Kubernetes API Server - YAML Parsing DoS (Billion Laughs)

The Kubernetes API server is vulnerable to a denial of service attack via YAML/JSON parsing. An attacker can send a specially crafted YAML/JSON payload that causes exponential memory consumption Billion Laughs attack, leading to API server crash. id: CVE-2019-11253 info: name: Kubernetes API Serv...

GHSA-4QPC-3HR4-R2P4 Symfony's YAML Parser Vulnerable to Exponential Memory Allocation via Recursive Collection-Alias Expansion ("Billion Laughs")

Description Symfony\Component\Yaml\Parser resolves YAML aliases anchor during parsing. Aliases that reference collections arrays, stdClass, TaggedValue-wrapped collections can themselves point to other collections containing aliases, creating exponential expansion at resolution time. A small inpu...

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Overview Affected versions of this package are vulnerable to Improper Restriction of Recursive Entity References in DTDs 'XML Entity Expansion' via Recursive Collection-Alias Expansion "Billion Laughs". Symfony\Component\Yaml\Parser resolves YAML aliases anchor during parsing. Aliases that...

Inside the 2026 Verizon DBIR: What One Billion Records Revealed About Vulnerability Remediation

The Verizon 2026 Data Breach Investigations Report has been published. Qualys is proud to have served as a research partner and contributor, contributing analysis of more than one billion anonymized vulnerability remediation records across four consecutive DBIR reporting cycles of CISA Known...

FreeRDP: FreeRDP: Denial of Service via specially crafted Remote Desktop Protocol messages

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A remote attacker could exploit this vulnerability by sending a specially crafted RDP message. This can lead to an undefined behavior where a wrapped value is used as a shift exponent, causing an approximately ...

BIT-PHP-MIN-2026-7568 Signed integer overflow in metaphone()

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the metaphone function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. If a string longer than 2,147,483,647 bytes is passed, a signed...

📄 CairoSVG Denial of Service

CairoSVG versions prior to 2.9.0 suffer from a recursive denial of service vulnerability. CVE-2026-31899: Exponential DoS via Recursive Element Amplification in CairoSVG Keywords: CVE-2026-31899, CairoSVG, exponential DoS, SVG bomb, recursive use element, denial of service, XML amplification,...

CVE-2026-7568

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the metaphone function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. If a string longer than 2,147,483,647 bytes is passed, a signed...

CVE-2026-7568

CVE-2026-7568 concerns a signed integer overflow in PHP’s metaphone() implementation (ext/standard/metaphone.c). In affected releases (PHP 8.2.x before 8.2.31, 8.3.x before 8.3.31, 8.4.x before 8.4.21, and 8.5.x before 8.5.6), the function uses a signed int to track the current input position. If...

Massive “Low and Slow” DDoS Attack Hits Platform With 2.45 Billion in 5 Hours

DataDome researchers uncovered a massive low and slow DDoS attack that delivered 2.45 billion requests using 1.2 million IP addresses...

RHCOS 4 : OpenShift Container Platform 4.1.20 openshift (RHSA-2019:3132)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:3132 advisory. - kubernetes: YAML parsing vulnerable to Billion Laughs attack, allowing for remote denial of service CVE-2019-11253 Note that Nessus has not...

RHCOS 3 : OpenShift Container Platform 3.11 atomic-openshift (RHSA-2019:3905)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3905 advisory. - kubernetes: kubectl cp allows for arbitrary file write via double symlinks CVE-2019-11251 - kubernetes: YAML parsing vulnerable to...

Converge Connect: Unlock Lower Premiums with Proven Qualys Security

Key Takeaways Qualys, in collaboration with Converge, has launched an offering that ties your security posture to your cyber insurance costs. The Qualys Converge Connect Insurance Report CCIR supplements manual insurance questionnaires with objective, platform-generated, real-time security data...

Astra Linux - уязвимость в c3p0

C3P0 versions less than 0.9.5.4 may be exploited by a “billion laughs attack” when loading XML configuration, due to the lack of protections against recursive entity expansion during the loading of configuration files...

FreeRDP: FreeRDP: Denial of Service via specially crafted Remote Desktop Protocol messages

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A remote attacker could exploit this vulnerability by sending a specially crafted RDP message. This can lead to an undefined behavior where a wrapped value is used as a shift exponent, causing an approximately ...

Researchers built a chatbot that only knows the world before 1931

The internet's chatbots have read every forum rant, leaked Slack log, and confident blog post your uncle ever wrote about chemtrails. The results are predictable: they reflect the state of the internet, and it isn't pretty. That, along with some questionable design decisions, is partly why Elon...

CLSA-2026-1776440644 expat: Fix of 4 CVEs

CVE-2017-9233: fix external entity infinite loop in entityValueInitProcessor and entityValueProcessor - CVE-2023-52425: add reparse deferral heuristic to prevent On^2 parsing of large tokens in small buffer refills; fix buffer growth calculation - CVE-2013-0340: add billion laughs entity...

CLSA-2026-1776441769 expat: Fix of 4 CVEs

CVE-2017-9233: fix external entity infinite loop in entityValueInitProcessor and entityValueProcessor - CVE-2023-52425: add reparse deferral heuristic to prevent On^2 parsing of large tokens in small buffer refills; fix buffer growth calculation - CVE-2013-0340: add billion laughs entity...

CLSA-2026-1776441540 expat: Fix of 4 CVEs

CVE-2017-9233: fix external entity infinite loop in entityValueInitProcessor and entityValueProcessor - CVE-2023-52425: add reparse deferral heuristic to prevent On^2 parsing of large tokens in small buffer refills; fix buffer growth calculation - CVE-2013-0340: add billion laughs entity...

CVE-2026-29074 SVGO: DoS through entity expansion in DOCTYPE (Billion Laughs)

SVGO, short for SVG Optimizer, is a Node.js library and command-line application for optimizing SVG files. From version 2.1.0 to before version 2.8.1, from version 3.0.0 to before version 3.3.3, and before version 4.0.1, SVGO accepts XML with custom entities, without guards against entity expansi...