Lucene search
K

438 matches found

CVE
CVE
added 2026/03/26 7:49 p.m.57 views

CVE-2026-33532

Summary: CVE-2026-33532 affects the yaml JavaScript library. The vulnerability is in the compose/resolve phase of the parser, where a recursive call path without a depth bound can cause a RangeError: Maximum call stack size exceeded when parsing YAML input (typical payload ~2–10 KB). This can lea...

4.3CVSS6.1AI score0.00469EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/26 7:49 p.m.5 views

CVE-2026-33532 yaml is vulnerable to Stack Overflow via deeply nested YAML collections

yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...

4.3CVSS6.2AI score0.00469EPSS
Exploits1References4
OSV
OSV
added 2026/03/25 8:8 p.m.3 views

GHSA-48C2-RRV3-QJMP yaml is vulnerable to Stack Overflow via deeply nested YAML collections

Parsing a YAML document with yaml may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a depth bound. An attacker who can supply YAML for parsing can trigger a RangeError: Maximum call stack size exceeded with a small payload...

4.3CVSS6AI score0.00469EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/03/25 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-26209

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Versions prior to 5.9.0 are vulnerable to a Denial ...

7.5CVSS7.2AI score0.00417EPSS
Exploits1References3
NVD
NVD
added 2026/03/24 7:16 p.m.6 views

CVE-2026-33498

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.55 and 9.6.0-alpha.44, an attacker can send an unauthenticated HTTP request with a deeply nested query containing logical operators to permanently hang the Parse Server...

8.7CVSS0.00452EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/24 6:18 p.m.1 views

CVE-2026-33498

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.55 and 9.6.0-alpha.44, an attacker can send an unauthenticated HTTP request with a deeply nested query containing logical operators to permanently hang the Parse Server...

8.7CVSS5.7AI score0.00483EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/03/23 8:23 p.m.8 views

EUVD-2026-14478

cbor2 has a Denial of Service via Uncontrolled Recursion in cbor2.loads...

7.5CVSS7.1AI score0.00417EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/03/23 7:21 p.m.4 views

CVE-2026-26209

A flaw was found in cbor2, a library for encoding and decoding Concise Binary Object Representation CBOR data. A remote attacker can exploit this vulnerability by sending a specially crafted CBOR payload containing deeply nested structures. This can cause the application to crash due to...

7.5CVSS7.1AI score0.00417EPSS
Exploits1References7
NVD
NVD
added 2026/03/23 7:16 p.m.5 views

CVE-2026-26209

cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Versions prior to 5.9.0 are vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding deeply nested CBOR structures. This vulnerability affects both the...

7.5CVSS0.00417EPSS
Exploits1References4
CVE
CVE
added 2026/03/23 6:53 p.m.80 views

CVE-2026-26209

The CVE-2026-26209 issue affects the Python library cbor2 (including the C extension _cbor2) prior to version 5.9.0. The root cause is uncontrolled recursion when decoding deeply nested CBOR structures, as the C extension relies on Python’s Py_EnterRecursiveCall rather than a data-driven depth li...

7.5CVSS7.1AI score0.00417EPSS
Exploits1References4Affected Software1
Debian CVE
Debian CVE
added 2026/03/23 6:53 p.m.6 views

CVE-2026-26209

cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Versions prior to 5.9.0 are vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding deeply nested CBOR structures. This vulnerability affects both the...

7.5CVSS7.3AI score0.00417EPSS
Exploits1
Snyk
Snyk
added 2026/03/20 8:56 p.m.6 views

Uncontrolled Recursion

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Uncontrolled Recursion via the pre-validation transform pipeline. An attacker can cause the server process to become...

8.7CVSS5.8AI score0.00452EPSS
Exploits0References2
OSV
OSV
added 2026/03/20 8:56 p.m.3 views

GHSA-9FJP-Q3C4-6W3J Parse Server has a query condition depth bypass via pre-validation transform pipeline

Impact An attacker can send an unauthenticated HTTP request with a deeply nested query containing logical operators to permanently hang the Parse Server process. The server becomes completely unresponsive and must be manually restarted. This is a bypass of the fix for CVE-2026-32944. Patches The...

8.7CVSS5.9AI score0.00452EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.8 views

PT-2026-26782

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.55 Parse Server versions prior to 9.6.0-alpha.44 Description An unauthenticated attacker can send a crafted HTTP request with a deeply nested query containing logical operators, causing the Parse Server proce...

8.7CVSS5.8AI score0.00452EPSS
Exploits0References9
Microsoft CVE
Microsoft CVE
added 2026/03/19 8:4 a.m.6 views

Stack overflow parsing XML with deeply nested DTD content models

...

7.5CVSS5.8AI score0.00621EPSS
Exploits0
CVE
CVE
added 2026/03/18 9:50 p.m.10 views

CVE-2026-32944

Technical details sufficient to assess the vulnerability are not provided in the connected documents; monitor for updates.

8.7CVSS5.7AI score0.00483EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/18 9:50 p.m.3 views

CVE-2026-32944 Parse Server crash via deeply nested query condition operators

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.21 and 8.6.45, an unauthenticated attacker can crash the Parse Server process by sending a single request with deeply nested query condition operators. This terminates the...

8.7CVSS5.7AI score0.00483EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/18 8:17 p.m.3 views

Uncontrolled Recursion

Overview nltk is a Natural Language Toolkit NLTK is a Python package for natural language processing. Affected versions of this package are vulnerable to Uncontrolled Recursion via the JSONTaggedDecoder.decodeobj function in jsontags.py. An attacker can cause the application to crash by submittin...

5.1CVSS5.9AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/18 8:17 p.m.8 views

Natural Language Toolkit (NLTK) has unbounded recursion in JSONTaggedDecoder.decode_obj() may cause DoS

Summary JSONTaggedDecoder.decodeobj in nltk/jsontags.py calls itself recursively without any depth limit. A deeply nested JSON structure exceeding sys.getrecursionlimit default: 1000 will raise an unhandled RecursionError, crashing the Python process. Affected code File: nltk/jsontags.py, lines...

5.9AI score
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/03/18 1:54 p.m.11 views

com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError

A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur...

8.7CVSS6.8AI score0.00634EPSS
Exploits0References6
Rows per page
Query Builder