CVE-2025-43764

Self-ReDoS Regular expression Denial of Service exists with Role Name search field of Kaleo Designer portlet JavaScript in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.1, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.20...

CVE-2025-9308 yarnpkg Yarn request-manager.js setOptions redos

A vulnerability has been found in yarnpkg Yarn up to 1.22.22. This impacts the function setOptions of the file src/util/request-manager.js. Such manipulation leads to inefficient regular expression complexity. Local access is required to approach this attack. This vulnerability only affects...

Linux Distros Unpatched Vulnerability : CVE-2023-39663

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service ReDoS vulnerabilities in MathJax.js via the components pattern and...

CLSA-2025-1755617966 ruby: Fix of CVE-2023-36617

CVE-2023-36617: fix mishandling invalid URLs that have specific characters in URI parser to prevent ReDoS issue...

DEBIAN-CVE-2025-4690

A regular expression used by AngularJS' linky https://docs.angularjs.org/api/ngSanitize/filter/linky filter to detect URLs in input text is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input, this can cause a Regular expression Denial of Service ReDoS...

Linux Distros Unpatched Vulnerability : CVE-2017-15010

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A ReDoS regular expression denial of service flaw was found in the tough-cookie module before 2.3.3 for Node.js. An attacker that is able to make an HTTP reques...

Linux Distros Unpatched Vulnerability : CVE-2021-29060

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Regular Expression Denial of Service ReDOS vulnerability was discovered in Color-String version 1.5.5 and below which occurs when the application is provided...

Linux Distros Unpatched Vulnerability : CVE-2023-2232

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions starting from 15.10 before 16.1, leading to a ReDoS vulnerability in the Jira prefix CVE-2023-2232...

Linux Distros Unpatched Vulnerability : CVE-2021-23368

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service ReDoS during source map parsing. CVE-2021-23368 Note tha...

Linux Distros Unpatched Vulnerability : CVE-2021-23341

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package prismjs before 1.23.0 are vulnerable to Regular Expression Denial of Service ReDoS via the prism-asciidoc, prism-rest, prism-tap and prism-eiffel...

Oak Server has ReDoS in x-forwarded-proto and x-forwarded-for headers

Summary With specially crafted value of the x-forwarded-proto or x-forwarded-for headers, it's possible to significantly slow down an oak server. Vulnerable Code - https://github.com/oakserver/oak/blob/v17.1.5/request.tsL87 - https://github.com/oakserver/oak/blob/v17.1.5/request.tsL142 PoC - setu...

CVE-2025-55152 oak: ReDoS in x-forwarded-proto and x-forwarded-for headers

oak is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. In versions 17.1.5 and below, it's possible to significantly slow down an oak server with specially crafted values of the x-forwarded-proto or x-forwarded-for headers...

Moderate: Red Hat Security Advisory: pcs security update

An update for pcs is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as havin...

RHEL 8 : pcs (RHSA-2025:13307)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:13307 advisory. The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: rexml: REXML ReDoS...

CVE-2025-5197

A flaw was found in transformers. The converttfweightnametoptweightname function contains a Regular Expression Denial of Service ReDoS vulnerability, where a maliciously crafted input string can cause excessive backtracking during regular expression matching. This flaw allows a network-based...

GHSA-9356-575X-2W9M Hugging Face Transformers Regular Expression Denial of Service (ReDoS) vulnerability

A Regular Expression Denial of Service ReDoS vulnerability exists in the Hugging Face Transformers library, specifically in the converttfweightnametoptweightname function. This function, responsible for converting TensorFlow weight names to PyTorch format, uses a regex pattern /^/^// that can be...

Hugging Face Transformers Regular Expression Denial of Service (ReDoS) vulnerability

A Regular Expression Denial of Service ReDoS vulnerability exists in the Hugging Face Transformers library, specifically in the converttfweightnametoptweightname function. This function, responsible for converting TensorFlow weight names to PyTorch format, uses a regex pattern /^/^// that can be...

CVE-2025-5197

A Regular Expression Denial of Service ReDoS vulnerability exists in the Hugging Face Transformers library, specifically in the converttfweightnametoptweightname function. This function, responsible for converting TensorFlow weight names to PyTorch format, uses a regex pattern /^/^// that can be...

RockyLinux 9 : ruby (RLSA-2025:4487)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:4487 advisory. CGI: ReDoS in CGI::UtilescapeElement CVE-2025-27220 CGI: Denial of Service in CGI::Cookie.parse CVE-2025-27219 Tenable has extracted the preceding...

RLSA-2025:4488 Moderate: ruby:3.1 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: DoS vulnerability in REXML CVE-2024-39908 rexml: rubygem-rexml: DoS when parsing an XML having many specific characters suc...