Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5279 matches found

Veracode
Veracodeadded 2025/07/14 9:29 a.m.6 views

Denial Of Service (DoS)

com.nimbusds:nimbus-jose-jwt is vulnerable to Denial Of Service DoS. The vulnerability is due to uncontrolled recursion due to lack of validation on JSON object nesting depth in JWT claim sets, allowing remote attackers to exhaust system resources with deeply nested structures...

5.8CVSS6.1AI score0.00143EPSS
Exploits0References7Affected Software1
SUSE CVE
SUSE CVEadded 2025/07/11 11:21 p.m.1 views

SUSE CVE-2025-48924

Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass... can throw StackOverflowError on very long input...

4.7CVSS6.3AI score0.00099EPSS
Exploits0References7
Snyk
Snykadded 2025/07/11 3:31 p.m.4 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the ClassUtils.getClass function. An attacker can cause the application to terminate unexpectedly by providing excessively long input values. Remediation There is no fixed version for commons-lang:commons-lang...

8.8CVSS7AI score0.00099EPSS
Exploits0References2
Snyk
Snykadded 2025/07/11 3:31 p.m.1 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the ClassUtils.getClass function. An attacker can cause the application to terminate unexpectedly by providing excessively long input values. Remediation Upgrade org.apache.commons:commons-lang3 to version...

8.8CVSS7AI score0.00099EPSS
Exploits0References2
Github Security Blog
Github Security Blogadded 2025/07/11 3:31 p.m.6 views

Apache Commons Lang is vulnerable to Uncontrolled Recursion when processing long inputs

Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass... can throw StackOverflowError on very long input...

5.3CVSS7AI score0.00099EPSS
Exploits0References9Affected Software2
OSV
OSVadded 2025/07/11 3:31 p.m.2 views

GHSA-J288-Q9X7-2F5V Apache Commons Lang is vulnerable to Uncontrolled Recursion when processing long inputs

Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass... can throw StackOverflowError on very long input...

6.5CVSS6.7AI score0.00099EPSS
Exploits0References9
OSV
OSVadded 2025/07/11 3:15 p.m.4 views

AZL-65144 CVE-2025-48924 affecting package apache-commons-lang3 for versions less than 3.8.1-6

Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass... can throw StackOverflowError on very long input...

5.3CVSS6.7AI score0.00099EPSS
Exploits0References1
OSV
OSVadded 2025/07/11 3:15 p.m.2 views

AZL-65181 CVE-2025-48924 affecting package apache-commons-lang3 for versions less than 3.8.1-6

Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass... can throw StackOverflowError on very long input...

5.3CVSS7.1AI score0.00099EPSS
Exploits0References1
OSV
OSVadded 2025/07/11 3:15 p.m.1 views

DEBIAN-CVE-2025-48924

Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass... can throw StackOverflowError on very long input...

5.3CVSS6.2AI score0.00099EPSS
Exploits0References1
OSV
OSVadded 2025/07/11 3:15 p.m.1 views

UBUNTU-CVE-2025-48924

Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass... can throw StackOverflowError on very long input...

5.3CVSS6.7AI score0.00099EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2025/07/11 2:56 p.m.3 views

CVE-2025-48924 Apache Commons Lang, Apache Commons Lang: ClassUtils.getClass(...) can throw a StackOverflowError on very long inputs

Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass... can throw StackOverflowError on very long input...

7.1AI score0.00099EPSS
Exploits0References1
CVE
CVEadded 2025/07/11 2:56 p.m.170 views

CVE-2025-48924

CVE-2025-48924 affects Apache Commons Lang: vulnerable in versions 2.0–2.6 of commons-lang and 3.0–before 3.18.0 of commons-lang3. The root cause is an uncontrolled recursion in ClassUtils.getClass(...) that can throw StackOverflowError on very long inputs, potentially causing an application to s...

5.3CVSS6.5AI score0.00099EPSS
Exploits0References6Affected Software1
OSV
OSVadded 2025/07/11 12:24 p.m.4 views

OESA-2025-1801 protobuf security update

Security Fixes: Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of...

8.2CVSS7AI score0.00016EPSS
Exploits0References2
OSV
OSVadded 2025/07/11 12:24 p.m.2 views

OESA-2025-1800 protobuf security update

Security Fixes: Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of...

8.2CVSS7AI score0.00016EPSS
Exploits0References2
OSV
OSVadded 2025/07/11 12:24 p.m.4 views

OESA-2025-1799 protobuf security update

Security Fixes: Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of...

8.2CVSS7AI score0.00016EPSS
Exploits0References2
OSV
OSVadded 2025/07/11 12:24 p.m.4 views

OESA-2025-1798 protobuf security update

Security Fixes: Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of...

8.2CVSS7AI score0.00016EPSS
Exploits0References2
Microsoft CVE
Microsoft CVEadded 2025/07/11 7:0 a.m.2 views

Unbounded recursion in Python Protobuf

...

8.2CVSS7.7AI score0.00016EPSS
Exploits0
Github Security Blog
Github Security Blogadded 2025/07/11 3:30 a.m.11 views

Nimbus JOSE + JWT is vulnerable to DoS attacks when processing deeply nested JSON

Connect2id Nimbus JOSE + JWT before 10.0.2 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson 2.11.0 issue because the Connect2id product could have checked the...

5.8CVSS6.4AI score0.00143EPSS
Exploits0References7Affected Software1
NVD
NVDadded 2025/07/11 3:16 a.m.29 views

CVE-2025-53864

Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson 2.11.0 issue because the Connect2i...

5.8CVSS0.00143EPSS
Exploits0References5
Snyk
Snykadded 2025/07/11 2:45 a.m.2 views

Uncontrolled Recursion

Overview com.nimbusds:nimbus-jose-jwt is a library for JSON Web Tokens JWT Affected versions of this package are vulnerable to Uncontrolled Recursion due to the improper handling JWT claim sets containing deeply nested JSON objects. An attacker can cause application downtime or resource exhaustio...

6.9CVSS6.9AI score0.00143EPSS
Exploits0References2
Rows per page
Query Builder