Lucene search
K

25 matches found

CVE
CVE
added 2026/06/30 11:5 a.m.13 views

CVE-2026-57081

CVE-2026-57081 affects Net::BitTorrent for Perl up to version 2.0.1. The root cause is unbounded recursion in the bdecode decoder: each nested list/dictionary level causes a recursive call that copies the remaining input buffer, producing O(N^2) memory growth for deeply nested inputs. In practice...

7.5CVSS6AI score0.00263EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/18 6:22 a.m.8 views

CVE-2026-32690 Apache Airflow: 3.x - Nested Variable Secret Values Bypass Redaction via max_depth=1

Secrets in Variables saved as JSON dictionaries were not properly redacted - in case thee variables were retrieved by the user the secrets stored as nested fields were not masked. If you do not store variables with sensitive values in JSON form, you are not affected. Otherwise please upgrade to...

5.8AI score0.00421EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.10 views

AutoMapper 安全漏洞

AutoMapper is an object mapping library open source by Lucky Penny Software LLC. Versions of AutoMapper prior to 15.1.1 and 16.1.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of enforcing a default maximum depth limit when mapping deeply nested object graphs,...

7.5CVSS5.8AI score0.00542EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2025/12/19 12:26 a.m.4 views

SUSE CVE-2025-68156

Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including flatten, min, max, mean, and median, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation...

7.5CVSS7.1AI score0.00377EPSS
Exploits0References9
OSV
OSV
added 2025/12/16 10:34 p.m.4 views

GHSA-CFPF-HRX2-8RV6 Expr has Denial of Service via Unbounded Recursion in Builtin Functions

Several builtin functions in Expr, including flatten, min, max, mean, and median, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation environment contains deeply nested or cyclic data structures, these functions may recurse...

7.5CVSS7AI score0.00377EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/16 10:34 p.m.4 views

EUVD-2025-203831

Expr has Denial of Service via Unbounded Recursion in Builtin Functions...

7.5CVSS6.5AI score0.00377EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/12/16 10:34 p.m.9 views

Expr has Denial of Service via Unbounded Recursion in Builtin Functions

Several builtin functions in Expr, including flatten, min, max, mean, and median, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation environment contains deeply nested or cyclic data structures, these functions may recurse...

7.5CVSS7.1AI score0.00377EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/12/16 7:16 p.m.6 views

CVE-2025-68156

Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including flatten, min, max, mean, and median, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation...

7.5CVSS0.00377EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/11/03 4:0 p.m.3 views

kernel: eventpoll: Fix semi-unbounded recursion

In the Linux kernel, the following vulnerability has been resolved: eventpoll: Fix semi-unbounded recursion Ensure that epoll instances can never form a graph deeper than EPMAXNESTS+1 links. Currently, eploopcheckproc ensures that the graph is loop-free and does some recursion depth checks, but...

5.5CVSS5.7AI score0.00153EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-29489

Malicious code in bioql PyPI...

6.6AI score
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-53426

Malicious code in bioql PyPI...

5.5CVSS7.3AI score0.002EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-29425

Malicious code in bioql PyPI...

6.6AI score
Exploits0References4
SUSE CVE
SUSE CVE
added 2025/08/19 11:22 p.m.4 views

SUSE CVE-2025-38614

In the Linux kernel, the following vulnerability has been resolved: eventpoll: Fix semi-unbounded recursion Ensure that epoll instances can never form a graph deeper than EPMAXNESTS+1 links. Currently, eploopcheckproc ensures that the graph is loop-free and does some recursion depth checks, but...

5.5CVSS6.5AI score0.00153EPSS
Exploits0References23
Github Security Blog
Github Security Blog
added 2025/05/10 3:30 p.m.14 views

LlamaIndex Vulnerable to Denial of Service (DoS)

A Denial of Service DoS vulnerability has been identified in the KnowledgeBaseWebReader class of the run-llama/llamaindex project, affecting version latestv0.12.15. The vulnerability arises due to inappropriate secure coding measures, specifically the lack of proper implementation of the maxdepth...

7.5CVSS6.7AI score0.00438EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/02/02 12:0 a.m.5 views

PT-2025-20625

Name of the Vulnerable Software and Affected Versions run-llama/llama index version latestv0.12.15 Description A Denial of Service DoS issue has been identified in the KnowledgeBaseWebReader class due to inadequate secure coding practices. Specifically, the lack of proper implementation of the ma...

7.8CVSS6.4AI score0.00438EPSS
Exploits1References18
RedhatCVE
RedhatCVE
added 2025/01/09 5:58 p.m.9 views

CVE-2024-56783

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsocket: remove WARNONONCE on maximum cgroup level cgroup maximum depth is INTMAX by default, there is a cgroup toggle to restrict this maximum depth to a more reasonable value not to harm performance. Remove...

5.5CVSS7.1AI score0.002EPSS
Exploits0References4
NVD
NVD
added 2025/01/08 6:15 p.m.10 views

CVE-2024-56783

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsocket: remove WARNONONCE on maximum cgroup level cgroup maximum depth is INTMAX by default, there is a cgroup toggle to restrict this maximum depth to a more reasonable value not to harm performance. Remove...

5.5CVSS0.002EPSS
Exploits0References5
OSV
OSV
added 2025/01/08 5:51 p.m.8 views

CVE-2024-56783 netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsocket: remove WARNONONCE on maximum cgroup level cgroup maximum depth is INTMAX by default, there is a cgroup toggle to restrict this maximum depth to a more reasonable value not to harm performance. Remove...

5.5CVSS6AI score0.002EPSS
Exploits0References8
Cvelist
Cvelist
added 2025/01/08 5:51 p.m.14 views

CVE-2024-56783 netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsocket: remove WARNONONCE on maximum cgroup level cgroup maximum depth is INTMAX by default, there is a cgroup toggle to restrict this maximum depth to a more reasonable value not to harm performance. Remove...

0.002EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/06/06 1:15 p.m.6 views

JDK: Object Request Broker (ORB) denial of service

The IBM SDK, Java Technology Edition's Object Request Broker ORB is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters...

7.5CVSS7.2AI score0.00848EPSS
Exploits0References7
Rows per page
Query Builder