CVE-2026-10691 wonderwhy-er DesktopCommanderMCP start_search search-manager.ts redos

A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component startsearch. Performing a manipulation of the argument SearchResult results in inefficient regular expression complexity. It is...

Security Bulletin: A vulnerability in the minimatch package affects IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in the minimatch package affects IBM® Db2® Big SQL 7 and 8 on IBM Cloud Pak for Data 5.3.1 and earlier. Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions...

MiracleLinux 7 : java-1.7.0-openjdk-1.7.0.261-2.6.22.2.0.1.el7.AXS7 (AXSA:2020-029:05)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-029:05 advisory. OpenJDK: Incorrect bounds checks in NIO Buffers Libraries, 8234841 CVE-2020-2803 OpenJDK: Incorrect type checks in MethodType.readObject Libraries,...

MiracleLinux 4 : java-1.7.0-openjdk-1.7.0.261-2.6.22.1.AXS4 (AXSA:2020-002:03)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-002:03 advisory. OpenJDK: Incorrect bounds checks in NIO Buffers Libraries, 8234841 CVE-2020-2803 OpenJDK: Incorrect type checks in MethodType.readObject Libraries,...

MiracleLinux 9 : nodejs-nodemon-2.0.20-3.el9, nodejs-16.19.1-1.el9 (AXSA:2023-6037:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6037:02 advisory. c-ares: buffer overflow in configsortlist due to missing string length check CVE-2022-4904 http-cache-semantics: Regular Expression Denial of Servic...

Regex DoS in Zabbix Plugin in Grafana

Grafana is an open-source platform for monitoring and observability. Grafana-Zabbix is a plugin for Grafana allowing to visualize monitoring data from Zabbix and create dashboards for analyzing metrics and realtime monitoring. Versions 5.2.1 and below contained a ReDoS vulnerability via...

CVE-2024-3114

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.10 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2, with the processing logic for parsing invalid commits can lead to a regular expression DoS attack on the server...

domain-suffix RegEx Denial of Service

RegEx Denial of Service in domain-suffix 1.0.8 allows attackers to crash the application via crafted input to the parse function. PoC js async function exploit const domainsuffix = require"domain-suffix"; // Crafting a string that will cause excessive backtracking const maliciousInput =...

CVE-2024-25354

RegEx Denial of Service in domain-suffix 1.0.8 allows attackers to crash the application via crafted input to the parse function...

CVE-2024-25354

RegEx Denial of Service in domain-suffix 1.0.8 allows attackers to crash the application via crafted input to the parse function...

CVE-2024-27351

The CVE-2024-27351 issue affects Django’s Truncator.words() (with html=True) and the truncatewords_html filter. The vulnerability arises from a DoS vector in crafted HTML strings and is linked to an incomplete fix for CVE-2019-14232/CVE-2023-43665. Affected versions per sources include Django 3.2...

CVE-2023-6159

An issue has been discovered in GitLab CE/EE affecting all versions from 12.7 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 It was possible for an attacker to trigger a Regular Expression Denial of Service via a Cargo.toml containing maliciously crafted input...

CVE-2023-5876 Regex DoS from a malicious server enrolled in Desktop

Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service...

CVE-2023-0632

An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible by using crafted payloads to search Harbor Registry...

Gitlab -- Vulnerabilities

Gitlab reports: ReDoS via ProjectReferenceFilter in any Markdown fields ReDoS via AutolinkFilter in any Markdown fields Regex DoS in Harbor Registry search Arbitrary read of files owned by the "git" user via malicious tar.gz file upload using GitLab export functionality Stored XSS in Web IDE Beta...

CVE-2023-2199

GitLab CE/EE (versions 12.0–15.10.7, 15.11.0–15.11.6, 16.0.0–16.0.1) are affected by CVE-2023-2199 due to a Regular Expression Denial of Service in the preview_markdown endpoint. The underlying issue is a regex-based processing path that can be triggered by crafted payloads, potentially impacting...

AZL-10892 CVE-2022-40023 affecting package python-mako for versions less than 1.2.2-1

Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin...

CVE-2022-40023

Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin...

CVE-2022-40023

Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin...

CVE-2022-2075

In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation...