749 matches found
MiracleLinux 9 : python-mako-1.1.4-6.el9 (AXSA:2023-5414:01)
The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-5414:01 advisory. python-mako: REDoS in Lexer class CVE-2022-40023 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory. Note...
MiracleLinux 8 : python39:3.9 and python39-devel:3.9 (AXSA:2024-8950:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8950:01 advisory. python: cpython: tarfile: ReDos via excessive backtracking while parsing header values CVE-2024-6232 Tenable has extracted the preceding description block...
MiracleLinux 8 : ruby:3.0 (AXSA:2024-8502:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8502:01 advisory. ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: ReDoS vulnerability in URI CVE-2023-28755 ruby: ReDoS vulnerability in Time...
MiracleLinux 8 : resource-agents-4.1.1-98.el8 (AXSA:2021-2804:10)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2804:10 advisory. python-pygments: Infinite loop in SML lexer may lead to DoS CVE-2021-20270 python-pygments: ReDoS in multiple lexers CVE-2021-27291 Tenable has...
MiracleLinux 4 : rh-python36-python-pip-9.0.1-5.AXS4, rh-python36-python-3.6.12-1.AXS4, rh-python36-python-virtualenv-15.1.0-3.AXS4 (AXSA:2020-818:02)
The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-818:02 advisory. python: XSS vulnerability in the documentation XML-RPC server in servertitle field CVE-2019-16935 python: CRLF injection via the host part of the url...
MiracleLinux 8 : nodejs:14 (AXSA:2023-5289:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5289:01 advisory. decode-uri-component: improper input validation resulting in DoS CVE-2022-38900 glob-parent: Regular Expression Denial of Service CVE-2021-35065...
MiracleLinux 8 : nodejs:12 (AXSA:2021-2440:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2440:01 advisory. nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22930 nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22940...
MiracleLinux 7 : ruby-2.0.0.648-39.0.2.el7.AXS7 (AXSA:2025-9910:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9910:01 advisory. CVE-2025-27219: fix a potential Denial of Service DoS vulnerability in cookie parsing CVE-2025-27220: fix ReDoS vulnerability exists in the...
Siemens Ruggedcom ROX Inefficient Regular Expression Complexity (CVE-2024-6232)
There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives. This plugin only works with Tenable.ot. Please visit...
CVE-2026-21868 Flag Forge has ReDoS Vulnerability in User Profile Lookup API
Flag Forge is a Capture The Flag CTF platform. Versions 2.3.2 and below have a Regular Expression Denial of Service ReDoS vulnerability in the user profile API endpoint /api/user/username. The application constructs a regular expression dynamically using unescaped user input the username paramete...
CVE-2026-21868 Flag Forge has ReDoS Vulnerability in User Profile Lookup API
Flag Forge is a Capture The Flag CTF platform. Versions 2.3.2 and below have a Regular Expression Denial of Service ReDoS vulnerability in the user profile API endpoint /api/user/username. The application constructs a regular expression dynamically using unescaped user input the username paramete...
CVE-2026-0621
Anthropic's MCP TypeScript SDK versions up to and including 1.25.1 contain a regular expression denial of service ReDoS vulnerability in the UriTemplate class when processing RFC 6570 exploded array patterns. The dynamically generated regular expression used during URI matching contains nested...
GHSA-8R9Q-7V3J-JR4G Anthropic's MCP TypeScript SDK has a ReDoS vulnerability
Impact A ReDoS vulnerability in the UriTemplate class allows attackers to cause denial of service. The partToRegExp function generates a regex pattern with nested quantifiers ^/+?:,^/+ for exploded template variables e.g., /id, ?tags, causing catastrophic backtracking on malicious input. Who is...
MGASA-2025-0334 Updated ruby-rack packages fix security vulnerabilities
Unbounded-Parameter DoS in Rack::QueryParser. CVE-2025-46727 ReDoS Vulnerability in Rack::Multipart handlemimehead. CVE-2025-49007 Rack QueryParser has an unsafe default allowing paramslimit bypass via semicolon-separated parameters. CVE-2025-59830 Rack's unbounded multipart preamble buffering...
Security Bulletin: Vulnerability in micromatch affects IBM Db2 Big SQL on Cloud Pak for Data
Summary A vulnerability in nodes.js module micromatch affects IBM Db2 Big SQL 7 on Cloud Pak for Data 5 Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: The NPM package micromatch prior to 4.0.8 is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability occurs in...
CVE-2025-68475 Fedify has ReDoS Vulnerability in HTML Parsing Regex
Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2, a Regular Expression Denial of Service ReDoS vulnerability exists in Fedify's document loader. The HTML parsing regex at...
[SECURITY] [DLA 4418-1] python-mechanize security update
Debian LTS Advisory DLA-4418-1 [email protected] https://www.debian.org/lts/security/ Daniel Leidert December 22, 2025 https://wiki.debian.org/LTS Package : python-mechanize Version : 1:0.4.5-2+deb11u1 CVE ID : CVE-2021-32837 Erik Krogh Kristensen and Rasmus Petersen from the GitHub...
Debian dla-4418 : python3-mechanize - security update
The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4418 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4418-1 [email protected] https://www.debian.org/lts/security/...
Linux Distros Unpatched Vulnerability : CVE-2025-68142
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PyMdown Extensions is a set of extensions for the Python-Markdown markdown project. Versions prior to 10.16.1 have a ReDOS bug found within the figure caption...
PyMdown Extensions has a ReDOS bug in its Figure Capture extension
Impact This issue describes a ReDOS bug found within the figure caption extension pymdownx.blocks.caption . In systems that take unchecked user content, this could cause long hangs when processing the data if a malicious payload was crafted. Patches This issue is patched in Release 10.16.1...