Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-674

CWE-674

Uncontrolled Recursion

Parent: CWE-834 - Excessive Iteration

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

430 vulnerabilities with CWE-674

CVE-2026-41680 HIGH

Marked: OOM Denial of Service via Infinite Recursion in marked Tokenizer

CVE-2026-6862 MEDIUM

Efivar: efivar: denial of service due to stack overflow in device path node parsing

CVE-2026-40879 HIGH

Nest: DoS via Recursive handleData in JsonSocket (TCP Transport)

CVE-2026-39396 LOW

OpenBao has Decompression Bomb via Unbounded Copy in OCI Plugin Extraction (DoS)

CVE-2026-40324 CRITICAL

Hot Chocolate's Utf8GraphQLParser has Stack Overflow via Deeply Nested GraphQL Documents

CVE-2026-33947 MEDIUM

jq: Unbounded Recursion in jv_setpath(), jv_getpath() and delpaths_sorted()

CVE-2026-33908 HIGH

ImageMagick is vulnerable to Stack Overflow in DestroyXMLTree()

CVE-2026-33902 MEDIUM

ImageMagick: Stack Overflow via Recursive FX Expression Parsing

CVE-2026-39376 HIGH

FastFeedParser <0.5.10 Meta-Refresh Redirects - Denial of Service

CVE-2026-34211 HIGH

SandboxJS: Stack overflow DoS via deeply nested expressions in recursive descent parser

CVE-2026-3778 MEDIUM

Stack exhaustion caused by cyclic references in Foxit PDF Editor/Reader

CVE-2026-34536 MEDIUM

iccDEV: SO in SIccCalcOp::ArgsUsed()

CVE-2026-33532 MEDIUM

yaml is vulnerable to Stack Overflow via deeply nested YAML collections

CVE-2026-4833 LOW

Orc discount Markdown markdown.c compile recursion

CVE-2026-23292 MEDIUM

scsi: target: Fix recursive locking in __configfs_open_file()

CVE-2026-33508 HIGH

Parse Server: LiveQuery subscription query depth bypass

CVE-2026-33498 HIGH

Parse Server: Query condition depth bypass via pre-validation transform pipeline

CVE-2026-33320 MEDIUM

Dasel has unbounded YAML alias expansion in dasel leads to CPU/memory denial of service

CVE-2026-26209 HIGH

cbor2 < 5.9.0 - Denial of Service via Deeply Nested CBOR Structures

CVE-2026-23276 MEDIUM

net: add xmit recursion limit to tunnel xmit functions

CVE-2026-32933 HIGH

AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion

CVE-2026-32944 HIGH

Parse Server crash via deeply nested query condition operators

CVE-2026-30922 HIGH

pyasn1 Vulnerable to Denial of Service via Unbounded Recursion

CVE-2026-4224 HIGH

Stack overflow parsing XML with deeply nested DTD content models

CVE-2026-31899 HIGH

CairoSVG < 2.9.0 - Denial of Service via Recursive <use> Element Amplification

Previous Page 3 of 18 Next

Details

Vulnerabilities 430

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy