CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/02/05 2:23 p.m.•1 views

SUSE-SU-2026:0391-1 Security update for libxml2

This update for libxml2 fixes the following issues: - CVE-2026-0989: Fixed call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving directives bsc1256805...

3.7CVSS5.4AI score0.00024EPSS

OSV•added 2026/02/05 12:0 p.m.•2 views

RUSTSEC-2026-0009 Denial of Service via Stack Exhaustion

Impact When user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary,...

6.8CVSS5.4AI score0.00016EPSS

RustSec•added 2026/02/05 12:0 p.m.•8 views

Denial of Service via Stack Exhaustion

6.8CVSS5.4AI score0.00016EPSS

Exploits0Affected Software1

OSV•added 2026/02/05 11:26 a.m.•0 views

SUSE-SU-2026:20234-1 Security update for libxml2

3.7CVSS5.8AI score0.00024EPSS

Tenable Nessus•added 2026/02/05 12:0 a.m.•5 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : protobuf (SUSE-SU-2026:0374-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0374-1 advisory. - CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python jsonformat.ParseDict...

8.2CVSS5.5AI score0.00013EPSS

Amazon•added 2026/02/05 12:0 a.m.•4 views

Medium: libxml2

Issue Overview: A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issu...

5.9CVSS5.6AI score0.00088EPSS

Tenable Nessus•added 2026/02/05 12:0 a.m.•2 views

Amazon Linux 2023 : libxml2, libxml2-devel, libxml2-static (ALAS2023-2026-1396)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1396 advisory. A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry...

5.9CVSS5.6AI score0.00088EPSS

Exploits0References6

Amazon•added 2026/02/05 12:0 a.m.•5 views

Medium: libxml2

5.9CVSS5.6AI score0.00088EPSS

Amazon•added 2026/02/05 12:0 a.m.•4 views

Low: libxml2

Issue Overview: A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during...

3.7CVSS5.5AI score0.00024EPSS

SUSE Linux•added 2026/02/04 7:3 a.m.•3 views

Security update for protobuf

This update for protobuf fixes the following issues: CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python jsonformat.ParseDict bsc1257173. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

8.2CVSS5.3AI score0.00013EPSS

OSV•added 2026/02/04 7:3 a.m.•0 views

SUSE-SU-2026:0374-1 Security update for protobuf

This update for protobuf fixes the following issues: - CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python jsonformat.ParseDict bsc1257173...

8.2CVSS5.8AI score0.00013EPSS

Tenable Nessus•added 2026/02/04 12:0 a.m.•2 views

openSUSE 16 Security Update : alloy (openSUSE-SU-2026:20140-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20140-1 advisory. Update to 1.12.2: Security fixes: - CVE-2025-68156: github.com/expr-lang/expr/builtin: Fixed potential DoS via unbounded recursion bsc1255333: -...

8.4CVSS7.2AI score0.0004EPSS

Exploits4References10

Redos•added 2026/02/03 12:0 a.m.•4 views

ROS-20260203-73-0009

A vulnerability in the mtkstaremac.c component of the Linux operating system kernel is related to uncontrolled recursion. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

5.5CVSS5.5AI score0.0009EPSS

RedHat Linux•added 2026/02/02 4:6 a.m.•3 views

kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion

A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM Classical IP CLIP module. A local user can trigger an infinite recursive call in the clippush function by repeatedly calling the ioctlATMARPMKIP system call. This vulnerability occurs when the socket is closed, leading to stack...

7.8CVSS5.8AI score0.00045EPSS

Exploits0References5

EUVD•added 2026/01/31 12:30 a.m.•1 views

EUVD-2025-206551

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service using a specially crafted SQL statement including XML that performs uncontrolled recursion...

6.5CVSS5.9AI score0.00042EPSS

Exploits0References2

Tenable Nessus•added 2026/01/31 12:0 a.m.•4 views

openSUSE 15 Security Update : libxml2 (SUSE-SU-2026:0334-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:0334-1 advisory. - CVE-2026-0989: Fixed call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving directives...

3.7CVSS5.1AI score0.00024EPSS