268 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-30922
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the pyasn1 library is vulnerable to a Denial of Service DoS attack caused by uncontrolled recursio...
Denial of Service in pyasn1 via Unbounded Recursion
Summary The pyasn1 library is vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE 0x30 or SET 0x31 tags with Indefinite Length 0x80 markers. This...
Uncontrolled Recursion
Overview Affected versions of this package are vulnerable to Uncontrolled Recursion when decoding ASN.1 data. An attacker can cause the application to crash or exhaust system memory by supplying specially crafted ASN.1 data with deeply nested SEQUENCE or SET tags using indefinite Length markers...
GHSA-JR27-M4P2-RC6R Denial of Service in pyasn1 via Unbounded Recursion
Summary The pyasn1 library is vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE 0x30 or SET 0x31 tags with Indefinite Length 0x80 markers. This...
PT-2026-25973
Name of the Vulnerable Software and Affected Versions pyasn1 versions prior to 0.6.3 Description The pyasn1 library is susceptible to a Denial of Service DoS attack stemming from uncontrolled recursion when decoding ASN.1 data containing deeply nested structures. An attacker can craft a payload...
CVE-2026-3449
Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then usage to hang indefinitely. This...
CVE-2026-28268
Vikunja is an open-source self-hosted task management platform. Versions prior to 2.1.0 have a business logic vulnerability exists in the password reset mechanism of vikunja/api that allows password reset tokens to be reused indefinitely. Due to a failure to invalidate tokens upon use and a...
CVE-2026-25476 OpenEMR has Session Timeout Bypass via skip_timeout_reset
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the session expiration check in library/auth.inc.php runs only when skiptimeoutreset is not present in the request. When skiptimeoutreset=1 is sent, the entire block th...
Improper Handling of Windows Device Names
Overview Affected versions of this package are vulnerable to Improper Handling of Windows Device Names via the safejoin function. An attacker can cause the application to hang indefinitely by requesting a path ending with a Windows special device name. Notes: 1 This is only vulnerable on Windows,...
GO-2026-4488 webtransport-go: CloseWithError can block indefinitely in github.com/quic-go/webtransport-go
webtransport-go: CloseWithError can block indefinitely in github.com/quic-go/webtransport-go...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the STARTTLS component. An attacker can cause resource exhaustion by sending a specially crafted request and stalling the connection, which bypasses configured read timeouts and...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the indefinite wait state in the HTTP response handling process. An attacker can cause worker threads to become permanently blocked by repeatedly closing HTTP connections while...
PT-2026-6179
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s fs/writeback functionality, specifically within the wait sb inodes function. The issue involves skipping AS NO DATA INTEGRITY mappings, which can caus...
CVE-2025-67507
Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.3.0 contain a flaw in the handling of recovery codes for app-based multi-factor authentication, allowing the same recovery code to be reused indefinitely. This issue does not affect...
GHSA-PVCV-Q3Q7-266G Filament multi-factor authentication (app) recovery codes can be used multiple times
A flaw in the handling of recovery codes for app-based multi-factor authentication allows the same recovery code to be reused indefinitely. This issue does not affect email-based MFA. It also only applies when recovery codes are enabled. If an attacker gains access to both the user's password and...
Siemens SIMATIC S7-1500 Uncontrolled Recursion (CVE-2020-28196)
MIT Kerberos 5 aka krb5 before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1encode.c support for BER indefinite lengths lacks a recursion limit. This plugin only works with Tenable.ot. Please visit...
Malicious code in lina-empal6-riris (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 69ee9be93d7a863085ad8ae797a8526effc3350e9f235db89760a3aae98d7bfd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-67255 Malicious code in coastal-cyan-seahorse (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1fca3a7b462db2e0c9bdd74555f00f28c29f87cfdc0f55b424281c3bd93ae4ab This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
CVE-2025-3930
Strapi uses JSON Web Tokens JWT for authentication. After logout or account deactivation, the JWT is not invalidated, which allows an attacker who has stolen or intercepted the token to freely reuse it until its expiration date which is set to 30 days by default, but can be changed. The existence...
Dell BSAFE Crypto-C GetIndefiniteElementLen stack overflow vulnerability
Talos Vulnerability Report TALOS-2025-2142 Dell BSAFE Crypto-C GetIndefiniteElementLen stack overflow vulnerability October 16, 2025 CVE Number None SUMMARY A stack overflow vulnerability exists in the GetIndefiniteElementLen functionality of Dell BSAFE Crypto-C xxx. A specially crafted ASN.1...