XMLDOM 安全漏洞

XMLDOM is a JavaScript implementation of the W3C DOM for Node developed by jindw. Versions of XMLDOM prior to 0.9.10, 0.8.13, and xmldom 0.6.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the unlimited depth of recursive traversal in lib/dom.js, which could...

PT-2026-34616

Name of the Vulnerable Software and Affected Versions @xmldom/xmldom versions prior to 0.8.13 @xmldom/xmldom versions prior to 0.9.10 xmldom versions 0.6.0 and earlier Description Seven recursive traversals in lib/dom.js operate without a depth limit. When processing a sufficiently deeply nested...

PT-2026-33275

Name of the Vulnerable Software and Affected Versions Livemesh Addons for Elementor versions prior to 9.1 Description The plugin is subject to Local File Inclusion due to insufficient sanitization of the template name parameter within the lae get template part function. The implementation uses an...

CVE-2026-29778

pyLoad is a free and open-source download manager written in Python. From version 0.5.0b3.dev13 to 0.5.0b3.dev96, the editpackage function implements insufficient sanitization for the packfolder parameter. The current protection relies on a single-pass string replacement of "../", which can be...

PYSEC-2026-121

pyLoad is a free and open-source download manager written in Python. From version 0.5.0b3.dev13 to 0.5.0b3.dev96, the editpackage function implements insufficient sanitization for the packfolder parameter. The current protection relies on a single-pass string replacement of "../", which can be...

pyLoad has an Arbitrary File Write via Path Traversal in edit_package()

The editpackage function implements insufficient sanitization for the packfolder parameter. The current protection relies on a single-pass string replacement of "../", which can be bypassed using crafted recursive traversal sequences. Exploitation An authenticated user with MODIFY permission can...

CVE-2025-68156

A flaw was found in Expr, an expression language and expression evaluation for Go. This vulnerability allows a denial of service DoS via recursive traversal over user-provided deeply nested or cyclic data structures without enforcing a maximum recursion depth, leading to a stack overflow panic an...

Stack Overflow

llamaindexcore is vulnerable to stack overflow. The vulnerability is due to unsafe recursive traversal without depth validation, which allows an attacker to submit deeply nested JSON structures and trigger a Denial of Service DoS by causing a RecursionError and crashing the application...

GHSA-3WXX-Q3GV-PVVV LlamaIndex vulnerable to DoS attack through uncontrolled recursive JSON parsing

The JSONReader in run-llama/llamaindex versions 0.12.28 is vulnerable to a stack overflow due to uncontrolled recursive JSON parsing. This vulnerability allows attackers to trigger a Denial of Service DoS by submitting deeply nested JSON structures, leading to a RecursionError and crashing...

Denial of Service via `Uncontrolled Recursive` JSON Parsing in `JSONReader`

Description The JSONReader in llamaindex is vulnerable to stack overflow when processing deeply nested JSON, leading to a RecursionError. Attackers can exploit this to trigger Denial of Service DoS by submitting malicious JSON, crashing applications before input validation. This impacts...

ntp: stack exhaustion in recursive traversal of restriction list

A stack-based buffer overflow flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could use this flaw to crash ntpd...

openSUSE Security Update : ntp (openSUSE-2016-649)

This update for ntp fixes the following issues : - Update to 4.2.8p7 boo977446 : - CVE-2016-1547, boo977459: Validate crypto-NAKs, AKA: CRYPTO-NAK DoS. - CVE-2016-1548, boo977461: Interleave-pivot - CVE-2016-1549, boo977451: Sybil vulnerability: ephemeral association attack. - CVE-2016-1550,...