PT-2026-28186

A weakness has been identified in Orc discount up to 3.0.1.2. This issue affects the function compile of the file markdown.c of the component Markdown Handler. This manipulation causes uncontrolled recursion. The attack is restricted to local execution. The exploit has been made available to the...

YAML 安全漏洞

YAML is a parsing and serialization library developed by Eemeli Aro, which supports YAML 1.1 and 1.2 standards. Versions of YAML prior to 1.10.3 and 2.8.3 contain security vulnerabilities. These vulnerabilities stem from the use of depth-limited recursive function calls during node...

Uncontrolled Recursion

Overview smol-toml is an A small, fast, and correct TOML parser/serializer Affected versions of this package are vulnerable to Uncontrolled Recursion. An attacker can cause the application to crash by submitting TOML documents containing thousands of consecutive commented lines, which triggers...

GHSA-V3RJ-XJV7-4JMQ smol-toml: Denial of Service via TOML documents containing thousands of consecutive commented lines

Summary An attacker can send a maliciously crafted TOML to cause the parser to crash, because of a stack overflow caused by thousands of consecutive commented lines. The library uses recursion internally while parsing to skip over commented lines, which can be exploited to crash an application th...

Protobuf: Denial of Service issue through malicious messages containing negative varints or deep recursion

Impact A Denial of Service DoS vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or deep recursion—can be used to crash the application, impacting service availability. Patches...

GHSA-P2GH-CFQ4-4WJC Protobuf: Denial of Service issue through malicious messages containing negative varints or deep recursion

Impact A Denial of Service DoS vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or deep recursion—can be used to crash the application, impacting service availability. Patches...

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion in the compose/resolve phase due to using recursive function calls without a depth bound. An attacker can cause the application to throw a RangeError and potentially terminate the Node.js process by supplying a...

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion in the compose/resolve phase due to using recursive function calls without a depth bound. An attacker can cause the application to throw a RangeError and potentially terminate the Node.js process by supplying a...

Security Bulletin: Multiple Security vulnerabilities affecting IBM Knowledge Catalog Standard Cartridge

Summary Multiple security vulnerabilities impacting IBM Knowledge Catalog Standard Cartridge. These vulnerabilities had been addressed and customers should update to the recommended version of the product at the earliest opportunity. Vulnerability Details CVEID:CVE-2025-36187 DESCRIPTION: IBM...

Security update for grafana

This update for grafana fixes the following issues: Security issues fixed: CVE-2026-21722: Public dashboards annotations: use dashboard timerange if time selection disabled bsc1258136 CVE-2026-21721: Fixed access control by the dashboard permissions API bsc1257337 CVE-2026-21720: Fixed...

CVE-2026-23292 scsi: target: Fix recursive locking in __configfs_open_file()

In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix recursive locking in configfsopenfile In flushwritebuffer, &p-fragsem is acquired and then the loaded store function is called, which, here, is targetcoreitemdbrootstore. This function called filpopen, following...

SUSE-SU-2026:20878-1 Security update for python-pyasn1

This update for python-pyasn1 fixes the following issue: - CVE-2026-30922: Denial of Service via Unbounded Recursion bsc1259803...

OPENSUSE-SU-2026:20418-1 Security update for python-pyasn1

This update for python-pyasn1 fixes the following issue: - CVE-2026-30922: Denial of Service via Unbounded Recursion bsc1259803...

SUSE-SU-2026:20929-1 Security update for python-pyasn1

This update for python-pyasn1 fixes the following issue: - CVE-2026-30922: Denial of Service via Unbounded Recursion bsc1259803...

SUSE-SU-2026:20835-1 Security update for python-pyasn1

This update for python-pyasn1 fixes the following issue: - CVE-2026-30922: Denial of Service via Unbounded Recursion bsc1259803...

SUSE CVE-2026-26209

cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Versions prior to 5.9.0 are vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding deeply nested CBOR structures. This vulnerability affects both the...

Linux Distros Unpatched Vulnerability : CVE-2026-26209

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Versions prior to 5.9.0 are vulnerable to a Denial ...

PT-2026-33338

Name of the Vulnerable Software and Affected Versions Protobuf PHP versions prior to 5.34.0-RC1 Protobuf PHP versions prior to 4.33.6 Description A Denial of Service DoS issue exists during the parsing of untrusted input. Maliciously structured messages, specifically those containing negative...

GHSA-XCX6-VP38-8HR5 Scriban has Uncontrolled Recursion in `object.to_json` Causing Unrecoverable Process Crash via StackOverflowException

Summary The object.tojson builtin function in Scriban performs recursive JSON serialization via an internal WriteValue static local function that has no depth limit, no circular reference detection, and no stack overflow guard. A Scriban template containing a self-referencing object passed to...

Scriban has Uncontrolled Recursion in `object.to_json` Causing Unrecoverable Process Crash via StackOverflowException

Summary The object.tojson builtin function in Scriban performs recursive JSON serialization via an internal WriteValue static local function that has no depth limit, no circular reference detection, and no stack overflow guard. A Scriban template containing a self-referencing object passed to...