Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop through the Avro Decoder process. An attacker can exhaust CPU resources by providing a specially crafted payload with a large block-count value, causing the decoder to perform excessive iterations before propagating an...

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop through the Avro Decoder process. An attacker can exhaust CPU resources by providing a specially crafted payload with a large block-count value, causing the decoder to perform excessive iterations before propagating an...

CVE-2026-7263

A flaw was found in PHP. The DOMNode::C14N method may incorrectly process XML data due to the improper removal of an xmlns attribute from the underlying libxml2 data structure, corrupting the linked list representing the XML document and causing an infinite loop. This issue can lead to excessive...

RLSA-2026:19158 Important: dnsmasq security update

The dnsmasq packages contain Dnsmasq, a lightweight DNS Domain Name Server forwarder and DHCP Dynamic Host Configuration Protocol server. Security Fixes: dnsmasq: dnsmasq: heap buffer overflow in cache via NAMEESCAPE expansion CVE-2026-2291 dnsmasq: NSEC bitmap parsing infinite loop CVE-2026-4890...

dnsmasq security update

An update is available for dnsmasq. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The dnsmasq packages contain Dnsmasq, a lightweight DNS Domain Name Server...

CVE-2026-41150

CVE-2026-41150 affects Mermaid (JavaScript) where rendering a Gantt chart with the excludes attribute to exclude all dates can cause a denial-of-service through an infinite loop. The issue occurs in versions prior to 10.9.6 and 11.15.0; mermaid.parse remains unaffected unless ganttDb.getTasks() i...

CVE-2026-41150 Mermaid Gantt Charts are vulnerable to an Infinite Loop DoS

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. mermaid.parse is unaffected, unless you th...

CVE-2026-41150 Mermaid Gantt Charts are vulnerable to an Infinite Loop DoS

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. mermaid.parse is unaffected, unless you th...

SUSE CVE-2026-46138

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: Fix OOB read and infinite loop in hcilecreatebigcompleteevt hcilecreatebigcompleteevt iterates over BTBOUND connections for a BIG handle using a while loop, accessing ev-bishandlei++ on each iteration. Howeve...

dnsmasq security update

An update is available for dnsmasq. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The dnsmasq packages contain Dnsmasq, a lightweight DNS Domain Name Server...

RLSA-2026:21291 Important: .NET 8.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.127 and .NET Runtime...

RockyLinux 8 : dnsmasq (RLSA-2026:20589)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:20589 advisory. dnsmasq: dnsmasq: heap buffer overflow in cache via NAMEESCAPE expansion CVE-2026-2291 dnsmasq: NSEC bitmap parsing infinite loop CVE-2026-4890 dnsmasq:...

AlmaLinux 10 : .NET 9.0 (ALSA-2026:21754)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:21754 advisory. dotnet: .NET: infinite loop allows an attacker to cause a denial of service CVE-2026-42899 Tenable has extracted the preceding description block directly from th...

CVE-2026-10028

A flaw was found in glib-networking. A remote attacker can exploit this vulnerability by presenting a specially crafted certificate chain to an application that uses glib-networking with the GnuTLS backend enabled and performs certificate verification. This crafted chain, which contains circular...

RockyLinux 9 : dnsmasq (RLSA-2026:19373)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19373 advisory. dnsmasq: dnsmasq: heap buffer overflow in cache via NAMEESCAPE expansion CVE-2026-2291 dnsmasq: NSEC bitmap parsing infinite loop CVE-2026-4890 dnsmasq:...

ImageMagick - Infinite Loop in the MIFF decoder can lead to CPU exhaustion

Exploit Title: ImageMagick - Infinite Loop in the MIFF decoder can lead to CPU exhaustion Google Dork: N/A Date: 2026-05-13 Exploit Author: Jose Rivas bl4cksku11 & Zero Trust Offsec Vendor Homepage: https://imagemagick.org/ Software Link: https://imagemagick.org/download/ Version: ImageMagick 7.x...

CVE-2026-10028

A flaw was found in glib-networking. A remote attacker can exploit this vulnerability by presenting a specially crafted certificate chain to an application that uses glib-networking with the GnuTLS backend enabled and performs certificate verification. This crafted chain, which contains circular...

SUSE-SU-2026:21861-1 Security update for python-Pillow

This update for python-Pillow fixes the following issues - CVE-2026-42308: integer overflow in font processing can lead to denial of service bsc1265359. - CVE-2026-42309: heap buffer overflow when processing nested list coordinates bsc1265153. - CVE-2026-42310: infinite loop and resource exhausti...

dnsmasq security update

An update is available for dnsmasq. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The dnsmasq packages contain Dnsmasq, a lightweight DNS Domain Name Server...

RLSA-2026:19373 Important: dnsmasq security update

The dnsmasq packages contain Dnsmasq, a lightweight DNS Domain Name Server forwarder and DHCP Dynamic Host Configuration Protocol server. Security Fixes: dnsmasq: dnsmasq: heap buffer overflow in cache via NAMEESCAPE expansion CVE-2026-2291 dnsmasq: NSEC bitmap parsing infinite loop CVE-2026-4890...