Expr 安全漏洞

Expr is an expression language and expression evaluation for Go open-sourced by Expr. A security vulnerability exists in versions of Expr prior to 1.17.7, which stems from multiple built-in functions that do not enforce maximum recursion depth, potentially resulting in a stack overflow and proces...

PT-2025-51779

Name of the Vulnerable Software and Affected Versions Expr versions prior to 1.17.7 Description The Expr library, used for expression language and evaluation in Go, contains a flaw where certain builtin functions – including flatten, min, max, mean, and median – can cause a denial of service. The...

EUVD-2025-199979

Uncontrolled recursion in the json2pb component in Apache bRPC version 1.15.0 on all platforms allows remote attackers to make the server crash via sending deep recursive json data. Root Cause: The bRPC json2pb component uses rapidjson to parse json data from the network. The rapidjson parser use...

CVE-2025-59789

Uncontrolled recursion in the json2pb component in Apache bRPC version 1.15.0 on all platforms allows remote attackers to make the server crash via sending deep recursive json data. Root Cause: The bRPC json2pb component uses rapidjson to parse json data from the network. The rapidjson parser use...

CVE-2025-59789 Apache bRPC: Stack Exhaustion via Unbounded Recursion in JSON Parser

Uncontrolled recursion in the json2pb component in Apache bRPC version 1.15.0 on all platforms allows remote attackers to make the server crash via sending deep recursive json data. Root Cause: The bRPC json2pb component uses rapidjson to parse json data from the network. The rapidjson parser use...

CVE-2025-59789

CVE-2025-59789 : Apache bRPC’s json2pb component (uses rapidjson) is vulnerable to stack/exhaustion via deeply recursive JSON input, causing server crashes. Affected: bRPC

libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c

A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map', leading to stack exhaustion and a local denial of service...

Uncontrolled Recursion

Overview node-forge is a JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities. Affected versions of this package are vulnerable to Uncontrolled Recursion via the fromDer function in asn1.js, which lacks recursion depth. An attacker c...

CLSA-2025-1760020147 Fix CVE(s): CVE-2025-9714

SECURITY UPDATE: uncontrolled recursion causing stack overflow via crafted XPath expressions - debian/patches/CVE-2025-9714-.patch: Add comprehensive XPath DoS protection including operation limits, recursion depth controls, and proper handling of recursive invocations to prevent stack overflows...

EUVD-2018-17115

Malware in sbrugna...

EUVD-2018-20853

Malware in sbrugna...

EUVD-2020-30072

Malware in sbrugna...

EUVD-2018-20856

Malware in sbrugna...

EUVD-2018-5733

Malware in sbrugna...

EUVD-2018-20850

Malware in sbrugna...

EUVD-2016-7435

Malware in sbrugna...

EUVD-2022-6229

Malicious code in bioql PyPI...

EUVD-2025-25367

Malicious code in bioql PyPI...

CLSA-2025-1759411642 libxml2: Fix of CVE-2025-9714

CVE-2025-9714: preserve recursion depth across recursive calls to prevent stack overflow in XPath evaluation...

CVE-2025-59364

The express-xss-sanitizer aka Express XSS Sanitizer package through 2.0.0 for Node.js has an unbounded recursion depth in sanitize in lib/sanitize.js for a JSON request body...