Lucene search
+L

1149 matches found

Github Security Blog
Github Security Blog
added 2026/03/19 9:31 p.m.6 views

Scriban has an Infinite Recursion during Object Rendering Leads to Stack Overflow and Process Crash (Denial of Service)

When Scriban renders an object that contains a circular reference, it traverses the object's members infinitely. Because the ObjectRecursionLimit property defaults to unlimited, this behavior exhausts the thread's stack space, triggering an uncatchable StackOverflowException that immediately...

5.9AI score
Exploits0References3Affected Software2
OSV
OSV
added 2026/03/19 8:11 a.m.4 views

SUSE-SU-2026:20911-1 Security update for poppler

This update for poppler fixes the following issues: - CVE-2025-11896: infinite recursion leading to stack overflow due to object loop in PDF CMap bsc1252337...

2.1CVSS5.9AI score0.0016EPSS
Exploits0References3
OSV
OSV
added 2026/03/19 8:11 a.m.4 views

OPENSUSE-SU-2026:20397-1 Security update for poppler

This update for poppler fixes the following issues: - CVE-2025-11896: infinite recursion leading to stack overflow due to object loop in PDF CMap bsc1252337...

2.1CVSS5.9AI score0.0016EPSS
Exploits0References2
NVD
NVD
added 2026/03/10 6:18 p.m.13 views

CVE-2026-30939

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.13 and 9.5.1-alpha.2, an unauthenticated attacker can crash the Parse Server process by calling a Cloud Function endpoint with a prototype property name as the function name. The...

8.8CVSS0.0049EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.8 views

PT-2026-24188

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.13 Parse Server versions prior to 9.5.1-alpha.2 Description An unauthenticated attacker can cause a denial of service by crashing the Parse Server process. This occurs by calling a Cloud Function endpoint wit...

8.8CVSS5.7AI score0.0049EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2026/03/07 12:0 a.m.4 views

SUSE SLES16 Security Update : libxml2, libxslt (SUSE-SU-2026:20631-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:20631-1 advisory. Changes in libxml2: - CVE-2026-0990: call stack overflow may lead to application crash due to infinite recursion in...

6.2CVSS6.1AI score0.00755EPSS
Exploits3References24
RedHat Linux
RedHat Linux
added 2026/03/03 8:57 p.m.10 views

kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion

A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM Classical IP CLIP module. A local user can trigger an infinite recursive call in the clippush function by repeatedly calling the ioctlATMARPMKIP system call. This vulnerability occurs when the socket is closed, leading to stack...

7.8CVSS5.8AI score0.0017EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/03/03 9:54 a.m.8 views

kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion

A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM Classical IP CLIP module. A local user can trigger an infinite recursive call in the clippush function by repeatedly calling the ioctlATMARPMKIP system call. This vulnerability occurs when the socket is closed, leading to stack...

7.8CVSS5.8AI score0.0017EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/03/03 9:29 a.m.5 views

Astra Linux – Vulnerability in Poppler

A issue with the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause infinite recursion by providing a crafted PDF file. This can lead to a Denial of Service DoS attack...

6.5CVSS7.6AI score0.00301EPSS
Exploits1References3
Veracode
Veracode
added 2026/02/26 6:2 a.m.7 views

Denial Of Service (DoS)

Nodemailer is vulnerable to a denial of service DoS. The vulnerability is due to improper handling of a crafted email address header that triggers infinite recursion in the address parser, which allows an attacker to exhaust resources and disrupt service availability...

7.5CVSS5.8AI score0.00416EPSS
Exploits1References7Affected Software1
RedHat Linux
RedHat Linux
added 2026/02/26 4:25 a.m.14 views

kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion

A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM Classical IP CLIP module. A local user can trigger an infinite recursive call in the clippush function by repeatedly calling the ioctlATMARPMKIP system call. This vulnerability occurs when the socket is closed, leading to stack...

7.8CVSS5.8AI score0.0017EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/25 3:20 p.m.4 views

kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion

A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM Classical IP CLIP module. A local user can trigger an infinite recursive call in the clippush function by repeatedly calling the ioctlATMARPMKIP system call. This vulnerability occurs when the socket is closed, leading to stack...

7.8CVSS5.8AI score0.0017EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/25 12:27 a.m.7 views

kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion

A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM Classical IP CLIP module. A local user can trigger an infinite recursive call in the clippush function by repeatedly calling the ioctlATMARPMKIP system call. This vulnerability occurs when the socket is closed, leading to stack...

7.8CVSS5.8AI score0.0017EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/02/19 12:0 a.m.6 views

openSUSE 15: libxml2-2 / libxml2-2-32bit / libxml2-devel / libxml2-devel-32bit / etc (SUSE-SU-2026:0570-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0570-1 advisory. - CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in xmlCatalogXMLResolveURI. bsc1256807, bsc125681...

6.2CVSS6.2AI score0.00755EPSS
Exploits3References22
OSV
OSV
added 2026/02/15 9:6 a.m.28 views

RLSA-2026:2212 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net: openvswitch: fix nested key length validation in the set action CVE-2025-37789 kernel: Linux kernel: irqchip/gic-v2m use-after-free vulnerability CVE-2025-37819 kernel: RDMA/core: Fi...

7.4CVSS7.5AI score0.00519EPSS
Exploits3References17
CNNVD
CNNVD
added 2026/02/14 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a lack of recursive protection in the kernel stack trace records. This vulnerability could lead t...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/02/09 2:40 a.m.3 views

kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion

A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM Classical IP CLIP module. A local user can trigger an infinite recursive call in the clippush function by repeatedly calling the ioctlATMARPMKIP system call. This vulnerability occurs when the socket is closed, leading to stack...

7.8CVSS5.8AI score0.0017EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/06 9:16 p.m.33 views

CVE-2026-25533 Enclave has a sandbox escape via infinite recursion and error objects

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the error objects does not cover the peculiar...

6.4CVSS0.0023EPSS
Exploits1References3
CVE
CVE
added 2026/02/06 9:16 p.m.22 views

CVE-2026-25533

Enclave (enclave-vm) prior to version 2.10.1 contains multiple sandbox weaknesses: AST sanitization can be bypassed with dynamic property accesses; error object hardening does not cover vm module peculiarities; and function constructor access can be circumvented via host object references. The is...

8.8CVSS5.6AI score0.0023EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/06 9:16 p.m.5 views

CVE-2026-25533 Enclave has a sandbox escape via infinite recursion and error objects

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the error objects does not cover the peculiar...

6.4CVSS5.8AI score0.0023EPSS
Exploits1References3
Rows per page
Query Builder