CVE-2019-20016

libmysofa before 2019-11-24 does not properly restrict recursive function calls, as demonstrated by reports of stack consumption in readOHDRHeaderMessageDatatype in dataobject.c and directblockRead in fractalhead.c. NOTE: a download of v0.9 after 2019-12-06 should fully remediate this issue...

EUVD-2025-200073

Nodemailer’s addressparser is vulnerable to DoS caused by recursive calls...

CLSA-2025-1760020311 Fix CVE(s): CVE-2025-9714

SECURITY UPDATE: uncontrolled recursion leading to stack overflow via crafted XPath expressions - debian/patches/CVE-2025-9714.patch: Make XPath depth check work with recursive invocations to prevent stack overflows - CVE-2025-9714...

EUVD-2019-15856

Malware in sbrugna...

EUVD-2019-18457

Malware in sbrugna...

EUVD-2018-9724

Malware in sbrugna...

EUVD-2018-11555

Malware in sbrugna...

EUVD-2014-4257

Malware in sbrugna...

EUVD-2018-9759

Malware in sbrugna...

EUVD-2019-6935

Malware in sbrugna...

EUVD-2019-10572

Malware in sbrugna...

EUVD-2011-4864

Malware in sbrugna...

EUVD-2019-19259

Malware in sbrugna...

EUVD-2021-17393

Malware in sbrugna...

EUVD-2025-6944

Malicious code in bioql PyPI...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the send hooks. An attacker can exhaust system resources by triggering excessive gas consumption through recursive calls in the wasm contract. Remediation There is no fixed versio...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the send hooks. An attacker can exhaust system resources by triggering excessive gas consumption through recursive calls in the wasm contract. Remediation There is no fixed versio...

CVE-2021-21359

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.25, 10.4.14, 11.1.1 requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as error message from another page. This leads to ...

CVE-2011-4957

The makeclickable function in wp-includes/formatting.php in WordPress before 3.1.1 does not properly check URLs before passing them to the PCRE library, which allows remote attackers to cause a denial of service crash via a comment with a crafted URL that triggers many recursive calls...

CVE-2024-7768

A vulnerability in the /3/ImportFiles endpoint of h2oai/h2o-3 version 3.46.1 allows an attacker to cause a denial of service. The endpoint takes a single GET parameter, path, which can be recursively set to reference itself. This leads the server to repeatedly call its own endpoint, eventually...