The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.
386 vulnerabilities with CWE-674
CVE-2026-33498
HIGH
Parse Server: Query condition depth bypass via pre-validation transform pipeline
CVSS 7.5
CVE-2026-33320
MEDIUM
Dasel has unbounded YAML alias expansion in dasel leads to CPU/memory denial of service
CVSS 6.2
CVE-2026-26209
HIGH
cbor2 <5.9.0 - DoS
CVSS 7.5
CVE-2026-32933
HIGH
AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion
CVSS 7.5
CVE-2026-32944
HIGH
Parse Server crash via deeply nested query condition operators
CVSS 7.5
CVE-2026-30922
HIGH
pyasn1 Vulnerable to Denial of Service via Unbounded Recursion
CVSS 7.5
CVE-2026-4224
MEDIUM
Stack overflow parsing XML with deeply nested DTD content models
CVE-2026-31899
HIGH
CairoSVG - DoS
CVSS 7.5
CVE-2026-32141
HIGH
flatted <3.4.0 - Deserialization
CVSS 7.5
CVE-2026-1069
HIGH
GitLab CE/EE 18.9-18.9.1 - DoS
CVSS 7.5
CVE-2026-30980
MEDIUM
iccDEV <2.3.1.5 - Buffer Overflow
CVSS 5.5
CVE-2026-29076
MEDIUM
cpp-httplib <0.37.0 - DoS
CVSS 5.9
CVE-2026-25048
HIGH
xgrammar <0.1.32 - Memory Corruption
CVSS 7.5
CVE-2026-3520
HIGH
Multer <2.1.1 - DoS
CVSS 7.5
CVE-2026-3388
LOW
Squirrel up to 3.2 - Memory Corruption
CVSS 3.3
CVE-2026-3385
LOW
wren-lang wren <=0.4.0 - Memory Corruption
CVSS 3.3
CVE-2026-3384
LOW
ChaiScript <6.1.0 - DoS
CVSS 3.3
CVE-2026-25971
MEDIUM
ImageMagick <7.1.2-15/6.9.13-40 - Memory Corruption
CVSS 6.2
CVE-2026-2887
LOW
aardappel lobster <2025.4 - Memory Corruption
CVSS 3.3
CVE-2026-27014
MEDIUM
NanaZip 5.0.1252.0-6.0.1630.0 - DoS
CVSS 5.5
CVE-2026-2641
LOW
universal-ctags <=6.2.1 - DoS
CVSS 3.3
CVE-2026-1849
MEDIUM
MongoDB Server - Memory Corruption
CVSS 6.5
CVE-2026-23066
HIGH
Linux kernel - Buffer Overflow
CVSS 7.8
CVE-2026-22260
HIGH
Oisf Suricata < 8.0.3 - Out-of-Bounds Write
CVSS 7.5
CVE-2026-24401
MEDIUM
Avahi <0.9rc2 - Memory Corruption
CVSS 6.5
Details
Vulnerabilities
386