CVSS: 5.3EPSS: %CPEs: 1EXPL: 0CVE-2026-42420 – OpenClaw < 2026.4.8 - Improper Base64 Decoding Size Validation
https://notcve.org/view.php?id=CVE-2026-42420
28 Apr 2026 — Attackers can exploit multiple code paths to cause memory exhaustion or denial of service through crafted base64-encoded input. • https://github.com/openclaw/openclaw/security/advisories/GHSA-ccx3-fw7q-rr2r • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.9EPSS: %CPEs: 1EXPL: 0CVE-2026-41400 – OpenClaw < 2026.3.31 - Resource Consumption via Oversized WebSocket Frames in voice-call
https://notcve.org/view.php?id=CVE-2026-41400
28 Apr 2026 — Remote attackers can send oversized pre-start WebSocket frames to cause resource consumption and denial of service. • https://github.com/openclaw/openclaw/security/advisories/GHSA-2w79-r9g8-wmcr • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.7EPSS: %CPEs: 1EXPL: 0CVE-2026-41399 – OpenClaw < 2026.3.28 - Denial of Service via Unbounded Pre-auth WebSocket Upgrades
https://notcve.org/view.php?id=CVE-2026-41399
28 Apr 2026 — OpenClaw before 2026.3.28 accepts unbounded concurrent unauthenticated WebSocket upgrades without pre-authentication budget allocation. Unauthenticated network attackers can exhaust socket and worker capacity to disrupt WebSocket availability for legitimate clients. • https://www.vulncheck.com/advisories/openclaw-denial-of-service-via-unbounded-pre-auth-websocket-upgrades • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.8EPSS: %CPEs: 1EXPL: 0CVE-2026-24178
https://notcve.org/view.php?id=CVE-2026-24178
28 Apr 2026 — A successful exploit of this vulnerability may lead to privilege escalation, data tampering, information disclosure, code execution, and denial of service. • https://nvd.nist.gov/vuln/detail/CVE-2026-24178 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2026-6970 – authd Denial of Service and Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2026-6970
27 Apr 2026 — This causes newly created files and directories to be owned by the wrong group, causing denial of service issues, and potentially granting unintended access to other local users and allowing local privilege escalation. • https://github.com/canonical/authd/commit/154b428305cb1a7a19c897626fefd09d6dde8b9f • CWE-842: Placement of User into Incorrect Group •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2026-32688 – Atom table exhaustion via HTTP/2 :scheme pseudo-header in plug_cowboy
https://notcve.org/view.php?id=CVE-2026-32688
27 Apr 2026 — Allocation of Resources Without Limits or Throttling vulnerability in elixir-plug plug_cowboy allows unauthenticated remote denial of service via atom table exhaustion. • https://cna.erlef.org/cves/CVE-2026-32688.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2026-5937 – Foxit PDF Editor/Reader's insufficient parameter validation leads to denial-of-service vulnerability
https://notcve.org/view.php?id=CVE-2026-5937
27 Apr 2026 — Insufficient parameter verification leads to the occurrence of format errors in files, which will trigger an unhandled "std::invalid_argument" exception, ultimately causing the program to terminate. • https://www.foxit.com/support/security-bulletins.html • CWE-248: Uncaught Exception •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2026-5938 – Foxit PDF Editor/Reader Infinite Loop Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2026-5938
27 Apr 2026 — Improper control flow management allows a crafted document action chain to cause modal dialog reentry on the main thread, resulting in UI freeze and denial of service. • https://www.foxit.com/support/security-bulletins.html • CWE-691: Insufficient Control Flow Management •
CVSS: 8.7EPSS: 0%CPEs: 2EXPL: 0CVE-2026-3868
https://notcve.org/view.php?id=CVE-2026-3868
27 Apr 2026 — An improper handling of the length parameter inconsistency vulnerability has been identified in Moxa’s Secure Router. Because of improper validation of length parameters in the HTTPS management interface, an unauthenticated remote attacker could send specially crafted requests that trigger a buffer overflow condition, causing the web service to become unresponsive. Successful exploitation may result in a denial-of-service condition requiring a device reboot t... • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-261521-cve-2026-3867-cve-2026-3868-improper-ownership-management-and-improper-handling-of-length-parameter-incons • CWE-130: Improper Handling of Length Parameter Inconsistency •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2026-30350
https://notcve.org/view.php?id=CVE-2026-30350
27 Apr 2026 — An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service (DoS) via a crafted POST request. • https://gist.github.com/syphonetic/d27b5965c884555acea1827988689f7d • CWE-400: Uncontrolled Resource Consumption •