Lucene search
+L

211 matches found

Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.6 views

PT-2026-26165

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.21 and 8.6.45, an unauthenticated attacker can crash the Parse Server process by sending a single request with deeply nested query condition operators. This terminates the...

8.7CVSS5.7AI score0.00483EPSS
Exploits0References9
OSV
OSV
added 2026/03/15 5:55 a.m.4 views

OESA-2026-1581 nodejs-underscore security update

Underscore.js is a utility-belt library for JavaScript that provides support for the usual functional suspects each, map, reduce, filter... without extending any core JavaScript objects. Security Fixes: Underscore.js is a utility-belt library for JavaScript. Prior to version 1.13.8, the .flatten...

8.2CVSS6.1AI score0.00612EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/06 9:15 p.m.3 views

CVE-2026-30241

Mercurius is a GraphQL adapter for Fastify. Prior to version 16.8.0, Mercurius fails to enforce the configured queryDepth limit on GraphQL subscription queries received over WebSocket connections. The depth check is correctly applied to HTTP queries and mutations, but subscription queries are...

6.9CVSS5.8AI score0.00362EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/03/06 9:15 p.m.18 views

CVE-2026-30241

CVE-2026-30241 affects Mercurius (GraphQL adapter for Fastify). Prior to 16.8.0, subscription queries over WebSocket bypass the configured queryDepth limit, while HTTP queries/mutations are validated. This allows remote clients to submit arbitrarily nested subscription queries on WebSocket, poten...

8.2CVSS5.8AI score0.00362EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/06 9:15 p.m.7 views

CVE-2026-30241 Mercurius: queryDepth limit bypassed for WebSocket subscriptions

Mercurius is a GraphQL adapter for Fastify. Prior to version 16.8.0, Mercurius fails to enforce the configured queryDepth limit on GraphQL subscription queries received over WebSocket connections. The depth check is correctly applied to HTTP queries and mutations, but subscription queries are...

6.9CVSS5.8AI score0.00362EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/06 6:47 p.m.11 views

Mercurius's queryDepth limit bypassed for WebSocket subscriptions

Description Mercurius fails to enforce the configured queryDepth limit on GraphQL subscription queries received over WebSocket connections. The depth check is correctly applied to HTTP queries and mutations, but subscription queries are parsed and executed without invoking the depth validation...

8.2CVSS5.9AI score0.00362EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/06 6:47 p.m.11 views

GHSA-M4H2-MJFM-MP55 Mercurius's queryDepth limit bypassed for WebSocket subscriptions

Description Mercurius fails to enforce the configured queryDepth limit on GraphQL subscription queries received over WebSocket connections. The depth check is correctly applied to HTTP queries and mutations, but subscription queries are parsed and executed without invoking the depth validation...

6.9CVSS5.9AI score0.00362EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/06 2:10 p.m.7 views

CVE-2026-29062

A flaw was found in jackson-core. A user could exploit this vulnerability by supplying a specially crafted JSON document with excessive nesting. This bypasses a security constraint designed to limit nesting depth, which can cause a system crash StackOverflowError when the document is processed...

8.7CVSS5.7AI score0.00552EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/03/04 5:16 a.m.3 views

CVE-2026-27601

A flaw was found in Underscore.js, a JavaScript utility library. This vulnerability allows a remote attacker to trigger a Denial of Service DoS attack by providing specially crafted recursive data structures. When these structures are processed by the .flatten or .isEqual functions, which lack a...

8.2CVSS5.9AI score0.00612EPSS
Exploits1References6
OSV
OSV
added 2026/03/03 11:15 p.m.7 views

AZL-79427 CVE-2026-27601 affecting package numpy 1.26.3-4

Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...

8.2CVSS5.8AI score0.00612EPSS
Exploits1References1
OSV
OSV
added 2026/03/03 11:15 p.m.6 views

AZL-79320 CVE-2026-27601 affecting package cyrus-sasl 2.1.28-4

Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...

8.2CVSS5.8AI score0.00612EPSS
Exploits1References1
OSV
OSV
added 2026/03/03 11:15 p.m.10 views

AZL-79401 CVE-2026-27601 affecting package python-sphinx 4.4.0-3

Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...

8.2CVSS5.8AI score0.00612EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/03/03 11:15 p.m.6 views

CVE-2026-27601

Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...

8.2CVSS5.9AI score0.00612EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2026/03/03 10:38 p.m.4 views

CVE-2026-27601

Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...

8.2CVSS6AI score0.00612EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/03/03 10:38 p.m.2 views

CVE-2026-27601 Underscore.js has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack

Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...

8.2CVSS6.1AI score0.00612EPSS
Exploits1References3
OSV
OSV
added 2026/03/03 10:38 p.m.4 views

CVE-2026-27601 Underscore.js has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack

Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...

8.2CVSS5.8AI score0.00612EPSS
Exploits1References5
Snyk
Snyk
added 2026/03/03 5:46 p.m.4 views

Uncontrolled Recursion

Overview org.webjars.npm:underscore is a JavaScript's functional programming helper library. Affected versions of this package are vulnerable to Uncontrolled Recursion through the .flatten or .isEqual functions that are used without a depth limit. An attacker can cause the application to crash or...

8.2CVSS5.8AI score0.00612EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/03 5:46 p.m.4 views

Uncontrolled Recursion

Overview underscore is a JavaScript's functional programming helper library. Affected versions of this package are vulnerable to Uncontrolled Recursion through the .flatten or .isEqual functions that are used without a depth limit. An attacker can cause the application to crash or become...

8.2CVSS6AI score0.00612EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/02/16 12:0 a.m.12 views

Siemens SIMATIC S7-1500 Uncontrolled Recursion (CVE-2025-38614)

In the Linux kernel, the following vulnerability has been resolved: eventpoll: Fix semi-unbounded recursion Ensure that epoll instances can never form a graph deeper than EPMAXNESTS+1 links. Currently, eploopcheckproc ensures that the graph is loop-free and does some recursion depth checks, but...

5.5CVSS5.9AI score0.00153EPSS
Exploits0References3
OSV
OSV
added 2026/02/05 12:0 p.m.5 views

RUSTSEC-2026-0009 Denial of Service via Stack Exhaustion

Impact When user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary,...

6.8CVSS5.4AI score0.00291EPSS
Exploits0References3
Rows per page
Query Builder