1055 matches found
EUVD-2022-52463
Malicious code in bioql PyPI...
EUVD-2022-52461
Malicious code in bioql PyPI...
RLSA-2025:9121 Moderate: wireshark security update
The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Security Fixes: wireshark: Uncontrolled Recursion in Wireshark CVE-2025-1492 For more details about the security issues, including the impact, a CVSS score,...
CVE-2025-10728 Uncontrolled recursion in Qt SVG module
When the module renders a Svg file that contains a element, it might end up rendering it recursively leading to stack overflow DoS...
CVE-2025-10728 Uncontrolled recursion in Qt SVG module
When the module renders a Svg file that contains a element, it might end up rendering it recursively leading to stack overflow DoS...
Security advisory: Uncontrolled Recursion and Use-After-Free vulnerabilities in Qt SVG module impact Qt
Two vulnerabilities in Qt SVG module have been discovered. Uncontrolled recursion vulnerability has been assigned the CVE id CVE-2025-10728. Whereas Use-After-Free vulnerability has been assigned the CVE id CVE-2025-10729. Uncontrolled recursion vulnerability in Qt SVG CVE-2025-10728 Affected...
In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion
...
Security Bulletin: A vulnerability in Apache Commons Lang may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2025-48924)
Summary There is a vulnerability in Apache Commons Lang used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability...
Security Bulletin: Vulnerabilities Addressed in IBM Tivoli Network Configuration Manager IP Edition (ITNCM) version 6.4.2 Fix Pack 23 (6.4.2.23)
Summary Multiple vulnerabilities were addressed in ITNCM version 6.4.2 Fix Pack 23 6.4.2.23 Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to...
Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Nimbus JOSE+JWT library which is vulnerable to CVE-2025-53864
Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Nimbus JOSE+JWT library which is vulnerable to CVE-2025-53864. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id Nimbu...
Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Apache Commons Lang which is vulnerable to CVE-2025-48924
Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Apache Commons Lang. which is vulnerable to CVE-2025-48924. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled...
Denial Of Service (DoS)
llamaindexcore is vulnerable to Denial of Service DoS. The vulnerability is due to uncontrolled recursion when parsing deeply nested JSON files, which allows an attacker to cause high resource consumption and potential crashes of the Python process...
commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang
An uncontrolled recursion flaw was found in the Apache Commons Lang library. The ClassUtils.getClass... method can throw a StackOverflowError on very long inputs. Since this error is typically not handled by applications and libraries, a StackOverflowError may lead to the termination of an...
Important: Red Hat Security Advisory: Streams for Apache Kafka 3.0.1 release and security update
Streams for Apache Kafka 3.0.1 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Uncontrolled Recursion
Overview express-xss-sanitizer is an Express 4.x middleware which sanitizes user input data in req.body, req.query, req.headers and req.params to prevent Cross Site Scripting XSS attack. Affected versions of this package are vulnerable to Uncontrolled Recursion via the sanitize function in...
commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang
An uncontrolled recursion flaw was found in the Apache Commons Lang library. The ClassUtils.getClass... method can throw a StackOverflowError on very long inputs. Since this error is typically not handled by applications and libraries, a StackOverflowError may lead to the termination of an...
CVE-2025-9714
Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions xmlXPathRunEval, xmlXPathCtxtCompile, and xmlXPathEvalExpr were resetting recursion depth to zero before...
libxml2 安全漏洞
libxml2 is a GNOME open source library for parsing XML documents. It is written in C and can be called by many languages, such as C, C++, and XSH. A security vulnerability exists in libxml2 version 2.9.14 and earlier, which stems from an uncontrolled recursion in XPath evaluation that could lead ...
ROS-20250904-06
A vulnerability in the Protobuf Pure-Python structured data serialization library is related to uncontrolled recursion when analyzing unreliable data containing an arbitrary number of recursive groups, recursive messages, or series of SGROUP tags. Exploitation of the vulnerability could allow an...
K000154575: Apache Commons Lang vulnerability CVE-2025-48924
Security Advisory Description Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass... can throw...