81 matches found
CVE-2026-6684
FatFs prior to R0.16 that use GPT scanning with 'FFLBA64 = 1' contains an issue where an unbounded loop count derived from GPT header field GPTHPtNum, enabling extremely long or effectively infinite mount-time scans. This maps to CWE-835 Loop with Unreachable Exit Condition. Estimated CVSS v3.1...
EUVD-2026-40994
FatFs prior to R0.16 that use GPT scanning with 'FFLBA64 = 1' contains an issue where an unbounded loop count derived from GPT header field GPTHPtNum, enabling extremely long or effectively infinite mount-time scans. This maps to CWE-835 Loop with Unreachable Exit Condition. Estimated CVSS v3.1...
CVE-2026-6684
CVE-2026-6684 affects FatFs prior to R0.16 when GPT scanning is used with FF_LBA64 = 1. The issue stems from an unbounded loop count derived from the GPT header field GPTH_PtNum, leading to extremely long or effectively infinite mount-time scans (CWE-835: Loop with Unreachable Exit Condition). Af...
CVE-2026-10642
The CVE-2026-10642 issue affects the Zephyr PL011 UART driver (drivers/serial/uart_pl011.c) where pl011_irq_tx_enable() can spin in an unbounded loop when CTS hardware flow control is enabled and CTS is de-asserted by the peer. This causes the TX interrupt to remain masked and the controller to s...
CVE-2026-50171
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, a Denial of Service DoS vulnerability exists in the @angular/common package of Angular. The formatNumber functio...
CVE-2026-50171
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, a Denial of Service DoS vulnerability exists in the @angular/common package of Angular. The formatNumber functio...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: dmcrypt: added condresched to dmcryptwrite. The loop in dmcryptwrite may run for an unlimited amount of time; therefore, condresched is needed in it. This commit fixes the following warnings: 3391.153255 C12 watchdog: BUG: sof...
PT-2026-49562
Name of the Vulnerable Software and Affected Versions Angular versions prior to 22.0.0-rc.2 Angular versions prior to 21.2.15 Angular versions prior to 20.3.22 Angular versions prior to 19.2.23 Description A Denial of Service DoS issue exists in the @angular/common package. The formatNumber...
CVE-2026-46385 iskorotkov/avro: CPU Exhaustion in Avro Decoder
iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, the Avro array and map decoders looped over an attacker-controlled block-count value without checking the underlying reader's error state inside the loop body. Reader.ReadBlockHeader returns the count as a Go int, which is 64-bit on amd64 ...
GHSA-HH27-HF48-9F5Q LiquidJS has a memory and render limit bypass via unbounded width padding in `date` filter (strftime)
Summary The date filter's strftime implementation parses width specifiers like %9999999d and forwards the captured width unchecked into pad/padStart in src/util/underscore.ts. The pad loop performs unbounded string concatenation without consulting the Context's memoryLimit or renderLimit, so a...
GHSA-W8J3-PQ8G-8M7W iskorotkov/avro: CPU Exhaustion in Decoder
CPU Exhaustion in Avro Decoder via Unbounded Block-Count Iteration Summary The Avro array and map decoders looped over an attacker-controlled block-count value without checking the underlying reader's error state inside the loop body. Reader.ReadBlockHeader returns the count as a Go int, which is...
GHSA-V25J-WQCW-FVHJ wger has an Uncontrolled Resource Consumption issue
Summary Any authenticated user can create a routine spanning an arbitrarily long date range e.g. 100 years and then trigger the datesequence computation via any of the routine detail endpoints. The server iterates once per day in an unbounded while loop with no maximum duration validation, causin...
CVE-2026-25863
Conditional Fields for Contact Form 7 WordPress plugin through version 2.7.2 contains an uncontrolled resource consumption vulnerability in the Wpcf7cfMailParser class where the hidehiddenmailfieldsregexcallback method reads an iteration count directly from user-supplied POST parameters without...
CVE-2026-25863 Conditional Fields for Contact Form 7 < 2.7.3 DoS via Uncontrolled Resource Consumption
Conditional Fields for Contact Form 7 WordPress plugin through version 2.7.2 contains an uncontrolled resource consumption vulnerability in the Wpcf7cfMailParser class where the hidehiddenmailfieldsregexcallback method reads an iteration count directly from user-supplied POST parameters without...
CVE-2026-25863
Vulnerability summary (CVE-2026-25863): The WordPress plugin “Conditional Fields for Contact Form 7” (CF7 Conditional Fields), affected up to version 2.6.7, contains an uncontrolled resource consumption issue in Wpcf7cfMailParser.hide_hidden_mail_fields_regex_callback(). The method reads an itera...
PT-2026-36894
Conditional Fields for Contact Form 7 WordPress plugin through version 2.6.7 contains an uncontrolled resource consumption vulnerability in the Wpcf7cfMailParser class where the hide hidden mail fields regex callback method reads an iteration count directly from user-supplied POST parameters...
MGASA-2026-0076 Updated zlib packages fix security vulnerability
zlib before 1.3.2 allows CPU consumption via crc32combine64 and crc32combinegen64 because x2nmodp can do right shifts within a loop that has no termination condition. CVE-2026-27171...
DEBIAN-CVE-2025-69647
GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF loclists data. A logic flaw in the DWARF parsing code can cause readelf to repeatedly print the same table output without making forward progress, resulting in an...
CVE-2025-69647
GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF loclists data. A logic flaw in the DWARF parsing code can cause readelf to repeatedly print the same table output without making forward progress, resulting in an...
SUSE CVE-2025-69644
An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed debug information. A logic flaw in the handling of DWARF location list headers can cause objdump to enter an unbounded loop and produce endless...