CVE-2026-42445

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the UFS/UFS2 filesystem image parser in NanaZip. The function GetAllPaths recurses into subdirectories without any depth limit or visited-inode tracking. A crafted UFS...

CVE-2026-41673

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, seven recursive traversals in lib/dom.js operate without a depth limit. A sufficiently deeply nested DO...

Astra Linux - уязвимость в edk2

Unlimited recursion in DxeCore in EDK II...

EUVD-2026-22110

ImageMagick has a Stack Overflow in DestroyXMLTree...

jq 安全漏洞

jq is a lightweight and flexible command-line JSON processor developed by jqlang. Jq versions 1.8.1 and earlier contain security vulnerabilities. These vulnerabilities stem from the use of unlimited recursion in functions like jvsetpath, jvgetpath, and delpathssorted, which could lead to...

CVE-2026-27601 Underscore.js has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack

Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...

Eclipse ThreadX USBX security vulnerabilities

Eclipse ThreadX USBX is an open-source version of Eclipse ThreadX, which includes a USB host, device, and mobile embedded stack. There is a security vulnerability in Eclipse ThreadX USBX, caused by the uxhostclassstoragemediamount function having unlimited recursive depth, which may lead to a sta...

CVE-2019-18854

A Denial Of Service vulnerability exists in the safe-svg aka Safe SVG plugin through 1.9.4 for WordPress, related to unlimited recursion for a '' substring...

EUVD-2019-8551

Malware in sbrugna...

EUVD-2022-52690

Malicious code in bioql PyPI...

An unlimited recursion in DxeCore in EDK II.

...

Redis 安全漏洞

Redis is an open source, ANSI C, network-enabled, memory-based, persistent logging, key-value Key-Value storage database from Redis, Inc. that provides APIs in multiple languages. A security vulnerability exists in Redis. An attacker could exploit this vulnerability to cause unlimited recursion,...

EulerOS Virtualization 3.0.6.6 : edk2 (EulerOS-SA-2023-2443)

According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Insufficient control flow management in BIOS firmware for 8th, 9th, 10th Generation IntelR CoreTM, IntelR CeleronR Processor 4000 &...

EulerOS Virtualization 3.0.2.0 : edk2 (EulerOS-SA-2023-1689)

According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An unlimited recursion in DxeCore in EDK II. CVE-2021-28210 - NetworkPkg/IScsiDxe has remotely exploitable buffer overflows...

SUSE CVE-2010-1628

Ghostscript 8.64, 8.70, and possibly other versions allows context-dependent attackers to execute arbitrary code via a PostScript file containing unlimited recursive procedure invocations, which trigger memory corruption in the stack of the interpreter...

SUSE CVE-2018-6003

An issue was discovered in the asn1decodesimpleber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS...

SUSE CVE-2019-11413

An issue was discovered in Artifex MuJS 1.0.5. It has unlimited recursion because the match function in regexp.c lacks a depth check...

CVE-2022-30974

compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413...

CVE-2022-30974

compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413...

DEBIAN-CVE-2022-30974

compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413...