Lucene search
K

453 matches found

OSV
OSV
added 2026/05/19 4:21 p.m.8 views

GHSA-JGGG-4JG4-V7C6 protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion

Summary protobufjs could recurse without a depth limit while expanding nested JSON descriptors through Root.fromJSON and Namespace.addJSON. A crafted JSON descriptor with deeply nested namespace definitions could cause the JavaScript call stack to be exhausted during descriptor loading. Impact An...

5.3CVSS5.8AI score0.00263EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/19 1:33 p.m.10 views

cpython: Stack overflow parsing XML with deeply nested DTD content models

A stack overflow flaw has been discovered in the python pyexpat module. When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs. This will result in a program crash...

7.5CVSS7.2AI score0.00621EPSS
Exploits0References10
NVD
NVD
added 2026/05/15 7:17 p.m.21 views

CVE-2026-46360

phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in SvgSanitizer::decodeAllEntities that limits recursive entity decoding to 5 iterations, allowing attackers to bypass sanitization. Authenticated users with FAQEDIT permission can upload malicious SVG files with deeply...

5.4CVSS0.00153EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/15 12:30 a.m.14 views

EUVD-2026-30490

Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances when the source of these BSON documents is not MongoDB Server...

6CVSS5.8AI score0.00311EPSS
Exploits0References2
NVD
NVD
added 2026/05/14 10:16 p.m.16 views

CVE-2026-6811

Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances when the source of these BSON documents is not MongoDB Server...

6CVSS0.00311EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/14 9:27 p.m.36 views

CVE-2026-6811 PHP Stack Exhaustion

Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances when the source of these BSON documents is not MongoDB Server...

6CVSS0.00311EPSS
Exploits0References1
MongoDB
MongoDB
added 2026/05/14 9:27 p.m.14 views

PHP Stack Exhaustion

Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances when the source of these BSON documents is not MongoDB Server...

6CVSS5.8AI score0.00311EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.8 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: git-lfs (UTSA-2026-019019)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-019019 advisory. Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Tenable...

7.5CVSS6.9AI score0.01403EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/13 7:23 p.m.11 views

CVE-2026-41257

A flaw was found in jq, a command line JSON processor. The memory allocation size is calculated using a signed integer that can overflow when processing deeply nested generator forks. This integer overflow allows an attacker who can supply a sufficiently nested input to influence the memory...

7.3CVSS5.8AI score0.00142EPSS
Exploits1References4
Snyk
Snyk
added 2026/05/13 5:22 p.m.11 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion through the Root.fromJSON or Namespace.addJSON functions. An attacker can cause resource exhaustion and disrupt service availability by submitting a crafted JSON descriptor with deeply nested namespace definitions...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.12 views

PT-2026-40697

Name of the Vulnerable Software and Affected Versions protobufjs versions prior to 7.5.8 protobufjs versions prior to 8.2.0 Description protobufjs compiles protobuf definitions into JavaScript functions. The software can recurse without a depth limit when expanding nested JSON descriptors through...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/12 7:20 p.m.35 views

CVE-2026-42355 NanaZip: Uncontrolled recursion in NanaZip Electron ASAR parser causes stack exhaustion

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the Electron Archive ASAR parser in NanaZip. When opening a crafted .asar file with deeply nested JSON in the header, both nlohmann::json::parse and the handler's...

3.3CVSS0.00111EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 7:20 p.m.8 views

CVE-2026-42355 NanaZip: Uncontrolled recursion in NanaZip Electron ASAR parser causes stack exhaustion

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the Electron Archive ASAR parser in NanaZip. When opening a crafted .asar file with deeply nested JSON in the header, both nlohmann::json::parse and the handler's...

3.3CVSS5.8AI score0.00111EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.16 views

PT-2026-39709

Name of the Vulnerable Software and Affected Versions jq versions prior to 1.8.2 Description The jv contains function recurses into nested arrays and objects without a depth limit. When processing a sufficiently nested input structure, this can lead to C stack exhaustion, causing the application ...

7.3CVSS5.8AI score0.00161EPSS
Exploits5References55
Vulnrichment
Vulnrichment
added 2026/05/07 9:18 p.m.9 views

CVE-2026-7541 Denial of service vulnerability in GitHub Enterprise Server allowed service disruption via unauthenticated API endpoint

A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to cause service disruption by sending crafted requests with deeply nested JSON payloads to an unauthenticated API endpoint. The endpoint parsed user-controlled JSON request bodie...

8.9CVSS5.8AI score0.00388EPSS
Exploits0References5
CVE
CVE
added 2026/05/07 9:18 p.m.24 views

CVE-2026-7541

CVE-2026-7541 is a denial-of-service vulnerability in GitHub Enterprise Server. An unauthenticated attacker could trigger service disruption by sending crafted requests with deeply nested JSON payloads to an unauthenticated API endpoint. The endpoint parsed user-controlled JSON bodies without siz...

8.9CVSS5.8AI score0.00388EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/05/07 9:18 p.m.43 views

CVE-2026-7541 Denial of service vulnerability in GitHub Enterprise Server allowed service disruption via unauthenticated API endpoint

A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to cause service disruption by sending crafted requests with deeply nested JSON payloads to an unauthenticated API endpoint. The endpoint parsed user-controlled JSON request bodie...

8.9CVSS0.00388EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2026/05/07 12:0 a.m.18 views

Profiling for Pennies: Unveiling the Privacy Iceberg of LLM Agents

Large Language Models LLMs have revolutionized how information are collected, aggregated, and reasoned. However, this enables a novel and accessible vector of privacy intrusion: the automated and in-depth personal profiling; this engenders a chilling effect of "peepers everywhere". Existing...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

XMLDOM 安全漏洞

XMLDOM is a JavaScript implementation of the W3C DOM for Node developed by jindw. Versions of XMLDOM prior to 0.9.10, 0.8.13, and xmldom 0.6.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the unlimited depth of recursive traversal in lib/dom.js, which could...

8.7CVSS5.8AI score0.00643EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/06 6:40 a.m.6 views

pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion

An unbounded recursion flaw has been discovered in the pypi pyasn1 library. This uncontrolled recursion occurs when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE 0x30 or SET 0x31 tags with Indefinite Length 0x80 markers. Thi...

7.5CVSS6.8AI score0.0058EPSS
Exploits1References6
Rows per page
Query Builder