CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

342 matches found

OSV•added 2026/03/03 5:46 p.m.•1 views

GHSA-QPX9-HPMF-5GMW Underscore has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack

Impact In simple words, some programs that use .flatten or .isEqual could be made to crash. Someone who wants to do harm may be able to do this on purpose. This can only be done if the program has special properties. It only works in Underscore versions up to 1.13.7. A more detailed explanation...

8.2CVSS5.7AI score0.00022EPSS

Exploits1References9

OSV•added 2026/02/26 2:16 a.m.•2 views

DEBIAN-CVE-2026-27903

minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, matchOne performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent GLOBSTAR...

7.5CVSS7.2AI score0.00036EPSS

Exploits1References1

Vulnrichment•added 2026/02/26 1:6 a.m.•2 views

CVE-2026-27903 minimatch has a ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments

7.5CVSS5.9AI score0.00036EPSS

Exploits1References1

OpenVAS•added 2026/02/13 12:0 a.m.•3 views

openSUSE Security Advisory (SUSE-SU-2026:0444-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

2.9CVSS5.5AI score0.00007EPSS

Exploits0References4

Tenable Nessus•added 2026/02/12 12:0 a.m.•4 views

SUSE SLES15 / openSUSE 15 Security Update : uriparser (SUSE-SU-2026:0444-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0444-1 advisory. - CVE-2025-67899: large input containing many commas can cause unbounded recursion and stack consumption bsc1255000. Tenable has extracted...

2.9CVSS5.8AI score0.00007EPSS

Exploits0References4

SUSE Linux•added 2026/02/11 9:59 a.m.•3 views

Security update for uriparser

This update for uriparser fixes the following issues: CVE-2025-67899: large input containing many commas can cause unbounded recursion and stack consumption bsc1255000. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

5.1CVSS5.5AI score0.00007EPSS

Exploits0References4

OSV•added 2026/02/11 9:59 a.m.•3 views

SUSE-SU-2026:0444-1 Security update for uriparser

This update for uriparser fixes the following issues: - CVE-2025-67899: large input containing many commas can cause unbounded recursion and stack consumption bsc1255000...

2.9CVSS5.8AI score0.00007EPSS

Exploits0References3

Tenable Nessus•added 2026/02/04 12:0 a.m.•3 views

openSUSE 16 Security Update : alloy (openSUSE-SU-2026:20140-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20140-1 advisory. Update to 1.12.2: Security fixes: - CVE-2025-68156: github.com/expr-lang/expr/builtin: Fixed potential DoS via unbounded recursion bsc1255333: -...

8.4CVSS7.2AI score0.0004EPSS

Exploits4References10

ATTACKERKB•added 2026/01/27 3:34 p.m.•3 views

CVE-2025-55095

The function uxhostclassstoragemediamount is responsible for mounting partitions on a USB mass storage device. When it encounters an extended partition entry in the partition table, it recursively calls itself to mount the next logical partition. This recursion occurs in...

4.2CVSS5.9AI score0.00024EPSS

Exploits1References2

CVE•added 2026/01/27 3:34 p.m.•9 views

CVE-2025-55095

CVE-2025-55095 involves the function _ux_host_class_storage_media_mount() used to mount USB mass storage partitions. When an extended partition entry is encountered, the code recursively calls itself via _ux_host_class_storage_partition_read() to handle the next logical partition. The implementat...

7CVSS5.9AI score0.00024EPSS

Exploits1References1Affected Software1

EUVD•added 2026/01/27 3:34 p.m.•2 views

EUVD-2025-206404

4.2CVSS5.9AI score0.00024EPSS

Exploits1References1

OSV•added 2026/01/24 2:15 a.m.•5 views

AZL-75207 CVE-2026-24401 affecting package avahi for versions less than 0.8-7

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions 0.9rc2 and below, avahi-daemon can be crashed via a segmentation fault by sending an unsolicited mDNS response containing a recursive CNAME record, where the alias and canonica...

6.5CVSS5.8AI score0.00061EPSS

Exploits0References1

Veracode•added 2026/01/23 7:41 a.m.•5 views

Denial-Of-Service (DoS)

Seroval is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to unbounded recursion during serialization, where objects with extreme nesting depth can exceed the maximum call stack size, causing crashes or service disruption when serializing untrusted input...

7.5CVSS5.9AI score0.00041EPSS

Exploits0References2Affected Software1

Tenable Nessus•added 2026/01/05 12:0 a.m.•8 views

PHP 8.5.x < 8.5.1 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 8.2.x prior to 8.2.30, 8.3.x prior to 8.3.29, 8.4.x prior to 8.4.16, or 8.5.x prior to 8.5.1. It is, therefore, affected by multiple vulnerabilities: - Information leak of memory in getimagesize...

8.2CVSS7.6AI score0.00056EPSS

Exploits4References5

Tenable Nessus•added 2026/01/05 12:0 a.m.•2 views

PHP 8.3.x < 8.3.29 Multiple Vulnerabilities

8.2CVSS7.6AI score0.00056EPSS

Exploits4References5

Tenable Nessus•added 2026/01/05 12:0 a.m.•3 views

PHP 8.4.x < 8.4.16 Multiple Vulnerabilities

8.2CVSS7.6AI score0.00056EPSS

Exploits4References5

Tenable Nessus•added 2026/01/05 12:0 a.m.•15 views

PHP 8.1.x < 8.1.34 Multiple Vulnerabilities