9309 matches found
CVE-2025-66020 Valibot has a ReDoS vulnerability in `EMOJI_REGEX`
Valibot helps validate data using a schema. In versions from 0.31.0 to 1.1.0, the EMOJIREGEX used in the emoji action is vulnerable to a Regular Expression Denial of Service ReDoS attack. A short, maliciously crafted string e.g., 100 characters can cause the regex engine to consume excessive CPU...
CVE-2025-66020 Valibot has a ReDoS vulnerability in `EMOJI_REGEX`
Valibot helps validate data using a schema. In versions from 0.31.0 to 1.1.0, the EMOJIREGEX used in the emoji action is vulnerable to a Regular Expression Denial of Service ReDoS attack. A short, maliciously crafted string e.g., 100 characters can cause the regex engine to consume excessive CPU...
CVE-2025-66020 Valibot has a ReDoS vulnerability in `EMOJI_REGEX`
Valibot helps validate data using a schema. In versions from 0.31.0 to 1.1.0, the EMOJIREGEX used in the emoji action is vulnerable to a Regular Expression Denial of Service ReDoS attack. A short, maliciously crafted string e.g., 100 characters can cause the regex engine to consume excessive CPU...
CVE-2025-66020
Valibot CVE-2025-66020: A ReDoS flaw in the EMOJI_REGEX used by the emoji action affects 0.31.0–1.1.0, caused by catastrophic backtracking in the emoji-related pattern. This can let an attacker craft short input (e.g., under 100 chars) that consumes excessive CPU time, leading to DoS. The issue i...
PT-2025-48121
Name of the Vulnerable Software and Affected Versions Valibot versions 0.31.0 through 1.1.0 Description Valibot is a data validation library that utilizes schemas. Versions from 0.31.0 to 1.1.0 contain a Regular Expression Denial of Service ReDoS issue within the EMOJI REGEX used in the emoji...
Valibot 安全漏洞
Valibot is an Open Circle open source library for structured data validation. A security vulnerability exists in Valibot versions 0.31.0 through 1.1.0, which stems from EMOJIREGEX being susceptible to a regular expression denial-of-service attack that could result in a denial of service of the...
Exploit for Expression Language Injection in Redhat Richfaces
Simplest and most reliable RichFaces Paint2DResource CVE-2018-12...
TencentOS Server 4: mathjax (TSSA-2025:0638)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0638 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
Updated apache packages fix security vulnerabilities
HTTP response splitting. CVE-2024-42516 SSRF with modheaders setting Content-Type header. CVE-2024-43204 modssl error log variable escaping. CVE-2024-47252 modproxyhttp2 denial of service. CVE-2025-49630 modssl access control bypass with session resumption. CVE-2025-23048 modssl TLS upgrade attac...
GHSA-8GW3-RXH4-V6JX expr-eval vulnerable to Prototype Pollution
npm package expr-eval is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue...
CVE-2025-13204
npm package expr-eval is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue...
CVE-2025-13204
CVE-2025-13204 (npm expr-eval) is a Prototype Pollution vulnerability in the expr-eval package. An attacker with access to the express eval interface can leverage JavaScript prototype-based inheritance to achieve arbitrary code execution. The issue is mitigated by the npm expr-eval-fork package, ...
EUVD-2025-197614
npm package expr-eval is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue...
CVE-2025-62484
Inefficient regular expression complexity in certain Zoom Workplace Clients before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access...
netfilter: nft_objref: validate objref and objrefmap expressions
...
JavaScript Expression Evaluator 安全漏洞
JavaScript Expression Evaluator is a math calculator by Matthew Crumley Personal Developer. A security vulnerability exists in JavaScript Expression Evaluator that stems from prototype contamination and could lead to the execution of arbitrary code...
MGASA-2025-0290 Updated ruby packages fix security vulnerabilities
Net::IMAP vulnerable to possible DoS by memory exhaustion. CVE-2025-25186 In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it...
@omni-co/vega-lite (>=6.2.0-fork.2 <=6.2.0-fork.2-beta.2), arakawa (=0.1.0-alpha.1) +3 more potentially affected by CVE-2025-59840 via vega-expression (=6.0.0)
vega-expression NPM version =6.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on vega-expression and may be impacted: - @omni-co/vega-lite =6.2.0-fork.2, =6.0.0, =6.0.0, =6.0.0, =6.3.1 Source cves: CVE-2025-59840 Source advisory: OSV:GHSA-7F2V-3QQ3-V...
@0xgg/echomd (>=1.0.0 <=1.0.4), @ajuhos/malloy-tests (>=0.0.332 <=0.0.334) +361 more potentially affected by CVE-2025-59840 via vega-expression (>=1.2.1 <=5.1.2)
vega-expression NPM version =1.2.1, =1.0.0, =0.0.332, =0.0.332, =1.1.5, =0.0.1, =0.20.0, =0.20.0, =2.4.22, =0.4.1-canary.195, =0.0.0, =0.1.0, =0.3.0, =0.8.8 and more Source cves: CVE-2025-59840 Source advisory: OSV:GHSA-7F2V-3QQ3-VVJF...
Cross-site Scripting (XSS)
Overview vega-expression is a Vega expression parser and code generator. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the toString function in environments where the VEGADEBUG global variable is present. An attacker can execute arbitrary JavaScript code by...