CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 23 hours ago•1 views

AIX : Multiple Vulnerabilities (IJ58122)

The version of AIX installed on the remote host is prior to APAR IJ58122. It is, therefore, affected by multiple vulnerabilities as referenced in the IJ58122 advisory. - A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition XSD...

7.5CVSS5.8AI score0.00088EPSS

Exploits1References6

Tenable Nessus•added 23 hours ago•2 views

AIX : Multiple Vulnerabilities (IJ58124)

The version of AIX installed on the remote host is prior to APAR IJ58124. It is, therefore, affected by multiple vulnerabilities as referenced in the IJ58124 advisory. - A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition XSD...

7.5CVSS5.8AI score0.00088EPSS

Exploits1References6

Tenable Nessus•added 23 hours ago•1 views

AIX : Multiple Vulnerabilities (IJ58140)

The version of AIX installed on the remote host is prior to APAR IJ58140. It is, therefore, affected by multiple vulnerabilities as referenced in the IJ58140 advisory. - A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition XSD...

7.5CVSS5.8AI score0.00088EPSS

Exploits1References6

Cvelist•added yesterday•20 views

CVE-2026-8936 Unbounded recursion in grpcfuse kernel module allows container to crash Docker Desktop VM

8.2CVSS

RedHat Linux•added yesterday•4 views

axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data

A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the toFormData function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js...

7.5CVSS5.8AI score0.00023EPSS

Exploits1References5

OSV•added yesterday•2 views

USN-8364-1 libcommons-lang-java, libcommons-lang3-java vulnerability

It was discovered that Apache Commons Lang incorrectly handled recursion in the ClassUtils.getClass method. An attacker could possibly use this issue to cause Apache Commons Lang to crash, resulting in a denial of service...

5.3CVSS6.6AI score0.00099EPSS

Ubuntu•added yesterday•2 views

USN-8364-1: Apache Commons Lang vulnerability

5.3CVSS6.6AI score0.00099EPSS

Exploits0

IBM Security Bulletins•added yesterday•4 views

Security Bulletin: node-forge-1.3.1.tgz, IBM Sterling Connect:Direct Web Services is affected by bypass downstream cryptographic verifications and security decisions.

Summary node-forge-1.3.1.tgz is used by IBM Sterling Connect:Direct Web Services CVE-2025-12816, CVE-2025-66030, CVE-2025-66031 . Vulnerability Details CVEID:CVE-2025-12816 DESCRIPTION: An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticat...

8.7CVSS7.2AI score0.00074EPSS

Exploits1Affected Software1

RedHat Linux•added yesterday•4 views

libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c

A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map', leading to stack exhaustion and a local denial of service...

6.2CVSS5.7AI score0.00011EPSS

Exploits0References6

RedHat Linux•added yesterday•5 views

Moderate: Red Hat Security Advisory: libxml2 security update

An update for libxml2 is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

6.2CVSS5.8AI score0.00011EPSS

NVD•added 2 days ago•5 views

CVE-2026-40989

Under infinite recursion in the routing layer, request-handling can cause OOM error. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Spring Cloud Function 4.2.x: versions prior to 4.2.6 Spring Cloud...

5.7CVSS0.00017EPSS

Vulnrichment•added 2 days ago•4 views

CVE-2026-40989 Self Routing guard bypassed via function composition

Cvelist•added 2 days ago•21 views

CVE-2026-40989 Self Routing guard bypassed via function composition

5.7CVSS0.00017EPSS

CVE•added 2 days ago•7 views

CVE-2026-40989

CVE-2026-40989 affects Spring Cloud Function lineages (3.2.x, 4.1.x, 4.2.x, 4.3.x, 5.0.x) with older/unsupported versions also impacted. The issue is an infinite recursion in the routing layer that can cause an Out-Of-Memory (OOM) condition during request handling. The root cause is not fully dis...

EUVD•added 2 days ago•5 views

EUVD-2026-33733

ATTACKERKB•added 2 days ago•5 views

CVE-2026-40989

Exploits0References2Affected Software1

OSV•added 2 days ago•3 views

UBUNTU-CVE-2026-44740

Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficien...

6.5CVSS5.7AI score0.00037EPSS

Exploits0References5

NVD•added 2 days ago•8 views

CVE-2026-42358

A bug in Apache Airflow's Variable response masker caused nested-key redaction triggered by secret-suffixed key names like password, token, secret, apikey to be bypassed when the JSON value's nesting depth exceeded the shared secrets masker's recursion limit: the masker returned the original nest...

6.5CVSS0.00034EPSS