Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1112 matches found

Snyk
Snykadded 2025/11/25 8:41 p.m.1 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the querystring processing. An attacker can exhaust system resources and disrupt service availability by submitting excessively long Boolean or disjunction queries. PoC GET search "query": "querystring":...

8.3CVSS6.6AI score0.00012EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/11/20 2:28 p.m.5 views

Security Bulletin: Astronomer with IBM is vulnerable to uncontrolled recursion due to the Apache Commons Lang package ( CVE-2025-48924)

Summary Apache Commons Lang is used by Astronomer with IBM as part of overall processing. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6...

5.3CVSS6.1AI score0.00099EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessusadded 2025/11/14 12:0 a.m.3 views

Unity Linux 20.1070e Security Update: libxslt (UTSA-2025-990908)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990908 advisory. Uncontrolled recursion inXPath evaluationin libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPa...

6.2CVSS5AI score0.00012EPSS
Exploits0References4
Tenable Nessus
Tenable Nessusadded 2025/11/13 12:0 a.m.3 views

Siemens SIMATIC S7-1500 Uncontrolled Recursion (CVE-2021-46195)

GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service DoS by consuming excessive CPU and memory resources. This plugin only works with Tenable.ot. Please visit...

5.5CVSS6.4AI score0.00232EPSS
Exploits1References4
Tenable Nessus
Tenable Nessusadded 2025/11/13 12:0 a.m.2 views

Siemens SIMATIC S7-1500 Uncontrolled Recursion (CVE-2022-27943)

libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangleconst, as demonstrated by nm-new. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...

5.5CVSS6.7AI score0.00046EPSS
Exploits1References4
Tenable Nessus
Tenable Nessusadded 2025/11/13 12:0 a.m.2 views

Siemens SIMATIC S7-1500 Uncontrolled Recursion (CVE-2020-8285)

curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

7.5CVSS6.8AI score0.00742EPSS
Exploits1References6
IBM Security Bulletins
IBM Security Bulletinsadded 2025/11/07 2:21 p.m.7 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Connect2id Nimbus JOSE + JWT (CVE-2025-53864)

Summary A vulnerability in Connect2id Nimbus JOSE + JWT that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of...

5.8CVSS6.8AI score0.00143EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/11/06 10:56 a.m.3 views

Security Bulletin: Due to use of Apache Commons Lang, IBM Engineering Systems Design Rhapsody is affected by an Uncontrolled Recursion vulnerability

Summary Apache Commons Lang is used internally by IBM Engineering Systems Design Rhapsody CVE-2025-48924 Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...

5.3CVSS6.6AI score0.00099EPSS
Exploits0Affected Software1
Veracode
Veracodeadded 2025/10/31 7:33 a.m.6 views

Uncontrolled Recursion

express-xss-sanitizer is vulnerable to uncontrolled recursion. The vulnerability is due to an unbounded recursion depth in the sanitize function in lib/sanitize.js when processing a JSON request body, which allows an attacker to cause a denial of service by triggering infinite recursion...

5.3CVSS6.5AI score0.00009EPSS
Exploits0References6Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/29 6:25 p.m.3 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to uncontrolled recursion due to the Apache Commons Lang package (CVE-2025-48924)

Summary Apache Commons Lang is used by DataStage on Cloud Pak for Data as part of API processing functionality. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...

5.3CVSS6.7AI score0.00099EPSS
Exploits0Affected Software1
OSV
OSVadded 2025/10/24 1:25 p.m.4 views

CLSA-2025-1761312327 Fix CVE(s): CVE-2025-9714

SECURITY UPDATE: uncontrolled recursion leading to stack overflow via crafted XPath expressions - debian/patches/CVE-2025-9714.patch: Make XPath depth check work with recursive invocations to prevent stack overflows - CVE-2025-9714...

6.2CVSS6.2AI score0.00012EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/23 8:31 p.m.3 views

Security Bulletin: vulerability in IBM Spectrum Symphony with Nimbus JOSE + JWT

Summary vulerability in IBM Spectrum Symphony with Nimbus JOSE + JWT Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in...

5.8CVSS6.6AI score0.00143EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/21 8:1 p.m.2 views

Security Bulletin: Security Vulnerabilities in Java libraries affect IBM Voice Gateway

Summary Multiple vulnerabilities were addressed in IBM Voice Gateway Vulnerability Details CVEID:CVE-2025-58057 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In...

7.5CVSS6.5AI score0.00099EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/21 5:59 p.m.3 views

Security Bulletin: Vulnerability in Apache Commons Lang (CVE-2025-48924) affects IBM PowerVM Novalink.

Summary Apache Commons Lang is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE CVE-2025-48924. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting...

5.3CVSS8.7AI score0.00099EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/17 2:8 p.m.3 views

Security Bulletin: IBM Application Modernization Accelerator Developer Tools is affected by an Uncontrolled Recursion vulnerability due to Apache Commons Lang (CVE-2025-48924)

Summary There is a vulnerability in Apache Commons Lang used by IBM Application Modernization Accelerator Developer Tools. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...

5.3CVSS6.6AI score0.00099EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/16 6:57 a.m.3 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by a vulnerability in commons-lang3-3.17.0.jar (CVE-2025-48924)

Summary IBM Sterling Connect:Direct Web Services is affected by an uncontrolled recursion vulnerability in commons-lang3-3.17.0. This has been addressed in new fixpacks available from Fix Central. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apac...

5.3CVSS6.7AI score0.00099EPSS
Exploits0Affected Software1
Broadcom
Broadcomadded 2025/10/15 12:0 a.m.14 views

Libexpat: expat: improper restriction of xml entity expansion depth in libexpat

Libexpat contains a denial-of-service DoS vulnerability. A remote attacker could exploit this by chaining together an excessive number of general entities. Malicious use of this linear entity chain would subsequently result in uncontrolled recursion, leading to a stack overflow and crash...

7.5CVSS7.2AI score0.00803EPSS
Exploits0
RedhatCVE
RedhatCVEadded 2025/10/13 2:21 p.m.2 views

CVE-2025-33096

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user to cause a denial of service by uploading specially crafted files using uncontrolled recursion...

6.5CVSS6.4AI score0.00046EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/12 3:30 p.m.3 views

EUVD-2025-33895

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user to cause a denial of service by uploading specially crafted files using uncontrolled recursion...

6.5CVSS5.9AI score0.00046EPSS
Exploits0References2
NVD
NVDadded 2025/10/12 2:15 p.m.2 views

CVE-2025-33096

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user to cause a denial of service by uploading specially crafted files using uncontrolled recursion...

6.5CVSS0.00046EPSS
Exploits0References1
Rows per page
Query Builder