Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5241 matches found

NVD
NVDadded 2025/10/01 7:15 p.m.1 views

CVE-2025-43718

Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata such as GTSPDFEVersion of a PDF document, e.g., a regular expression for a long pdfsubver string. This occurs in Dict::lookup, Catalog::getMetadata, and associated...

2.9CVSS0.00009EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/10/01 12:0 a.m.1 views

CVE-2025-43718

Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata such as GTSPDFEVersion of a PDF document, e.g., a regular expression for a long pdfsubver string. This occurs in Dict::lookup, Catalog::getMetadata, and associated...

2.9CVSS6.6AI score0.00009EPSS
Exploits0References2
CVE
CVEadded 2025/10/01 12:0 a.m.12 views

CVE-2025-43718

CVE-2025-43718 affects Poppler 24.06.1 through 25.x before 25.04.0, where deeply nested PHP/PDF metadata parsing structures can trigger uncontrolled recursion in the regex executor, causing stack exhaustion and a SIGSEGV. The issue involves PDF metadata handling paths such as Dict::lookup and Cat...

2.9CVSS6.6AI score0.00009EPSS
Exploits0References2
Debian CVE
Debian CVEadded 2025/10/01 12:0 a.m.5 views

CVE-2025-43718

Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata such as GTSPDFEVersion of a PDF document, e.g., a regular expression for a long pdfsubver string. This occurs in Dict::lookup, Catalog::getMetadata, and associated...

2.9CVSS6AI score0.00009EPSS
Exploits0
Positive Technologies
Positive Technologiesadded 2025/10/01 12:0 a.m.2 views

PT-2025-40292

Name of the Vulnerable Software and Affected Versions Poppler versions 24.06.1 through 25.04.0 Description The software is susceptible to a stack consumption issue leading to a SIGSEGV signal. This occurs when processing PDF documents containing deeply nested structures within their metadata, suc...

2.9CVSS6.7AI score0.00009EPSS
Exploits0References9
Cvelist
Cvelistadded 2025/10/01 12:0 a.m.6 views

CVE-2025-43718

Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata such as GTSPDFEVersion of a PDF document, e.g., a regular expression for a long pdfsubver string. This occurs in Dict::lookup, Catalog::getMetadata, and associated...

2.9CVSS0.00009EPSS
Exploits0References2
OSV
OSVadded 2025/09/30 9:6 p.m.2 views

GHSA-QWVM-WQQ8-8J69 github.com/MANTRA-Chain/mantrachain/x/tokenfactory tx gas limit is not enforced in send hooks

Impact send hooks can spend more gas than what's remained in tx, combined with recursive calls in the wasm contract, can amplify the gas consumption exponentially. Patches It's patched in v4.0.2 and v5.0.0 Workarounds Is there a way for users to fix or remediate the vulnerability without upgradin...

8.8CVSS6.8AI score0.00077EPSS
Exploits0References6
Github Security Blog
Github Security Blogadded 2025/09/30 9:6 p.m.9 views

github.com/MANTRA-Chain/mantrachain/x/tokenfactory tx gas limit is not enforced in send hooks

Impact send hooks can spend more gas than what's remained in tx, combined with recursive calls in the wasm contract, can amplify the gas consumption exponentially. Patches It's patched in v4.0.2 and v5.0.0 Workarounds Is there a way for users to fix or remediate the vulnerability without upgradin...

8.8CVSS6.8AI score0.00077EPSS
Exploits0References6Affected Software4
Snyk
Snykadded 2025/09/30 6:30 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview financejs is an A JavaScript library for financial calculations Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the IRR function's depth parameter. An attacker can cause excessive CPU usage and potentially crash the application...

7.5CVSS7AI score0.00426EPSS
Exploits0References2
Github Security Blog
Github Security Blogadded 2025/09/30 6:30 p.m.24 views

Finance.js vulnerable to DoS via the IRR function’s depth parameter

Finance.js v4.1.0 contains a Denial of Service DoS vulnerability via the IRR function’s depth parameter. Improper handling of the recursion/iteration limit can lead to excessive CPU usage, causing application stalls or crashes...

