EUVD-2022-0155

Malicious code in bioql PyPI...

EUVD-2025-20969

Malicious code in bioql PyPI...

EUVD-2023-28102

Malicious code in bioql PyPI...

EUVD-2025-27175

Malicious code in bioql PyPI...

EUVD-2025-16191

Malicious code in bioql PyPI...

EUVD-2025-25177

Malicious code in bioql PyPI...

EUVD-2024-48501

Malicious code in bioql PyPI...

EUVD-2024-27744

Malicious code in bioql PyPI...

EUVD-2022-5214

Malicious code in bioql PyPI...

USN-7015-7: Python 2.7 regression

USN-7015-4 fixed vulnerabilities in Python. It was discovered that the fix for CVE-2023-27043 for python2.7 was incorrectly applied on Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the...

USN-7015-7 python2.7 regression

USN-7015-4 fixed vulnerabilities in Python. It was discovered that the fix for CVE-2023-27043 for python2.7 was incorrectly applied on Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the...

CVE-2025-6921

The huggingface/transformers library, versions prior to 4.53.0, is vulnerable to Regular Expression Denial of Service ReDoS in the AdamWeightDecay optimizer. The vulnerability arises from the douseweightdecay method, which processes user-controlled regular expressions in the includeinweightdecay...

A Practical Adversarial Attack against Sequence-Based Deep Learning Malware Classifiers

Sequence-based deep learning models e.g., RNNs, can detect malware by analyzing its behavioral sequences. Meanwhile, these models are susceptible to adversarial attacks. Attackers can create adversarial samples that alter the sequence characteristics of behavior sequences to deceive malware...

CVE-2025-58451

Cattown is a JavaScript markdown parser. Versions prior to 1.0.2 used regular expressions with inefficient, potentially exponential worst-case complexity. This could cause excessive CPU usage due to excessive backtracking on crafted inputs. In turn, the excessive CPU usage could lead to resource...

PT-2025-36518

Name of the Vulnerable Software and Affected Versions: Cattown versions prior to 1.0.2 Description: Cattown is a JavaScript markdown parser susceptible to denial of service. The parser utilizes regular expressions with inefficient complexity, potentially leading to exponential worst-case...

bpf: Do not include stack ptr register in precision backtracking bookkeeping

...

Linux Distros Unpatched Vulnerability : CVE-2021-39933

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versio...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Denial of Service in huggingface/transformers [CVE-2025-2099]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Denial of Service in huggingface/transformers, due to an issue where the regular expression used to process code blocks in docstrings contains nested quantifiers, leading to exponential backtracking when processing input with a large...

PT-2025-35111

Name of the Vulnerable Software and Affected Versions: NeuVector versions prior to 5.4.6 Description: NeuVector process handling can lead to the leakage of sensitive arguments, such as passwords, within security event logs. The software uses regular expressions to detect and redact sensitive data...

Linux Distros Unpatched Vulnerability : CVE-2021-29469

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Node-redis is a Node.js Redis client. Before version 3.1.1, when a client is in monitoring mode, the regex begin used to detected monitor messages could cause...