CVE-2026-10691 wonderwhy-er DesktopCommanderMCP start_search search-manager.ts redos

A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component startsearch. Performing a manipulation of the argument SearchResult results in inefficient regular expression complexity. It is...

Unity Linux 20.1060e / 20.1070e Security Update: python-flask-restx (UTSA-2026-016606)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016606 advisory. Flask-RESTX pypi package flask-restx is a community driven fork of Flask-RESTPlus. Flask-RESTX before version 0.5.1 is vulnerable to ReDoS Regular Expression Denial ...

NPM: Svelte: ReDoS in `<svelte:element>` Tag Validation

NPM: Svelte: ReDoS in Tag Validation vulnerability discovered by ? in WordPress Npm svelte versions = 5.51.5, = 5.55.6...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-jinja2 (UTSA-2026-017474)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017474 advisory. This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the punctuationre regex operator and its use of multiple...

CVE-2026-33079

In versions 3.0.0a1 through 3.2.0 of Mistune, there is a ReDoS Regular Expression Denial of Service vulnerability in LINKTITLERE that allows an attacker who can supply Markdown for parsing to cause denial of service. The regular expression used for parsing link titles contains overlapping...

Security Bulletin: There is a vulnerability in picomatch-2.3.1.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-33671)

Summary There is a vulnerability in picomatch-2.3.1.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-33671 DESCRIPTION: Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regula...

Astra Linux - уязвимость в ruby2.5, jruby

A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2...

Astra Linux - уязвимость в python3.7, python2.7

There is a flaw in the urllib’s AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server to which an HTTP client such as a web browser connects can trigger a Regular Expression Denial of Service ReDOS during an authentication request. This occurs when the server sends a...

SUSE SLED15 / SLES15 Security Update : python-Pygments (SUSE-SU-2026:1667-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:1667-1 advisory. - CVE-2026-4539: inefficient regex for GUID and ID pattern matching can lead to archetype lexer ReDoS bsc1260796. Tenab...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-Pygments (SUSE-SU-2026:1666-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:1666-1 advisory. - CVE-2026-4539: inefficient regex for GUID and ID pattern matching can lead to archetype lexer ReDoS...

SUSE-SU-2026:1667-1 Security update for python-Pygments

This update for python-Pygments fixes the following issues: - CVE-2026-4539: inefficient regex for GUID and ID pattern matching can lead to archetype lexer ReDoS bsc1260796...

Security update for python-Pygments

This update for python-Pygments fixes the following issues: CVE-2026-4539: inefficient regex for GUID and ID pattern matching can lead to archetype lexer ReDoS bsc1260796. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypp...

SUSE-SU-2026:1666-1 Security update for python-Pygments

This update for python-Pygments fixes the following issues: - CVE-2026-4539: inefficient regex for GUID and ID pattern matching can lead to archetype lexer ReDoS bsc1260796...

Security update for cockpit-subscriptions (important)

openSUSE security update: security update for cockpit-subscriptions ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20532-1 Rating: important References: bsc1258637 Cross-References: CVE-2026-26996 CVSS scores: CVE-2026-26996 SUSE : 7.5...

Zod jsVideoUrlParser vulnerable to ReDoS in util.js

A weakness has been identified in Zod jsVideoUrlParser up to 0.5.1. The impacted element is the function getTime in the library lib/util.js. This manipulation of the argument timestamp causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit ha...

SUSE-SU-2026:21141-1 Security update for cockpit-packages

This update for cockpit-packages fixes the following issue: Update cockpit-packages to version 4: - CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string bsc1258641. Changes for cockpit-package...

CVE-2026-33671 Picomatch has a ReDoS vulnerability via extglob quantifiers

Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service ReDoS when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as + and , especially when combined with overlapping...

UBUNTU-CVE-2026-4923

Impact: When using multiple wildcards, combined with at least one parameter, a regular expression can be generated that is vulnerable to ReDoS. This backtracking vulnerability requires the second wildcard to be somewhere other than the end of the path. Unsafe examples: /foo-bar-:baz /a-:b-c-:d...

CVE-2026-4923

Impact: When using multiple wildcards, combined with at least one parameter, a regular expression can be generated that is vulnerable to ReDoS. This backtracking vulnerability requires the second wildcard to be somewhere other than the end of the path. Unsafe examples: /foo-bar-:baz /a-:b-c-:d...

CVE-2026-29856

An issue in the VirtualHost configuration handling/parser component of aaPanel v7.57.0 allows attackers to cause a Regular Expression Denial of Service ReDoS via a crafted input...