CVE-2019-20016

libmysofa before 2019-11-24 does not properly restrict recursive function calls, as demonstrated by reports of stack consumption in readOHDRHeaderMessageDatatype in dataobject.c and directblockRead in fractalhead.c. NOTE: a download of v0.9 after 2019-12-06 should fully remediate this issue...

EUVD-2025-200073

Nodemailer’s addressparser is vulnerable to DoS caused by recursive calls...

EUVD-2019-18457

Malware in sbrugna...

EUVD-2018-11555

Malware in sbrugna...

EUVD-2018-9724

Malware in sbrugna...

EUVD-2019-15856

Malware in sbrugna...

EUVD-2018-9759

Malware in sbrugna...

EUVD-2014-4257

Malware in sbrugna...

EUVD-2019-6935

Malware in sbrugna...

EUVD-2011-4864

Malware in sbrugna...

EUVD-2019-19259

Malware in sbrugna...

EUVD-2019-10572

Malware in sbrugna...

EUVD-2021-17393

Malware in sbrugna...

EUVD-2025-6944

Malicious code in bioql PyPI...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the send hooks. An attacker can exhaust system resources by triggering excessive gas consumption through recursive calls in the wasm contract. Remediation There is no fixed versio...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the send hooks. An attacker can exhaust system resources by triggering excessive gas consumption through recursive calls in the wasm contract. Remediation There is no fixed versio...

CVE-2021-21359

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.25, 10.4.14, 11.1.1 requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as error message from another page. This leads to ...

CVE-2011-4957

The makeclickable function in wp-includes/formatting.php in WordPress before 3.1.1 does not properly check URLs before passing them to the PCRE library, which allows remote attackers to cause a denial of service crash via a comment with a crafted URL that triggers many recursive calls...

CVE-2024-7768

A vulnerability in the /3/ImportFiles endpoint of h2oai/h2o-3 version 3.46.1 allows an attacker to cause a denial of service. The endpoint takes a single GET parameter, path, which can be recursively set to reference itself. This leads the server to repeatedly call its own endpoint, eventually...

PYSEC-2025-11

A vulnerability in the KnowledgeBaseWebReader class of the run-llama/llamaindex repository, version latest, allows an attacker to cause a Denial of Service DoS by controlling a URL variable to contain the root URL. This leads to infinite recursive calls to the getarticleurls method, exhausting...