Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5241 matches found

CNNVD
CNNVDadded 2022/08/01 12:0 a.m.2 views

graphql-go 安全漏洞

graphql-go is an open source GraphQL server focused on ease of use. A security vulnerability exists in graphql-go also known as GraphQL for Go version 0.8.0, which stems from the type definition parser having infinite recursion...

7.5CVSS7.3AI score0.00085EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2022/08/01 12:0 a.m.4 views

PT-2022-23922 · Unknown · Graphql-Go

Name of the Vulnerable Software and Affected Versions: graphql-go aka GraphQL for Go versions 0.8.0 and earlier Description: The issue concerns infinite recursion in the type definition parser. Recommendations: For versions 0.8.0 and earlier, at the moment, there is no information about a newer...

7.5CVSS7.3AI score0.00085EPSS
Exploits1References12
Positive Technologies
Positive Technologiesadded 2022/07/29 12:0 a.m.3 views

PT-2025-37090

Name of the Vulnerable Software and Affected Versions: libxml2 versions prior to 2.9.15 Description: An uncontrolled recursion issue in XPath evaluation within libxml2 allows a local attacker to cause a stack overflow through crafted expressions. The XPath processing functions xmlXPathRunEval,...

6.2CVSS6.8AI score0.00099EPSS
Exploits0References47
Cvelist
Cvelistadded 2022/07/26 5:10 a.m.14 views

CVE-2022-33977

untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts recursive entity references in DTDs. By exploiting this vulnerability, a remote unauthenticated attacker may cause a denial-of-service DoS condition on the server where the...

7.7AI score0.02125EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2022/07/21 12:0 a.m.46 views

Amazon Linux 2 : vim (ALAS-2022-1829)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1829 advisory. Use after free in appendcommand in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote...

7.8CVSS7.3AI score0.02861EPSS
Exploits34References71
Snyk
Snykadded 2022/07/20 8:52 p.m.2 views

Uncontrolled Recursion

Overview std/io/fs is a Go standard library package std/io/fs Affected versions of this package are vulnerable to Uncontrolled Recursion. Go Vulnerability Report: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion. Remediation Upgrade...

8.7CVSS6.8AI score0.00052EPSS
Exploits0References3
Snyk
Snykadded 2022/07/20 8:52 p.m.1 views

Uncontrolled Recursion

Overview std/compress/gzip is a Go standard library package std/compress/gzip Affected versions of this package are vulnerable to Uncontrolled Recursion. Go Vulnerability Report: via the Reader.Read function when processing an archive that contains a large number of concatenated zero-length...

8.7CVSS6.7AI score0.00055EPSS
Exploits0References3
Snyk
Snykadded 2022/07/20 8:52 p.m.1 views

Uncontrolled Recursion

Overview std/encoding/xml is a Go standard library package std/encoding/xml Affected versions of this package are vulnerable to Uncontrolled Recursion. Go Vulnerability Report: Unmarshaling an XML document into a Go struct which has a nested field that uses the 'any' field tag can panic due to...

8.7CVSS6.9AI score0.0013EPSS
Exploits0References3
Snyk
Snykadded 2022/07/20 5:2 p.m.2 views

Uncontrolled Recursion

Overview std/path/filepath is a Go standard library package std/path/filepath Affected versions of this package are vulnerable to Uncontrolled Recursion. Go Vulnerability Report: Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion...

8.7CVSS6.8AI score0.0013EPSS
Exploits0References3
Snyk
Snykadded 2022/07/20 5:2 p.m.1 views

Uncontrolled Recursion

Overview std/encoding/xml is a Go standard library package std/encoding/xml Affected versions of this package are vulnerable to Uncontrolled Recursion. Go Vulnerability Report: Calling Decoder.Skip when parsing a deeply nested XML document can cause a panic due to stack exhaustion. Remediation...

8.7CVSS6.8AI score0.00026EPSS
Exploits0References3
Snyk
Snykadded 2022/07/20 5:1 p.m.1 views

Uncontrolled Recursion

Overview std/go/parser is a Go standard library package std/go/parser Affected versions of this package are vulnerable to Uncontrolled Recursion. Go Vulnerability Report: Calling any of the Parse functions on Go source code which contains deeply nested types or declarations can cause a panic due ...

6.8CVSS7AI score0.00005EPSS
Exploits1References3
Snyk
Snykadded 2022/07/15 11:4 p.m.3 views

Uncontrolled Recursion

Overview std/net/http is a Go standard library package std/net/http Affected versions of this package are vulnerable to Uncontrolled Recursion. Go Vulnerability Report: A malicious HTTP server or client can cause the net/http client or server to panic.ReadRequest and ReadResponse can hit an...

8.2CVSS6.8AI score0.00022EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 2022/07/14 12:0 a.m.30 views

vm2 before 3.6.11 vulnerable to sandbox escape

This affects the package vm2 before 3.6.11. It is possible to trigger a RangeError exception from the host rather than the "sandboxed" context by reaching the stack call limit with an infinite recursion. The returned object is then used to reference the mainModule property of the host code runnin...

8.3CVSS3.3AI score0.00818EPSS
Exploits1References7Affected Software1
OpenVAS
OpenVASadded 2022/07/14 12:0 a.m.8 views

Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2022-2067)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS6AI score0.00022EPSS
Exploits1References2
OSV
OSVadded 2022/07/13 9:15 a.m.11 views

CVE-2019-10761

This affects the package vm2 before 3.6.11. It is possible to trigger a RangeError exception from the host rather than the "sandboxed" context by reaching the stack call limit with an infinite recursion. The returned object is then used to reference the mainModule property of the host code runnin...

8.3CVSS8.5AI score
Exploits0References3
NVD
NVDadded 2022/07/13 9:15 a.m.10 views

CVE-2019-10761

This affects the package vm2 before 3.6.11. It is possible to trigger a RangeError exception from the host rather than the "sandboxed" context by reaching the stack call limit with an infinite recursion. The returned object is then used to reference the mainModule property of the host code runnin...

8.3CVSS0.00818EPSS
Exploits1References3
Prion
Prionadded 2022/07/13 9:15 a.m.19 views

Code injection

This affects the package vm2 before 3.6.11. It is possible to trigger a RangeError exception from the host rather than the "sandboxed" context by reaching the stack call limit with an infinite recursion. The returned object is then used to reference the mainModule property of the host code runnin...

7.5CVSS8.4AI score0.00818EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2022/07/13 8:20 a.m.20 views

CVE-2019-10761 Sandbox Bypass

This affects the package vm2 before 3.6.11. It is possible to trigger a RangeError exception from the host rather than the "sandboxed" context by reaching the stack call limit with an infinite recursion. The returned object is then used to reference the mainModule property of the host code runnin...

8.3CVSS8.5AI score0.00818EPSS
Exploits1References3
CNNVD
CNNVDadded 2022/07/13 12:0 a.m.3 views

vm2 安全漏洞

vm2 is an advanced virtual machine/sandbox for Node.js by individual developer Patrik Simek in the Czech Republic. to run untrusted code using whitelisted Node built-in modules. A security vulnerability exists in vm2 prior to 3.6.11, which stems from reaching the stack call limit via infinite...

8.3CVSS8.1AI score0.00818EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2022/07/12 12:0 a.m.3 views

PT-2022-20221 · Go +9 · Go +9

Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.17.12 Go versions prior to 1.18.4 Description: The issue is related to uncontrolled recursion in Glob in path/filepath, which allows an attacker to cause a panic due to stack exhaustion via a path containing a large...

9.8CVSS7AI score0.10629EPSS
Exploits16References402
Rows per page
Query Builder