Lucene search
+L

5449 matches found

NVD
NVD
added 3 hours ago2 views

CVE-2026-47180

Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.5, DNSIncoming.decodelabelsatoffset recurses once per DNS-name compression pointer, and a single mDNS packet carrying chained pointers can trigger a RecursionError that escapes DNSIncoming.init, causing...

6.5CVSS0.0002EPSS
Exploits0References4
Cvelist
Cvelist
added 4 hours ago9 views

CVE-2026-47180 Zeroconf: Unbounded recursion in DNS compression-pointer decoder allows LAN-local denial of service

Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.5, DNSIncoming.decodelabelsatoffset recurses once per DNS-name compression pointer, and a single mDNS packet carrying chained pointers can trigger a RecursionError that escapes DNSIncoming.init, causing...

6.5CVSS0.0002EPSS
Exploits0References4
CVE
CVE
added 4 hours ago29 views

CVE-2026-47180

CVE-2026-47180 affects the Zeroconf Python library. The vulnerability stems from DNSIncoming._decode_labels_at_offset recursing for each DNS-name compression pointer; a crafted mDNS packet with ~1500 chained pointers can cause unbounded recursion, escaping DNSIncoming.init and triggering sustaine...

6.5CVSS5.2AI score0.0002EPSS
Exploits0References4
OSV
OSV
added 3 days ago4 views

CVE-2026-45133 Symfony: [Yaml] Harden the parser when handling untrusted input

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, when the parser is exposed to attacker-controlled input, deeply nested mappings or sequences cause both the block-level Parser::parseBlock and inline...

8.2CVSS6.1AI score0.00691EPSS
Exploits0References7
OSV
OSV
added 3 days ago2 views

SUSE-SU-2026:2983-1 Security update for jq

This update for jq fixes the following issues: - CVE-2026-32316: integer overflow within the jvpstringappend and jvpstringcopyreplacebad functions can lead to heap buffer overflow when evaluating untrusted jq queries bsc1262044. - CVE-2026-33947: unbounded recursion in functions jvsetpath,...

8.2CVSS6.2AI score0.00559EPSS
Exploits4References11
OSV
OSV
added 3 days ago2 views

OPENSUSE-SU-2026:21339-1 Security update for python-mistune

This update for python-mistune fixes the following issues - CVE-2026-59922: quadratic-time parsing on long runs of some markers in formatting.py can lead to DoS bsc1271117. - CVE-2026-59923: HTMLRenderer.safeurl does not block percent-encoded javascript URIs and allows for XSS bsc1271119. -...

7.5CVSS6.3AI score0.00366EPSS
Exploits8References19
OSV
OSV
added 3 days ago2 views

OPENSUSE-SU-2026:21343-1 Security update for python-sqlparse

This update for python-sqlparse fixes the following issues: Changes in python-sqlparse: - GHSA-27jp-wm6q-gp25: Limit recursion during parsing of tuples. bsc1268597...

6.1AI score
Exploits0References1
PyPA
PyPA
added 4 days ago8 views

zeroconf has unbounded recursion in DNS compression-pointer decoder that allows LAN-local denial of service

ImpactDNSIncoming.decodelabelsatoffset recurses once per DNS-name compression pointer RFC 1035 §4.1.4. Pointer cycles and label counts were capped, but the chain length of unique forward pointers was not. A single 3 kB mDNS packet carrying 1500 chained pointers drives the recursion past CPython's...

6.5CVSS6.1AI score0.0002EPSS
Exploits0References7Affected Software1
OSV
OSV
added 4 days ago4 views

PYSEC-2026-3436 zeroconf has unbounded recursion in DNS compression-pointer decoder that allows LAN-local denial of service

Impact DNSIncoming.decodelabelsatoffset recurses once per DNS-name compression pointer RFC 1035 §4.1.4. Pointer cycles and label counts were capped, but the chain length of unique forward pointers was not. A single 3 kB mDNS packet carrying 1500 chained pointers drives the recursion past CPython'...

6.5CVSS6.1AI score0.0002EPSS
Exploits0References7
OSV
OSV
added 4 days ago2 views

OPENSUSE-SU-2026:21318-1 Security update for jq

This update for jq fixes the following issues - CVE-2026-43896: unbounded recursion in jvobjectmergerecursive can lead to C stack exhaustion and a process crash bsc1265075. - CVE-2026-44777: uncontrolled recursion in ordinary module loader when two valid modules include each other can lead to sta...

