CVE-2026-42481

Open CASCADE Technology OCCT V800rc5 contains multiple vulnerabilities in its IGES and STEP file parsers that can be triggered by crafted IGES or STEP files. These issues include an out-of-bounds read in Geom2dBSplineCurve::EvalD0 during IGES B-spline curve evaluation, an out-of-bounds read in...

Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2026-33532)

Summary IBM Security SOAR uses an older version of the YAML component that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.9.2 Vulnerability Details CVEID:CVE-2026-33532 DESCRIPTION: yaml is a...

CVE-2026-40323 SP1 V6 Recursion Circuit Row-Count Binding Gap

SP1 is a zero‑knowledge virtual machine that proves the correct execution of programs compiled for the RISC-V architecture. In versions 6.0.0 through 6.0.2, a soundness vulnerability in the SP1 V6 recursive shard verifier allows a malicious prover to construct a recursive proof from a shard proof...

CVE-2026-1069

GitLab CE/EE versions 18.9 before 18.9.2 are affected by an unauthenticated denial-of-service via specially crafted GraphQL requests that trigger uncontrolled recursion under certain conditions. The issue has been remediated in GitLab 18.9.2; patch/update to 18.9.2 or newer. Attacker access requi...

CVE-2026-2641

A weakness has been identified in universal-ctags ctags up to 6.2.1. The affected element is the function parseExpression/parseExprList of the file parsers/v.c of the component V Language Parser. Executing a manipulation can lead to uncontrolled recursion. It is possible to launch the attack on t...

python-protobuf: Unbounded recursion in Python Protobuf

A flaw was found in the python protobuf package which can result in a denial of service. Applications that parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages, or a series of SGROUP tags can be corrupted by exceeding the Python recursion...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000340)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000340 advisory. checkinputterm in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion. Tenable has extracted the preceding...

libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c

A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map', leading to stack exhaustion and a local denial of service...

Linux Distros Unpatched Vulnerability : CVE-2025-0649

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash...

Linux Distros Unpatched Vulnerability : CVE-2018-6196

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 because the feedtableblocktag function in table.c does not prevent a negative indent...

Security Bulletin: Multiple vulnerabilities in Lightbend Spray spray-json affect IBM Application Performance Management products.

Summary Lightbend Spray spray-json is used by IBM Application Performance Management. Vulnerability Details CVEID:CVE-2018-18854 DESCRIPTION: Lightbend Spray spray-json is vulnerable to a denial of service, caused by an error during the parsing of many JSON object fields. By sending a...

SUSE CVE-2015-6806

The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier does not properly limit recursion, which allows remote attackers to cause a denial of service stack consumption via an escape sequence with a large repeat count value...

Tauri 后置链接漏洞

Tauri is a Tauri open source for building smaller, faster, and more secure desktop applications using a web front end. Tauri versions prior to 1.0.6 have a backlink vulnerability that stems from a lack of normalization when calling readDir recursively, potentially displaying directory listings...

SUSE: Security Advisory (SUSE-SU-2014:0759-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2014:0761-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2020-28196

MIT Kerberos 5 aka krb5 before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1encode.c support for BER indefinite lengths lacks a recursion limit...

Amazon Linux 2 : xorg-x11-server (ALAS-2020-1433)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1433 advisory. It was discovered that libX11 does not properly validate input coming from the server, causing XListExtensions and XGetFontPath functions to produce an invalid list of elements that in turn make...

Denial Of Service (DoS)

libexif is vulnerable to denial of service. An infinite recursion flaw was found in the way libexif parses Exif image tags. If a victim opens a carefully crafted Exif image file, it could cause the application linked against libexif to crash...

Security Bulletin: A vulnerability in SQLite affects IBM Cloud Application Performance Management Response Time Monitoring Agent (CVE-2019-19925, CVE-2019-19645, CVE-2019-19924, CVE-2019-19923, CVE-2019-19880, CVE-2019-19646, CVE-2019-19926)

Summary SQLite is vulnerable to a denial of service. Vulnerability Details CVEID: CVE-2019-19925 DESCRIPTION: SQLite is vulnerable to a denial of service, caused by the mishandling of a NULL pathname in the zipfileUpdate function in ext/misc/zipfile.c. By sending a specially-crafted request, a...

libxkbcommon: xkbcomp: Endless recursion in xkbcomp/expr.c resulting in a crash

An uncontrolled recursion flaw was found in libxkbcommon and xkbcomp in the way it parses boolean expressions. A specially crafted file provided to xkbcomp could crash the application...