CVE-2026-24401

A flaw was found in Avahi, a system that enables devices to discover services on a local network. A remote attacker can exploit this vulnerability by sending a specially crafted mDNS multicast Domain Name System response containing a recursive CNAME Canonical Name record. This triggers an...

Denial Of Service (DoS)

Protobuf is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to bypassed recursion depth limits when parsing nested Any messages, where missing depth accounting in the ParseDict logic allows deeply nested inputs to exhaust the Python recursion stack and trigger a RecursionError...

CVE-2026-22260

CVE-2026-22260 affects Suricata

CVE-2026-22260 Suricata http1: infinite recursion in decompression

Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, Suricata can crash with a stack overflow. Version 8.0.3 patches the issue. As a workaround, use default values for request-body-limit and response-body-limit...

CVE-2025-55095

The function uxhostclassstoragemediamount is responsible for mounting partitions on a USB mass storage device. When it encounters an extended partition entry in the partition table, it recursively calls itself to mount the next logical partition. This recursion occurs in...

CVE-2025-55095

The function uxhostclassstoragemediamount is responsible for mounting partitions on a USB mass storage device. When it encounters an extended partition entry in the partition table, it recursively calls itself to mount the next logical partition. This recursion occurs in...

CVE-2025-55095

The function uxhostclassstoragemediamount is responsible for mounting partitions on a USB mass storage device. When it encounters an extended partition entry in the partition table, it recursively calls itself to mount the next logical partition. This recursion occurs in...

CVE-2025-55095

The function uxhostclassstoragemediamount is responsible for mounting partitions on a USB mass storage device. When it encounters an extended partition entry in the partition table, it recursively calls itself to mount the next logical partition. This recursion occurs in...

CVE-2025-55095

The function uxhostclassstoragemediamount is responsible for mounting partitions on a USB mass storage device. When it encounters an extended partition entry in the partition table, it recursively calls itself to mount the next logical partition. This recursion occurs in...

CVE-2025-55095

CVE-2025-55095 involves the function _ux_host_class_storage_media_mount() used to mount USB mass storage partitions. When an extended partition entry is encountered, the code recursively calls itself via _ux_host_class_storage_partition_read() to handle the next logical partition. The implementat...

EUVD-2025-206404

The function uxhostclassstoragemediamount is responsible for mounting partitions on a USB mass storage device. When it encounters an extended partition entry in the partition table, it recursively calls itself to mount the next logical partition. This recursion occurs in...

Security Bulletin: Multiple vulnerabilities that affect IBM Db2 Data management console

Summary IBM Db2 Data management console has several dependent packages with vulnerabilities. This bulletin describes the upgrades necessary to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This iss...

CVE-2025-67221

The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...

SUSE CVE-2026-24401

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions 0.9rc2 and below, avahi-daemon can be crashed via a segmentation fault by sending an unsolicited mDNS response containing a recursive CNAME record, where the alias and canonica...

Eclipse ThreadX USBX security vulnerabilities

Eclipse ThreadX USBX is an open-source version of Eclipse ThreadX, which includes a USB host, device, and mobile embedded stack. There is a security vulnerability in Eclipse ThreadX USBX, caused by the uxhostclassstoragemediamount function having unlimited recursive depth, which may lead to a sta...

python-protobuf: Unbounded recursion in Python Protobuf

A flaw was found in the python protobuf package which can result in a denial of service. Applications that parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages, or a series of SGROUP tags can be corrupted by exceeding the Python recursion...

Uncontrolled Recursion

Overview org.webjars.npm:eslint is a pluggable linting utility for JavaScript and JSX Affected versions of this package are vulnerable to Uncontrolled Recursion in the isSerializable function when handling objects with circular references during the serialization process. An attacker can cause th...

Uncontrolled Recursion

Overview eslint is a pluggable linting utility for JavaScript and JSX Affected versions of this package are vulnerable to Uncontrolled Recursion in the isSerializable function when handling objects with circular references during the serialization process. An attacker can cause the application to...

CVE-2025-50537

Stack overflow vulnerability in eslint before 9.26.0 when serializing objects with circular references in eslint/lib/shared/serialization.js. The exploit is triggered via the RuleTester.run method, which validates test cases and checks for duplicates. During validation, the internal function...

BIT-NODE-MIN-2025-59466

We have identified a bug in Node.js error handling where "Maximum call stack size exceeded" errors become uncatchable when asynchooks.createHook is enabled. Instead of reaching process.on'uncaughtException', the process terminates, making the crash unrecoverable. Applications that rely on...