182 matches found
CLEANSTART-2026-IW08736 Uncontrolled Recursion vulnerability in Apache Commons Lang
Multiple security vulnerabilities affect the logstash-fips package. Uncontrolled Recursion vulnerability in Apache Commons Lang. See references for individual vulnerability details...
Security Bulletin: Multiple Security vulnerabilities affecting IBM Knowledge Catalog Premium Cartridge
Summary Multiple security vulnerabilities impacting IBM Knowledge Catalog Premium Cartridge. These vulnerabilities had been addressed and customers should update to the recommended version of the product at the earliest opportunity. Vulnerability Details CVEID:CVE-2025-4565 DESCRIPTION: Any proje...
Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions
Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed in IBM Business Automation Manager Open Editions 9.4.0 Vulnerability Details CVEID:CVE-2026-27601 DESCRIPTION: Underscore.js is a utility-belt library for JavaScript. Prior...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : pyasn1 vulnerability (USN-8129-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8129-1 advisory. It was discovered that pyasn1 incorrectly handled recursion when decoding ASN.1 data. An attacker could use this issue to cause pyasn1 to...
OESA-2026-1779 python-pyasn1 security update
Abstract Syntax Notation One ASN.1 is a technology for exchanging structured data in a universally understood, hardware agnostic way. Many industrial, security and telephony applications heavily rely on ASN.1. The pyasn1 library implements ASN.1 support in pure-Python. Security Fixes: The pyasn1...
CVE-2026-4833
A weakness has been identified in Orc discount up to 3.0.1.2. This issue affects the function compile of the file markdown.c of the component Markdown Handler. This manipulation causes uncontrolled recursion. The attack is restricted to local execution. The exploit has been made available to the...
Uncontrolled Recursion
Overview Scriban.Signed is a fast, powerful, safe and lightweight scripting language and engine for .NET, which was primarily developed for text templating with a compatibility mode for parsing liquid templates. Affected versions of this package are vulnerable to Uncontrolled Recursion in the...
PT-2026-27176
Name of the Vulnerable Software and Affected Versions cbor2 versions prior to 5.9.0 Description The cbor2 library is susceptible to a Denial of Service DoS attack due to uncontrolled recursion when decoding deeply nested CBOR structures. This affects both the pure Python implementation and the C...
SUSE CVE-2026-30922
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the pyasn1 library is vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested SEQUENC...
CVE-2026-30922
An unbounded recursion flaw has been discovered in the pypi pyasn1 library. This uncontrolled recursion occurs when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE 0x30 or SET 0x31 tags with Indefinite Length 0x80 markers. Thi...
Uncontrolled Recursion
Overview nltk is a Natural Language Toolkit NLTK is a Python package for natural language processing. Affected versions of this package are vulnerable to Uncontrolled Recursion via the JSONTaggedDecoder.decodeobj function in jsontags.py. An attacker can cause the application to crash by submittin...
GHSA-RF74-V2FM-23PW Natural Language Toolkit (NLTK) has unbounded recursion in JSONTaggedDecoder.decode_obj() may cause DoS
Summary JSONTaggedDecoder.decodeobj in nltk/jsontags.py calls itself recursively without any depth limit. A deeply nested JSON structure exceeding sys.getrecursionlimit default: 1000 will raise an unhandled RecursionError, crashing the Python process. Affected code File: nltk/jsontags.py, lines...
Security Bulletin: Due to the use of Underscore.js, IBM DevOps Solution Workbench is affected by a Denial of Service (CVE-2026-27601)
Summary Underscore.js is used internally within IBM DevOps Solution Workbench Vulnerability Details CVEID:CVE-2026-27601 DESCRIPTION: Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specif...
NewStart CGSL MAIN 6.06 (SP) : bind Multiple Vulnerabilities (NS-SA-2026-0006)
The remote NewStart CGSL host, running version MAIN 6.06 SP, has bind packages installed that are affected by multiple vulnerabilities: - The default access control lists ACL in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which...
CVE-2026-3388
A vulnerability was found in Squirrel up to 3.2. This affects the function SQCompiler::Factor/SQCompiler::UnaryOP of the file squirrel/sqcompiler.cpp. Performing a manipulation results in uncontrolled recursion. The attack needs to be approached locally. The exploit has been made public and could...
CVE-2026-3385
The CVE-2026-3385 affects wren-lang wren up to 0.4.0. The vulnerability is in resolveLocal (src/vm/wren_compiler.c), causing uncontrolled recursion. Local attack is required. Exploit is public and may be used; reports indicate the project was informed via issue but has not responded. There are no...
PT-2026-22503
A security vulnerability has been detected in ChaiScript up to 6.1.0. This impacts the function chaiscript::eval::AST Node Impl::eval/chaiscript::eval::Function Push Pop of the file include/chaiscript/language/chaiscript eval.hpp. The manipulation leads to uncontrolled recursion. An attack has to...
PT-2026-22510
A vulnerability was found in Squirrel up to 3.2. This affects the function SQCompiler::Factor/SQCompiler::UnaryOP of the file squirrel/sqcompiler.cpp. Performing a manipulation results in uncontrolled recursion. The attack needs to be approached locally. The exploit has been made public and could...
PT-2026-21396
Name of the Vulnerable Software and Affected Versions aardappel lobster versions prior to 2026.1 Description A security issue exists in aardappel lobster up to version 2025.4. The lobster::TypeName function within the dev/src/lobster/idents.h library is susceptible to uncontrolled recursion. This...
AIX (IJ57282)
The version of AIX installed on the remote host is prior to APAR IJ57282. It is, therefore, affected by a vulnerability as referenced in the IJ57282 advisory. - A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function...