Lucene search
K

453 matches found

RedHat Linux
RedHat Linux
added 2026/04/16 9:10 p.m.4 views

perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files

A flaw was found in XML::Parser, a Perl module for parsing XML. This vulnerability, an off-by-one heap buffer overflow, occurs when processing an XML file with very deep element nesting. A remote attacker could exploit this by providing a specially crafted XML file, potentially leading to memory...

9.8CVSS5.9AI score0.00548EPSS
Exploits0References7
OSV
OSV
added 2026/04/16 9:9 p.m.9 views

GHSA-QR3M-XW4C-JQW3 ChilliCream GraphQL Platform: Utf8GraphQLParser Stack Overflow via Deeply Nested GraphQL Documents

Impact Hot Chocolate's Utf8GraphQLParser is a recursive descent parser with no recursion depth limit. A crafted GraphQL document with deeply nested selection sets, object values, list values, or list types can trigger a StackOverflowException on payloads as small as 40 KB. Because...

9.1CVSS5.7AI score0.00902EPSS
Exploits0References14
OSV
OSV
added 2026/04/15 12:7 p.m.7 views

RLSA-2026:7680 Important: perl-XML-Parser security update

This module provides ways to parse XML documents. It is built on top of XML::Parser::Expat, which is a lower level interface to James Clark's expat library. Each call to one of the parsing methods creates a new instance of XML::Parser::Expat which is then used to parse the document. Expat options...

8.8CVSS5.8AI score0.00604EPSS
Exploits0References3
OSV
OSV
added 2026/04/15 12:3 p.m.8 views

RLSA-2026:7679 Important: perl-XML-Parser security update

This module provides ways to parse XML documents. It is built on top of XML::Parser::Expat, which is a lower level interface to James Clark's expat library. Each call to one of the parsing methods creates a new instance of XML::Parser::Expat which is then used to parse the document. Expat options...

8.8CVSS5.8AI score0.00604EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/15 12:0 a.m.6 views

RockyLinux 10 : perl-XML-Parser (RLSA-2026:7680)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:7680 advisory. perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files CVE-2006-10003 perl-xml-parser: XML::Parser for Perl: Heap corruption and...

9.8CVSS5.9AI score0.00604EPSS
Exploits0References5
Snyk
Snyk
added 2026/04/14 6:48 p.m.9 views

Uncontrolled Recursion

Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

6.8CVSS5.8AI score0.00144EPSS
Exploits0References2
OSV
OSV
added 2026/04/13 10:16 p.m.7 views

UBUNTU-CVE-2026-33908

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, Magick frees the memory of the XML tree via the DestroyXMLTree function; however, this process is executed recursively with no depth limit imposed. When...

7.5CVSS5.7AI score0.0051EPSS
Exploits0References8
Snyk
Snyk
added 2026/04/13 10:11 p.m.7 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion in the DestroyXMLTree function. An attacker can cause the application to exhaust stack memory and terminate unexpectedly by submitting an XML file with deeply nested structures. Remediation A fix was pushed into t...

8.7CVSS5.8AI score0.0051EPSS
Exploits0References2
CVE
CVE
added 2026/04/13 9:6 p.m.37 views

CVE-2026-33908

CVE-2026-33908 : ImageMagick is vulnerable to a stack exhaustion DoS in XML processing. The issue arises when DestroyXMLTree() frees the XML tree recursively with no depth limit, potentially exhausting stack memory on deeply nested XML. Affects versions below 6.9.13-44 and 7.1.2-19; fixed in 6.9....

7.5CVSS5.7AI score0.0051EPSS
Exploits0References7Affected Software1
AlpineLinux
AlpineLinux
added 2026/04/13 8:59 p.m.8 views

CVE-2026-33902

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a stack overflow vulnerability in ImageMagick's FX expression parser allows an attacker to crash the process by providing a deeply nested expression. This...

5.5CVSS5.8AI score0.00144EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.6 views

PT-2026-32528

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-19 ImageMagick versions prior to 6.9.13-44 Description ImageMagick is software used for editing and manipulating digital images. The DestroyXMLTree function frees the memory of the XML tree recursively witho...

