CWE-674
Uncontrolled Recursion
MITRENo catalog description on file. The MITRE CWE site has the canonical reference.
Recent CVEs
showing 13 of 13- CVE-2025-7010Medium· 5.510 h ago
Stack overflow vulnerability due to uncontrolled recursion in Avast Antivirus when scanning a malformed PDF file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Ava
- CVE-2025-7005Medium· 5.510 h ago
Uncontrolled recursion vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Ava
- CVE-2026-46373High· 7.5EPSS 0%18 h ago
SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.1.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a mal
pypi - CVE-2026-48734Medium· 5.5EPSS 0%1 d ago
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, a crafted MVG file could result in a stack overflow due to a missing depth or visited-set check. This i
- CVE-2026-46557Medium· 6.2EPSS 0%1 d ago
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-23, due to a missing depth check a stack overflow can occur in the fx operation by passing a crafted argument. This issue
- CVE-2026-45664Medium· 5.3EPSS 0%1 d ago
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, because of a missing check in the MNG coder it would be possible to read more images than the list limi
- CVE-2026-46689—EPSS 0%1 d ago
Kanidm is an identity management platform. Prior to version 1.9.3, a single unauthenticated GET to any /scim/v1/... endpoint with a ?filter= query string of a few thousand nested parentheses (≈ 4–12 KB) drives the recursive-descent PEG pars
- CVE-2026-46149High· 7.1EPSS 0%2 d ago
In the Linux kernel, the following vulnerability has been resolved: scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show() target_tg_pt_gp_members_show() formats LUN paths with snprintf() into a 256-byte stack buffer,
- CVE-2026-9740High· 7.5EPSS 0%2 d ago
A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The BSON validator's handling of certain nested binary data structures permits unco
- CVE-2026-46217Medium· 5.5EPSS 0%2 d ago
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/vcn4: Avoid overflow on msg bound check As pointed out by SDL, the previous condition may be vulnerable to overflow. (cherry picked from commit 3c5367d950140d
- CVE-2026-49847High· 7.5EPSS 0%2 d ago
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, a single unauthenticated WebSock
- CVE-2026-49941High· 7.5EPSS 0%4 d ago
Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses. The add method called the _encode method to parse addresses. If the addresses did not look like netmasks or network ranges, then they were assumed to single IP ad
- CVE-2020-8285Medium· 7.5EPSS 1%2026-04-25
curl/libcurl: FTP wildcard stack overflow
curl
CWE catalog data sourced from MITRE. CVE associations come from NVD weakness mappings; some CVEs carry multiple CWEs.