2395 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-59927
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the Include directive in src/mistune/directives/include.py detects only direct...
EUVD-2026-25012
mv: symlinks expanded during cross-device move resource exhaustion / data duplication...
EUVD-2026-24998
cp: -R reads device nodes as streams, destroying device semantics...
EUVD-2026-25008
rm: 'rm -rf ./' and ./// variants silently deletes current directory contents, bypassing dot protection...
EUVD-2026-24965
chmod: recursive mode returns exit code 0 even when some files fail last-file-wins...
Linux Distros Unpatched Vulnerability : CVE-2026-45740
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.8 and 8.2.0, protobufjs could recurse without a depth limit while expanding...
Elasticsearch 8.0.x < 8.19.17 / 9.0.x < 9.3.6 / 9.4.x < 9.4.3 Multiple DoS
The version of Elasticsearch installed on the remote host is 8.0 prior to 8.19.17, 9.0 prior to 9.3.6, or 9.4.0 prior to 9.4.3. It is, therefore, affected by multiple denial of service vulnerabilities: - Uncontrolled recursion in Elasticsearch allows an authenticated user to submit a specially...
CVE-2026-38970
pdfcpu through v0.11.1 contains an uncontrolled-recursion denial-of-service issue in pkg/pdfcpu/model/parse.go. The parser descends recursively through nested PDF objects, including arrays, via ParseObjectContext and parseArray without enforcing a maximum nesting depth...
MAL-2026-6721 Malicious code in ts-eslint-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e5bbed232e0268a791ce846260ce170342eec359bf1a7e84b9514767d77803a1 The package's index.js defines run/fromstr that recursively walk process.cwd and match files named.env, env, id.json, config.json, config.toml,...
CVE-2026-13149
brace-expansion through 5.0.6 is vulnerable to denial of service. The expand function exhibits exponential-time complexity in the number of consecutive non-expanding '' brace groups. An attacker who passes a crafted string to expand, directly or transitively, can cause significant CPU consumption...
CVE-2026-54269
A flaw was found in protobufjs, a JavaScript JS library for compiling protobuf definitions. A remote attacker could exploit this vulnerability by providing specially crafted protobuf definitions or message types that contain names colliding with internal protobufjs runtime helpers. This could lea...
EulerOS 2.0 SP15 : python-pyasn1 (EulerOS-SA-2026-2463)
According to the versions of the python-pyasn1 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the pyasn1 library is vulnerable to a Denial of Service DoS attack caused by...
Linux Distros Unpatched Vulnerability : CVE-2026-53035
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf, sockmap: Fix afunix iter deadlock bpfiterunixseqshow may deadlock when locksockfast takes the fast path and the iter prog attempts to update a sockmap...
EUVD-2026-38903
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix afunix iter deadlock bpfiterunixseqshow may deadlock when locksockfast takes the fast path and the iter prog attempts to update a sockmap. Which ends up spinning at sockmapupdateelem's bhlocksock: WARNING:...
Astra Linux – Vulnerability in pyasn1
pyasn1 is a generic ASN.1 library for Python. Prior to version 0.6.3, the pyasn1 library was vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion during the decoding of ASN.1 data with deeply nested structures. An attacker could provide a crafted payload containing...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: powerpc/eeh: Fixed recursive pcilockrescanremove locking in EEH event handling. The recent commit 1010b4c012b0 “powerpc/eeh: Making the EEH driver’s device hotplug safe” restructured the EEH driver to improve synchronization with...
PT-2026-51929
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A deadlock can occur in the Linux kernel within the bpf and sockmap components. The issue arises when the bpf iter unix seq show function is executed and lock sock fast takes the fast pa...
CVE-2025-71382 MuPDF < 1.27.0-rc1 Stack Exhaustion DoS via EPUB CSS Rendering
MuPDF before 1.27.0-rc1 contains an uncontrolled recursion vulnerability in the EPUB CSS rendering engine that allows remote attackers to cause a denial of service by supplying a maliciously crafted EPUB file with deeply nested HTML elements and inline CSS styles. The function...
OPENSUSE-SU-2026:21014-1 Security update for avahi
This update for avahi fixes the following issues: - CVE-2026-34933: reachable assertion in transportflagsfromdomain can crash the avahi-daemon bsc1261546. - CVE-2026-24401: unsolicited mDNS responses containing a recursive CNAME record can crash the avahi-daemon bsc1257235...
SUSE-SU-2026:22258-1 Security update for avahi
This update for avahi fixes the following issues: - CVE-2026-34933: reachable assertion in transportflagsfromdomain can crash the avahi-daemon bsc1261546. - CVE-2026-24401: unsolicited mDNS responses containing a recursive CNAME record can crash the avahi-daemon bsc1257235...