CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Snyk•added 2026/04/22 8:23 p.m.•1 views

Uncontrolled Recursion

Overview xmldom is an A pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. Affected versions of this package are vulnerable to Uncontrolled Recursion in the recursive processing of deeply nested XML documents by several DOM-related operations, including...

8.7CVSS5.4AI score0.0004EPSS

Snyk•added 2026/04/22 8:23 p.m.•3 views

Uncontrolled Recursion

Overview @xmldom/xmldom is a javascript ponyfill to provide the following APIs that are present in modern browsers to other runtimes. Since version 0.7.0 this package is published to npm as @xmldom/xmldom and no longer as xmldom Affected versions of this package are vulnerable to Uncontrolled...

8.7CVSS5.5AI score0.0004EPSS

RedHat Linux•added 2026/04/21 11:21 a.m.•2 views

perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files

A flaw was found in XML::Parser, a Perl module for parsing XML. This vulnerability, an off-by-one heap buffer overflow, occurs when processing an XML file with very deep element nesting. A remote attacker could exploit this by providing a specially crafted XML file, potentially leading to memory...

9.8CVSS5.9AI score0.00029EPSS

Exploits0References7

Tenable Nessus•added 2026/04/21 12:0 a.m.•2 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: python3 (UTSA-2026-013021)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013021 advisory. When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can b...

6.3CVSS7.3AI score0.00128EPSS

Exploits0References3

CVE•added 2026/04/17 11:5 p.m.•7 views

CVE-2026-40324

Hot Chocolate (GraphQL server) contains a vulnerability in Utf8GraphQLParser: prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, the recursive descent parser has no recursion-depth limit, so deeply nested GraphQL documents (as small as ~40 KB) can trigger a StackOverflowException. This unca...

9.1CVSS5.7AI score0.00047EPSS

Exploits0References12

OSV•added 2026/04/15 12:3 p.m.•0 views

RLSA-2026:7679 Important: perl-XML-Parser security update

This module provides ways to parse XML documents. It is built on top of XML::Parser::Expat, which is a lower level interface to James Clark's expat library. Each call to one of the parsing methods creates a new instance of XML::Parser::Expat which is then used to parse the document. Expat options...

8.8CVSS5.8AI score0.00035EPSS

Exploits0References3

OSV•added 2026/02/26 8:47 a.m.•2 views

BIT-MONGODB-2026-1849 Mongod can run out of stack memory when expressions create deeply nested documents

MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce deeply nested documents. The issue arises in recursive functions because the server does not periodically check the depth of the expression...

7.5CVSS5.3AI score0.00077EPSS

RedhatCVE•added 2026/02/11 7:44 p.m.•3 views

CVE-2026-1849

7.5CVSS5.5AI score0.00077EPSS

UbuntuCve•added 2026/02/10 7:15 p.m.•1 views

CVE-2026-1849

7.5CVSS5.8AI score0.00077EPSS

CVE•added 2026/02/10 6:52 p.m.•14 views

CVE-2026-1849

MongoDB Server is affected by an out-of-memory failure triggered while evaluating expressions that produce deeply nested documents. The root cause is that recursive functions do not periodically check expression depth, allowing unbounded nesting to exhaust memory. Impact is Availability (high) wi...

7.5CVSS5.5AI score0.00077EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/02/10 6:52 p.m.•20 views

CVE-2026-1849 Mongod can run out of stack memory when expressions create deeply nested documents

7.1CVSS0.00077EPSS

Vulnrichment•added 2026/02/10 6:52 p.m.•4 views

CVE-2026-1849 Mongod can run out of stack memory when expressions create deeply nested documents

7.1CVSS5.5AI score0.00077EPSS

RedHat Linux•added 2026/02/10 8:20 a.m.•3 views

cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service

A flaw was found in cpython. This vulnerability allows impacted availability via a quadratic algorithm in xml.dom.minidom methods, such as appendChild, when building excessively nested documents due to a dependency on clearidcache...

RedHat Linux•added 2026/02/10 8:19 a.m.•0 views

cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service

RedHat Linux•added 2026/02/10 8:12 a.m.•3 views

cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service

Positive Technologies•added 2026/02/10 12:0 a.m.•2 views

PT-2026-7433

Name of the Vulnerable Software and Affected Versions MongoDB Server affected versions not specified Description The MongoDB Server may encounter an out-of-memory failure when processing expressions that result in deeply nested documents. This occurs due to a lack of periodic depth checks within...

7.5CVSS5.4AI score0.00077EPSS

Exploits0References9

RedHat Linux•added 2026/02/09 12:14 p.m.•1 views

cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service

RedHat Linux•added 2026/02/09 8:36 a.m.•3 views

cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service