7.5CVSS5.7AI score0.0051EPSS
Exploits0References126
RedhatCVE
RedhatCVE
added 2026/04/07 5:6 p.m.3 views

CVE-2026-34211

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, the @nyariv/sandboxjs parser contains unbounded recursion in the restOfExp function and the lispify/lispifyExpr call chain. An attacker can crash any Node.js process that parses untrusted input by supplying deeply nested expressions...

7.5CVSS5.9AI score0.00395EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/06 3:10 p.m.4 views

CVE-2026-34211 SandboxJS: Stack overflow DoS via deeply nested expressions in recursive descent parser

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, the @nyariv/sandboxjs parser contains unbounded recursion in the restOfExp function and the lispify/lispifyExpr call chain. An attacker can crash any Node.js process that parses untrusted input by supplying deeply nested expressions...

6.9CVSS5.9AI score0.00395EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/04/05 12:0 a.m.3 views

Debian dsa-6194 : python-pyasn1-doc - security update

The remote Debian 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6194 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6194-1 [email protected] https://www.debian.org/security/...

7.5CVSS6.8AI score0.0058EPSS
Exploits1References4
OSV
OSV
added 2026/04/03 9:45 p.m.3 views

GHSA-8PFC-JJGW-6G26 SandboxJS: Stack overflow DoS via deeply nested expressions in recursive descent parser

Summary The @nyariv/sandboxjs parser contains unbounded recursion in the restOfExp function and the lispify/lispifyExpr call chain. An attacker can crash any Node.js process that parses untrusted input by supplying deeply nested expressions e.g., 2000 nested parentheses, causing a RangeError:...

6.9CVSS6.1AI score0.00395EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.5 views

PT-2026-30273

Summary The @nyariv/sandboxjs parser contains unbounded recursion in the restOfExp function and the lispify/lispifyExpr call chain. An attacker can crash any Node.js process that parses untrusted input by supplying deeply nested expressions e.g., 2000 nested parentheses, causing a RangeError:...

6.9CVSS6.1AI score0.00395EPSS
Exploits1References4
OSV
OSV
added 2026/03/27 2:7 p.m.7 views

OESA-2026-1780 python-pyasn1 security update

Abstract Syntax Notation One ASN.1 is a technology for exchanging structured data in a universally understood, hardware agnostic way. Many industrial, security and telephony applications heavily rely on ASN.1. The pyasn1 library implements ASN.1 support in pure-Python. Security Fixes: The pyasn1...

7.5CVSS5.9AI score0.0058EPSS
Exploits1References2
OSV
OSV
added 2026/03/27 2:7 p.m.5 views

OESA-2026-1779 python-pyasn1 security update

Abstract Syntax Notation One ASN.1 is a technology for exchanging structured data in a universally understood, hardware agnostic way. Many industrial, security and telephony applications heavily rely on ASN.1. The pyasn1 library implements ASN.1 support in pure-Python. Security Fixes: The pyasn1...

7.5CVSS5.9AI score0.0058EPSS
Exploits1References2
OSV
OSV
added 2026/03/27 2:7 p.m.4 views

OESA-2026-1776 python-pyasn1 security update

Abstract Syntax Notation One ASN.1 is a technology for exchanging structured data in a universally understood, hardware agnostic way. Many industrial, security and telephony applications heavily rely on ASN.1. The pyasn1 library implements ASN.1 support in pure-Python. Security Fixes: The pyasn1...

7.5CVSS7.1AI score0.0058EPSS
Exploits1References2
OSV
OSV
added 2026/03/27 7:14 a.m.1 views

BIT-PARSE-2026-33498 Parse Server: Query condition depth bypass via pre-validation transform pipeline

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.55 and 9.6.0, an attacker can send an unauthenticated HTTP request with a deeply nested query containing logical operators to permanently hang the Parse Server process. Th...

8.7CVSS5.8AI score0.00452EPSS
Exploits0References6
Rows per page
Query Builder