PT-2026-34501

The mv utility in uutils coreutils improperly handles directory trees containing symbolic links during moves across filesystem boundaries. Instead of preserving symlinks, the implementation expands them, copying the linked targets as real files or directories at the destination. This can lead to...

CVE-2026-3778 Stack exhaustion caused by cyclic references in Foxit PDF Editor/Reader

The application does not detect or guard against cyclic PDF object references while handling JavaScript in PDF. When pages and annotations are crafted that reference each other in a loop, passing the document to APIs e.g., SOAP that perform deep traversal can cause uncontrolled recursion, stack...

protobuf: StackOverflow vulnerability in Protocol Buffers

A flaw was found in Protocol Buffers protobuf. This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion...

RHEL 9 : opentelemetry-collector (RHSA-2026:0513)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:0513 advisory. Collector with the supported components for a Red Hat build of OpenTelemetry Security Fixes: github.com/expr-lang/expr: Expr: Denial of Service via...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: protobuf (UTSA-2025-984777)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-984777 advisory. Any project that uses Protobuf Pure-Python backendto parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or ...

PT-2025-40910

Name of the Vulnerable Software and Affected Versions Bucket versions prior to 1.0.0 Description The Bucket MediaWiki extension has an issue where infinite recursion can occur when querying a bucket using the != comparator. This can lead to PHP exceeding its call stack limit and increased memory...

kernel: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Don't let sockmapclose,destroy,unhash call itself sockmap proto callbacks should never call themselves by design. Protect against bugs like 1 and break out of the recursive loop to avoid a stack overflow in favor of...

UBUNTU-CVE-2021-36395

In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service...

SUSE CVE-2007-2925

The default access control lists ACL in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache...

ALPINE-CVE-2018-5737

A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC aggressive negative caching can in some cases cause...

USN-3683-1 bind9 vulnerability

Andrew Skalski discovered that Bind could incorrectly enable recursion when the "allow-recursion" setting wasn't specified. This issue could improperly permit recursion to all clients, contrary to expectations...