成服务高可用性中断。受影响的版本范围是从 16.0.0-beta.0 到 16.2.3 之前的所有版本。 此次修复由名为“Security_Engineer”的自动化代理执行,遵循既定的安全协议。根据 AGENTS.md 中的 `autonomous_critical_fix` 规则,任何 CVSS 评分...
Apache Tomcat 核心组件 Catalina 中发现一个高危整数溢出漏洞,攻击者可利用此漏洞绕过多部分文件上传的大小限制,从而对服务器发起拒绝服务攻击。该漏洞被标记为 CVE-2025-52520,CVSS v3.1 评分为 7.5 分(高危),影响范围广泛。 该漏洞存在于 `org.apache.tomcat.embed:tomcat-embed-core` 组件中,影响 Apache Tomcat 的多个主要版本。具体而言,从 11.0.0-M1 到 11.0.8,从 10.1.0-M1 到 10.1.42,以及从 9.0.0.M1 到 9.0.106 的版本均受影响。值得注意的是,在 CVE 创建时已结束生命周期但...
A critical Denial of Service (DoS) vulnerability has been identified in core server utilities, exposing applications using Playwright and serve-handler to potential resource exhaustion attacks. The flaw stems from multiple endpoint handlers that perform expensive file system operations without any rate limiting, allowi...
A critical security vulnerability has been identified in a Python application's main.py file, where unrestricted command-line input for paddle speed creates a direct path for denial-of-service (DoS) attacks. The current validation, which only checks for a positive integer via a regular expression, fails to enforce any ...
A critical security vulnerability has been identified in a Discord bot, exposing it to complete denial-of-service (DoS) attacks. The core flaw is the complete absence of rate limiting on all public-facing commands, allowing a single attacker to systematically exhaust the bot's resources and cripple its functionality. T...
Eine schwerwiegende Sicherheitslücke in der weit verbreiteten Python-Bibliothek Werkzeug erlaubt Angreifern, Server durch Denial-of-Service (DoS) lahmzulegen. Das Hochrisiko-CVE (CVE-2023-46136) betrifft alle Versionen von Werkzeug ab 0.9.0 bis einschließlich 3.0.0. Die Schwachstelle tritt auf, wenn der Server multipar...
A critical security vulnerability has been identified in a Python application's main.py file, where the unrestricted 'paddle_speed' input parameter lacks an upper bound check. This oversight allows an attacker to supply an excessively large integer value, which can lead to a denial of service (DoS) condition or cause t...
A high-severity vulnerability in the Pillow imaging library has forced an immediate dependency overhaul in a production codebase. The issue, tracked as CVE-2026-40192, is a decompression-bomb denial-of-service flaw affecting Pillow versions 10.3.0 through 12.1.1. The vulnerability resides in the library's FITS image de...