CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2026-24158
https://notcve.org/view.php?id=CVE-2026-24158
24 Mar 2026 — NVIDIA Triton Inference Server contains a vulnerability in the HTTP endpoint where an attacker may cause a denial of service by providing a large compressed payload. A successful exploit of this vulnerability may lead to denial of service. • https://nvd.nist.gov/vuln/detail/CVE-2026-24158 • CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-33254
https://notcve.org/view.php?id=CVE-2025-33254
24 Mar 2026 — A successful exploit of this vulnerability may lead to a denial of service. • https://nvd.nist.gov/vuln/detail/CVE-2025-33254 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-33238
https://notcve.org/view.php?id=CVE-2025-33238
24 Mar 2026 — A successful exploit of this vulnerability may lead to denial of service. • https://nvd.nist.gov/vuln/detail/CVE-2025-33238 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-33244
https://notcve.org/view.php?id=CVE-2025-33244
24 Mar 2026 — NVIDIA APEX for Linux contains a vulnerability where an unauthorized attacker could cause a deserialization of untrusted data. ... A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, data tampering, and information disclosure. • https://nvd.nist.gov/vuln/detail/CVE-2025-33244 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-33242
https://notcve.org/view.php?id=CVE-2025-33242
24 Mar 2026 — A successful exploit of this vulnerability might lead to denial of service and data tampering. • https://nvd.nist.gov/vuln/detail/CVE-2025-33242 • CWE-1234: Hardware Internal or Debug Modes Allow Override of Locks •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-33216
https://notcve.org/view.php?id=CVE-2025-33216
24 Mar 2026 — NVIDIA SNAP-4 Container contains a vulnerability in the configuration interface where an attacker on a VM may cause an incorrect calculation of buffer size by sending crafted configurations. A successful exploit of this vulnerability may lead to crash of the SNAP service, causing denial of service of the storage service to the host. • https://nvd.nist.gov/vuln/detail/CVE-2025-33216 • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-33215
https://notcve.org/view.php?id=CVE-2025-33215
24 Mar 2026 — NVIDIA SNAP-4 Container contains a vulnerability in the VIRTIO-BLK component where a malicious guest VM may cause use of out-of-range pointer offset by sending crafted messages. A successful exploit of this vulnerability may lead to a denial of service of the DPA and impact the availability of storage to other VMs. • https://nvd.nist.gov/vuln/detail/CVE-2025-33215 • CWE-823: Use of Out-of-range Pointer Offset •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2026-33349 – fast-xml-parser: Entity Expansion Limits Bypassed When Set to Zero Due to JavaScript Falsy Evaluation
https://notcve.org/view.php?id=CVE-2026-33349
24 Mar 2026 — When a developer explicitly sets either limit to 0 — intending to disallow all entities or restrict entity size to zero bytes — the falsy nature of 0 in JavaScript causes the guard conditions to short-circuit, completely bypassing the limits. An attacker who can supply XML input to such an application can trigger unbounded entity expansion, leading to memory exhaustion and denial of service. • https://github.com/NaturalIntelligence/fast-xml-parser/commit/239b64aa1fc5c5455ddebbbb54a187eb68c9fdb7 • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2026-33332 – NiceGUI's unvalidated chunk size parameter in media routes can cause memory exhaustion
https://notcve.org/view.php?id=CVE-2026-33332
24 Mar 2026 — With large media files and concurrent requests, this can lead to excessive memory consumption, degraded performance, or denial of service. • https://github.com/zauberzeug/nicegui/commit/9026962b8c4f3f225c98b2fbc35aa6b60cb3495b • CWE-20: Improper Input Validation CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2026-33314 – pyload-ng: Improper Authentication and Origin Validation Error
https://notcve.org/view.php?id=CVE-2026-33314
24 Mar 2026 — This grants access to the Click'N'Load API endpoints, enabling attackers to remotely queue arbitrary downloads, leading to Server-Side Request Forgery (SSRF) and Denial of Service (DoS). This issue has been patched in version 0.5.0b3.dev97. • https://github.com/pyload/pyload/security/advisories/GHSA-q485-cg9q-xq2r • CWE-287: Improper Authentication CWE-346: Origin Validation Error •