Medium: python-pyasn1

Issue Overview: pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the pyasn1 library is vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands o...

PT-2026-32541

Name of the Vulnerable Software and Affected Versions jq versions 1.8.1 and earlier Description A command-line JSON processor is subject to a denial of service. The functions jv setpath, jv getpath, and delpaths sorted in src/jv aux.c use unbounded recursion where the depth is controlled by the...

jq 安全漏洞

jq is a lightweight and flexible command-line JSON processor developed by jqlang. Jq versions 1.8.1 and earlier contain security vulnerabilities. These vulnerabilities stem from the use of unlimited recursion in functions like jvsetpath, jvgetpath, and delpathssorted, which could lead to...

CVE-2026-35595

CVE-2026-35595 describes a privilege escalation in Vikunja where a user with inherited Write can become Admin on a moved project due to a recursive CTE that recalculates permissions when changing parent_project_id. Before 2.3.0, the CanUpdate check only validated Write on the new parent and did n...

CLSA-2026-1775749004 ImageMagick: Fix of 4 CVEs

CVE-2026-25968: stack buffer overflow in MSL image-processing language via WriteMSLImage recursion - CVE-2026-25897: out-of-bounds heap write in SUN decoder on 32-bit systems via integer overflow in pixel buffer allocation - CVE-2025-53014: out-of-bounds read in InterpretImageFilename when...

CLSA-2026-1775731413 libxml2: Fix of 8 CVEs

CVE-2023-45322: fix use-after-free in xmlStaticCopyNodeList when copying DTDs - CVE-2024-34459: fix buffer over-read in xmlHTMLPrintFileContext in xmllint - CVE-2025-6170: fix potential buffer overflows in xmllint interactive shell - CVE-2025-8732: fix stack overflow from self-referencing SGML...

CVE-2026-39376

FastFeedParser is a high performance RSS, Atom and RDF parser. Prior to 0.5.10, when parse fetches a URL that returns an HTML page containing a tag, it recursively calls itself with the redirect URL — with no depth limit, no visited-URL deduplication, and no redirect count cap. An...

CLEANSTART-2026-IW08736 Uncontrolled Recursion vulnerability in Apache Commons Lang

Multiple security vulnerabilities affect the logstash-fips package. Uncontrolled Recursion vulnerability in Apache Commons Lang. See references for individual vulnerability details...

CLEANSTART-2026-BG72514 Uncontrolled Recursion vulnerability in Apache Commons Lang

Multiple security vulnerabilities affect the logstash-fips package. Uncontrolled Recursion vulnerability in Apache Commons Lang. See references for individual vulnerability details...

Regular Expression Denial Of Service (ReDoS)

minimatch is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to unbounded recursive processing in matchOne when handling multiple non-adjacent GLOBSTAR patterns, which allows an attacker to supply crafted glob inputs that significantly delay execution and block...

CLSA-2026-1775652408 Fix CVE(s): CVE-2026-24484

SECURITY UPDATE: denial of service from multi-layer nested MVG to SVG conversion - debian/patches/CVE-2026-24484.patch: Add recursion-depth check for graphic-context and prevent excessive nested vector graphics that cause crashes or resource exhaustion due to unbounded recursion. -...

CLSA-2026-1775651477 Fix CVE(s): CVE-2026-24484

SECURITY UPDATE: denial-of-service from multi-layer nested MVG-to-SVG conversions - debian/patches/CVE-2026-24484.patch: Add recursion-depth check and throw VectorGraphicsNestedTooDeeply on reaching maximum; prevent crash from unbounded nesting of graphic-context elements. -...

Security Bulletin: Expr Built-in Functions Recursion DoS Vulnerability (Fixed in v1.17.7) affects watsonx.data

Summary Expr prior to v1.17.7 is vulnerable to a Denial-of-Service DoS due to unbounded recursion in certain built-in functions, which can cause stack overflow and application crashes when processing deeply nested or cyclic data. Fixed in v1.17.7. This can affect watsonx.data. Vulnerability Detai...

Uncontrolled Recursion

Overview fastfeedparser is a High performance RSS, Atom, JSON and RDF feed parser in Python Affected versions of this package are vulnerable to Uncontrolled Recursion through the parse function when processing HTML responses containing a tag, which leads to unbounded recursion without a redirect...

GHSA-4GX2-PC4F-WQ37 FastFeedParser has an infinite redirect loop DoS via meta-refresh chain

Summary When parse fetches a URL that returns an HTML page containing a tag, it recursively calls itself with the redirect URL — with no depth limit, no visited-URL deduplication, and no redirect count cap. An attacker-controlled server that returns an infinite chain of HTML meta-refresh response...

FastFeedParser has an infinite redirect loop DoS via meta-refresh chain

Summary When parse fetches a URL that returns an HTML page containing a tag, it recursively calls itself with the redirect URL — with no depth limit, no visited-URL deduplication, and no redirect count cap. An attacker-controlled server that returns an infinite chain of HTML meta-refresh response...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006775)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006775 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix infinite recursion in fib6dumpdone. syzkaller reported infinite recursive calls of...

PYSEC-2026-60

FastFeedParser is a high performance RSS, Atom and RDF parser. Prior to 0.5.10, when parse fetches a URL that returns an HTML page containing a tag, it recursively calls itself with the redirect URL — with no depth limit, no visited-URL deduplication, and no redirect count cap. An...

CVE-2026-39376

FastFeedParser is a high performance RSS, Atom and RDF parser. Prior to 0.5.10, when parse fetches a URL that returns an HTML page containing a tag, it recursively calls itself with the redirect URL — with no depth limit, no visited-URL deduplication, and no redirect count cap. An...

Security Bulletin: Multiple Security vulnerabilities affecting IBM Knowledge Catalog Premium Cartridge

Summary Multiple security vulnerabilities impacting IBM Knowledge Catalog Premium Cartridge. These vulnerabilities had been addressed and customers should update to the recommended version of the product at the earliest opportunity. Vulnerability Details CVEID:CVE-2025-4565 DESCRIPTION: Any proje...