1029 matches found
Python -- configparser vulnerable to excessive CPU use
Stan Ulbrych reports: configparser.RawConfigParser.OPTCRE,OPTCRENV regexes are vulnerable to quadratic backtracking...
CVE-2026-22178
OpenClaw versions prior to 2026.2.19 construct RegExp objects directly from unescaped Feishu mention metadata in the stripBotMention function, allowing regex injection and denial of service. Attackers can craft nested-quantifier patterns or metacharacters in mention metadata to trigger catastroph...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the incorrect release of data reservations when the -ENOSPC function backtracked from inline operations...
OESA-2026-1552 cpp-httplib security update
A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, when a request handler throws a C++ excepti...
CVE-2026-32249
A flaw was found in Vim. A NULL pointer dereference can occur when the NFA regex compiler processes a specific character collection, more specifically one that contains a combining character acting as the endpoint of a character range e.g., 0-0\u05bb. A process or user that can supply a regex...
CVE-2026-28356
A flaw was found in multipart. The parseoptionsheader function in multipart.py uses a regular expression with an ambiguous alternation, causing an exponential backtracking ReDoS when parsing a specially crafted HTTP or multipart segment headers. A web application parsing request headers or...
SUSE CVE-2026-28356
multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 and 1.4.0-dev, the parseoptionsheader function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted HTTP or multipar...
CVE-2026-28356
multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 and 1.4.0-dev, the parseoptionsheader function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted HTTP or multipar...
UBUNTU-CVE-2026-28356
multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 and 1.4.0-dev, the parseoptionsheader function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted HTTP or multipar...
CVE-2026-28356 ReDoS in multipart 1.3.0 - `parse_options_header()`
multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 and 1.4.0-dev, the parseoptionsheader function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted HTTP or multipar...
CVE-2026-28356
multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 and 1.4.0-dev, the parseoptionsheader function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted HTTP or multipar...
CVE-2026-28356 ReDoS in multipart 1.3.0 - `parse_options_header()`
multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 and 1.4.0-dev, the parseoptionsheader function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted HTTP or multipar...
python-multipart 安全漏洞
python-multipart is a Python-based streaming multipart parser developed by Marcelo Trylesinski. Versions prior to 1.2.2, 1.3.1, and 1.4.0-dev contained security vulnerabilities. These vulnerabilities stemmed from the use of ambiguous regular expressions in the parseoptionsheader function, which...
Linux Distros Unpatched Vulnerability : CVE-2026-28356
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 and 1.4.0-dev, the parseoptionsheader function in multipart.py uses a regular...
CVE-2026-30925
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.0-alpha.14 and 8.6.11, a malicious client can subscribe to a LiveQuery with a crafted $regex pattern that causes catastrophic backtracking, blocking the Node.js event loop. This...
CVE-2026-30925
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.0-alpha.14 and 8.6.11, a malicious client can subscribe to a LiveQuery with a crafted $regex pattern that causes catastrophic backtracking, blocking the Node.js event loop. This...
EUVD-2026-10437
Parse Server has Regular Expression Denial of Service ReDoS via $regex query in LiveQuery...
EUVD-2026-10436
Parse Server has Regular Expression Denial of Service ReDoS via $regex query in LiveQuery...
CVE-2026-30925
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.0-alpha.14 and 8.6.11, a malicious client can subscribe to a LiveQuery with a crafted $regex pattern that causes catastrophic backtracking, blocking the Node.js event loop. This...
PT-2026-24151
Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 9.5.0-alpha.14 Parse Server versions prior to 8.6.11 Description A crafted $regex pattern within a LiveQuery subscription can cause catastrophic backtracking, blocking the Node.js event loop and rendering the...