Lucene search
K

744 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: igc: Fix the PTM cycle trigger logic Writing to clear the “valid” bit of the PTM status while the PTM cycle is triggered results in unreliable PTM operations. To address this issue, clear the PTM “trigger” and status after each P...

5.5CVSS6.2AI score0.00225EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/13 7:23 p.m.13 views

CVE-2026-44777

A flaw was found in jq, a command line JSON processor. The module loader fails to perform cycle detection when resolving imports. This missing cycle detection allows an attacker who can supply crafted modules with circular dependencies to exhaust the stack memory, causing an application crash,...

6.8CVSS5.7AI score0.00161EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/05/13 3:29 p.m.12 views

go-billy: Lack of depth and cycle detection in symlink resolution may lead to infinite loops and resource exhaustion

Impact Multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficient validation and missing safety mechanisms such as cycle detection, recursion limits, or...

6.5CVSS5.8AI score0.00295EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2026/05/13 3:29 p.m.5 views

GHSA-M3XC-H892-GGX6 go-billy: Lack of depth and cycle detection in symlink resolution may lead to infinite loops and resource exhaustion

Impact Multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficient validation and missing safety mechanisms such as cycle detection, recursion limits, or...

6.5CVSS5.8AI score0.00295EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/13 3:33 a.m.13 views

SUSE CVE-2026-44777

jq is a command-line JSON processor. In 1.8.2rc1 and earlier, the ordinary module loader recurses without cycle detection when two otherwise valid modules include each other...

5.5CVSS5.8AI score0.00161EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/12 7:37 p.m.37 views

CVE-2026-44220 ciguard: discover_pipeline_files follows symlinks out of scan root

ciguard is a static security auditor for CI/CD pipelines. From 0.8.0 to 0.8.1 , the discoverpipelinefiles function in src/ciguard/discovery.py walks a directory tree following symlinks, with cycle protection via tracking visited resolved paths. An attacker who can plant a symlink in a directory t...

3.2CVSS0.00158EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 7:37 p.m.23 views

CVE-2026-44220

ciguard (static security auditor for CI/CD) has a symlink-following flaw in discover_pipeline_files() (src/ciguard/discovery.py) that can cause discovery to traverse into symlink targets outside the requested root. Documented in CVE-2026-44220 and GHSA advisories, the vulnerability affects versio...

3.2CVSS5.8AI score0.00158EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/11 8:26 p.m.10 views

CVE-2026-41511

OpenMcdf is a fully .NET / C library to manipulate Compound File Binary File Format files, also known as Structured Storage. Prior to version 3.1.3, OpenMcdf does not detect cycles in the directory entry red-black tree of a Compound File Binary CFB document. A crafted CFB file with a cycle in the...

6.2CVSS5.7AI score0.00187EPSS
Exploits1References1
NVD
NVD
added 2026/05/11 6:16 p.m.13 views

CVE-2026-44777

jq is a command-line JSON processor. In 1.8.2rc1 and earlier, the ordinary module loader recurses without cycle detection when two otherwise valid modules include each other...

6.8CVSS0.00161EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/05/11 6:16 p.m.8 views

CVE-2026-44777

jq is a command-line JSON processor. In 1.8.2rc1 and earlier, the ordinary module loader recurses without cycle detection when two otherwise valid modules include each other...

6.8CVSS5.8AI score0.00161EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/11 5:23 p.m.46 views

CVE-2026-44777 jq: stack overflow in module loading on mutual `include`

jq is a command-line JSON processor. In 1.8.2rc1 and earlier, the ordinary module loader recurses without cycle detection when two otherwise valid modules include each other...

6.8CVSS0.00161EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2026/05/11 5:23 p.m.11 views

CVE-2026-44777

jq is a command-line JSON processor. In 1.8.2rc1 and earlier, the ordinary module loader recurses without cycle detection when two otherwise valid modules include each other...

6.8CVSS5.8AI score0.00161EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/11 5:23 p.m.9 views

CVE-2026-44777 jq: stack overflow in module loading on mutual `include`

jq is a command-line JSON processor. In 1.8.2rc1 and earlier, the ordinary module loader recurses without cycle detection when two otherwise valid modules include each other...

6.8CVSS5.8AI score0.00161EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/11 5:23 p.m.11 views

EUVD-2026-29177

jq is a command-line JSON processor. In 1.8.2rc1 and earlier, the ordinary module loader recurses without cycle detection when two otherwise valid modules include each other...

6.8CVSS5.8AI score0.00161EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/11 5:23 p.m.8 views

CVE-2026-44777

jq is a command-line JSON processor. In 1.8.2rc1 and earlier, the ordinary module loader recurses without cycle detection when two otherwise valid modules include each other...

6.8CVSS5.8AI score0.00161EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/05/11 5:23 p.m.27 views

CVE-2026-44777

CVE-2026-44777 affects the jq command-line JSON processor. In versions 1.8.2rc1 and earlier, the ordinary module loader recurses without cycle detection when two otherwise valid modules include each other, leading to a stack overflow during mutual module loading. The connected documents confirm t...

6.8CVSS5.8AI score0.00161EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.18 views

PT-2026-39721

Name of the Vulnerable Software and Affected Versions jq versions prior to 1.8.2rc2 Description The ordinary module loader in this command-line JSON processor recurses without cycle detection when two valid modules include each other. Recommendations Update to a version later than 1.8.2rc1...

7.3CVSS5.8AI score0.00161EPSS
Exploits6References39
Cvelist
Cvelist
added 2026/05/08 6:52 p.m.36 views

CVE-2026-41511 OpenMcdf has an Infinite loop DoS via crafted CFB directory cycle

OpenMcdf is a fully .NET / C library to manipulate Compound File Binary File Format files, also known as Structured Storage. Prior to version 3.1.3, OpenMcdf does not detect cycles in the directory entry red-black tree of a Compound File Binary CFB document. A crafted CFB file with a cycle in the...

6.2CVSS0.00187EPSS
Exploits1References3
CVE
CVE
added 2026/05/08 6:52 p.m.20 views

CVE-2026-41511

CVE-2026-41511 affects the OpenMcdf .NET/C# library for Compound File Binary (CFB) manipulation. Before version 3.1.3, the library failed to detect cycles in the directory-entry red–black tree, allowing a crafted CFB file to create a cycle in LeftSiblingID/RightSiblingID that causes Storage.Enume...

6.2CVSS5.7AI score0.00187EPSS
Exploits1References3Affected Software1
HackRead
HackRead
added 2026/05/06 1:42 p.m.11 views

Building Strategic Advantage With Integrated Planning

Siloed planning slows decisions and hides risk. Integrated business planning connects finance, demand, supply, and strategy into a single disciplined cycle...

5.8AI score
Exploits0
Rows per page
Query Builder