Astra Linux – Vulnerability in Mariadb 10.3

A vulnerability in the Itemsubselect::initexprcachetracker component of MariaDB Server v10.6 and earlier was identified. This vulnerability allows attackers to trigger a Denial of Service DoS attack through specially crafted SQL statements...

CVE-2026-56021

Webmin allows unauthenticated attackers to read the contents of any file ending in .conf within module directories, due to a bypassable regex pattern...

python-statemachine SCXML <data expr> Eval Injection

Summary python-statemachine 3.1.2 evaluates attributes in SCXML documents using Python's eval. Any application that passes attacker-controlled SCXML content to SCXMLProcessor is vulnerable to arbitrary code execution in the context of the hosting process. Details SCXMLProcessor.parsescxmlfile...

ROOT-APP-GOBINARY-CVE-2025-29786 CVE-2025-29786 in rootio-github.com/expr-lang/expr - Patched by Root

Root has patched CVE-2025-29786 in the rootio-github.com/expr-lang/expr package for Root:Go. Multiple fixed versions available...

CVE-2026-45617

LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, the built-in striphtml filter uses a regex containing four flawed lazy-quantified alternatives, leading to ReDoS via quadratic backtracking. When the input contains many script...

CVE-2026-45617 LiquidJS: ReDoS via Quadratic Backtracking in `strip_html` Filter Regex

LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, the built-in striphtml filter uses a regex containing four flawed lazy-quantified alternatives, leading to ReDoS via quadratic backtracking. When the input contains many script...

CVE-2026-45617

CVE-2026-45617 affects LiquidJS, where the built‑in strip_html filter in versions 10.25.7 and earlier uses a backtracking regex that causes severe CPU backpressure (ReDoS) on inputs with unclosed [removed], , or

CVE-2026-47103

Python StateMachine 3.0.0 before 3.2.0 has a remote code execution flaw: crafted SCXML documents with are unsafely evaluated via eval() in the SCXMLProcessor, enabling arbitrary code execution in the hosting process. Affected versions are 3.0.0 up to (but not including) 3.2.0. The CVSS metrics i...

Crawl4AI: AST Sandbox Escape via gi_frame.f_back Chain - Pre-Auth RCE in Docker API

Summary The safeevalexpression function in the computed fields feature uses an AST validator that only blocks attributes starting with underscore. Python generator and frame object attributes giframe, fback, fbuiltins do NOT start with underscore, enabling a complete sandbox escape to achieve...

Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by Regular Expression Denial of Service.

Summary minimatch-9.0.5.tgz is used by IBM Sterling Connect:Direct Web Services CVE-2026-26996, CVE-2026-27903, CVE-2026-27904. Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the formatDate function when processing an excessively long or attacker-controlled date format string. An attacker can cause high CPU and memory consumption, leading to application...

PT-2026-49551

Summary A regular expression denial-of-service ReDoS vulnerability has been discovered in ua-parser-js when using the Client Hints API. By sending a crafted Sec-CH-UA-Model header to an application that calls UAParserheaders.withClientHints, an attacker can cause the parser to spend excessive CPU...

CVE-2026-42567

A flaw was found in Svelte, a web framework. An internal regular expression regex in the Svelte runtime, specifically when processing , can be exploited by a remote attacker. By providing specially crafted input, an attacker can cause the regex to take an exponential amount of time to process,...

GHSA-WXQ7-X3QP-VCR8 Budibase: Unanchored Regex in `matchers.ts` Allows CSRF Bypass via Query String Injection in Budibase Worker

Summary The buildMatcherRegex / matches functions in packages/backend-core/src/middleware/matchers.ts share the same structural root cause as the recently patched CVE-2026-31816: route patterns are compiled into unanchored regular expressions and tested against ctx.request.url, which includes the...

Budibase: Unanchored Regex in `matchers.ts` Allows CSRF Bypass via Query String Injection in Budibase Worker

Summary The buildMatcherRegex / matches functions in packages/backend-core/src/middleware/matchers.ts share the same structural root cause as the recently patched CVE-2026-31816: route patterns are compiled into unanchored regular expressions and tested against ctx.request.url, which includes the...

PT-2026-48883

Name of the Vulnerable Software and Affected Versions jmespath.php versions prior to 2.9.1 Description Insufficient escaping of parsed JMESPath function names into generated PHP source allows for the generation and execution of attacker-controlled PHP code. This occurs when JmesPathCompilerRuntim...

CVE-2026-44496 Axios: Regular Expression Denial of Service (ReDoS) via Cookie Name Injection

Axios is a promise based HTTP client for the browser and Node.js. Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line build a regular expression from the configured XSRF cookie name without escaping regex metacharacters. In standard browser environments, an attacker who...

CVE-2026-44496 Axios: Regular Expression Denial of Service (ReDoS) via Cookie Name Injection

Axios is a promise based HTTP client for the browser and Node.js. Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line build a regular expression from the configured XSRF cookie name without escaping regex metacharacters. In standard browser environments, an attacker who...

CVE-2026-44496

CVE-2026-44496 affects Axios in browser environments where Axios reads document.cookie. Versions before 0.32.0 (0.x branch) and before 1.16.0 (1.x branch) build a regex from the configured XSRF cookie name without escaping regex metacharacters, enabling expensive regex backtracking and potential ...

CVE-2026-41852

A vulnerability in Spring Expression Language SpEL evaluation logic allows for arbitrary zero-argument method invocation, even within restricted or read-only contexts, which may allow an attacker to invoke unintended application logic. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2....