Lucene search
K

22 matches found

OSV
OSV
added 3 days ago3 views

OESA-2026-2856 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

6.5CVSS6.1AI score0.00241EPSS
Exploits0References9
OSV
OSV
added 2026/06/25 6:46 p.m.4 views

GHSA-VH6J-JC39-FGGF MessagePack-CSharp: MessagePackReader.Skip can recurse without enforcing maximum object graph depth

Summary MessagePackReader.TrySkip recursively descends into nested arrays and maps without incrementing the reader depth or calling the configured depth checks. This bypasses MessagePackSecurity.MaximumObjectGraphDepth, the library's documented protection against deeply nested object graphs. Many...

7.5CVSS5.9AI score0.00275EPSS
Exploits0References3
NVD
NVD
added 2026/06/22 10:16 p.m.14 views

CVE-2026-48513

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, runtime-generated union deserializers emitted by DynamicUnionResolver do not call MessagePackSecurity.DepthStepref reader and do not decrement reader.Depth around recursive deserialization and skip paths. This means...

7.5CVSS0.00231EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 10:16 p.m.7 views

CVE-2026-48506

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, MessagePackReader.TrySkip recursively descends into nested arrays and maps without incrementing the reader depth or calling the configured depth checks. This bypasses MessagePackSecurity.MaximumObjectGraphDepth, the...

7.5CVSS0.00275EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:17 p.m.5 views

CVE-2026-48506

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, MessagePackReader.TrySkip recursively descends into nested arrays and maps without incrementing the reader depth or calling the configured depth checks. This bypasses MessagePackSecurity.MaximumObjectGraphDepth, the...

7.5CVSS5.8AI score0.00275EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/22 9:17 p.m.24 views

CVE-2026-48506 MessagePack-CSharp: MessagePackReader.Skip can recurse without enforcing maximum object graph depth

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, MessagePackReader.TrySkip recursively descends into nested arrays and maps without incrementing the reader depth or calling the configured depth checks. This bypasses MessagePackSecurity.MaximumObjectGraphDepth, the...

7.5CVSS0.00275EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.14 views

PT-2026-51392

Name of the Vulnerable Software and Affected Versions MessagePack for C versions prior to 2.5.301 MessagePack for C versions prior to 3.1.7 Description The MessagePackReader.TrySkip function recursively descends into nested arrays and maps without incrementing the reader depth or triggering...

7.5CVSS5.8AI score0.00275EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.14 views

ImageMagick 安全漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 7.1.2-23 contained security vulnerabilities. These vulnerabilities were caused by a lack of depth checks,...

6.2CVSS5.3AI score0.0012EPSS
Exploits0References1
OSV
OSV
added 2026/03/24 10:15 p.m.4 views

GHSA-XCX6-VP38-8HR5 Scriban has Uncontrolled Recursion in `object.to_json` Causing Unrecoverable Process Crash via StackOverflowException

Summary The object.tojson builtin function in Scriban performs recursive JSON serialization via an internal WriteValue static local function that has no depth limit, no circular reference detection, and no stack overflow guard. A Scriban template containing a self-referencing object passed to...

7.5CVSS5.9AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/11 7:44 p.m.6 views

CVE-2026-1849

MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce deeply nested documents. The issue arises in recursive functions because the server does not periodically check the depth of the expression...

7.5CVSS5.5AI score0.00272EPSS
Exploits0References1
OSV
OSV
added 2026/02/10 7:15 p.m.5 views

UBUNTU-CVE-2026-1849

MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce deeply nested documents. The issue arises in recursive functions because the server does not periodically check the depth of the expression...

7.5CVSS5.8AI score0.00272EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/10 6:52 p.m.4 views

CVE-2026-1849

MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce deeply nested documents. The issue arises in recursive functions because the server does not periodically check the depth of the expression...

7.1CVSS5.5AI score0.00272EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/10 6:52 p.m.5 views

CVE-2026-1849 Mongod can run out of stack memory when expressions create deeply nested documents

MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce deeply nested documents. The issue arises in recursive functions because the server does not periodically check the depth of the expression...

7.1CVSS5.5AI score0.00272EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.11 views

PT-2026-7433

Name of the Vulnerable Software and Affected Versions MongoDB Server affected versions not specified Description The MongoDB Server may encounter an out-of-memory failure when processing expressions that result in deeply nested documents. This occurs due to a lack of periodic depth checks within...

7.5CVSS5.4AI score0.00272EPSS
Exploits0References9
CVE
CVE
added 2025/08/19 5:3 p.m.49 views

CVE-2025-38614

The CVE-2025-38614 entry describes a Linux kernel vulnerability in eventpoll where recursion depth in ep_loop_check_proc() could form deep trees and trigger semi-unbounded recursion. The root cause involved two shortcomings: (1) the depth checks did not consider upward paths, and (2) multiple dow...

5.5CVSS7AI score0.00153EPSS
Exploits0References10Affected Software1
Cvelist
Cvelist
added 2025/08/19 5:3 p.m.16 views

CVE-2025-38614 eventpoll: Fix semi-unbounded recursion

In the Linux kernel, the following vulnerability has been resolved: eventpoll: Fix semi-unbounded recursion Ensure that epoll instances can never form a graph deeper than EPMAXNESTS+1 links. Currently, eploopcheckproc ensures that the graph is loop-free and does some recursion depth checks, but...

0.00153EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/08/19 12:0 a.m.5 views

PT-2025-33812

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw within the eventpoll subsystem that could allow for semi-unbounded recursion. The issue stems from insufficient depth checks when creating graph edges...

5.5CVSS6AI score0.00153EPSS
Exploits0
OSV
OSV
added 2024/09/16 8:34 p.m.12 views

GHSA-MMHX-HMJR-R674 DOMPurify allows tampering by prototype pollution

It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the depth check. This renders dompurify unable to avoid XSS attack. Fixed by...

8.3CVSS7AI score0.00844EPSS
Exploits0References5
OSV
OSV
added 2024/09/16 7:16 p.m.2 views

DEBIAN-CVE-2024-45801

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the...

6.1CVSS6.6AI score0.00844EPSS
Exploits0References1
Veracode
Veracode
added 2023/06/22 3:16 a.m.18 views

Denial Of Services (DoS)

JSON is vulnerable to Denial Of Services DoS. The vulnerability exists due to a lack of nested depth checks in Parser.java, which allows an attacker to cause an application crash by passing a maliciously crafted JSON string...

7.5CVSS6.6AI score0.00732EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder