Nodemailer’s addressparser is vulnerable to DoS caused by recursive calls

Summary A DoS can occur that immediately halts the system due to the use of an unsafe function. Details According to RFC 5322, nested group structures a group inside another group are not allowed. Therefore, in lib/addressparser/index.js, the email address parser performs flattening when nested...

GHSA-RCMH-QJQH-P98V Nodemailer’s addressparser is vulnerable to DoS caused by recursive calls

Summary A DoS can occur that immediately halts the system due to the use of an unsafe function. Details According to RFC 5322, nested group structures a group inside another group are not allowed. Therefore, in lib/addressparser/index.js, the email address parser performs flattening when nested...

Uncontrolled Recursion

Overview org.webjars.npm:nodemailer is an Easy as cake e-mail sending from your Node.js applications Affected versions of this package are vulnerable to Uncontrolled Recursion in the addressparser function. An attacker can cause the process to terminate immediately by sending an email address...

PT-2025-48982

Name of the Vulnerable Software and Affected Versions xml.dom.minidom affected versions not specified Description The software experiences a performance issue when constructing deeply nested XML documents using methods like appendChild. This is due to a quadratic algorithm within the clear id cac...

CLSA-2025-1764235184 jackson-core: Fix of CVE-2025-52999

CVE-2025-52999: add StreamReadConstraints to protect against DoS attacks via deeply nested structures and oversized inputs...

CLSA-2025-1764151714 Fix CVE(s): CVE-2020-10704

SECURITY UPDATE: stack memory exhaustion vulnerability - debian/patches/CVE-2020-10704.patch: fix vulnerability where a deeply nested filter in an unauthenticated LDAP search can exhaust the LDAP server's attack memory causing a SIGSEGV - CVE-2020-10704...

CVE-2025-9624 OpenSearch 3.2.0 - Nested Boolean/Disjunction asymmetric DoS

A vulnerability in OpenSearch allows attackers to cause Denial of Service DoS by submitting complex querystring inputs. This issue affects all OpenSearch versions between 3.0.0 and 3.3.0 and OpenSearch 2.19.4...

libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash...

AMD CPUs have an unspecified vulnerability

AMD CPUs are a family of CPUs from AMD. An unspecified vulnerability exists in AMD CPUs, which can be exploited by an attacker to run SEV-SNP clients with stale TLB entries, resulting in a loss of data integrity...

Malicious code in set-nested-prop (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e3ace4ffb79a5de4b7a82ae75ffdcccb6233dce2bfa2a4f32f70a3dc6921a03 The package set-nested-prop was found to contain malicious code. Source: ghsa-malware 35b0b9a8f67ec13668f93a14f45e037dc7cb3c33fa4c688e13b10a3cd2c5d3a...

EUVD-2025-199033

Malicious code in set-nested-prop npm...

MAL-2025-191010 Malicious code in set-nested-prop (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e3ace4ffb79a5de4b7a82ae75ffdcccb6233dce2bfa2a4f32f70a3dc6921a03 The package set-nested-prop was found to contain malicious code. Source: ghsa-malware 35b0b9a8f67ec13668f93a14f45e037dc7cb3c33fa4c688e13b10a3cd2c5d3a...

@cycle-mega-driver/database (>=0.2.1 <=0.3.2), @fluidnotions/rx-pouch (>=0.6.7 <=0.6.8) +3 more potentially affected by unknown CVE via set-nested-prop (=2.0.0)

set-nested-prop NPM version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on set-nested-prop and may be impacted: - @cycle-mega-driver/database =0.2.1, =0.6.7, =1.0.0, =0.3.0, =0.6.9 Source cves: unknown CVE Source advisory:...

UBUNTU-CVE-2025-29934

A bug within some AMD CPUs could allow a local admin-privileged attacker to run a SEV-SNP guest using stale TLB entries, potentially resulting in loss of data integrity...

KVM: x86/mmu: Treat NX as a valid SPTE bit for NPT

...

TencentOS Server 4: protobuf (TSSA-2024:0556)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0556 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 4: jackson-core (TSSA-2025:0585)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0585 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

CVE-2025-12983

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to cause a denial of service condition by submitting specially crafted markdown content with nested formattin...

CVE-2025-12983 Memory Allocation with Excessive Size Value in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to cause a denial of service condition by submitting specially crafted markdown content with nested formattin...

CVE-2025-12983

GitLab CE/EE is affected by CVE-2025-12983 in all versions prior to 18.3.6 (18.4 prior to 18.4.4 and 18.5 prior to 18.5.2). An authenticated attacker could cause a denial-of-service by submitting specially crafted markdown with nested formatting patterns. Mitigation is to upgrade to GitLab to 18....