104 matches found
CVE-2025-71379
vLLM versions = 0.6.3 and 0.9.0 contain multiple regular expression denial of service ReDoS vulnerabilities. Several regex patterns — in vllm/lora/utils.py, the phi4mini tool parser, and the OpenAI-compatible serving chat endpoint — are susceptible to catastrophic backtracking. An attacker...
CVE-2026-10692 johnhuang316 code-index-mcp search_code_advanced is_safe_regex_pattern redos
A weakness has been identified in johnhuang316 code-index-mcp up to 2.14.0. Affected is the function issaferegexpattern of the component searchcodeadvanced. Executing a manipulation of the argument regex can lead to inefficient regular expression complexity. It is possible to launch the attack...
Astra Linux – Vulnerability in JRuby
In Ruby, WEBrick::HTTPAuth::DigestAuth from versions 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 causes a denial-of-service attack due to a regular expression issue related to looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the internet or a trusted...
EUVD-2026-24021
Signal K Server has an Unauthenticated Regular Expression Denial of Service ReDoS via WebSocket Subscription Paths...
BIT-GITLAB-2026-1388 Inefficient Regular Expression Complexity in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause regular expression denial of service by sending specially crafted input to a merge request endpoint und...
CVE-2026-1388
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause regular expression denial of service by sending specially crafted input to a merge request endpoint und...
PT-2026-21994
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 9.2 through 18.7.4 GitLab CE/EE versions 18.8 through 18.8.4 GitLab CE/EE versions 18.9 through 18.9.0 Description An unauthenticated user could potentially cause a denial of service by sending specially crafted input to ...
GitLab CE/EE 安全漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. Versions of GitLab CE/EE prior to 18.7.5, 18.8.5, and 18.9.1 containe...
Ubuntu 22.04 LTS / 24.04 LTS : Python-Multipart vulnerabilities (USN-8027-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8027-1 advisory. It was discovered that Python-Multipart incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause...
ZOHO ManageEngine Exchange Reporter Plus 安全漏洞
ZOHO ManageEngine Exchange Reporter Plus is a Web-based Exchange Server reporting software from ZOHO, Inc. A security vulnerability exists in ZOHO ManageEngine Exchange Reporter Plus 5721 and prior versions that stems from a regular expression denial of service vulnerability in the search module...
EUVD-2021-0505
Malware in sbrugna...
EUVD-2020-6346
Malware in sbrugna...
EUVD-2022-34350
Malicious code in bioql PyPI...
Zabbix plugin for Grafana 安全漏洞
Zabbix plugin for Grafana is an open source Zabbix plugin for Grafana dashboards from Grafana Labs. A security vulnerability exists in Zabbix plugin for Grafana version 5.2.1 and earlier, which stems from a user-supplied regular expression query that could result in a regular expression denial of...
Linux Distros Unpatched Vulnerability : CVE-2016-10539
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for Accept-Language, when...
Hugging Face Transformers 安全漏洞
Hugging Face Transformers is Hugging Face's open source advanced natural language processing for Jax, PyTorch and TensorFlow. A security vulnerability exists in Hugging Face Transformers 4.51.3 and earlier versions that stems from a regular expression denial of service attack...
GHSA-5662-2RJ7-F2V6 copyparty allows Regex Denial of Service (ReDoS) in the upload listing
Summary The filter parameter for the "Recent uploads" page allows arbitrary Regexes. If this feature is enabled which is the default, an attacker can craft a filter which deadlocks the server. PoC https://127.0.0.1:3923/?ru&filter=.++x Impact The server becomes fully inaccessible for a long time...
copyparty allows Regex Denial of Service (ReDoS) in the upload listing
Summary The filter parameter for the "Recent uploads" page allows arbitrary Regexes. If this feature is enabled which is the default, an attacker can craft a filter which deadlocks the server. PoC https://127.0.0.1:3923/?ru&filter=.++x Impact The server becomes fully inaccessible for a long time...
CVE-2025-54796
CVE-2025-54796 concerns Copyparty, a portable file server. The vulnerability affects versions prior to 1.18.9 where the filter parameter on the "Recent Uploads" page accepts arbitrary RegExes. When this feature is enabled (the default), an attacker can craft a regex-based filter that deadlocks th...
CVE-2025-54796 Copyparty is vulnerable to Regex Denial of Service (ReDoS) attacks through "Recent Uploads" page
Copyparty is a portable file server. Versions prior to 1.18.9, the filter parameter for the "Recent Uploads" page allows arbitrary RegExes. If this feature is enabled which is the default, an attacker can craft a filter which deadlocks the server. This is fixed in version 1.18.9...