750 matches found
PyMdown Extensions has a ReDOS bug in its Figure Capture extension
Impact This issue describes a ReDOS bug found within the figure caption extension pymdownx.blocks.caption . In systems that take unchecked user content, this could cause long hangs when processing the data if a malicious payload was crafted. Patches This issue is patched in Release 10.16.1...
CVE-2025-68142
PyMdown Extensions is a set of extensions for the Python-Markdown markdown project. Versions prior to 10.16.1 have a ReDOS bug found within the figure caption extension pymdownx.blocks.caption. In systems that take unchecked user content, this could cause long hanges when processing the data if a...
CVE-2025-68142 PyMdown Extensions has ReDOS bug in Figure Capture extension
PyMdown Extensions is a set of extensions for the Python-Markdown markdown project. Versions prior to 10.16.1 have a ReDOS bug found within the figure caption extension pymdownx.blocks.caption. In systems that take unchecked user content, this could cause long hanges when processing the data if a...
Security Bulletin: CodeMirror Regex Vulnerability Enables ReDoS Before 5.58.2, affects watsonx.data
Summary This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. Th...
RockyLinux 9 : python-mako (RLSA-2023:2258)
The remote RockyLinux 9 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2023:2258 advisory. python-mako: REDoS in Lexer class CVE-2022-40023 Tenable has extracted the preceding description block directly from the RockyLinux security advisory. Note that...
RLSA-2023:2258 Moderate: python-mako security update
Mako is a template library written in Python. It provides a familiar, non-XML syntax which compiles into Python modules for maximum performance. Security Fixes: python-mako: REDoS in Lexer class CVE-2022-40023 For more details about the security issues, including the impact, a CVSS score,...
python-mako security update
An update is available for python-mako. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mako is a template library written in Python. It provides a familiar,...
RLSA-2023:2893 Moderate: python-mako security update
Mako is a template library written in Python. It provides a familiar, non-XML syntax which compiles into Python modules for maximum performance. Security Fixes: mako: REDoS in Lexer class CVE-2022-40023 For more details about the security issues, including the impact, a CVSS score, acknowledgment...
SUSE SLED15: libruby2_5-2_5 / ruby2.5 / ruby2.5-devel / ruby2.5-devel-extra / etc (SUSE-SU-2025:4264-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4264-1 advisory. - CVE-2024-35221: Fixed remote DoS via YAML manifest bsc1225905 - CVE-2024-47220: Fixed HTTP request smuggling...
CVE-2025-66020 Valibot has a ReDoS vulnerability in `EMOJI_REGEX`
Valibot helps validate data using a schema. In versions from 0.31.0 to 1.1.0, the EMOJIREGEX used in the emoji action is vulnerable to a Regular Expression Denial of Service ReDoS attack. A short, maliciously crafted string e.g., 100 characters can cause the regex engine to consume excessive CPU...
Updated python-py packages fix security vulnerability
The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. CVE-2022-42969...
SUSE-SU-2025:3911-1 Security update for rav1e
This update for rav1e fixes the following issues: - CVE-2022-24713: Updated crate regex to 1.5.5 that resolves a ReDoS issue bsc1196972...
CVE-2025-5342
Zohocorp ManageEngine Exchange Reporter Plus through 5721 are vulnerable to ReDOS vulnerability in the search module...
CVE-2025-5342
Zohocorp ManageEngine Exchange Reporter Plus through 5721 are vulnerable to ReDOS vulnerability in the search module...
CVE-2025-5342
Zohocorp ManageEngine Exchange Reporter Plus through 5721 are vulnerable to ReDOS vulnerability in the search module...
EUVD-2025-37005
Zohocorp ManageEngine Exchange Reporter Plus through 5721 are vulnerable to ReDOS vulnerability in the search module...
CVE-2025-5342 Denial of Service (DoS)
Zohocorp ManageEngine Exchange Reporter Plus through 5721 are vulnerable to ReDOS vulnerability in the search module...
CVE-2025-61581
CVE-2025-61581 describes an Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control affecting all versions. The description states that users with access to the Traffic Router management interface could supply malicious patterns, potentially causing unavailability. The p...
CVE-2025-61581 Apache Traffic Control: ReDoS issue in Traffic Router configuration
UNSUPPORTED WHEN ASSIGNED Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control. This issue affects Apache Traffic Control: all versions. People with access to the management interface of the Traffic Router component could specify malicious patterns and cause...
Sinatra is vulnerable to ReDoS through ETag header value generation
Summary There is a denial of service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method is used when constructing the response and you are using Ruby = 3.2...