Mageia: Security Advisory (MGASA-2026-0055)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

NFA regex engine NULL pointer dereference affects Vim < 9.2.0137

...

Updated vim packages fix security vulnerability

NFA regex engine NULL pointer dereference affects Vim 9.2.0137. CVE-2026-32249...

MGASA-2026-0055 Updated vim packages fix security vulnerability

NFA regex engine NULL pointer dereference affects Vim 9.2.0137. CVE-2026-32249...

CVE-2026-32249

A flaw was found in Vim. A NULL pointer dereference can occur when the NFA regex compiler processes a specific character collection, more specifically one that contains a combining character acting as the endpoint of a character range e.g., 0-0\u05bb. A process or user that can supply a regex...

CVE-2026-32249

Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range e.g. 0-0\u05bb, incorrectly emits the composing bytes of that character as separate NFA...

CVE-2026-32249 NFA regex engine NULL pointer dereference affects Vim < 9.2.0137

Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range e.g. 0-0\u05bb, incorrectly emits the composing bytes of that character as separate NFA...

CVE-2026-32249 NFA regex engine NULL pointer dereference affects Vim < 9.2.0137

Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range e.g. 0-0\u05bb, incorrectly emits the composing bytes of that character as separate NFA...

CVE-2026-29076

A flaw was found in cpp-httplib, a C++11 single-file header-only cross-platform HTTP/HTTPS library. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP POST request with a malicious filename parameter in the Content-Disposition header. This triggers uncontrolled...

CVE-2025-62495

CVE-2025-62495 describes an integer overflow in QuickJS regExp (libregexp). The DynBuf storing regex bytecode uses size_t, but several internal routines cast the DynBuf size_t to a signed int, so very large/complex patterns can exceed 2^31 bytes. The result is a negative value used for offsets (e...

QuickJS 安全漏洞

QuickJS is a small and embeddable Javascript engine open-sourced by QuickJS. A security vulnerability exists in QuickJS that stems from an inconsistent representation of buffer sizes due to an integer overflow in the regular expression engine, which could lead to out-of-bounds writes...

EUVD-2025-25947

Malicious code in bioql PyPI...

UBUNTU-CVE-2025-43718

Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata such as GTSPDFEVersion of a PDF document, e.g., a regular expression for a long pdfsubver string. This occurs in Dict::lookup, Catalog::getMetadata, and associated...

SUSE CVE-2025-58050

The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the scs:... Scan SubString verb when combined with...

GHSA-VRQ3-R879-7M65 vLLM Tool Schema allows DoS via Malformed pattern and type Fields

Summary The vLLM backend used with the /v1/chat/completions OpenAPI endpoint fails to validate unexpected or malformed input in the "pattern" and "type" fields when the tools functionality is invoked. These inputs are not validated before being compiled or parsed, causing a crash of the inference...

CVE-2024-8998 Regular Expression Denial of Service (ReDoS) in lunary-ai/lunary

A Regular Expression Denial of Service ReDoS vulnerability exists in lunary-ai/lunary version git f07a845. The server uses the regex /.?/ to match user-controlled strings. In the default JavaScript regex engine, this regex can take polynomial time to match certain crafted user inputs. As a result...

PCRE2 输入验证错误漏洞

PCRE2 is PCRE2Project open source set of C functions. Use the same syntax and semantics as Perl5 to achieve regular expression pattern matching . A security vulnerability exists in PCRE2 versions prior to 10.41, which stems from an integer overflow problem in pcre2test that allows an attacker to...

SUSE CVE-2007-5116

Buffer overflow in the polymorphic opcode support in the Regular Expression Engine regcomp.c in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode UTF characters in a regular expression...

SUSE CVE-2017-11164

In PCRE 8.41, the OPKETRMAX feature in the match function in pcreexec.c allows stack exhaustion uncontrolled recursion when processing a crafted regular expression...

USN-5613-1 vim vulnerabilities

It was discovered that Vim was not properly performing bounds checks when executing spell suggestion commands. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2022-0943 It was discovered that Vim was using freed memory when dealing with regula...