Lucene search
K

42 matches found

CVE
CVE
added yesterday10 views

CVE-2026-55771

CVE-2026-55771 affects CedarJava prior to 4.9.0, where EntityIdentifier.equals() has inverted null/self-reference checks, causing incorrect equality results in custom integrations. The bug does not alter Cedar’s authorization decisions (computed in Rust from JSON) but could affect external code p...

8.8CVSS6AI score
Exploits0References1
OSV
OSV
added 2026/06/25 10:21 p.m.8 views

MAL-2026-6486 Malicious code in unsafe-malicious-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3579cb796e48f446b07e2dbbce2e301d1a3e87d8a9a35ed1dbe825fc53f29da9 On npm install, the package's postinstall lifecycle script scripts/postinstall.js reads the installer's AWS credentials file at /.aws/credentials and...

5.8AI score
Exploits0References9
NVD
NVD
added 2026/06/22 9:16 p.m.11 views

CVE-2026-49461

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting the text of a page which contains a form XObject with self-references. This vulnerability is fixed in 6.12....

6.9CVSS0.00123EPSS
Exploits0References3
OSV
OSV
added 2026/06/22 9:16 p.m.5 views

DEBIAN-CVE-2026-49461

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting the text of a page which contains a form XObject with self-references. This vulnerability is fixed in 6.12....

5.5CVSS5.8AI score0.00123EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 5:31 a.m.25 views

CVE-2026-8707

The NS Product icon badge plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF in all versions up to 1.2.4 due to insufficient input sanitization and output escaping. Affected: WordPress plugin NS Product icon badge; vulnerable component: code handling user input/outp...

6.1CVSS6AI score0.00211EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.11 views

Astra Linux – Vulnerability in libjettison-java

An infinite recursion occurs in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This results in a StackOverflowError exception being thrown...

7.5CVSS6.7AI score0.01009EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/06 4:15 p.m.22 views

CVE-2026-5668 Cyber-III Student-Management-System add%20notice.php cross site scripting

A flaw has been found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This affects an unknown part of the file /admin/Add%20notice/add%20notice.php. This manipulation of the argument $SERVER'PHPSELF' causes cross site scripting. It is possible to initiate th...

4.8CVSS0.00206EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/02/05 7:19 a.m.12 views

WordPress Peter's Date Countdown plugin <= 2.0.0 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability

Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Peter’s Date Countdown versions = 2.0.0...

6.1CVSS5.3AI score0.00293EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2026/01/24 2:15 a.m.4 views

CVE-2026-24401

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions 0.9rc2 and below, avahi-daemon can be crashed via a segmentation fault by sending an unsolicited mDNS response containing a recursive CNAME record, where the alias and canonica...

6.5CVSS5.9AI score0.00252EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/01/21 1:5 a.m.12 views

ImageMagick MSL: Stack overflow via infinite recursion in ProcessMSLScript

Summary Stack overflow via infinite recursion in MSL Magick Scripting Language command when writing to MSL format. Version - ImageMagick 7.x tested on current main branch - Commit: HEAD - Requires: libxml2 support for MSL parsing Steps to Reproduce Method 1: Using ImageMagick directly bash magick...

5.5CVSS5.5AI score0.00161EPSS
Exploits1References4Affected Software18
OSV
OSV
added 2026/01/15 3:15 p.m.3 views

UBUNTU-CVE-2026-0990

A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a...

5.9CVSS5.8AI score0.00755EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/01/15 2:20 p.m.39 views

CVE-2026-0990 Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing

A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a...

5.9CVSS0.00755EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/01/15 2:20 p.m.4 views

CVE-2026-0990

A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a...

5.9CVSS5.5AI score0.00755EPSS
Exploits1References5
NVD
NVD
added 2026/01/07 12:16 p.m.5 views

CVE-2025-14131

The WP Widget Changer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS0.00265EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/12/12 6:43 a.m.6 views

WordPress WPLG Default Mail From plugin <= 1.0.0 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability

Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin WPLG Default Mail From versions = 1.0.0...

6.1CVSS6.2AI score0.00212EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/10/20 12:0 a.m.5 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not properly handling invalid entity IDs, which could cause an entity to reference itself or trigger a warning...

5.9AI score0.00231EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-1077

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.01009EPSS
Exploits1References7
OSV
OSV
added 2024/06/06 9:30 p.m.4 views

GHSA-3HJH-JH2H-VRG6 Denial of service in langchain-community

Denial of service in SitemapLoader Document Loader in the langchain-community package, affecting versions below 0.2.5. The parsesitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the current sitemap...

4.2CVSS5.8AI score0.00301EPSS
Exploits1References7
OSV
OSV
added 2024/06/06 7:15 p.m.30 views

PYSEC-2024-118

A Denial-of-Service DoS vulnerability exists in the SitemapLoader class of the langchain-ai/langchain repository, affecting all versions. The parsesitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the...

4.7CVSS5.8AI score0.00301EPSS
Exploits1References4
OSV
OSV
added 2023/12/22 11:6 a.m.3 views

OESA-2023-1968 jettison security update

Jettison is a collection of Java APIs like STaX and DOM which read and write JSON. This allows nearly transparent enablement of JSON based web services in services frameworks like CXF or XML serialization frameworks like XStream. Security Fixes: An infinite recursion is triggered in Jettison when...

7.5CVSS8.1AI score0.01009EPSS
Exploits1References2
Rows per page
Query Builder