7.5CVSS6.9AI score0.00426EPSS
Exploits0References6Affected Software1
OSV
OSVadded 2025/09/30 6:30 p.m.0 views

GHSA-F8R4-MF27-RF7M Finance.js vulnerable to DoS via the IRR function’s depth parameter

Finance.js v4.1.0 contains a Denial of Service DoS vulnerability via the IRR function’s depth parameter. Improper handling of the recursion/iteration limit can lead to excessive CPU usage, causing application stalls or crashes...

7.5CVSS5.9AI score0.00426EPSS
Exploits0References5
NVD
NVDadded 2025/09/30 4:15 p.m.4 views

CVE-2025-56571

Finance.js v4.1.0 contains a Denial of Service DoS vulnerability via the IRR function’s depth parameter. Improper handling of the recursion/iteration limit can lead to excessive CPU usage, causing application stalls or crashes...

7.5CVSS0.00088EPSS
Exploits0References4
OSV
OSVadded 2025/09/30 4:15 p.m.5 views

CVE-2025-56571

Finance.js v4.1.0 contains a Denial of Service DoS vulnerability via the IRR function’s depth parameter. Improper handling of the recursion/iteration limit can lead to excessive CPU usage, causing application stalls or crashes...

7.5CVSS6.9AI score0.00426EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2025/09/30 12:0 a.m.2 views

PT-2025-40000

Name of the Vulnerable Software and Affected Versions Finance.js versions 4.1.0 Description A flaw exists in Finance.js version 4.1.0 that can lead to a Denial of Service DoS. This occurs due to improper handling of recursion/iteration limits within the IRR function’s depth parameter, potentially...

7.5CVSS6.5AI score0.00426EPSS
Exploits0References13
Positive Technologies
Positive Technologiesadded 2025/09/30 12:0 a.m.2 views

PT-2025-40050

Impact send hooks can spend more gas than what's remained in tx, combined with recursive calls in the wasm contract, can amplify the gas consumption exponentially. Patches It's patched in v4.0.2 and v5.0.0 Workarounds Is there a way for users to fix or remediate the vulnerability without upgradin...

8.8CVSS6.8AI score0.00077EPSS
Exploits0References6
CVE
CVEadded 2025/09/30 12:0 a.m.51 views

CVE-2025-56571

Finance.js v4.1.0 is affected by a DoS via the IRR() function (depth parameter) and via seekZero(), causing excessive CPU usage that can stall or crash applications. The root cause is improper handling of recursion/iteration limits. Exploitation status is not detailed in the provided documents. R...

7.5CVSS6.5AI score0.00088EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessusadded 2025/09/30 12:0 a.m.3 views

NewStart CGSL MAIN 6.06 : bind Multiple Vulnerabilities (NS-SA-2025-0228)

The remote NewStart CGSL host, running version MAIN 6.06, has bind packages installed that are affected by multiple vulnerabilities: - The default access control lists ACL in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows...

7.5CVSS6.6AI score0.04881EPSS
Exploits1References7
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/27 3:16 a.m.3 views

Security Bulletin: Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError.

Summary Passing a heavily nested list to sqlparse.parse leads to a Denial of Service due to RecursionError. Vulnerability Details CVEID:CVE-2024-4340 DESCRIPTION: Passing a heavily nested list to sqlparse.parse leads to a Denial of Service due to RecursionError. CWE:CWE-674: Uncontrolled Recursio...

7.5CVSS6.5AI score0.10881EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blogadded 2025/09/26 2:38 p.m.6 views

express-xss-sanitizer has an unbounded recursion depth

Security Advisory: express-xss-sanitizer Overview A vulnerability was discovered in express-xss-sanitizer that allowed unbounded recursion depth during sanitization of nested objects. Affected Versions - All versions prior to 2.0.1 Patched Versions - 2.0.1 and later Description The sanitize...

5.3CVSS7.2AI score0.00009EPSS
Exploits0References10Affected Software1
OSV
OSVadded 2025/09/26 2:38 p.m.2 views

GHSA-HVQ2-WF92-J4F3 express-xss-sanitizer has an unbounded recursion depth

Security Advisory: express-xss-sanitizer Overview A vulnerability was discovered in express-xss-sanitizer that allowed unbounded recursion depth during sanitization of nested objects. Affected Versions - All versions prior to 2.0.1 Patched Versions - 2.0.1 and later Description The sanitize...

6.9CVSS7.2AI score0.00009EPSS
Exploits0References9
Rows per page
Query Builder