Lucene search
K

130 matches found

Cvelist
Cvelist
added 2026/01/22 2:32 a.m.28 views

CVE-2026-24006 Seroval affected by Denial of Service via Deeply Nested Objects

Seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, serialization of objects with extreme depth can exceed the maximum call stack limit. In version 1.4.1, Seroval introduces a depthLimit parameter in...

7.5CVSS0.00403EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/22 12:0 a.m.5 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion in the dumps function in formatter.rs. An attacker can cause a core dump by supplying a deeply nested JSON document. PoC python import orjson import sys import platform printf'OS: platform.platform' printf'Python...

7.5CVSS5.4AI score0.0055EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.4 views

MiracleLinux 9 : delve-1.24.1-2.el9_5, golang-1.23.6-2.el9_5 (AXSA:2025-9852:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9852:01 advisory. encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion CVE-2024-34156...

7.5CVSS7.5AI score0.01127EPSS
Exploits0References2
OSV
OSV
added 2025/12/03 7:15 p.m.2 views

DEBIAN-CVE-2025-12084

When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building excessively nested documents...

5.3CVSS7.3AI score0.00708EPSS
Exploits0References1
CVE
CVE
added 2025/12/03 6:55 p.m.118 views

CVE-2025-12084

CVE-2025-12084 affects Python’s xml.dom.minidom when building nested elements via methods like appendChild() that rely on _clear_id_cache(); the algorithm becomes quadratic, potentially impacting availability under heavily nested documents. Connected advisories confirm a patch exists across multi...

6.3CVSS6.6AI score0.00708EPSS
Exploits0References14Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/03 6:55 p.m.2 views

CVE-2025-12084 Quadratic complexity in node ID cache clearing

When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building excessively nested documents...

6.3CVSS6.6AI score0.00708EPSS
Exploits0References14
Snyk
Snyk
added 2025/12/02 6:45 a.m.22 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via algorithmic complexity in the SQL parsing logic. The parser fails to enforce limits when handling deeply nested tuples or unusually large token sequences, allowing an attacker to...

8.7CVSS7.5AI score0.0321EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/14 6:53 a.m.10 views

Security Bulletin: Security vulnerability affect IBM Business Automation Workflow - CVE-2025-52999

Summary IBM Business Automation Workflow Case documentation in before 25.0.0 built upon a version of DITA, which packages a vulnerable copy of jackson-core. Vulnerability Details CVEID:CVE-2025-52999 DESCRIPTION: jackson-core contains core low-level incremental "streaming" parser and generator...

8.7CVSS7AI score0.00634EPSS
Exploits0Affected Software2
OSV
OSV
added 2025/11/06 9:9 a.m.14 views

CLSA-2025-1762420153 delve: Fix of CVE-2024-34156

rebuild with newer golang to fix CVE-2024-34156 stack exhaustion in encoding/gob when decoding deeply nested structures...

7.5CVSS6.9AI score0.01127EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/10/24 12:0 a.m.4 views

EulerOS 2.0 SP13 : polkit (EulerOS-SA-2025-2274)

According to the versions of the polkit packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This...

6.7CVSS6.4AI score0.00184EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/26 12:0 a.m.6 views

Alibaba Cloud Linux 3 : 0144: pki-deps:10.6 (ALINUX3-SA-2025:0144)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2025:0144 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-52999: jackson-core contains core low-leve...

8.7CVSS7.2AI score0.00634EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/08/20 2:2 a.m.2 views

com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError

A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur...

8.7CVSS7.1AI score0.00634EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2020-36518

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. CVE-2020-36518 Note that Nessus...

7.5CVSS6.7AI score0.0486EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/11 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-52999

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jackson-core contains core low-level incremental streaming parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a...

8.7CVSS6.6AI score0.00634EPSS
Exploits0References3
Amazon
Amazon
added 2025/08/08 12:0 a.m.4 views

Medium: jackson-core

Issue Overview: jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth...

8.7CVSS6.8AI score0.00634EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2025/08/01 5:42 p.m.2 views

com.nimbusds/nimbus-jose-jwt: Uncontrolled recursion in Connect2id Nimbus JOSE + JWT

A denial of service flaw has been discovered in Connect2id Nimbus JOSE + JWT. This issue can allow a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set...

5.8CVSS7.1AI score0.00806EPSS
Exploits0References7
OSV
OSV
added 2025/08/01 1:2 p.m.3 views

OESA-2025-1919 polkit security update

polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes. Security Fixes: A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggere...

6.7CVSS7.9AI score0.00184EPSS
Exploits0References2
OSV
OSV
added 2025/07/25 2:34 p.m.2 views

SUSE-SU-2025:02527-1 Security update for polkit

This update for polkit fixes the following issues: - CVE-2025-7519: Fixed a XML policy file with a large number of nested elements that may lead to out-of-bounds write. bsc1246472...

6.7CVSS5.8AI score0.00184EPSS
Exploits0References3
OSV
OSV
added 2025/07/14 2:15 p.m.4 views

AZL-65379 CVE-2025-7519 affecting package polkit for versions less than 0.119-4

A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account i...

6.7CVSS6.3AI score0.00184EPSS
Exploits0References1
NVD
NVD
added 2025/06/25 5:15 p.m.11 views

CVE-2025-52999

jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly...

8.7CVSS0.00634EPSS
Exploits0References2
Rows per page
Query Builder