MongoDB Server -- Multiple vulnerabilities

https://jira.mongodb.org/browse/SERVER-114126 reports: Complex queries can cause excessive memory usage in MongoDB Query Planner resulting in an Out-Of-Memory Crash. https://jira.mongodb.org/browse/SERVER-102364 reports: MongoDB Server may experience an out-of-memory failure while evaluating...

Huawei EulerOS: Security Advisory for polkit (EulerOS-SA-2026-1190)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2025-71180

In the Linux kernel, the following vulnerability has been resolved: counter: interrupt-cnt: Drop IRQFNOTHREAD flag An IRQ handler can either be IRQFNOTHREAD or acquire spinlockt, as CONFIGPROVERAWLOCKNESTING warns: ============================= BUG: Invalid wait context 6.18.0-rc1+git... 1...

CVE-2025-71180

In the Linux kernel, the following vulnerability has been resolved: counter: interrupt-cnt: Drop IRQFNOTHREAD flag An IRQ handler can either be IRQFNOTHREAD or acquire spinlockt, as CONFIGPROVERAWLOCKNESTING warns: ============================= BUG: Invalid wait context 6.18.0-rc1+git... 1...

CVE-2025-71180

In the Linux kernel, the following vulnerability has been resolved: counter: interrupt-cnt: Drop IRQFNOTHREAD flag An IRQ handler can either be IRQFNOTHREAD or acquire spinlockt, as CONFIGPROVERAWLOCKNESTING warns: ============================= BUG: Invalid wait context 6.18.0-rc1+git... 1...

CVE-2025-71180 counter: interrupt-cnt: Drop IRQF_NO_THREAD flag

In the Linux kernel, the following vulnerability has been resolved: counter: interrupt-cnt: Drop IRQFNOTHREAD flag An IRQ handler can either be IRQFNOTHREAD or acquire spinlockt, as CONFIGPROVERAWLOCKNESTING warns: ============================= BUG: Invalid wait context 6.18.0-rc1+git... 1...

EUVD-2025-206595

In the Linux kernel, the following vulnerability has been resolved: counter: interrupt-cnt: Drop IRQFNOTHREAD flag An IRQ handler can either be IRQFNOTHREAD or acquire spinlockt, as CONFIGPROVERAWLOCKNESTING warns: ============================= BUG: Invalid wait context 6.18.0-rc1+git... 1...

CVE-2025-71180 counter: interrupt-cnt: Drop IRQF_NO_THREAD flag

In the Linux kernel, the following vulnerability has been resolved: counter: interrupt-cnt: Drop IRQFNOTHREAD flag An IRQ handler can either be IRQFNOTHREAD or acquire spinlockt, as CONFIGPROVERAWLOCKNESTING warns: ============================= BUG: Invalid wait context 6.18.0-rc1+git... 1...

CVE-2025-67221

The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...

Denial-Of-Service (DoS)

Seroval is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to unbounded recursion during serialization, where objects with extreme nesting depth can exceed the maximum call stack size, causing crashes or service disruption when serializing untrusted input...

PYSEC-2026-107

The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:seroval is a Stringify JS values Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when serializing objects with very large depth. An attacker can cause resource exhaustion and disrupt service availability by submitti...

Allocation of Resources Without Limits or Throttling

Overview seroval is a Stringify JS values Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when serializing objects with very large depth. An attacker can cause resource exhaustion and disrupt service availability by submitting objects with...

CVE-2026-24006

Seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, serialization of objects with extreme depth can exceed the maximum call stack limit. In version 1.4.1, Seroval introduces a depthLimit parameter in...

CVE-2026-24006 Seroval affected by Denial of Service via Deeply Nested Objects

Seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, serialization of objects with extreme depth can exceed the maximum call stack limit. In version 1.4.1, Seroval introduces a depthLimit parameter in...

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion in the dumps function in formatter.rs. An attacker can cause a core dump by supplying a deeply nested JSON document. PoC python import orjson import sys import platform printf'OS: platform.platform' printf'Python...

MiracleLinux 9 : grafana-10.2.6-7.el9 (AXSA:2024-9335:21)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9335:21 advisory. encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion...

OESA-2026-1053 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

MiracleLinux 9 : delve-1.24.1-2.el9_5, golang-1.23.6-2.el9_5 (AXSA:2025-9852:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9852:01 advisory. encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion CVE-2024-34156...

Security update for python36

This update for python36 fixes the following issues: CVE-2025-12084: quadratic complexity when building nested elements using xml.dom.minidom methods that depend on clearidcache can lead to availability issues when building excessively nested documents bsc1254997. CVE-2025-13836: use of...