CVE-2026-42039

A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the toFormData function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js...

CLSA-2026-1777977059 dovecot: Fix of CVE-2026-27857

CVE-2026-27857: limit the number of open IMAP parser lists in imap-login to prevent excessive memory usage from deeply nested parentheses e.g. NOOP...

CLSA-2026-1777976700 dovecot: Fix of CVE-2026-27857

CVE-2026-27857: limit the number of open IMAP parser lists in imap-login to prevent excessive memory usage from deeply nested parentheses e.g. NOOP...

EUVD-2026-25605

Axios: unbounded recursion in toFormData causes DoS via deeply nested request data...

GHSA-62HF-57XW-28J9 Axios: unbounded recursion in toFormData causes DoS via deeply nested request data

Summary toFormData recursively walks nested objects with no depth limit, so a deeply nested value passed as request data crashes the Node.js process with a RangeError. Details lib/helpers/toFormData.js:210 defines an inner buildvalue, path that recurses into every object/array child line 225:...

Axios: unbounded recursion in toFormData causes DoS via deeply nested request data

Summary toFormData recursively walks nested objects with no depth limit, so a deeply nested value passed as request data crashes the Node.js process with a RangeError. Details lib/helpers/toFormData.js:210 defines an inner buildvalue, path that recurses into every object/array child line 225:...

Inefficient Algorithmic Complexity

Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity through the OverlappingFieldsCanBeMerged validation rule. An attacker can exhaust server resources and cause service disruption by submitting specially crafted GraphQL queries containing numerous neste...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in ImagePath.Path, ImageDraw.ImageDraw.polygon, and ImageDraw.ImageDraw.line, all of which accept nested coordinates as input. An attacker can cause denial of service by supplying nested lists as coordinates,...

Pillow has a heap buffer overflow with nested list coordinates

Passing nested lists as coordinates to APIs that accept coordinates such as ImagePath.Path, ImageDraw.ImageDraw.polygon and ImageDraw.ImageDraw.line could cause a heap buffer overflow, as nested lists were recursively unpacked beyond the allocated buffer. Coordinate lists are now validated to...

GHSA-5XMW-VC9V-4WF2 Pillow has a heap buffer overflow with nested list coordinates

Passing nested lists as coordinates to APIs that accept coordinates such as ImagePath.Path, ImageDraw.ImageDraw.polygon and ImageDraw.ImageDraw.line could cause a heap buffer overflow, as nested lists were recursively unpacked beyond the allocated buffer. Coordinate lists are now validated to...

pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion

An unbounded recursion flaw has been discovered in the pypi pyasn1 library. This uncontrolled recursion occurs when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE 0x30 or SET 0x31 tags with Indefinite Length 0x80 markers. Thi...

pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion

An unbounded recursion flaw has been discovered in the pypi pyasn1 library. This uncontrolled recursion occurs when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE 0x30 or SET 0x31 tags with Indefinite Length 0x80 markers. Thi...

Security Bulletin: pyasn1 Uncontrolled Recursion in ASN.1 Decoding Enables Denial of Service

Summary pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the pyasn1 library is vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested...

dotnet: .NET: Denial of Service via stack overflow

A flaw was found in .NET. A remote attacker could exploit a stack overflow vulnerability during encrypted key nested decryption, leading to a Denial of Service DoS. This could make the affected system unavailable to legitimate users...

dotnet: .NET: Denial of Service via stack overflow

A flaw was found in .NET. A remote attacker could exploit a stack overflow vulnerability during encrypted key nested decryption, leading to a Denial of Service DoS. This could make the affected system unavailable to legitimate users...

dotnet: .NET: Denial of Service via stack overflow

A flaw was found in .NET. A remote attacker could exploit a stack overflow vulnerability during encrypted key nested decryption, leading to a Denial of Service DoS. This could make the affected system unavailable to legitimate users...

RHCOS 6 : Red Hat OpenShift Enterprise 1.1.1 update (Moderate) (RHSA-2013:0582)

The remote Red Hat Enterprise Linux CoreOS 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0582 advisory. - rubygem-actionpack: Unsafe query generation CVE-2012-2660 - rubygem-activerecord: SQL injection when processing nested query...

RHCOS 4 : OpenShift Container Platform 4.14.40 (RHSA-2024:8700)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8700 advisory. - buildah: Buildah allows arbitrary directory mount CVE-2024-9675 - Podman: Buildah: CRI-O: symlink traversal vulnerability in the...

PT-2026-37198

Name of the Vulnerable Software and Affected Versions Pillow versions 11.2.1 through 12.1.x Description Passing nested lists as coordinates to APIs that accept coordinates, such as 'ImagePath.Path', 'ImageDraw.ImageDraw.polygon', and 'ImageDraw.ImageDraw.line', can cause a heap buffer overflow...

Astra Linux - уязвимость в linux

A flaw was discovered in the KVM’s AMD code, responsible for supporting SVM nested virtualization. The flaw occurs during the processing of the VMCB virtual machine control block provided by the L1 guest, which is used to spawn or handle a nested guest L2. Due to improper validation of the...