Lucene search
K

355 matches found

Cvelist
Cvelist
added yesterday28 views

CVE-2026-41434 OP-TEE has unbounded recursion in sanitize_client_object()

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.10.0 and prior to version 4.11.0, an unbounded recursion can crash the PKCS11 TA. Version 4.11.0 contains a patch. ...

3.3CVSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-41434

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.10.0 and prior to version 4.11.0, an unbounded recursion can crash the PKCS11 TA. Version 4.11.0 contains a patch. ...

3.3CVSS6AI score
Exploits0References2Affected Software1
OSV
OSV
added yesterday2 views

DEBIAN-CVE-2026-14803

Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder. The pure-Perl decode path decodevalue dispatching to decodearray and decodeobject recurses with no depth limit, so a small deeply nested JSON document can consume excessive memory...

6.5CVSS6AI score0.00186EPSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-14803

Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder. The pure-Perl decode path decodevalue dispatching to decodearray and decodeobject recurses with no depth limit, so a small deeply nested JSON document can consume excessive memory...

6.5CVSS0.00186EPSS
Exploits0References3
EUVD
EUVD
added yesterday7 views

EUVD-2026-41798

Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder. The pure-Perl decode path decodevalue dispatching to decodearray and decodeobject recurses with no depth limit, so a small deeply nested JSON document can consume excessive memory...

6.5CVSS6AI score0.00186EPSS
Exploits0References2
CVE
CVE
added yesterday14 views

CVE-2026-14803

Mojo::JSON prior to version 9.47 is vulnerable to memory exhaustion due to unbounded recursion in the pure-Perl JSON decoder (_decode_value -> _decode_array/_decode_object). The issue arises when the pure-Perl path is used (default if Cpanel::JSON::XS is not installed or MOJO_NO_JSON_XS=1); a ...

6.5CVSS6AI score0.00186EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday6 views

CVE-2026-14803

Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder. The pure-Perl decode path decodevalue dispatching to decodearray and decodeobject recurses with no depth limit, so a small deeply nested JSON document can consume excessive memory...

6AI score0.00186EPSS
Exploits0References3
Cvelist
Cvelist
added yesterday32 views

CVE-2026-14803 Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder

Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder. The pure-Perl decode path decodevalue dispatching to decodearray and decodeobject recurses with no depth limit, so a small deeply nested JSON document can consume excessive memory...

0.00186EPSS
Exploits0References2
Debian CVE
Debian CVE
added yesterday4 views

CVE-2026-14803

Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder. The pure-Perl decode path decodevalue dispatching to decodearray and decodeobject recurses with no depth limit, so a small deeply nested JSON document can consume excessive memory...

6.5CVSS6AI score0.00186EPSS
Exploits0
NVD
NVD
added 2026/06/29 8:17 p.m.7 views

CVE-2026-54888

Uncontrolled Recursion vulnerability in leandrocp mdex allows denial of service via deeply nested Markdown input. mdex converts between an Elixir %MDEx.Document struct and Comrak's internal AST using two mutually recursive Rust functions, exdocumenttocomrakast and comrakasttoexdocument, in the NI...

6.9CVSS0.00168EPSS
Exploits0References4
CVE
CVE
added 2026/06/29 7:10 p.m.9 views

CVE-2026-54888

The CVE-2026-54888 issue is a denial-of-service in mdex/mdex_native caused by uncontrolled recursion when converting Markdown to an AST across a NIF boundary. The root cause is missing maximum nesting depth in two mutual Rust functions (ex_document_to_comrak_ast and comrak_ast_to_ex_document), al...

6.9CVSS5.9AI score0.00168EPSS
Exploits0References4
CVE
CVE
added 2026/06/29 6:44 p.m.16 views

CVE-2026-13757

CVE-2026-13757 affects p11-kit. The RPC attribute parsing functions p11_rpc_message_get_attribute() and p11_rpc_message_get_attribute_array_value() can form a mutually-recursive call chain with no recursion depth limit when handling nested CKA_WRAP_TEMPLATE, CKA_UNWRAP_TEMPLATE, and CKA_DERIVE_TE...

6.2CVSS5.8AI score0.0012EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 10:16 p.m.7 views

CVE-2026-48506

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, MessagePackReader.TrySkip recursively descends into nested arrays and maps without incrementing the reader depth or calling the configured depth checks. This bypasses MessagePackSecurity.MaximumObjectGraphDepth, the...

7.5CVSS0.00275EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux

A issue was discovered in the Linux kernel before version 5.8. The lib/nlattr.c file allows attackers to cause a denial of service unbounded recursion through a nested Netlink policy with a back reference...

5.5CVSS6.7AI score0.0025EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.7 views

openSUSE 16 Security Update : uriparser (openSUSE-SU-2026:20910-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20910-1 advisory. This update for uriparser fixes the following issue: - CVE-2025-67899: unbounded recursion and stack consumption bsc1255000. Tenable has extracted the...

2.9CVSS5.6AI score0.0012EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/10 3:39 p.m.7 views

axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data

A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the toFormData function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js...

7.5CVSS7.6AI score0.00744EPSS
Exploits1References5
CVE
CVE
added 2026/06/09 10:43 p.m.128 views

CVE-2026-9740

Affected software: MongoDB Server. Vulnerability: BSON validation logic allows unauthenticated users to crash mongod via a specially crafted message. The BSON validator’s handling of certain nested binary data structures enables uncontrolled mutual recursion, where each re-entry resets internal d...

8.7CVSS5.5AI score0.00345EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/09 11:19 a.m.9 views

pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion

An unbounded recursion flaw has been discovered in the pypi pyasn1 library. This uncontrolled recursion occurs when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE 0x30 or SET 0x31 tags with Indefinite Length 0x80 markers. Thi...

7.5CVSS6.4AI score0.0058EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/06/09 11:18 a.m.8 views

pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion

An unbounded recursion flaw has been discovered in the pypi pyasn1 library. This uncontrolled recursion occurs when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE 0x30 or SET 0x31 tags with Indefinite Length 0x80 markers. Thi...

7.5CVSS6.4AI score0.0058EPSS
Exploits1References6
Amazon
Amazon
added 2026/06/08 12:0 a.m.10 views

Medium: jq

Issue Overview: jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvpstringappend and jvpstringcopyreplacebad functions, where concatenating strings with a combined length exceeding 2^31 bytes causes a 32-bit unsigned integer overflow i...

8.2CVSS5.8AI score0.00559EPSS
Exploits7
Rows per page
Query Builder