ROS-20260401-73-0041

Vulnerability in golang-x-net related to execution of a loop with an unreachable exit condition. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Important: ImageMagick

Issue Overview: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap information disclosure vulnerability exists in ImageMagick's PSD Adobe Photoshop format handler. When processing a maliciously crafted PS...

Updated zlib packages fix security vulnerability

zlib before 1.3.2 allows CPU consumption via crc32combine64 and crc32combinegen64 because x2nmodp can do right shifts within a loop that has no termination condition. CVE-2026-27171...

SUSE-SU-2026:1159-1 Security update for expat

This update for expat fixes the following issues: - CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value bsc1259726. - CVE-2026-32777: denial of service due to infinite loop in DTD content parsing bsc1259711. - CVE-2026-3277...

SUSE-SU-2026:20963-1 Security update for expat

This update for expat fixes the following issues: - CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value bsc1259726. - CVE-2026-32777: denial of service due to infinite loop in DTD content parsing bsc1259711. - CVE-2026-3277...

SUSE-SU-2026:20985-1 Security update for expat

This update for expat fixes the following issues: - CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value bsc1259726. - CVE-2026-32777: denial of service due to infinite loop in DTD content parsing bsc1259711. - CVE-2026-3277...

OPENSUSE-SU-2026:20448-1 Security update for expat

This update for expat fixes the following issues: - CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value bsc1259726. - CVE-2026-32777: denial of service due to infinite loop in DTD content parsing bsc1259711. - CVE-2026-3277...

CVE-2026-33750

A flaw was found in the brace-expansion library, a component used for generating strings based on patterns. A remote attacker could exploit this vulnerability by providing a specially crafted brace pattern that includes a zero step value. This malicious input causes the library's sequence...

EUVD-2026-14434

A flaw was found in the github.com/antchfx/xpath component. A remote attacker could exploit this vulnerability by submitting crafted Boolean XPath expressions that evaluate to true. This can cause an infinite loop in the logicalQuery.Select function, leading to 100% CPU utilization and a Denial o...

Amazon Linux 2023 : ImageMagick, ImageMagick-c++, ImageMagick-c++-devel (ALAS2023-2026-1478)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1478 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap information disclosure vulnerability exists in...

GHSA-65XW-VW82-R86X XPath: Boolean expression infinite loop leads to denial of service via CPU exhaustion

Boolean expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as "1=1" or "true"...

EUVD-2026-16349

XPath: Boolean expression infinite loop leads to denial of service via CPU exhaustion...

Infinite Loop

pypdf is vulnerable to an Infinite Loop. The vulnerability is due to reading a file in non‑strict mode during dictionary recovery, where the DictionaryObject.readfromstream method can enter an infinite loop and an attacker can craft a PDF to trigger it...

SUSE CVE-2026-32287

Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as "1=1" or "true"...

SUSE CVE-2026-33699

pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.2 have a vulnerability in which an attacker can craft a PDF which leads to an infinite loop. This requires reading a file in non-strict mode. This has been fixed in pypdf 6.9.2. If users cannot upgrade yet, consider...

NewStart CGSL MAIN 7.02 : python3.11 Vulnerability (NS-SA-2026-0034)

The remote NewStart CGSL host, running version MAIN 7.02, has python3.11 packages installed that are affected by a vulnerability: - There is a defect in the CPython tarfile module affecting the TarFile extraction and entry enumeration APIs. The tar implementation would process tar archives with...

Linux Distros Unpatched Vulnerability : CVE-2026-32287

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level...

CVE-2026-33891

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library...

CVE-2026-33891 Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library...

CVE-2026-33891 Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library...