7.1CVSS6.2AI score0.00165EPSS
Exploits3References8
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-60045

Impact DNSIncoming. decode labels at offset recurses once per DNS-name compression pointer RFC 1035 §4.1.4. Pointer cycles and label counts were capped, but the chain length of unique forward pointers was not. A single 3 kB mDNS packet carrying 1500 chained pointers drives the recursion past...

6.5CVSS6.1AI score0.0002EPSS
Exploits0References8
NVD
NVD
added 2026/07/10 8:16 a.m.5 views

CVE-2026-40007

Uncontrolled Recursion, Uncontrolled Resource Consumption vulnerability in Apache IoTDB. When pipeairgapreceiverenabled=true, the IoTDB AirGap receiver's readLength method calls itself recursively each time it recognises the E-language prefix in socket data, with no depth limit. An unauthenticate...

7.5CVSS0.00278EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/10 7:12 a.m.9 views

EUVD-2026-42835

Uncontrolled Recursion, Uncontrolled Resource Consumption vulnerability in Apache IoTDB. When pipeairgapreceiverenabled=true, the IoTDB AirGap receiver's readLength method calls itself recursively each time it recognises the E-language prefix in socket data, with no depth limit. An unauthenticate...

7.5CVSS6.1AI score0.00278EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/10 7:12 a.m.31 views

CVE-2026-40007 Apache IoTDB: Unauthenticated unbounded recursion in IoTDB AirGap receiver's E-language prefix parser causes per-connection StackOverflowError

Uncontrolled Recursion, Uncontrolled Resource Consumption vulnerability in Apache IoTDB. When pipeairgapreceiverenabled=true, the IoTDB AirGap receiver's readLength method calls itself recursively each time it recognises the E-language prefix in socket data, with no depth limit. An unauthenticate...

0.00278EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/10 7:12 a.m.7 views

CVE-2026-40007

Uncontrolled Recursion, Uncontrolled Resource Consumption vulnerability in Apache IoTDB. When pipeairgapreceiverenabled=true, the IoTDB AirGap receiver's readLength method calls itself recursively each time it recognises the E-language prefix in socket data, with no depth limit. An unauthenticate...

7.5CVSS6.1AI score0.00278EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/10 7:12 a.m.9 views

CVE-2026-40007

CVE-2026-40007 affects Apache IoTDB. The issue is an uncontrolled recursion in the AirGap receiver: when pipe_air_gap_receiver_enabled is true, readLength recursively processes E-language prefixes with no depth limit, allowing an unauthenticated attacker to exhaust the receiver thread’s JVM stack...

7.5CVSS6.1AI score0.00278EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/07/10 3:12 a.m.4 views

SUSE CVE-2026-59927

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the Include directive in src/mistune/directives/include.py detects only direct self-includes and not indirect cycles, allowing two markdown files that include each other to trigger unbounded recursion, raise...

5.3CVSS6.1AI score0.00307EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/07/10 12:30 a.m.4 views

p11-kit: Stack exhaustion via unbounded recursion in RPC attribute parsing

A flaw was found in p11-kit. The RPC message attribute parsing functions p11rpcmessagegetattribute and p11rpcmessagegetattributearrayvalue form a mutually-recursive call chain with no recursion depth limit when processing nested CKAWRAPTEMPLATE, CKAUNWRAPTEMPLATE, and CKADERIVETEMPLATE attributes...

6.2CVSS6AI score0.00137EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/07/09 11:0 a.m.7 views

CVE-2026-59927

A flaw was found in Mistune, a Python Markdown parser. The Include directive in Mistune's src/mistune/directives/include.py does not properly detect indirect cycles when two Markdown files include each other. This oversight allows for unbounded recursion, which can lead to a RecursionError and...

5.3CVSS5.9AI score0.00307EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/07/09 12:0 a.m.5 views

openSUSE 16 Security Update : jq (openSUSE-SU-2026:21248-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21248-1 advisory. - CVE-2025-48060: improper handling of string data in jvstringempty can lead to heap buffer overflow and a crash when processing crafted input...

8.7CVSS6.9AI score0.00559EPSS
Exploits10References33
Rows per page
Query Builder