CVE-2026-42481

The CVE-2026-42481 entry concerns Open CASCADE Technology (OCCT) in the V8_0_0_rc5 release. The affected components are the IGES and STEP file parsers. Documented issues include an out-of-bounds read in Geom2d_BSplineCurve::EvalD0 during IGES B-spline curve evaluation, another out-of-bounds read ...

PT-2026-36310

Name of the Vulnerable Software and Affected Versions Apache Neethi versions prior to 3.2.2 Description Apache Neethi fails to properly detect circular references in policy definitions. When a WS-Policy document contains circular policy references for example, Policy A references Policy B, which ...

CVE-2026-42481

Open CASCADE Technology OCCT V800rc5 contains multiple vulnerabilities in its IGES and STEP file parsers that can be triggered by crafted IGES or STEP files. These issues include an out-of-bounds read in Geom2dBSplineCurve::EvalD0 during IGES B-spline curve evaluation, an out-of-bounds read in...

CVE-2026-42481

Open CASCADE Technology OCCT V800rc5 contains multiple vulnerabilities in its IGES and STEP file parsers that can be triggered by crafted IGES or STEP files. These issues include an out-of-bounds read in Geom2dBSplineCurve::EvalD0 during IGES B-spline curve evaluation, an out-of-bounds read in...

PT-2026-36494

Name of the Vulnerable Software and Affected Versions Open CASCADE Technology OCCT version V8 0 0 rc5 Description Multiple issues exist in the IGES and STEP file parsers that can be triggered by crafted files. These include an out-of-bounds read reading data outside the intended boundary of a...

CLSA-2026-1777545655 vim: Fix of 10 CVEs

CVE-2021-3928: in suggesttriewalk only credit a non-word-char boundary with SCORENONWORD when preword is non-empty, so spell suggestions do not read uninitialized memory behind preword. - CVE-2021-3974: in nfaregmatch NFAMARK / NFAMARKGT / NFAMARKLT, save reginput - regline and re-fetch regline...

pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion

An unbounded recursion flaw has been discovered in the pypi pyasn1 library. This uncontrolled recursion occurs when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE 0x30 or SET 0x31 tags with Indefinite Length 0x80 markers. Thi...

Uncontrolled Recursion

Axios is vulnerable to uncontrolled recursion. The vulnerability is due to the toFormData function recursively processing deeply nested objects without a depth limit, which allows an attacker to supply specially crafted input that triggers a stack overflow and crashes the Node.js process...

Apache Thrift: Node.js skip() recursion

...

EUVD-2026-26352

Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic. Remote attackers can craft packets which cause affected systems to panic. This affects any system where pf is configured to process traffic, independent...

CVE-2026-7164

CVE-2026-7164 affects FreeBSD pf: incorrect SCTP packet validation allows unbounded recursion, leading to a stack overflow and system panic when pf processes SCTP traffic. Affected: all supported FreeBSD versions where pf handles traffic with SCTP parameters. Impact: remote attackers can cause pa...

CVE-2026-7164 pf can overflow the stack parsing crafted SCTP packets

Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic. Remote attackers can craft packets which cause affected systems to panic. This affects any system where pf is configured to process traffic, independent...

CVE-2026-5408 Uncontrolled Recursion in Wireshark

BT-DHT protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

CVE-2026-5408

CVE-2026-5408 describes an uncontrolled recursion causing a crash in Wireshark’s BT-DHT protocol dissector. Affected versions are Wireshark 4.6.0–4.6.4 and 4.4.0–4.4.14, with impact listed as denial of service. The connected documents provide the vulnerability name, affected versions, and the exp...

CVE-2026-5408 Uncontrolled Recursion in Wireshark

BT-DHT protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

CVE-2026-5406

Wireshark contains CVE-2026-5406: an Uncontrolled Recursion in the FC-SWILS protocol dissector that crashes the app, enabling a denial of service. Affected versions are Wireshark 4.6.0–4.6.4 and 4.4.0–4.4.14. The issue is tied to the FC-SWILS dissector specifically; exploitation details are not p...

CVE-2026-5406 Uncontrolled Recursion in Wireshark

FC-SWILS protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

CVE-2026-5299

Wireshark vulnerability CVE-2026-5299 affects the ICMPv6 PvD protocol dissector in Wireshark versions 4.6.0–4.6.4 and 4.4.0–4.4.14. The issue is an uncontrolled recursion that allows a denial of service via the dissector crash. No exploitation details are provided in the connected documents, and ...

CVE-2026-5401 Uncontrolled Recursion in Wireshark

AFP Spotlight protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

CVE-2026-5401

CVE-2026-5401 affects Wireshark’s AFP Spotlight protocol dissector. The vulnerability is described as an Uncontrolled Recursion that crashes the dissector in Wireshark versions 4.6.0–4.6.4 and 4.4.0–4.4.14, resulting in a denial of service. Root cause stated in the title is uncontrolled recursion...