Lucene search
K

132 matches found

NVD
NVD
added 2026/06/30 5:16 p.m.8 views

CVE-2026-49451

The OpenAPI.NET SDK contains a useful object model for OpenAPI documents in .NET along with common serializers to extract raw OpenAPI JSON and YAML documents from the model. From 2.0.0-preview11 until 2.7.5 and 3.5.4, a small OpenAPI document containing a circular schema reference can cause proce...

7.5CVSS0.00695EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 4:1 p.m.33 views

CVE-2026-49451 Microsoft.OpenAPI: Circular schema references may terminate OpenAPI parsing

The OpenAPI.NET SDK contains a useful object model for OpenAPI documents in .NET along with common serializers to extract raw OpenAPI JSON and YAML documents from the model. From 2.0.0-preview11 until 2.7.5 and 3.5.4, a small OpenAPI document containing a circular schema reference can cause proce...

7.5CVSS0.00695EPSS
Exploits0References1
OSV
OSV
added 2026/06/30 3:56 p.m.6 views

GHSA-V5PM-XWQC-G5WC Microsoft.OpenAPI: Circular schema references may terminate OpenAPI parsing

Impact A small OpenAPI document containing a circular schema reference can cause process termination through stack overflow in Microsoft.OpenApi. The issue affects OpenAPI document parsing through public OpenAPI.NET reader APIs and has been confirmed across both JSON and YAML reader paths. Affect...

7.5CVSS6.2AI score0.00695EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability in imagemagick

ImageMagick is free and open-source software used for editing and manipulating digital images. Before versions 7.1.2-15 and 6.9.13-40, Magick failed to detect circular references between two MSLs, resulting in a stack overflow issue. Versions 7.1.2-15 and 6.9.13-40 include a patch to address this...

9.8CVSS7.2AI score0.00208EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/10 12:36 p.m.12 views

CVE-2026-49495 Ghidra 10.2 < 12.1 - Denial of Service via Circular Reference in Mach-O Export Trie Parser

Ghidra 10.2 before 12.1 contains an uncontrolled resource consumption vulnerability in ExportTrie.parseTrie that lacks cycle detection when traversing Mach-O binary export tries. A crafted Mach-O binary with circular references in the export trie causes unbounded queue growth and exponential stri...

6.7CVSS5.5AI score0.00151EPSS
Exploits1References2
CVE
CVE
added 2026/06/10 12:36 p.m.94 views

CVE-2026-49495

Ghidra 10.2 before 12.1 contains an uncontrolled resource-consumption vulnerability in ExportTrie.parseTrie() that lacks cycle detection when traversing Mach-O binary export tries. A crafted Mach-O binary with circular references in the export trie can cause unbounded queue growth and exponential...

6.7CVSS5.5AI score0.00151EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/06/10 12:36 p.m.13 views

EUVD-2026-36004

Ghidra 10.2 before 12.1 contains an uncontrolled resource consumption vulnerability in ExportTrie.parseTrie that lacks cycle detection when traversing Mach-O binary export tries. A crafted Mach-O binary with circular references in the export trie causes unbounded queue growth and exponential stri...

6.7CVSS5.5AI score0.00151EPSS
Exploits1References2
OSV
OSV
added 2026/06/10 12:36 p.m.3 views

CVE-2026-49495 Ghidra 10.2 < 12.1 - Denial of Service via Circular Reference in Mach-O Export Trie Parser

Ghidra 10.2 before 12.1 contains an uncontrolled resource consumption vulnerability in ExportTrie.parseTrie that lacks cycle detection when traversing Mach-O binary export tries. A crafted Mach-O binary with circular references in the export trie causes unbounded queue growth and exponential stri...

6.7CVSS6AI score0.00151EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/06/10 12:36 p.m.38 views

CVE-2026-49495 Ghidra 10.2 < 12.1 - Denial of Service via Circular Reference in Mach-O Export Trie Parser

Ghidra 10.2 before 12.1 contains an uncontrolled resource consumption vulnerability in ExportTrie.parseTrie that lacks cycle detection when traversing Mach-O binary export tries. A crafted Mach-O binary with circular references in the export trie causes unbounded queue growth and exponential stri...

