449 matches found
CVE-2025-29907 jsPDF Bypass Regular Expression Denial of Service (ReDoS)
jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.1, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitised image urls to the addImage method, a user can provide a harmful data-url that...
CVE-2025-29907 jsPDF Bypass Regular Expression Denial of Service (ReDoS)
jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.1, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitised image urls to the addImage method, a user can provide a harmful data-url that...
CVE-2025-29907
CVE-2025-29907 — jsPDF DoS via addImage argument : In jsPDF, prior to 3.0.1, user control of the first argument to addImage can trigger high CPU utilization and denial of service when unsanitised image URLs/data-urls are passed. The vulnerability also affects html and addSvgAsImage in relevant co...
CVE-2025-29907 jsPDF Bypass Regular Expression Denial of Service (ReDoS)
jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.1, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitised image urls to the addImage method, a user can provide a harmful data-url that...
BIT-NGINX-2025-1695 NGINX Unit Java Vulnerability
In NGINX Unit before version 1.34.2 with the Java Language Module in use, undisclosed requests can lead to an infinite loop and cause an increase in CPU resource utilization. This vulnerability allows a remote attacker to cause a degradation that can lead to a limited denial-of-service DoS. There...
CVE-2025-1695
In NGINX Unit before version 1.34.2 with the Java Language Module in use, undisclosed requests can lead to an infinite loop and cause an increase in CPU resource utilization. This vulnerability allows a remote attacker to cause a degradation that can lead to a limited denial-of-service DoS. There...
CVE-2025-1695
NGINX Unit 1.34.2+ with the Java Language Module is affected by CVE-2025-1695. In versions prior to 1.34.2, undisclosed requests can trigger an infinite loop, increasing CPU utilization and causing a limited denial-of-service on the data plane. The issue is a data-plane degradation with no contro...
CVE-2025-1695 NGINX Unit Java Vulnerability
In NGINX Unit before version 1.34.2 with the Java Language Module in use, undisclosed requests can lead to an infinite loop and cause an increase in CPU resource utilization. This vulnerability allows a remote attacker to cause a degradation that can lead to a limited denial-of-service DoS. There...
Regular Expression Denial-of-Service (ReDoS)
@octokit/endpoint is vulnerable to Regular Expression Denial-of-Service ReDoS. The vulnerability is due to inefficient regex processing due to the endpoint.parseoptions function allowing crafted input to trigger excessive backtracking, leading to high CPU utilization and application hang...
CVE-2025-25285
@octokit/endpoint turns REST API endpoints into generic request options. Starting in version 4.1.0 and prior to version 10.1.3, by crafting specific options parameters, the endpoint.parseoptions call can be triggered, leading to a regular expression denial-of-service ReDoS attack. This causes the...
CVE-2025-25285 @octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
@octokit/endpoint turns REST API endpoints into generic request options. Starting in version 4.1.0 and prior to version 10.1.3, by crafting specific options parameters, the endpoint.parseoptions call can be triggered, leading to a regular expression denial-of-service ReDoS attack. This causes the...
CVE-2025-25285 @octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
@octokit/endpoint turns REST API endpoints into generic request options. Starting in version 4.1.0 and prior to version 10.1.3, by crafting specific options parameters, the endpoint.parseoptions call can be triggered, leading to a regular expression denial-of-service ReDoS attack. This causes the...
CVE-2025-25285 @octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
@octokit/endpoint turns REST API endpoints into generic request options. Starting in version 4.1.0 and prior to version 10.1.3, by crafting specific options parameters, the endpoint.parseoptions call can be triggered, leading to a regular expression denial-of-service ReDoS attack. This causes the...
CVE-2025-25285
CVE-2025-25285 affects the npm package @octokit/endpoint. The vulnerability arises in endpoint.parse(options) via crafted options in versions 4.1.0 through before 10.1.3, causing a ReDoS that can hang the program and raise CPU usage. A fix is available in version 10.1.3 (patch applied) and later....
GHSA-H5C3-5R3R-RR8Q @octokit/plugin-paginate-rest has a Regular Expression in iterator Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Summary For the npm package @octokit/plugin-paginate-rest, when calling octokit.paginate.iterator, a specially crafted octokit instance—particularly with a malicious link parameter in the headers section of the request—can trigger a ReDoS attack. Details The issue occurs at line 39 of iterator.ts...
@octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Summary By crafting specific options parameters, the endpoint.parseoptions call can be triggered, leading to a regular expression denial-of-service ReDoS attack. This causes the program to hang and results in high CPU utilization. Details The issue occurs in the parse function within the parse.ts...
CVE-2025-21690 scsi: storvsc: Ratelimit warning logs to prevent VM denial of service
In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service If there's a persistent error in the hypervisor, the SCSI warning for failed I/O can flood the kernel log and max out CPU utilization, preventing troubleshooti...
CVE-2025-21690
CVE-2025-21690 affects the Linux kernel storvsc SCSI driver where a persistent hypervisor error can cause an unbounded flood of I/O warning logs, leading to kernel log bloat and VM DoS. The issue is addressed by kernel updates across several distributions (e.g., Debian LTS DLA-4076-1:00E2C upgrad...
CVE-2025-21690
In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service If there's a persistent error in the hypervisor, the SCSI warning for failed I/O can flood the kernel log and max out CPU utilization, preventing troubleshooti...
CVE-2025-24312
When BIG-IP AFM is provisioned with IPS module enabled and protocol inspection profile is configured on a virtual server or firewall rule or policy, undisclosed traffic can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support EoTS are...