1039 matches found
EUVD-2026-24021
Signal K Server has an Unauthenticated Regular Expression Denial of Service ReDoS via WebSocket Subscription Paths...
CVE-2026-40319
Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a user-supplied regular expression pattern directly to Python's re.search without any timeout or complexity guard. A crafted regex pattern can trigger catastrophic backtracking,...
MiracleLinux 9 : nodejs:20 (AXSA:2026-452:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-452:01 advisory. minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-26996 minimatch: Minimatch: Denial of Service via catastrophic...
CVE-2026-40319
Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a user-supplied regular expression pattern directly to Python's re.search without any timeout or complexity guard. A crafted regex pattern can trigger catastrophic backtracking,...
CVE-2026-40319 Giskard has a Regular Expression Denial of Service (ReDoS) in RegexMatching Check
Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a user-supplied regular expression pattern directly to Python's re.search without any timeout or complexity guard. A crafted regex pattern can trigger catastrophic backtracking,...
CVE-2026-40319
Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a user-supplied regular expression pattern directly to Python's re.search without any timeout or complexity guard. A crafted regex pattern can trigger catastrophic backtracking,...
OESA-2026-1967 rubygem-addressable security update
Addressable is a replacement for the URI implementation that is part of Ruby's standard library. It more closely conforms to the relevant RFCs and adds support for URI and URL templates. Security Fixes: Within the URI template implementation in Addressable, two classes of URI template generate...
Regular Expression Denial Of Service
fast-jwt is vulnerable to Regular Expression Denial of Service. The vulnerability is due to the library allowing regular expressions in claim validation, where a crafted JWT can trigger catastrophic backtracking in the JavaScript regex engine, resulting in significant CPU consumption during...
Security Bulletin: Multiple Vulnerabilities in IBM Aspera Faspex
Summary Multiple Vulnerabilities were addressed in IBM Aspera Faspex 5.0.15.1 Vulnerability Details CVEID:CVE-2025-62718 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking...
RLSA-2026:8339 Important: nodejs:20 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-26996 minimatch: Minimatch: Denial of Service via catastrophi...
RockyLinux 8 : nodejs:20 (RLSA-2026:8339)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:8339 advisory. minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-26996 minimatch: Minimatch: Denial of Service via catastrophic...
minimatch: minimatch: Denial of Service via specially crafted glob patterns
A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...
minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions
A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and...
Important: nodejs:20 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-26996 minimatch: Minimatch: Denial of Service via catastrophi...
minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions
A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and...
minimatch: minimatch: Denial of Service via specially crafted glob patterns
A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...
Important: Red Hat Security Advisory: nodejs:22 security update
An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
PT-2026-32983
Name of the Vulnerable Software and Affected Versions Giskard versions prior to 1.0.2b1 Description The RegexMatching check in the giskard-checks package passes a user-supplied regular expression pattern directly to the Python re.search function without a timeout, complexity guard, or pattern...
minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions
A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and...
minimatch: minimatch: Denial of Service via specially crafted glob patterns
A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...