Lucene search
K

1139 matches found

CVE
CVE
added 2026/05/14 2:27 p.m.16 views

CVE-2026-41935

Vvveb

7.1CVSS5.8AI score0.00267EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/14 2:27 p.m.9 views

CVE-2026-41935 Vvveb < 1.0.8.3 Uncontrolled Recursion Denial of Service

Vvveb before 1.0.8.3 contains an uncontrolled recursion vulnerability in the admin controller dispatch cycle where Base::init repeatedly invokes permission on error handlers, causing infinite recursion until PHP memory limits are exhausted. Attackers can send sustained requests to forbidden admin...

7.1CVSS5.8AI score0.00267EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/14 1:16 p.m.8 views

Uncontrolled Recursion

Overview org.apache.commons:commons-configuration2 is a group of tools to assist in the reading of configuration/preferences files in various formats. Affected versions of this package are vulnerable to Uncontrolled Recursion when processing untrusted YAML configuration files containing cyclic...

7.5CVSS5.8AI score0.00487EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/14 1:0 p.m.54 views

CVE-2026-6479 PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion

Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AFUNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18....

7.5CVSS0.00471EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/14 12:30 p.m.18 views

Apache Commons Configuration: StackOverflowError for YAML input with cycles

Uncontrolled Recursion vulnerability in Apache Commons. When processing an untrusted configuration file, Commons Configuration will throw a StackOverflowError for YAML input with cycles. This issue affects Apache Commons: from 2.2 before 2.15.0. Users are recommended to upgrade to version 2.15.0,...

5.3CVSS5.8AI score0.00487EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/05/14 12:30 p.m.5 views

GHSA-337M-MW94-2V6G Apache Commons Configuration: StackOverflowError for YAML input with cycles

Uncontrolled Recursion vulnerability in Apache Commons. When processing an untrusted configuration file, Commons Configuration will throw a StackOverflowError for YAML input with cycles. This issue affects Apache Commons: from 2.2 before 2.15.0. Users are recommended to upgrade to version 2.15.0,...

5.3CVSS5.8AI score0.00487EPSS
Exploits0References5
NVD
NVD
added 2026/05/14 12:16 p.m.43 views

CVE-2026-45205

Uncontrolled Recursion vulnerability in Apache Commons. When processing an untrusted configuration file, Commons Configuration will throw a StackOverflowError for YAML input with cycles. This issue affects Apache Commons: from 2.2 before 2.15.0. Users are recommended to upgrade to version 2.15.0,...

5.3CVSS0.00487EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/14 11:22 a.m.11 views

CVE-2026-45205

Uncontrolled Recursion vulnerability in Apache Commons. When processing an untrusted configuration file, Commons Configuration will throw a StackOverflowError for YAML input with cycles. This issue affects Apache Commons: from 2.2 before 2.15.0. Users are recommended to upgrade to version 2.15.0,...

5.8AI score0.00487EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/05/14 11:22 a.m.10 views

CVE-2026-45205

Uncontrolled Recursion vulnerability in Apache Commons. When processing an untrusted configuration file, Commons Configuration will throw a StackOverflowError for YAML input with cycles. This issue affects Apache Commons: from 2.2 before 2.15.0. Users are recommended to upgrade to version 2.15.0,...

5.3CVSS5.8AI score0.00487EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/13 10:51 p.m.7 views

Security Bulletin: IBM i is Affected by a Denial of Service Vulnerability [CVE-2026-6936]

Summary IBM i is vulnerable to denial of service due to uncontrolled recurision in the Integrated Language Environment ILE compiler as described in the vulnerability details section. Vulnerability Details CVEID:CVE-2026-6936 DESCRIPTION: IBM i is vulnerable to a denial-of-service attack due to...

6.5CVSS5.9AI score0.0024EPSS
Exploits0Affected Software5
Snyk
Snyk
added 2026/05/13 5:22 p.m.11 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion through the Root.fromJSON or Namespace.addJSON functions. An attacker can cause resource exhaustion and disrupt service availability by submitting a crafted JSON descriptor with deeply nested namespace definitions...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References2
CVE
CVE
added 2026/05/12 7:22 p.m.14 views

CVE-2026-42445

NanaZip 5.0.1252.0–before 6.0.1698.0 contains an uncontrolled recursion vulnerability in the UFS/UFS2 filesystem image parser. The function GetAllPaths recurses into subdirectories without a depth limit or visited-inode tracking, allowing a crafted UFS image with a very deep directory tree or an ...

5.5CVSS5.8AI score0.00111EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/12 7:22 p.m.34 views

CVE-2026-42445 NanaZip: Uncontrolled recursion in NanaZip UFS directory traversal causes stack exhaustion

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the UFS/UFS2 filesystem image parser in NanaZip. The function GetAllPaths recurses into subdirectories without any depth limit or visited-inode tracking. A crafted UFS...

3.3CVSS0.00111EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 7:20 p.m.11 views

EUVD-2026-29786

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the Electron Archive ASAR parser in NanaZip. When opening a crafted .asar file with deeply nested JSON in the header, both nlohmann::json::parse and the handler's...

3.3CVSS5.8AI score0.00111EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/12 3:1 p.m.11 views

Uncontrolled Recursion

Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Uncontrolled Recursion through unbounded recursion when decoding nested message fields. An attacker can exhaust the call stack and cause the application to crash by supplying...

8.7CVSS5.9AI score0.00403EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/12 3:1 p.m.10 views

Uncontrolled Recursion

Overview protobufjs-cli is a Translates between file formats and generates static code as well as TypeScript definitions. Affected versions of this package are vulnerable to Uncontrolled Recursion through unbounded recursion when decoding nested message fields. An attacker can exhaust the call...

8.7CVSS5.9AI score0.00403EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/08 11:12 p.m.8 views

Uncontrolled Recursion

Overview eml-parser is a Python EML parser library Affected versions of this package are vulnerable to Uncontrolled Recursion through the getrawbodytext function. An attacker can cause the application to crash by supplying an email file with deeply nested message/rfc822 attachments, leading to...

6.3CVSS5.8AI score0.00395EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/08 12:39 p.m.86 views

stb-image-cwe674-poc

PoC — stbimage v2.30 GIF stbioutgifcode 무한 재귀 DoS...

6AI score
Exploits0
Veracode
Veracode
added 2026/05/07 5:27 p.m.14 views

Uncontrolled Recursion

@nestjs/microservices is vulnerable to Uncontrolled Recursion. The vulnerability is due to recursive processing of multiple JSON messages in a single TCP frame without proper recursion limits, which allows an attacker to trigger a stack overflow and crash the application...

7.5CVSS5.9AI score0.00329EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/07 3:40 a.m.127 views

CVE-2026-41673

CVE-2026-41673 affects xmldom (npm package @xmldom/xmldom/xmldom). The vulnerability arises from seven recursive traversals in lib/dom.js (including normalize, serializeToString, getElementsByTagName(s), getElementsByClassName, getElementById, cloneNode, importNode, textContent, isEqualNode) that...

8.7CVSS5.7AI score0.00557EPSS
Exploits0References16
Rows per page
Query Builder