CVE-2026-29062 jackson-core: Nesting Depth Constraint Bypass in `UTF8DataInputJsonParser` potentially allowing Resource Exhaustion

jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. From version 3.0.0 to before version 3.1.0, the UTF8DataInputJsonParser, which is used when parsing from a java.io.DataInput source, bypasses the maxNestingDepth constrai...

CVE-2026-29062

jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. From version 3.0.0 to before version 3.1.0, the UTF8DataInputJsonParser, which is used when parsing from a java.io.DataInput source, bypasses the maxNestingDepth constrai...

xgrammar vulnerable to DoS via multi-layer nesting

Summary The multi-level nested syntax caused a segmentation fault core dump. Details A trigger stack overflow or memory exhaustion was caused by constructing a malicious grammar rule containing 30,000 layers of nested parentheses. PoC !/usr/bin/env python3 """ XGrammar - Math Expression Generatio...

CVE-2026-25048 xgrammar: Multi-layer nesting causes DoS

xgrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.32, the multi-level nested syntax caused a segmentation fault core dumped. This issue has been patched in version 0.1.32...

CVE-2026-25048

CVE-2026-25048 affects xgrammar prior to v0.1.32, where a multi-level nested syntax causes a segmentation fault (core dumped). The issue is fixed in v0.1.32. According to the provided metrics, the exposure is high impact to availability, with no impact on confidentiality or integrity. No exploit ...

CVE-2026-25048 xgrammar: Multi-layer nesting causes DoS

xgrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.32, the multi-level nested syntax caused a segmentation fault core dumped. This issue has been patched in version 0.1.32...

jackson-core has Nesting Depth Constraint Bypass in `UTF8DataInputJsonParser` potentially allowing Resource Exhaustion

Summary The UTF8DataInputJsonParser, which is used when parsing from a java.io.DataInput source, bypasses the maxNestingDepth constraint default: 500 defined in StreamReadConstraints. A similar issue was found in ReaderBasedJsonParser. This allows a user to supply a JSON document with excessive...

GHSA-6V53-7C9G-W56R jackson-core has Nesting Depth Constraint Bypass in `UTF8DataInputJsonParser` potentially allowing Resource Exhaustion

Summary The UTF8DataInputJsonParser, which is used when parsing from a java.io.DataInput source, bypasses the maxNestingDepth constraint default: 500 defined in StreamReadConstraints. A similar issue was found in ReaderBasedJsonParser. This allows a user to supply a JSON document with excessive...

PT-2026-23093

Name of the Vulnerable Software and Affected Versions jackson-core versions 3.0.0 through 3.0.x Description jackson-core contains core low-level incremental "streaming" parser and generator abstractions. The UTF8DataInputJsonParser and ReaderBasedJsonParser bypass the maxNestingDepth constraint...

SUSE CVE-2026-24484

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for multi-layer nested mvg conversions to svg, leading to DoS. Versions 7.1.2-15 and 6.9.13-40 contain a patch...

USN-8056-1: U-Boot vulnerabilities

Simon Diepold discovered that U-Boot incorrectly handled certain DHCP responses. An attacker on the local network could possibly use this issue to obtain sensitive memory contents. CVE-2024-42040 It was discovered that U-Boot incorrectly handled symlink size calculations in squashfs file systems...

USN-8056-1 u-boot vulnerabilities

Simon Diepold discovered that U-Boot incorrectly handled certain DHCP responses. An attacker on the local network could possibly use this issue to obtain sensitive memory contents. CVE-2024-42040 It was discovered that U-Boot incorrectly handled symlink size calculations in squashfs file systems...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in ReaderBasedJsonParser.java and UTF8DataInputJsonParser.java, when processing deeply nested data. A regression in 3.0 versions caused the StreamReadConstraints.maxNestingDepth setti...

CVE-2026-27014 NanZip has ROMFS Archive Infinite Loop / Stack Overflow

NanaZip is an open source file archive Starting in version 5.0.1252.0 and prior to version 6.0.1630.0, circular NextOffset chains cause an infinite loop, and deeply nested directories cause unbounded recursion stack overflow in the ROMFS archive parser. Version 6.0.1630.0 patches the issue...

CVE-2025-65519

mayswind ezbookkeeping versions 1.2.0 and earlier contain a critical vulnerability in JSON and XML file import processing. The application fails to validate nesting depth during parsing operations, allowing authenticated attackers to trigger denial of service conditions by uploading deeply nested...

CVE-2025-65519

mayswind ezbookkeeping versions 1.2.0 and earlier contain a critical vulnerability in JSON and XML file import processing. The application fails to validate nesting depth during parsing operations, allowing authenticated attackers to trigger denial of service conditions by uploading deeply nested...

PT-2026-20459

mayswind ezbookkeeping versions 1.2.0 and earlier contain a critical vulnerability in JSON and XML file import processing. The application fails to validate nesting depth during parsing operations, allowing authenticated attackers to trigger denial of service conditions by uploading deeply nested...

CVE-2025-65519

CVE-2025-65519 affects mayswind ezbookkeeping

Siemens SIMATIC S7-1500 Uncontrolled Recursion (CVE-2025-38614)

In the Linux kernel, the following vulnerability has been resolved: eventpoll: Fix semi-unbounded recursion Ensure that epoll instances can never form a graph deeper than EPMAXNESTS+1 links. Currently, eploopcheckproc ensures that the graph is loop-free and does some recursion depth checks, but...

Alibaba Cloud Linux 3 : 0035: python3 (ALINUX3-SA-2026:0035)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0035 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-12084: When building nested...