Linux Distros Unpatched Vulnerability : CVE-2023-22796

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A regular expression based DoS vulnerability in Active Support 6.1.7.1 and 7.0.4.1. A specially crafted string passed to the underscore method can cause the...

Linux Distros Unpatched Vulnerability : CVE-2024-2800

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ReDoS flaw in RefMatcher when matching branch names using wildcards in GitLab EE/CE affecting all versions from 11.3 prior to 17.0.6, 17.1 prior to 17.1.4, and...

Regular Expression Denial Of Service (ReDoS)

Hugging Face Transformers is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to the use of a regex pattern /^/^// in the converttfweightnametoptweightname function, which allows attackers to craft malicious input strings causing catastrophic backtracking and...

CVE-2025-54364

Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. optiondescriptions employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings containing a...

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.npm:yarn is a package for dependency management. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the setOptions function in the src/util/request-manager.js file. An attacker can cause resource exhaustion by supplying crafted...

CVE-2025-4690

A regular expression used by AngularJS' linky https://docs.angularjs.org/api/ngSanitize/filter/linky filter to detect URLs in input text is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input, this can cause a Regular expression Denial of Service ReDoS...

CVE-2025-4690 AngularJS 'linky' filter ReDoS

A regular expression used by AngularJS' linky https://docs.angularjs.org/api/ngSanitize/filter/linky filter to detect URLs in input text is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input, this can cause a Regular expression Denial of Service ReDoS...

CVE-2025-4690

CVE-2025-4690 concerns the regular expression used by AngularJS’ ngSanitize/filter/linky to detect URLs. The underlying regex is vulnerable to super-linear runtime due to backtracking, enabling a Regular Expression Denial of Service (ReDoS) attack when fed large crafted inputs. The issue affects ...

CVE-2025-4690 AngularJS 'linky' filter ReDoS

A regular expression used by AngularJS' linky https://docs.angularjs.org/api/ngSanitize/filter/linky filter to detect URLs in input text is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input, this can cause a Regular expression Denial of Service ReDoS...

AngularJS 安全漏洞

AngularJS is a TypeScript-based open source web application framework from AngularJS Open Source. A security vulnerability exists in AngularJS that stems from a backtracking issue with regular expressions used by linky filters, which could lead to a regular expression denial of service attack...

PT-2025-33727 · Google · Angularjs

Name of the Vulnerable Software and Affected Versions: AngularJS affected versions not specified Description: A regular expression used by the AngularJS linky filter to detect URLs in input text is vulnerable to super-linear runtime due to backtracking, potentially leading to a Regular expression...

Linux Distros Unpatched Vulnerability : CVE-2022-1100

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 13.1 prior to 14.7.7, 14.8.0 prior to 14.8.5, and 14.9.0 prior to 14.9....

Linux Distros Unpatched Vulnerability : CVE-2023-22792

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A regular expression based DoS vulnerability in Action Dispatch 6.0.6.1, 6.1.7.1, and 7.0.4.1. Specially crafted cookies, in combination with a specially crafte...

Linux Distros Unpatched Vulnerability : CVE-2020-13333

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A potential DOS vulnerability was discovered in GitLab versions 13.1, 13.2 and 13.3. The api to update an asset as a link from a release had a regex check which...

Regular Expression Denial Of Service (ReDoS)

calibreweb is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression processing because the stripwhitespaces function allows catastrophic backtracking when processing a specially crafted username parameter during login...

Regular Expression Denial of Service (ReDoS)

Overview transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the converttfweightnametoptweightname function. An attacker can cause excessive CPU consumption and disru...

GHSA-2G7M-PH9X-7Q7M Calibre Web and Autocaliweb have a ReDoS vulnerability

ReDoS in stripwhitespaces function in cps/stringhelper.py in Calibre Web and Autocaliweb allows unauthenticated remote attackers to cause denial of service via specially crafted username parameter that triggers catastrophic backtracking during login. This issue affects Calibre Web: 0.6.24...

CVE-2025-6998 Calibre Web 0.6.24 & Autocaliweb 0.7.0 - ReDoS

ReDoS in stripwhitespaces function in cps/stringhelper.py in Calibre Web and Autocaliweb allows unauthenticated remote attackers to cause denial of service via specially crafted username parameter that triggers catastrophic backtracking during login. This issue affects Calibre Web: 0.6.24...

SUSE CVE-2025-38279

In the Linux kernel, the following vulnerability has been resolved: bpf: Do not include stack ptr register in precision backtracking bookkeeping Yi Lai reported an issue 1 where the following warning appears in kernel dmesg: 60.643604 verifier backtracking bug 60.643635 WARNING: CPU: 10 PID: 2315...

DEBIAN-CVE-2025-38279

In the Linux kernel, the following vulnerability has been resolved: bpf: Do not include stack ptr register in precision backtracking bookkeeping Yi Lai reported an issue 1 where the following warning appears in kernel dmesg: 60.643604 verifier backtracking bug 60.643635 WARNING: CPU: 10 PID: 2315...