9302 matches found
Security Bulletin: Multiple vulnerabilities in IBM® Db2® affect IBM® Db2® Big SQL.
Summary There are multiple vulnerabilities in IBM® Db2® 11.5 used by IBM® Db2® Big SQL 7 on IBM Cloud Pak for Data 4.7 and earlier. Vulnerability Details CVEID:CVE-2015-8383 DESCRIPTION: PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a deni...
opentelemetry-collector security update
An update is available for opentelemetry-collector. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Collector with the supported components for a Rocky Enterpris...
RLSA-2025:23729 Important: opentelemetry-collector security update
Collector with the supported components for a Rocky Enterprise Software Foundation build of OpenTelemetry Security Fixes: github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation CVE-2025-68156 For more details about the security issues, including the...
n8n Node.js Package 0.211.0 < 1.120.4 / 1.121.0 Remote Code Execution via Expression Injection (CVE-2025-68613)
The version of the n8n Node.js Package installed on the remote host is 0.211.0 prior to 1.120.4, or 1.121.0. It is, therefore, affected by a remote code execution vis expression injection vulnerability: - n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior...
CVE-2025-68475
Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2, a Regular Expression Denial of Service ReDoS vulnerability exists in Fedify's document loader. The HTML parsing regex at...
EUVD-2025-204741
Fedify has ReDoS Vulnerability in HTML Parsing Regex...
GHSA-RCHF-XWX2-HM93 Fedify has ReDoS Vulnerability in HTML Parsing Regex
Hi Fedify team! 👋 Thank you for your work on Fedify—it's a fantastic library for building federated applications. While reviewing the codebase, I discovered a Regular Expression Denial of Service ReDoS vulnerability that I'd like to report. I hope this helps improve the project's security. ---...
Regular Expression Denial of Service (ReDoS)
Overview @fedify/fedify is an An ActivityPub server framework Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via docloader.ts. An attacker can cause the event loop to become unresponsive by supplying a specially crafted HTML payload that triggers...
Fedify has ReDoS Vulnerability in HTML Parsing Regex
Hi Fedify team! 👋 Thank you for your work on Fedify—it's a fantastic library for building federated applications. While reviewing the codebase, I discovered a Regular Expression Denial of Service ReDoS vulnerability that I'd like to report. I hope this helps improve the project's security. ---...
CVE-2025-68475 Fedify has ReDoS Vulnerability in HTML Parsing Regex
Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2, a Regular Expression Denial of Service ReDoS vulnerability exists in Fedify's document loader. The HTML parsing regex at...
CVE-2025-68475
CVE-2025-68475 describes a ReDoS in Fedify's HTML document loader. A vulnerable regex in packages/fedify/src/runtime/docloader.ts uses nested quantifiers that enable catastrophic backtracking when parsing malicious HTML, potentially blocking the Node.js event loop. Affected versions are prior to ...
n8n Vulnerable to Remote Code Execution via Expression Injection
Impact n8n contains a critical Remote Code Execution RCE vulnerability in its workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from...
CVE-2025-68613
n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution RCE vulnerability in their workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated...
Important: Red Hat Security Advisory: opentelemetry-collector security update
An update for opentelemetry-collector is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
PT-2025-52723
Name of the Vulnerable Software and Affected Versions Fedify versions prior to 1.6.13 Fedify versions prior to 1.7.14 Fedify versions prior to 1.8.15 Fedify versions prior to 1.9.2 Description Fedify is a TypeScript library used for building federated server applications based on ActivityPub. A...
PT-2026-22035
Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.10.1 n8n versions prior to 2.9.3 n8n versions prior to 1.123.22 Description n8n, an open source workflow automation platform, contains a critical Remote Code Execution RCE issue in its workflow expression evaluation...
RHEL 9 : opentelemetry-collector (RHSA-2025:23729)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:23729 advisory. Collector with the supported components for a Red Hat build of OpenTelemetry Security Fixes: github.com/expr-lang/expr: Expr: Denial of Service via...
Important: opentelemetry-collector security update
Collector with the supported components for a AlmaLinux build of OpenTelemetry Security Fixes: github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation CVE-2025-68156 For more details about the security issues, including the impact, a CVSS score,...
opentelemetry-collector security update
An update is available for opentelemetry-collector. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Collector with the supported components for a Rocky Enterpri...
RLSA-2025:23664 Important: opentelemetry-collector security update
Collector with the supported components for a Rocky Enterprise Software Foundation build of OpenTelemetry Security Fixes: github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation CVE-2025-68156 For more details about the security issues, including the...