HAPI FHIR: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint

Summary All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The FHIRPath functions matches, matchesFull, and replaceMatches pass user-controlled regular expressions directly to Java's Pattern.compile and String.replaceAll without...

CLSA-2026-1776782592 nodejs: Fix of 2 CVEs

CVE-2026-26996: fix ReDoS in bundled minimatch caused by consecutive non-globstar characters, by coalescing them during pattern compilation - CVE-2026-27904: fix ReDoS in bundled minimatch from nested extglobs and multiple non-adjacent wildcards, by limiting globstar recursion...

EUVD-2026-19651

Gotenberg Vulnerable to ReDoS via extraHttpHeaders scope feature...

SUSE CVE-2006-7230

Perl-Compatible Regular Expression PCRE library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the 1 -x or 2 -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service PCRE or...

openSUSE Security Update : java-11-openjdk (openSUSE-2019-2557)

This update for java-11-openjdk to version jdk-11.0.5-10 fixes the following issues : Security issues fixed October 2019 CPU bsc1154212: - CVE-2019-2933: Windows file handling redux - CVE-2019-2945: Better socket support - CVE-2019-2949: Better Kerberos ccache handling - CVE-2019-2958: Build Bett...

pcre miscalculation of memory requirements if options are changed during pattern compilation

Perl-Compatible Regular Expression PCRE library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the 1 -x or 2 -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service PCRE or...