Lucene search
K

243 matches found

Tenable Nessus
Tenable Nessus
added 5 days ago3 views

Linux Distros Unpatched Vulnerability : CVE-2026-59870

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.1, YAML11SCHEMA support for the !!omap tag in src/tag/sequence/omap.ts uses omapTag.addIte...

7.5CVSS6.6AI score0.00358EPSS
Exploits1References2
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-59868 js-yaml: YAML merge-key chains can force quadratic CPU consumption

js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.0, when merge keys are enabled, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This issue is fixed in...

5.3CVSS0.00291EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-56490

Name of the Vulnerable Software and Affected Versions js-yaml versions 3.0.0 through 3.14.x js-yaml versions 4.0.0 through 4.2.x Description js-yaml can consume quadratic CPU time when parsing a document that grows linearly in size. This occurs when a chain of mappings utilizes merge keys, where...

7.5CVSS6AI score0.0035EPSS
Exploits1References13
RedhatCVE
RedhatCVE
added 2026/06/26 7:9 p.m.8 views

CVE-2026-53550

A flaw was found in js-yaml, a JavaScript YAML parser and dumper. A remote attacker can exploit this vulnerability by providing a specially crafted YAML document that repeatedly uses the same alias in a merge sequence. This can lead to algorithmic CPU exhaustion, causing the Node.js worker or eve...

5.3CVSS5.6AI score0.00259EPSS
Exploits1References4
OSV
OSV
added 2026/06/22 4:16 p.m.3 views

UBUNTU-CVE-2026-53550

js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size an...

5.3CVSS5.8AI score0.00259EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/22 2:59 p.m.41 views

CVE-2026-53550 js-yaml: Quadratic-complexity DoS in merge key handling via repeated aliases

js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size an...

5.3CVSS0.00259EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/09 8:17 a.m.15 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to Uncontrolled Recursion due to Node.js module yaml (CVE-2026-33532)

Summary IBM App Connect Enterprise Connector Discovery and OpenAPI Editor, IBM App Connect Enterprise Discovery Connectors and IBM App Connect Enterprise runtime are vulnerable to Uncontrolled Recursion due to Node.js module yaml. Vulnerability Details CVEID:CVE-2026-33532 DESCRIPTION: yaml is a...

4.3CVSS5.8AI score0.0047EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/08 1:35 p.m.6 views

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to Prototype Pollution CVE-2025-64718

Summary js-yaml is used by the IBM Datapower Operations Dashboard in their parsing functionality Vulnerability Details CVEID:CVE-2025-64718 DESCRIPTION: js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the...

5.3CVSS5.5AI score0.00414EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/05/27 9:34 p.m.6 views

GHSA-9FRC-8383-795M Symfony's YAML Parser has a ReDoS via Catastrophic Backtracking in Parser::cleanup() Regex

Description Symfony\Component\Yaml\Parser::cleanup strips the optional %YAML directive header, leading comments, and document start/end markers before parsing. The original regexes contained overlapping quantifiers, most notably '^%YAML: \d.+.\nu', whose \d.+ and . overlap on the dot, that exhibi...

6.9CVSS5.8AI score0.00076EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/05/27 9:34 p.m.33 views

Symfony's YAML Parser has a ReDoS via Catastrophic Backtracking in Parser::cleanup() Regex

Description Symfony\Component\Yaml\Parser::cleanup strips the optional %YAML directive header, leading comments, and document start/end markers before parsing. The original regexes contained overlapping quantifiers, most notably '^%YAML: \d.+.\nu', whose \d.+ and . overlap on the dot, that exhibi...

5.8AI score0.00076EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/27 9:33 p.m.15 views

Symfony hardened the parser when handling untrusted input

Description Symfony\Component\Yaml\Parser is the entry point for parsing YAML strings into PHP values via Yaml::parse. When the parser is exposed to attacker-controlled input, deeply nested mappings or sequences cause both the block-level Parser::parseBlock and inline Inline::parseSequence /...

5.8AI score0.00089EPSS
Exploits0References6Affected Software2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-44146

Description SymfonyComponentYamlParser is the entry point for parsing YAML strings into PHP values via Yaml::parse. When the parser is exposed to attacker-controlled input, deeply nested mappings or sequences cause both the block-level Parser::parseBlock and inline Inline::parseSequence /...

6.9CVSS5.8AI score0.00089EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.12 views

PT-2026-44149

Description SymfonyComponentYamlParser resolves YAML aliases anchor during parsing. Aliases that reference collections arrays, stdClass, TaggedValue-wrapped collections can themselves point to other collections containing aliases, creating exponential expansion at resolution time. A small input c...

6.9CVSS5.8AI score0.00076EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.17 views

PT-2026-44150

Description SymfonyComponentYamlParser::cleanup strips the optional %YAML directive header, leading comments, and document start/end markers before parsing. The original regexes contained overlapping quantifiers, most notably '^%YAML: d.+. u', whose d.+ and . overlap on the dot, that exhibit...

6.9CVSS5.8AI score0.00076EPSS
Exploits0References7
Snyk
Snyk
added 2026/05/20 3:35 p.m.31 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via Unbounded Recursion in Nested Blocks, Sequences, and Mappings. Symfony\Component\Yaml\Parser is the entry point for parsing YAML strings into PHP values via Yaml::parse. When the parser is exposed to...

8.7CVSS5.8AI score0.00089EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 5:16 p.m.17 views

CVE-2026-5089

YAML::Syck versions before 1.38 for Perl has an out-of-bounds read. The base60 sexagesimal parsing code in perlsyck.h has a buffer underflow bug in both intbase60 and floatbase60 handlers. When processing the leftmost segment of a colon-separated value e.g., the 1 in 1:30:45, the inner while loop...

7.3CVSS0.00333EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 11:20 p.m.10 views

Security Bulletin: Multiple vulnerabilities in IBM Aspera Enterprise WebApps

Summary Multiple vulnerabilities were addressed in IBM Aspera Enterprise WebApps version 1.0.2 Vulnerability Details CVEID:CVE-2025-64718 DESCRIPTION: js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the...

8.8CVSS6.8AI score0.62368EPSS
Exploits3Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 4:7 p.m.5 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality (CVE-2025-64718)

Summary Node.js module js-yaml is used by IBM App Connect Enterprise Certified Container for parsing YAML data. IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported vulnerability in...

5.3CVSS6.3AI score0.00414EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/04/03 1:8 p.m.6 views

JLSEC-2026-23

The SingleDocParser::HandleNode function in yaml-cpp aka LibYaml-C++ 0.5.3 allows remote attackers to cause a denial of service stack consumption and application crash via a crafted YAML file...

5.5CVSS6.5AI score0.02034EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2026/03/28 12:25 a.m.11 views

SUSE CVE-2026-33532

yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...

4.3CVSS6.1AI score0.0047EPSS
Exploits1References3
Rows per page
Query Builder