5150 matches found
CLSA-2026-1775731413 libxml2: Fix of 8 CVEs
CVE-2023-45322: fix use-after-free in xmlStaticCopyNodeList when copying DTDs - CVE-2024-34459: fix buffer over-read in xmlHTMLPrintFileContext in xmllint - CVE-2025-6170: fix potential buffer overflows in xmllint interactive shell - CVE-2025-8732: fix stack overflow from self-referencing SGML...
CVE-2026-39376
FastFeedParser is a high performance RSS, Atom and RDF parser. Prior to 0.5.10, when parse fetches a URL that returns an HTML page containing a tag, it recursively calls itself with the redirect URL — with no depth limit, no visited-URL deduplication, and no redirect count cap. An...
CLEANSTART-2026-IW08736 Uncontrolled Recursion vulnerability in Apache Commons Lang
Multiple security vulnerabilities affect the logstash-fips package. Uncontrolled Recursion vulnerability in Apache Commons Lang. See references for individual vulnerability details...
CLEANSTART-2026-BG72514 Uncontrolled Recursion vulnerability in Apache Commons Lang
Multiple security vulnerabilities affect the logstash-fips package. Uncontrolled Recursion vulnerability in Apache Commons Lang. See references for individual vulnerability details...
Regular Expression Denial Of Service (ReDoS)
minimatch is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to unbounded recursive processing in matchOne when handling multiple non-adjacent GLOBSTAR patterns, which allows an attacker to supply crafted glob inputs that significantly delay execution and block...
CLSA-2026-1775652408 Fix CVE(s): CVE-2026-24484
SECURITY UPDATE: denial of service from multi-layer nested MVG to SVG conversion - debian/patches/CVE-2026-24484.patch: Add recursion-depth check for graphic-context and prevent excessive nested vector graphics that cause crashes or resource exhaustion due to unbounded recursion. -...
CLSA-2026-1775651477 Fix CVE(s): CVE-2026-24484
SECURITY UPDATE: denial-of-service from multi-layer nested MVG-to-SVG conversions - debian/patches/CVE-2026-24484.patch: Add recursion-depth check and throw VectorGraphicsNestedTooDeeply on reaching maximum; prevent crash from unbounded nesting of graphic-context elements. -...
Security Bulletin: Expr Built-in Functions Recursion DoS Vulnerability (Fixed in v1.17.7) affects watsonx.data
Summary Expr prior to v1.17.7 is vulnerable to a Denial-of-Service DoS due to unbounded recursion in certain built-in functions, which can cause stack overflow and application crashes when processing deeply nested or cyclic data. Fixed in v1.17.7. This can affect watsonx.data. Vulnerability Detai...
Uncontrolled Recursion
Overview fastfeedparser is a High performance RSS, Atom, JSON and RDF feed parser in Python Affected versions of this package are vulnerable to Uncontrolled Recursion through the parse function when processing HTML responses containing a tag, which leads to unbounded recursion without a redirect...
GHSA-4GX2-PC4F-WQ37 FastFeedParser has an infinite redirect loop DoS via meta-refresh chain
Summary When parse fetches a URL that returns an HTML page containing a tag, it recursively calls itself with the redirect URL — with no depth limit, no visited-URL deduplication, and no redirect count cap. An attacker-controlled server that returns an infinite chain of HTML meta-refresh response...
FastFeedParser has an infinite redirect loop DoS via meta-refresh chain
Summary When parse fetches a URL that returns an HTML page containing a tag, it recursively calls itself with the redirect URL — with no depth limit, no visited-URL deduplication, and no redirect count cap. An attacker-controlled server that returns an infinite chain of HTML meta-refresh response...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006775)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006775 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix infinite recursion in fib6dumpdone. syzkaller reported infinite recursive calls of...
PYSEC-2026-60
FastFeedParser is a high performance RSS, Atom and RDF parser. Prior to 0.5.10, when parse fetches a URL that returns an HTML page containing a tag, it recursively calls itself with the redirect URL — with no depth limit, no visited-URL deduplication, and no redirect count cap. An...
CVE-2026-39376
FastFeedParser is a high performance RSS, Atom and RDF parser. Prior to 0.5.10, when parse fetches a URL that returns an HTML page containing a tag, it recursively calls itself with the redirect URL — with no depth limit, no visited-URL deduplication, and no redirect count cap. An...
Security Bulletin: Multiple Security vulnerabilities affecting IBM Knowledge Catalog Premium Cartridge
Summary Multiple security vulnerabilities impacting IBM Knowledge Catalog Premium Cartridge. These vulnerabilities had been addressed and customers should update to the recommended version of the product at the earliest opportunity. Vulnerability Details CVEID:CVE-2025-4565 DESCRIPTION: Any proje...
CVE-2026-39376
FastFeedParser is a high performance RSS, Atom and RDF parser. Prior to 0.5.10, when parse fetches a URL that returns an HTML page containing a tag, it recursively calls itself with the redirect URL — with no depth limit, no visited-URL deduplication, and no redirect count cap. An...
PT-2026-31006
FastFeedParser is a high performance RSS, Atom and RDF parser. Prior to 0.5.10, when parse fetches a URL that returns an HTML page containing a tag, it recursively calls itself with the redirect URL — with no depth limit, no visited-URL deduplication, and no redirect count cap. An...
FastFeedParser 安全漏洞
FastFeedParser is a high-performance Python library for parsing RSS and Atom feeds, open-sourced by Kagi Search. Versions of FastFeedParser prior to 0.5.10 contained a security vulnerability. This vulnerability stemmed from the lack of a recursive depth limit when parsing HTML meta refresh tags,...
Updated python-pyasn1 packages fix security vulnerability
pyasn1 Vulnerable to Denial of Service via Unbounded Recursion. CVE-2026-30922...
MGASA-2026-0087 Updated python-pyasn1 packages fix security vulnerability
pyasn1 Vulnerable to Denial of Service via Unbounded Recursion. CVE-2026-30922...