CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5149 matches found

RedHat Linux•added 2026/03/06 11:0 a.m.•3 views

python: protobuf: Protobuf: Denial of Service due to recursion depth bypass

A flaw was found in protobuf. A remote attacker can exploit this denial-of-service DoS vulnerability by supplying deeply nested google.protobuf.Any messages to the google.protobuf.jsonformat.ParseDict function. This bypasses the intended recursion depth limit, leading to the exhaustion of Python’...

8.2CVSS5.8AI score0.00013EPSS

Exploits0References5

Tenable Nessus•added 2026/03/06 12:0 a.m.•3 views

NewStart CGSL MAIN 6.06 (SP) : bind Multiple Vulnerabilities (NS-SA-2026-0006)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has bind packages installed that are affected by multiple vulnerabilities: - The default access control lists ACL in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which...

7.5CVSS5.9AI score0.04881EPSS

Exploits1References7

Snyk•added 2026/03/05 7:15 p.m.•1 views

Uncontrolled Recursion

Overview xgrammar is an Efficient, Flexible and Portable Structured Generation Affected versions of this package are vulnerable to Uncontrolled Recursion through the handling of multi-level nested grammar rules. An attacker can cause a segmentation fault and crash the application by submitting...

8.7CVSS5.8AI score0.00081EPSS

Exploits1References2

SUSE CVE•added 2026/03/05 6:50 a.m.•1 views

SUSE CVE-2026-27601

Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...

5.3CVSS5.8AI score0.00022EPSS

Exploits1References3

Github Security Blog•added 2026/03/05 12:27 a.m.•4 views

Multer Vulnerable to Denial of Service via Uncontrolled Recursion

Impact A vulnerability in Multer versions 2.1.1 allows an attacker to trigger a Denial of Service DoS by sending malformed requests, potentially causing stack overflow. Patches Users should upgrade to 2.1.1 Workarounds None Resources -...

8.7CVSS5.9AI score0.00067EPSS

Exploits0References6Affected Software1

OSV•added 2026/03/05 12:27 a.m.•0 views

GHSA-5528-5VMV-3XC2 Multer Vulnerable to Denial of Service via Uncontrolled Recursion

8.7CVSS5.9AI score0.00067EPSS

Exploits0References6

Tenable Nessus•added 2026/03/05 12:0 a.m.•3 views

TencentOS Server 4: protobuf (TSSA-2026:0093)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0093 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

8.2CVSS6AI score0.00013EPSS

Exploits0References2

Snyk•added 2026/03/04 6:27 p.m.•1 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion. An attacker can cause the application to crash or become unresponsive by sending malformed requests that trigger uncontrolled recursion, potentially leading to a stack overflow. Remediation A fix was pushed into...

8.7CVSS5.8AI score0.00067EPSS

Exploits0References2

Snyk•added 2026/03/04 6:27 p.m.•2 views

Uncontrolled Recursion

8.7CVSS5.8AI score0.00067EPSS

Exploits0References2

CVE•added 2026/03/04 4:17 p.m.•12 views

CVE-2026-3520

Multer, a Node.js middleware for multipart/form-data, has a DoS vulnerability in versions prior to 2.1.1. Malformed requests can trigger uncontrolled recursion and a stack overflow, impacting availability. The recommended fix is to upgrade to version 2.1.1; no workarounds are provided in the desc...

8.7CVSS6AI score0.00067EPSS

Exploits0References4Affected Software1

Cvelist•added 2026/03/04 4:17 p.m.•30 views

CVE-2026-3520 Multer vulnerable to Denial of Service via uncontrolled recursion

Multer is a node.js middleware for handling multipart/form-data. A vulnerability in Multer prior to version 2.1.1 allows an attacker to trigger a Denial of Service DoS by sending malformed requests, potentially causing stack overflow. Users should upgrade to version 2.1.1 to receive a patch. No...

8.7CVSS0.00067EPSS

Exploits0References4

OSV•added 2026/03/04 11:20 a.m.•7 views

CLSA-2026-1772451263 protobuf: Fix of CVE-2026-0994

CVE-2026-0994: recursion depth bypass in jsonformat.ParseDict...

8.2CVSS5.8AI score0.00013EPSS

Exploits0References1

OSV•added 2026/03/04 10:51 a.m.•2 views

SUSE-SU-2026:20631-1 Security update for libxml2, libxslt

This update for libxml2, libxslt fixes the following issues: Changes in libxml2: - CVE-2026-0990: call stack overflow may lead to application crash due to infinite recursion in xmlCatalogXMLResolveURI bsc1256807, bsc1256811. - CVE-2026-0992: excessive resource consumption when processing XML...

6.2CVSS6.2AI score0.00088EPSS

Exploits0References19

OSV•added 2026/03/03 11:15 p.m.•2 views

AZL-79313 CVE-2026-27601 affecting package boost 1.83.0-2

8.2CVSS5.8AI score0.00022EPSS

Exploits1References1

OSV•added 2026/03/03 11:15 p.m.•2 views

AZL-79404 CVE-2026-27601 affecting package python-sqlalchemy 1.4.32-2

8.2CVSS6.4AI score0.00022EPSS

Exploits1References1

OSV•added 2026/03/03 11:15 p.m.•1 views

AZL-79434 CVE-2026-27601 affecting package rsyslog 8.2204.1-4