PT-2026-24712

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by sending specially crafted GraphQL requests due to uncontrolled recursion under certain circumstances...

GitLab Enterprise Edition（EE）和GitLab Community Edition（CE） 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. Both GitLab Enterprise Edition EE and GitLab Community Edition CE had...

ROS-20260311-73-0007

A vulnerability in the MongoDB database management system server is related to uncontrolled recursion. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

Security update for coredns (important)

openSUSE Security Update: Security update for coredns Announcement ID: openSUSE-SU-2026:0080-1 Rating: important References: 1255345 1259319 1259320 Cross-References: CVE-2025-68156 CVE-2026-26017 CVE-2026-26018 CVSS scores: CVE-2025-68156 SUSE: 8.7...

CVE-2026-30939

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.13 and 9.5.1-alpha.2, an unauthenticated attacker can crash the Parse Server process by calling a Cloud Function endpoint with a prototype property name as the function name. The...

CVE-2026-30980

iccDEV contains a stack overflow in CIccBasicStructFactory::CreateStruct() that can lead to uncontrolled recursion/stack exhaustion and crash. Affected versions are prior to 2.3.1.5; the issue is fixed in 2.3.1.5. Upgrade to 2.3.1.5 to remediate.

EUVD-2026-10719

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack overflow in CIccBasicStructFactory::CreateStruct causing uncontrolled recursion/stack exhaustion and crash. This vulnerability is fixed in 2.3.1.5...

CLSA-2026-1773137055 avahi: Fix of CVE-2026-24401

CVE-2026-24401: fix uncontrolled recursion in lookuphandlecname caused by recursive CNAMEs...

PT-2026-24349

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.5 Description iccDEV is a set of libraries and tools for working with ICC color management profiles. A stack overflow exists in the CIccBasicStructFactory::CreateStruct function, leading to uncontrolled recursion...

ROS-20260310-73-0027

Vulnerability in libxml2 related to uncontrolled recursion. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

📄 Universal‑Ctags V Language 6.2.1 Parser Uncontrolled Recursion

A denial of service issue has been discovered in Universal‑Ctags versions 6.2.1 and below affecting the V language parser component. ============================================================================================================================================= | Title :...

PT-2026-24188

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.13 Parse Server versions prior to 9.5.1-alpha.2 Description An unauthenticated attacker can cause a denial of service by crashing the Parse Server process. This occurs by calling a Cloud Function endpoint wit...

EulerOS 2.0 SP13 : libxml2 (EulerOS-SA-2026-1252)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain...

ROS-20260310-73-0028

Vulnerability in libxml2 related to uncontrolled recursion. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Security Bulletin: Common vulnerabilities addressed in Cloudera Observability 3.6.2

Summary Security Bulletin: Common vulnerabilities addressed in Cloudera Observability 3.6.2 Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested...

CVE-2026-29076

A flaw was found in cpp-httplib, a C++11 single-file header-only cross-platform HTTP/HTTPS library. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP POST request with a malicious filename parameter in the Content-Disposition header. This triggers uncontrolled...

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion through the std::regex process in multipart filename parsing. An attacker can cause the server to crash by sending a specially crafted HTTP POST request with a malicious filename parameter, leading to uncontrolled...

SUSE SLES16 Security Update : libxml2, libxslt (SUSE-SU-2026:20631-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:20631-1 advisory. Changes in libxml2: - CVE-2026-0990: call stack overflow may lead to application crash due to infinite recursion in...

python: protobuf: Protobuf: Denial of Service due to recursion depth bypass

A flaw was found in protobuf. A remote attacker can exploit this denial-of-service DoS vulnerability by supplying deeply nested google.protobuf.Any messages to the google.protobuf.jsonformat.ParseDict function. This bypasses the intended recursion depth limit, leading to the exhaustion of Python’...

SUSE-SU-2026:20657-1 Security update for libxslt, libxml2

This update for libxslt, libxml2 fixes the following issues: libxml2: - CVE-2026-0990: call stack overflow leading to application crash due to infinite recursion in xmlCatalogXMLResolveURI bsc1256807, bsc1256811 - CVE-2026-0992: excessive resource consumption when processing XML catalogs due to...