CVE-2026-45740 protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.8 and 8.2.0, protobufjs could recurse without a depth limit while expanding nested JSON descriptors through Root.fromJSON and Namespace.addJSON. A crafted JSON descriptor with deeply nested namespace definitions...

Astra Linux - уязвимость в qt4-x11, qtbase-opensource-src

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion...

CVE-2024-2374 XML External Entity Injection in Multiple WSO2 Products Allows Arbitrary file read and Denial of Service

The XML parsers within multiple WSO2 products accept user-supplied XML data without properly configuring to prevent the resolution of external entities. This omission allows malicious actors to craft XML payloads that exploit the parser's behavior, leading to the inclusion of external resources. ...

EulerOS Virtualization 2.10.1 : expat (EulerOS-SA-2026-1113)

According to the versions of the expat package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted fo...

Siemens SIMATIC S7-1500 Improper Restriction of Recursive Entity References in DTDs (CVE-2023-52426)

libexpat through 2.5.0 allows recursive XML Entity Expansion if XMLDTD is undefined at compile time. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...

EUVD-2021-32215

Malicious code in bioql PyPI...

CVE-2023-38197

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion...

GHSA-23H9-M55M-C5JP Jenkins Token Macro Plugin's recursive token expansion results in information disclosure and DoS

Jenkins Token Macro Plugin recursively applied token expansion. This could be used by users able to affect input to token expansion such as change log messages, to inject additional tokens into the input, which would then be expanded, resulting in information disclosure for example values of...

zsh: Prompt expansion vulnerability

A vulnerability was found in zsh in the parsecolorchar function of prompt.c file. This flaw allows an attacker to perform code execution if they control a command output inside the prompt, as stated by a %F%K argument. This occurs because of recursive PROMPTSUBST expansion...

DEBIAN-CVE-2021-45444

In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPTSUBST expansion...

CVE-2021-45444

In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPTSUBST expansion...

CVE-2021-45444

In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPTSUBST expansion...

Updated c3p0 packages fix security vulnerabilities

An XML external entity processing vulnerability was found in extractXmlConfigFromInputStream function in c3p0 CVE-2018-20433. c3p0 version 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading...

CVE-2019-5427

c3p0 version 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration...

jenkins-plugin-token-macro: Recursive token expansion results in information disclosure and DoS in Token Macro Plugin (SECURITY-1102)

An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5 and earlier in src/main/java/org/jenkinsci/plugins/tokenmacro/Parser.java, src/main/java/org/jenkinsci/plugins/tokenmacro/TokenMacro.java,...

Updated ruby packages fix security vulnerabilities

Will Wood discovered that Ruby incorrectly handled the encodes function. An attacker could possibly use this issue to cause Ruby to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a...

DEBIAN-CVE-2011-1753

expaterl.c in ejabberd before 2.1.7 and 3.x before 3.0.0-alpha-3, and exmpp before 0.9.7, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of neste...

CVE-2026-45304: YAML Parser Exponential Memory Allocation via Recursive Collection-Alias Expansion ("Billion Laughs")

More info at https://symfony.com/cve-2026-45304...

CVE-2026-45304: YAML Parser Exponential Memory Allocation via Recursive Collection-Alias Expansion ("Billion Laughs")

More info at https://symfony.com/cve-2026-45304...