CVSS: 6.5EPSS: %CPEs: 5EXPL: 0CVE-2025-47402 – Buffer Over-read in WLAN Firmware
https://notcve.org/view.php?id=CVE-2025-47402
02 Feb 2026 — Transient DOS when processing a received frame with an excessively large authentication information element. • https://docs.qualcomm.com/product/publicresources/securitybulletin/february-2026-bulletin.html • CWE-126: Buffer Over-read •
CVSS: 5.3EPSS: %CPEs: -EXPL: 0CVE-2026-1760 – Libsoup: soupserver: denial of service via http request smuggling
https://notcve.org/view.php?id=CVE-2026-1760
02 Feb 2026 — This allows the attacker to smuggle additional requests over the persistent connection, leading to unintended request processing and potential denial-of-service (DoS) conditions. • https://access.redhat.com/security/cve/CVE-2026-1760 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 6.2EPSS: %CPEs: -EXPL: 0CVE-2026-1757 – Libxml2: memory leak leading to local denial of service in xmllint interactive shell
https://notcve.org/view.php?id=CVE-2026-1757
02 Feb 2026 — Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system. • https://access.redhat.com/security/cve/CVE-2026-1757 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2026-0599 – Unbounded External Image Fetch in Validation Leads to Resource-Exhaustion DoS in huggingface/text-generation-inference
https://notcve.org/view.php?id=CVE-2026-0599
02 Feb 2026 — A vulnerability in huggingface/text-generation-inference version 3.3.6 allows unauthenticated remote attackers to exploit unbounded external image fetching during input validation in VLM mode. The issue arises when the router scans inputs for Markdown image links and performs a blocking HTTP GET request, reading the entire response body into memory and cloning it before decoding. This behavior can lead to resource exhaustion, including network bandwidth saturation, memory inflation, and CPU overutilization.... • https://github.com/huggingface/text-generation-inference/commit/24ee40d143d8d046039f12f76940a85886cbe152 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.7EPSS: 0%CPEs: -EXPL: 0CVE-2025-7105 – Denial of Service via JavaScript Memory Overflow in danny-avila/librechat
https://notcve.org/view.php?id=CVE-2025-7105
02 Feb 2026 — If the forked content includes a Mermaid graph with a large number of nodes, it can lead to a JavaScript heap out of memory error upon service restart, causing a denial of service. • https://github.com/danny-avila/librechat/commit/97a99985fa339db0a21ad63604e0bb8db4442ffc • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.2EPSS: 0%CPEs: -EXPL: 0CVE-2026-1117 – Improper Access Control in parisneo/lollms
https://notcve.org/view.php?id=CVE-2026-1117
02 Feb 2026 — This allows unauthenticated clients to execute resource-intensive or state-altering operations, leading to potential denial of service, state corruption, and race conditions. • https://github.com/parisneo/lollms/commit/36a5b513dfefe9c2913bf9b618457b4fea603e3b • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2026-20419
https://notcve.org/view.php?id=CVE-2026-20419
02 Feb 2026 — This could lead to remote (proximal/adjacent) denial of service with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/February-2026 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: -EPSS: 0%CPEs: 1EXPL: 0CVE-2026-20415
https://notcve.org/view.php?id=CVE-2026-20415
02 Feb 2026 — This could lead to local denial of service if a malicious actor has already obtained the System privilege. • https://corp.mediatek.com/product-security-bulletin/February-2026 • CWE-415: Double Free •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2026-20411
https://notcve.org/view.php?id=CVE-2026-20411
02 Feb 2026 — This could lead to local denial of service if a malicious actor has already obtained the System privilege. • https://corp.mediatek.com/product-security-bulletin/February-2026 • CWE-416: Use After Free •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2026-20406
https://notcve.org/view.php?id=CVE-2026-20406
02 Feb 2026 — This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/February-2026 • CWE-770: Allocation of Resources Without Limits or Throttling •