CVE-2024-58340

LangChain versions up to and including 0.3.1 contain a regular expression denial-of-service ReDoS vulnerability in the MRKLOutputParser.parse method libs/langchain/langchain/agents/mrkl/outputparser.py. The parser applies a backtracking-prone regular expression when extracting tool actions from...

CVE-2024-58340 LangChain <= 0.3.1 MRKLOutputParser ReDoS

LangChain versions up to and including 0.3.1 contain a regular expression denial-of-service ReDoS vulnerability in the MRKLOutputParser.parse method libs/langchain/langchain/agents/mrkl/outputparser.py. The parser applies a backtracking-prone regular expression when extracting tool actions from...

CVE-2024-58340 LangChain <= 0.3.1 MRKLOutputParser ReDoS

LangChain versions up to and including 0.3.1 contain a regular expression denial-of-service ReDoS vulnerability in the MRKLOutputParser.parse method libs/langchain/langchain/agents/mrkl/outputparser.py. The parser applies a backtracking-prone regular expression when extracting tool actions from...

LangChain 安全漏洞

LangChain is the LangChain open source framework for developing applications powered by the Large Language Model LLM. A security vulnerability exists in LangChain 0.3.1 and earlier versions, which stems from the MRKLOutputParser.parse method using a regular expression that is vulnerable to...

n8n Node.js Package < 1.121.3 RCE (CVE-2026-21877)

The version of the n8n Node.js Package installed on the remote host is prior to 1.121.3. It is, therefore, affected by a remote code execution vis expression injection vulnerability: - Under certain conditions, an authenticated user may be able to cause untrusted code to be executed by the n8n...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the ConvertToRegularExpression function. An attacker can cause a crash or access unintended memory by providing specially crafted input locally. Remediation Upgrade opencolorio to version 2.5.1 or higher. Referenc...

CVE-2025-15506

A vulnerability was found in AcademySoftwareFoundation OpenColorIO up to 2.5.0. This issue affects the function ConvertToRegularExpression of the file src/OpenColorIO/FileRules.cpp. Performing a manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has...

CVE-2025-15506

A vulnerability was found in AcademySoftwareFoundation OpenColorIO up to 2.5.0. This issue affects the function ConvertToRegularExpression of the file src/OpenColorIO/FileRules.cpp. Performing a manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has...

CVE-2025-15506

A vulnerability was found in AcademySoftwareFoundation OpenColorIO up to 2.5.0. This issue affects the function ConvertToRegularExpression of the file src/OpenColorIO/FileRules.cpp. Performing a manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has...

CVE-2025-15506 AcademySoftwareFoundation OpenColorIO FileRules.cpp ConvertToRegularExpression out-of-bounds

A vulnerability was found in AcademySoftwareFoundation OpenColorIO up to 2.5.0. This issue affects the function ConvertToRegularExpression of the file src/OpenColorIO/FileRules.cpp. Performing a manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has...

CVE-2025-15506

The CVE-2025-15506 issue affects AcademySoftwareFoundation OpenColorIO (up to 2.5.0) in the ConvertToRegularExpression function within src/OpenColorIO/FileRules.cpp. The vulnerability enables an out-of-bounds read when a specific manipulation is performed, with local access required. Public explo...

Regular Expression Denial of Service (ReDoS)

Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the flatten function. An attacker can cause excessive processing times by providing ...

CVE-2014-4720

Email::Address module before 1.904 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service CPU consumption via vectors related to "backtracking into the phrase," a different vulnerability than CVE-2014-0477...

CVE-2021-33199

In Expression Engine before 6.0.3, addonIcon in Addons/file/mod.file.php relies on the untrusted input value of input-get'file' instead of the fixed file names of icon.png and icon.svg...

CVE-2021-22053

Applications using both spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at /hystrix/monitor;user-provided data, the path elements following...

CVE-2016-10513

Cross Site Scripting XSS exists in Piwigo before 2.8.3 via a crafted search expression to include/functionssearch.inc.php...

CVE-2025-66916

The snailjob component in RuoYi-Vue-Plus versions 5.5.1 and earlier, interface /snail-job/workflow/check-node-expression can execute QLExpress expressions, but it does not filter user input, allowing attackers to use the File class to perform arbitrary file reading and writing...

CVE-2022-37262

A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal 2.2.4 via the source and sourceWithComments variable in main.js...

CVE-2022-31781

Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service ReDoS in the way it handles Content Types. Specially crafted Content Types may cause catastrophic backtracking, taking exponential time to complete. Specifically, this is about the regular expression used on...

CVE-2020-7161

A reporttaskselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...