Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : pyasn1 vulnerability (USN-8129-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8129-1 advisory. It was discovered that pyasn1 incorrectly handled recursion when decoding ASN.1 data. An attacker could use this issue to cause pyasn1 to...

OESA-2026-1779 python-pyasn1 security update

Abstract Syntax Notation One ASN.1 is a technology for exchanging structured data in a universally understood, hardware agnostic way. Many industrial, security and telephony applications heavily rely on ASN.1. The pyasn1 library implements ASN.1 support in pure-Python. Security Fixes: The pyasn1...

CVE-2026-4833

A weakness has been identified in Orc discount up to 3.0.1.2. This issue affects the function compile of the file markdown.c of the component Markdown Handler. This manipulation causes uncontrolled recursion. The attack is restricted to local execution. The exploit has been made available to the...

Uncontrolled Recursion

Overview Scriban.Signed is a fast, powerful, safe and lightweight scripting language and engine for .NET, which was primarily developed for text templating with a compatibility mode for parsing liquid templates. Affected versions of this package are vulnerable to Uncontrolled Recursion in the...

PT-2026-27176

Name of the Vulnerable Software and Affected Versions cbor2 versions prior to 5.9.0 Description The cbor2 library is susceptible to a Denial of Service DoS attack due to uncontrolled recursion when decoding deeply nested CBOR structures. This affects both the pure Python implementation and the C...

SUSE CVE-2026-30922

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the pyasn1 library is vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested SEQUENC...

CVE-2026-30922

An unbounded recursion flaw has been discovered in the pypi pyasn1 library. This uncontrolled recursion occurs when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE 0x30 or SET 0x31 tags with Indefinite Length 0x80 markers. Thi...

Uncontrolled Recursion

Overview nltk is a Natural Language Toolkit NLTK is a Python package for natural language processing. Affected versions of this package are vulnerable to Uncontrolled Recursion via the JSONTaggedDecoder.decodeobj function in jsontags.py. An attacker can cause the application to crash by submittin...

GHSA-RF74-V2FM-23PW Natural Language Toolkit (NLTK) has unbounded recursion in JSONTaggedDecoder.decode_obj() may cause DoS

Summary JSONTaggedDecoder.decodeobj in nltk/jsontags.py calls itself recursively without any depth limit. A deeply nested JSON structure exceeding sys.getrecursionlimit default: 1000 will raise an unhandled RecursionError, crashing the Python process. Affected code File: nltk/jsontags.py, lines...

Security Bulletin: Due to the use of Underscore.js, IBM DevOps Solution Workbench is affected by a Denial of Service (CVE-2026-27601)

Summary Underscore.js is used internally within IBM DevOps Solution Workbench Vulnerability Details CVEID:CVE-2026-27601 DESCRIPTION: Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specif...

NewStart CGSL MAIN 6.06 (SP) : bind Multiple Vulnerabilities (NS-SA-2026-0006)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has bind packages installed that are affected by multiple vulnerabilities: - The default access control lists ACL in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which...

CVE-2026-3388

A vulnerability was found in Squirrel up to 3.2. This affects the function SQCompiler::Factor/SQCompiler::UnaryOP of the file squirrel/sqcompiler.cpp. Performing a manipulation results in uncontrolled recursion. The attack needs to be approached locally. The exploit has been made public and could...

CVE-2026-3385

The CVE-2026-3385 affects wren-lang wren up to 0.4.0. The vulnerability is in resolveLocal (src/vm/wren_compiler.c), causing uncontrolled recursion. Local attack is required. Exploit is public and may be used; reports indicate the project was informed via issue but has not responded. There are no...

PT-2026-22503

A security vulnerability has been detected in ChaiScript up to 6.1.0. This impacts the function chaiscript::eval::AST Node Impl::eval/chaiscript::eval::Function Push Pop of the file include/chaiscript/language/chaiscript eval.hpp. The manipulation leads to uncontrolled recursion. An attack has to...

PT-2026-22510

A vulnerability was found in Squirrel up to 3.2. This affects the function SQCompiler::Factor/SQCompiler::UnaryOP of the file squirrel/sqcompiler.cpp. Performing a manipulation results in uncontrolled recursion. The attack needs to be approached locally. The exploit has been made public and could...

PT-2026-21396

Name of the Vulnerable Software and Affected Versions aardappel lobster versions prior to 2026.1 Description A security issue exists in aardappel lobster up to version 2025.4. The lobster::TypeName function within the dev/src/lobster/idents.h library is susceptible to uncontrolled recursion. This...

AIX (IJ57282)

The version of AIX installed on the remote host is prior to APAR IJ57282. It is, therefore, affected by a vulnerability as referenced in the IJ57282 advisory. - A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function...

CVE-2026-2641

A flaw was found in ctags. A local attacker with low privileges can exploit a weakness in the V Language Parser component by executing a specially crafted input that triggers uncontrolled recursion within the parseExpression/parseExprList functions. This vulnerability can lead to a Denial of...

Medium: libxml2

Issue Overview: A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issu...

EulerOS Virtualization 2.10.0 : protobuf (EulerOS-SA-2026-1191)

According to the versions of the protobuf packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of...