UBUNTU-CVE-2026-45205

Uncontrolled Recursion vulnerability in Apache Commons. When processing an untrusted configuration file, Commons Configuration will throw a StackOverflowError for YAML input with cycles. This issue affects Apache Commons: from 2.2 before 2.15.0. Users are recommended to upgrade to version 2.15.0,...

CVE-2026-45205

CVE-2026-45205 describes an uncontrolled recursion (StackOverflowError) in Apache Commons Configuration when processing untrusted YAML configuration files with cycles. Affected versions are 2.2 prior to 2.15.0; the advisory recommends upgrading to 2.15.0 to fix the issue. Public disclosures acros...

CVE-2026-45205 Apache Commons Configuration: StackOverflowError for YAML input with cycles

Uncontrolled Recursion vulnerability in Apache Commons. When processing an untrusted configuration file, Commons Configuration will throw a StackOverflowError for YAML input with cycles. This issue affects Apache Commons: from 2.2 before 2.15.0. Users are recommended to upgrade to version 2.15.0,...

CVE-2026-45205

Uncontrolled Recursion vulnerability in Apache Commons. When processing an untrusted configuration file, Commons Configuration will throw a StackOverflowError for YAML input with cycles. This issue affects Apache Commons: from 2.2 before 2.15.0. Users are recommended to upgrade to version 2.15.0,...

CVE-2026-45205 Apache Commons Configuration: StackOverflowError for YAML input with cycles

Uncontrolled Recursion vulnerability in Apache Commons. When processing an untrusted configuration file, Commons Configuration will throw a StackOverflowError for YAML input with cycles. This issue affects Apache Commons: from 2.2 before 2.15.0. Users are recommended to upgrade to version 2.15.0,...

EUVD-2026-30267

Uncontrolled Recursion vulnerability in Apache Commons. When processing an untrusted configuration file, Commons Configuration will throw a StackOverflowError for YAML input with cycles. This issue affects Apache Commons: from 2.2 before 2.15.0. Users are recommended to upgrade to version 2.15.0,...

jq: stack overflow in module loading on mutual `include`

...

OSV-2026-728 Stack-buffer-overflow in autoload_external_files

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=512622269 Crash type: Stack-buffer-overflow READ 4 Crash state: autoloadexternalfiles loadexternaloptsthread workerthread...

PT-2026-40906

Name of the Vulnerable Software and Affected Versions Apache Commons versions 2.2 through 2.14.x Description An uncontrolled recursion issue exists when processing untrusted configuration files. Specifically, the software throws a StackOverflowError—a runtime error that occurs when the call stack...

Apache Commons 安全漏洞

Apache Commons is an Apache project focused on reusable Java components, developed by the Apache Foundation in the United States. There were security vulnerabilities in versions of Apache Commons from 2.2 to 2.15.0. These vulnerabilities stemmed from uncontrolled recursion when processing YAML...

OpenImageIO 缓冲区错误漏洞

OpenImageIO is an open-source image processing library developed by OpenImageIO. It features a user-friendly interface and supports a wide range of image formats. Versions of OpenImageIO prior to 3.0.18.0 and 3.1.13.0 contained a buffer error vulnerability. This vulnerability stemmed from the RLE...

MongoDB PHP Driver 安全漏洞

The MongoDB PHP Driver is an open-source driver developed by MongoDB for PHP applications, enabling connection to MongoDB databases. The MongoDB PHP Driver has a security vulnerability that stems from a stack overflow issue when processing deeply nested BSON documents, which may lead to applicati...

Linux Distros Unpatched Vulnerability : CVE-2026-45205

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Uncontrolled Recursion vulnerability in Apache Commons. When processing an untrusted configuration file, Commons Configuration will throw a StackOverflowError f...

Nerdbank.MessagePack 安全漏洞

Nerdbank.MessagePack is a .NET platform-specific MessagePack serialization library developed by Andrew Arnott. Versions of Nerdbank.MessagePack prior to 1.1.62 contained security vulnerabilities. These vulnerabilities stemmed from uncontrolled stack allocation during DateTime decoding. Malicious...

PostgreSQL SQL注入漏洞

PostgreSQL is a set of free object-relational database management systems developed by the PostgreSQL organization. This system supports most SQL standards and offers many other features, such as foreign keys, triggers, views, etc. Versions of PostgreSQL prior to 18.4, 17.10, 16.14, 15.18, and...

PT-2026-40926

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.4 PostgreSQL versions prior to 17.10 PostgreSQL versions prior to 16.14 PostgreSQL versions prior to 15.18 PostgreSQL versions prior to 14.23 Description A stack buffer overflow in the "refint" module allows an...

PT-2026-40922

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.4 PostgreSQL versions prior to 17.10 PostgreSQL versions prior to 16.14 PostgreSQL versions prior to 15.18 PostgreSQL versions prior to 14.23 Description The use of the dangerous function PQfn..., result is int=...

Vulnerability in contrib module (CVE-2026-6637)

PostgreSQL refint allows stack buffer overflow and SQL injection Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a...

Vulnerability in client (CVE-2026-6477)

PostgreSQL libpq lo functions let server superuser overwrite client stack memory Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64, and lotell64 functions allows the server superuser to overwrite a client stack buffer with an...

CVE-2026-44855

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending...