Lucene search
K

453 matches found

CVE
CVE
added 2026/06/15 1:56 p.m.274 views

CVE-2026-5079

The CVE-2026-5079 issue affects the Multer library (versions 1.0.0–2.1.1 and 3.0.0-alpha.1). The vulnerability arises from the append-field dependency parsing bracket notation in field names with no limit on nesting depth, which can cause the allocation of deeply nested object structures and cons...

7.5CVSS5.4AI score0.00278EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/11 10:16 p.m.4 views

UBUNTU-CVE-2026-44250

Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause DoS by sending a crafted Redis payload with deeply nested arrays. This forces the server to allocate a massive...

7.5CVSS5.3AI score0.00371EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/11 1:27 p.m.8 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception through the link validation. An attacker can cause the application to crash or become unresponsive by submitting deeply nested input that triggers an unhandled RangeError exception. This is only exploitable if input...

6.9CVSS5.3AI score0.00039EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/11 1:27 p.m.12 views

joi has an uncaught RangeError on deeply nested input through recursive `link()` schemas

Impact Denial of service via untrapped exception in services validating user-supplied JSON / object input with recursive link schemas. The blast radius depends on how the application invokes joi: - Highest impact: validate called without try/catch in a request handler would cause an unhandled...

5.2AI score0.00039EPSS
Exploits0References4Affected Software1
Ubuntu
Ubuntu
added 2026/06/11 6:57 a.m.17 views

USN-8420-1: .NET vulnerabilities

It was discovered that .NET did not properly handle link resolution before file access. A local attacker could use this issue to perform unauthorized file tampering and write arbitrary files outside of the intended extraction directory. CVE-2026-45491 It was discovered that .NET did not properly...

7.5CVSS5.6AI score0.0243EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/10 3:39 p.m.9 views

axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data

A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the toFormData function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js...

7.5CVSS7.6AI score0.00744EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/06/09 4:5 p.m.38 views

CVE-2026-49847 FreeSWITCH: Stack overflow in bundled cJSON parser via deeply nested JSON

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, a single unauthenticated WebSocket frame containing a deeply nested JSON document crashes...

7.5CVSS0.00414EPSS
Exploits0References2
CVE
CVE
added 2026/06/09 4:5 p.m.28 views

CVE-2026-49847

CVE-2026-49847 affects FreeSWITCH prior to version 1.11.1, where a single unauthenticated WebSocket frame containing a deeply nested JSON document can trigger a stack overflow in the bundled cJSON parser. The recursion drives the worker thread’s stack into the guard page, causing a kernel SIGSEGV...

7.5CVSS5.4AI score0.00414EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/08 7:1 p.m.9 views

GHSA-3244-J874-RHC2 Netty: Memory Exhaustion in RedisArrayAggregator due to Deeply Nested Arrays

Summary An attacker can cause DoS by sending a crafted Redis payload with deeply nested arrays. This forces the server to allocate a massive number of state objects and collections, leading to memory exhaustion and an OutOfMemoryError. Details io.netty.handler.codec.redis.RedisArrayAggregator...

7.5CVSS5.5AI score0.00371EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.13 views

CVE-2026-8936

Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder and triggered a dentry invalidation event. This issue has been fixed in Docker Desktop 4.76.0...

8.2CVSS6.5AI score0.00115EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/02 9:9 p.m.8 views

CVE-2026-8936

Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder and triggered a dentry invalidation event. This issue has been fixed in Docker Desktop 4.76.0...

8.2CVSS5.7AI score0.00115EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/02 5:41 p.m.11 views

axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data

A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the toFormData function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js...

7.5CVSS5.8AI score0.00744EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/06/01 7:49 a.m.16 views

CVE-2026-42358

A bug in Apache Airflow's Variable response masker caused nested-key redaction triggered by secret-suffixed key names like password, token, secret, apikey to be bypassed when the JSON value's nesting depth exceeded the shared secrets masker's recursion limit: the masker returned the original nest...

3.7CVSS5.8AI score0.00421EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/01 2:3 a.m.17 views

pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion

An unbounded recursion flaw has been discovered in the pypi pyasn1 library. This uncontrolled recursion occurs when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE 0x30 or SET 0x31 tags with Indefinite Length 0x80 markers. Thi...

7.5CVSS7AI score0.0058EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/06/01 1:11 a.m.16 views

pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion

An unbounded recursion flaw has been discovered in the pypi pyasn1 library. This uncontrolled recursion occurs when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE 0x30 or SET 0x31 tags with Indefinite Length 0x80 markers. Thi...

7.5CVSS7AI score0.0058EPSS
Exploits1References6
NVD
NVD
added 2026/05/27 6:16 p.m.10 views

CVE-2026-42328

go-ipld-prime is an implementation of the InterPlanetary Linked Data IPLD spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Prior to 0.23.0, the DAG-CBOR and DAG-JSON decoders recurse on each nested map or list...

6.2CVSS0.0012EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 2:48 p.m.8 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a denial of service in cbor2 [CVE-2026-26209]

Summary IBM Watson Speech Services Cartridge is vulnerable to adenial of service in cbor2, caused by uncontrolled recursion when decoding deeply nested CBOR structures CVE-2026-26209. Cbor2 is used in our speech runtimes. This vulnerabilitiy has been addressed. Please read the details for...

7.5CVSS7AI score0.00417EPSS
Exploits1Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Ruby 2.5

REXML is an XML toolkit for Ruby. The REXML gem before version 3.3.6 has a DoS vulnerability when it parses XMLs that contain many elements with the same local name attribute. If you need to parse untrusted XMLs using tree parser APIs like REXML::Document.new, you may be vulnerable to this...

5.9CVSS6.2AI score0.01205EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Jackson-Databind

In FasterXML Jackson-Databind before version 2.13.4, resource exhaustion can occur due to the lack of a check in BeanDeserializer.deserializeFromArray, which prevents the use of deeply nested arrays. An application becomes vulnerable only with certain customized choices for deserialization...

7.5CVSS6.4AI score0.02656EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/05/19 6:28 p.m.15 views

cpython: Stack overflow parsing XML with deeply nested DTD content models

A stack overflow flaw has been discovered in the python pyexpat module. When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs. This will result in a program crash...

7.5CVSS7.2AI score0.00621EPSS
Exploits0References10
Rows per page
Query Builder