6.7CVSS0.00151EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.21 views

PT-2026-48406

Ghidra 10.2 before 12.1 contains an uncontrolled resource consumption vulnerability in ExportTrie.parseTrie that lacks cycle detection when traversing Mach-O binary export tries. A crafted Mach-O binary with circular references in the export trie causes unbounded queue growth and exponential stri...

6.7CVSS5.5AI score0.00151EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/08 11:43 a.m.12 views

Security Bulletin: IBM App Connect for Healthcare is vulnerable to multiple vulnerabilities due to Apache Log4j and Apache Neethi

Summary IBM App Connect for Healthcare is vulnerable to multiple vulnerabilities due to Apache Log4j and Apache Neethi. Vulnerability Details CVEID:CVE-2026-42402 DESCRIPTION: Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization. Special...

7.5CVSS5.5AI score0.0086EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/20 8:13 p.m.12 views

Security Bulletin: IBM Enterprise Build of Quarkus is affected by multiple vulnerabilities

Summary IBM Enterprise Build of Quarkus is affected by vulnerabilities in the PostgreSQL JDBC driver and Apache Neethi Vulnerability Details CVEID:CVE-2026-42402 DESCRIPTION: Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization. Speciall...

7.5CVSS5.9AI score0.0077EPSS
Exploits0Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in imagemagick

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, Magick failed to detect circular references between two MVGs, resulting in a stack overflow issue. This is a DoS vulnerability, and any situation that allows reading the mvg...

6.2CVSS5.4AI score0.00164EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/09 12:0 a.m.8 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-016787)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016787 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, Magick fails to check for circular referenc...

6.2CVSS5.9AI score0.00164EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.9 views

PT-2026-36310

Name of the Vulnerable Software and Affected Versions Apache Neethi versions prior to 3.2.2 Description Apache Neethi fails to properly detect circular references in policy definitions. When a WS-Policy document contains circular policy references for example, Policy A references Policy B, which ...

7.5CVSS5.9AI score0.00763EPSS
Exploits2References74
Github Security Blog
Github Security Blog
added 2026/04/24 3:34 p.m.13 views

liquidjs has a Denial of Service via circular block reference in layout

Summary A circular block reference in % layout % / % block % causes an infinite recursive loop, consuming all available memory 4GB and crashing the Node.js process with FATAL ERROR: JavaScript heap out of memory. This allows any user who can submit a Liquid template to perform a Denial of Service...

7.5CVSS5.4AI score0.00382EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.10 views

Foxit PDF Reader和Foxit PDF Editor 安全漏洞

Foxit PDF Reader and Foxit PDF Editor are products of Foxit Corporation, a Chinese company. Foxit PDF Reader is a PDF reader. Foxit PDF Editor is a PDF editor. Both Foxit PDF Reader and Foxit PDF Editor have security vulnerabilities. These vulnerabilities arise from failing to detect or prevent...

6.2CVSS5.8AI score0.00103EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/19 9:31 p.m.6 views

Scriban has an Infinite Recursion during Object Rendering Leads to Stack Overflow and Process Crash (Denial of Service)

When Scriban renders an object that contains a circular reference, it traverses the object's members infinitely. Because the ObjectRecursionLimit property defaults to unlimited, this behavior exhausts the thread's stack space, triggering an uncatchable StackOverflowException that immediately...

5.9AI score
Exploits0References3Affected Software2
OSV
OSV
added 2026/03/19 9:31 p.m.4 views

GHSA-GRR9-747V-XVCP Scriban has an Infinite Recursion during Object Rendering Leads to Stack Overflow and Process Crash (Denial of Service)

When Scriban renders an object that contains a circular reference, it traverses the object's members infinitely. Because the ObjectRecursionLimit property defaults to unlimited, this behavior exhausts the thread's stack space, triggering an uncatchable StackOverflowException that immediately...

7.5CVSS5.9AI score
Exploits0References3
OSV
OSV
added 2026/03/13 3:40 p.m.2 views

GHSA-25H7-PFQ9-P65F flatted vulnerable to unbounded recursion DoS in parse() revive phase

Summary flatted's parse function uses a recursive revive phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow that crashes the Node.js process. Impact...

7.5CVSS5.9AI score0.00777EPSS
Exploits1References5
Rows per page
Query Builder