CVE-2026-5406

Wireshark contains CVE-2026-5406: an Uncontrolled Recursion in the FC-SWILS protocol dissector that crashes the app, enabling a denial of service. Affected versions are Wireshark 4.6.0–4.6.4 and 4.4.0–4.4.14. The issue is tied to the FC-SWILS dissector specifically; exploitation details are not p...

CVE-2026-5406 Uncontrolled Recursion in Wireshark

FC-SWILS protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

CVE-2026-5299

Wireshark vulnerability CVE-2026-5299 affects the ICMPv6 PvD protocol dissector in Wireshark versions 4.6.0–4.6.4 and 4.4.0–4.4.14. The issue is an uncontrolled recursion that allows a denial of service via the dissector crash. No exploitation details are provided in the connected documents, and ...

CVE-2026-5401 Uncontrolled Recursion in Wireshark

AFP Spotlight protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

CVE-2026-5401

CVE-2026-5401 affects Wireshark’s AFP Spotlight protocol dissector. The vulnerability is described as an Uncontrolled Recursion that crashes the dissector in Wireshark versions 4.6.0–4.6.4 and 4.4.0–4.4.14, resulting in a denial of service. Root cause stated in the title is uncontrolled recursion...

CVE-2026-5401 Uncontrolled Recursion in Wireshark

AFP Spotlight protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

CVE-2026-6527 Uncontrolled Recursion in Wireshark

ASN.1 PER protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

CVE-2026-6527

The CVE-2026-6527 issue affects Wireshark’s ASN.1 PER protocol dissector, with crashes observed in Wireshark versions 4.6.0–4.6.4 and 4.4.0–4.4.14 that can lead to a denial of service. The root cause is described as an uncontrolled recursion in the dissector, though explicit technical details (e....

CVE-2026-41606

A flaw was found in Apache Thrift. An uncontrolled recursion vulnerability exists, which could allow a remote attacker to trigger a Denial of Service DoS condition. This occurs when the affected component processes specially crafted input, leading to excessive resource consumption and system...

SUSE CVE-2026-41606

Uncontrolled Recursion vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

SUSE CVE-2026-41636

Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

Important: kernel6.12

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: remove refcounting in expectation dumpers CVE-2025-39764 In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU in ip6xmit CVE-2025-40135 In the Linux kernel, the...

GHSA-6V9C-7CG6-27Q7 Marked Vulnerable to OOM Denial of Service via Infinite Recursion in marked Tokenizer

Summary A critical Denial of Service DoS vulnerability exists in [email protected]. By providing a specific 3-byte input sequence a tab, a vertical tab, and a newline \x09\x0b\n—an unauthenticated attacker can trigger an infinite recursion loop during parsing. This leads to unbounded memory allocatio...

Marked Vulnerable to OOM Denial of Service via Infinite Recursion in marked Tokenizer

Summary A critical Denial of Service DoS vulnerability exists in [email protected]. By providing a specific 3-byte input sequence a tab, a vertical tab, and a newline \x09\x0b\n—an unauthenticated attacker can trigger an infinite recursion loop during parsing. This leads to unbounded memory allocatio...

NPM: Marked Vulnerable to OOM Denial of Service via Infinite Recursion in marked Tokenizer

NPM: Marked Vulnerable to OOM Denial of Service via Infinite Recursion in marked Tokenizer vulnerability discovered by ? in WordPress Npm marked versions = 18.0.0, = 18.0.1...

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in Json-smart

Summary A vulnerability has been identified in Json-smart library, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2023-1370 DESCRIPTION:Json-smart is a performance focused, JSON processor lib. When reaching a ‘‘ or ‘‘ character in the JSON...

BIT-THRIFT-2026-41636 Apache Thrift: Node.js skip() recursion

Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

BIT-THRIFT-2026-41606 Apache Thrift: c_glib dispatch stack overflow

Uncontrolled Recursion vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

CLSA-2026-1777444367 vim: Fix of 9 CVEs

CVE-2021-3903: do not set VALIDBOTLINE in wvalid when the screen is not valid, preventing invalid memory access while scrolling. - CVE-2021-4069: copy the current line before regexec in exopen so the match is not using freed memory when searching for a mark flushes it. - CVE-2022-0351: limit...

RLSA-2026:11349 Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c CVE-2025-9714 For more details about the security issues, including the impact, a CVSS...