Security Bulletin: IBM Enterprise Build of Quarkus is affected by multiple vulnerabilities

Summary IBM Enterprise Build of Quarkus is affected by vulnerabilities in the PostgreSQL JDBC driver and Apache Neethi Vulnerability Details CVEID:CVE-2026-42402 DESCRIPTION: Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization. Speciall...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-016787)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016787 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, Magick fails to check for circular referenc...

Astra Linux - уязвимость в imagemagick

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, Magick failed to detect circular references between two MVGs, resulting in a stack overflow issue. This is a DoS vulnerability, and any situation that allows reading the mvg...

PT-2026-36310

Name of the Vulnerable Software and Affected Versions Apache Neethi versions prior to 3.2.2 Description Apache Neethi fails to properly detect circular references in policy definitions. When a WS-Policy document contains circular policy references for example, Policy A references Policy B, which ...

liquidjs has a Denial of Service via circular block reference in layout

Summary A circular block reference in % layout % / % block % causes an infinite recursive loop, consuming all available memory 4GB and crashing the Node.js process with FATAL ERROR: JavaScript heap out of memory. This allows any user who can submit a Liquid template to perform a Denial of Service...

Foxit PDF Reader和Foxit PDF Editor 安全漏洞

Foxit PDF Reader and Foxit PDF Editor are products of Foxit Corporation, a Chinese company. Foxit PDF Reader is a PDF reader. Foxit PDF Editor is a PDF editor. Both Foxit PDF Reader and Foxit PDF Editor have security vulnerabilities. These vulnerabilities arise from failing to detect or prevent...

Scriban has an Infinite Recursion during Object Rendering Leads to Stack Overflow and Process Crash (Denial of Service)

When Scriban renders an object that contains a circular reference, it traverses the object's members infinitely. Because the ObjectRecursionLimit property defaults to unlimited, this behavior exhausts the thread's stack space, triggering an uncatchable StackOverflowException that immediately...

GHSA-GRR9-747V-XVCP Scriban has an Infinite Recursion during Object Rendering Leads to Stack Overflow and Process Crash (Denial of Service)

When Scriban renders an object that contains a circular reference, it traverses the object's members infinitely. Because the ObjectRecursionLimit property defaults to unlimited, this behavior exhausts the thread's stack space, triggering an uncatchable StackOverflowException that immediately...

flatted vulnerable to unbounded recursion DoS in parse() revive phase

Summary flatted's parse function uses a recursive revive phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow that crashes the Node.js process. Impact...

GHSA-25H7-PFQ9-P65F flatted vulnerable to unbounded recursion DoS in parse() revive phase

Summary flatted's parse function uses a recursive revive phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow that crashes the Node.js process. Impact...

CVE-2026-32141

A denial of service flaw has been discovered in the flatted npm library. flatted's parse function uses a recursive revive phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded,...

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the parse function due to using a recursive revive phase to resolve circular references in deserialized JSON. An attacker can cause a stack overflow and crash the process by supplying a crafted payload with...

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the parse function due to using a recursive revive phase to resolve circular references in deserialized JSON. An attacker can cause a stack overflow and crash the process by supplying a crafted payload with...

UBUNTU-CVE-2026-32141

flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse function uses a recursive revive phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow...

CVE-2026-32141

The CVE concerns the flatted library (circular JSON parser). Before version 3.4.0, flatted.parse() uses a recursive revive() phase to resolve circular references; crafted payloads with deeply nested or self-referential $ indices can cause unbounded recursion, leading to a stack overflow that cras...

ImageMagick: MSL - Stack overflow in ProcessMSLScript

Summary Magick fails to check for circular references between two MSLs, leading to a stack overflow. Details After reading a.msl using magick, the following is displayed: MSLStartElement - ReadImage - ReadMSLImage - ProcessMSLScript - xmlParseChunk - xmlParseTryOrFinish - MSLStartElement bash...

EUVD-2026-7427

ImageMagick: MSL - Stack overflow in ProcessMSLScript...

GHSA-8MPR-6XR2-CHHC ImageMagick: MSL - Stack overflow in ProcessMSLScript

Summary Magick fails to check for circular references between two MSLs, leading to a stack overflow. Details After reading a.msl using magick, the following is displayed: MSLStartElement - ReadImage - ReadMSLImage - ProcessMSLScript - xmlParseChunk - xmlParseTryOrFinish - MSLStartElement bash...

PT-2026-25037

flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse function uses a recursive revive phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow...

OPENSUSE-SU-2026:20333-1 Security update for python-PyPDF2

This update for python-PyPDF2 fixes the following issues: Changes in python-PyPDF2: - CVE-2026-27628: Fixed infinite loop when loading circular /Prev entries in cross-reference streams bsc1258940 - CVE-2026-27888: Fixed issue where manipulated FlateDecode XFA streams can exhaust RAM bsc1258934 -...