BIT-AUTHENTIK-2024-52289 authentik has an insecure default configuration for OAuth2 Redirect URIs

authentik is an open-source identity provider. Redirect URIs in the OAuth2 provider in authentik are checked by RegEx comparison. When no Redirect URIs are configured in a provider, authentik will automatically use the first redirecturi value received as an allowed redirect URI, without escaping...

CVE-2025-10659

The CVE-2025-10659 entry concerns MegaSys/MegaSys Telenium Online Web Application. A PHP endpoint accessible to unauthenticated network users improperly terminates a regular expression check, failing to validate or sanitize input. This leads to an OS command injection remote code execution risk o...

PT-2025-40025

Name of the Vulnerable Software and Affected Versions MegaSys Telenium Online Web Application affected versions not specified Description The Telenium Online Web Application contains a critical command injection flaw stemming from an insecurely terminated regular expression check within a PHP...

USN-7735-1 rubygems vulnerabilities

It was discovered that RubyGems incorrectly handled certain regular expressions. An attacker could use this issue to cause RubyGems to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS. CVE-2023-28755 It was discovered that RubyGems incorrectly handled decompresse...

Regular Expression Denial Of Service (ReDoS)

@vue/cli-plugin-pwa is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to unsafe regex handling in the HtmlPwaPlugin component of the Markdown code handler, which can be exploited remotely to degrade performance...

USN-7529-1 tika vulnerabilities

It was discovered that Apache Tika can have an excessive memory usage by using a crafted or corrupt PSD file. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS. CVE-2020-1950, CVE-2020-1951 It was discovered that Apache Tika...

WordPress plugin WP-GeSHi-Highlight 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2025-27789

CVE-2025-27789 affects Babel: prior to 7.26.10 and 8.0.0-alpha.17, compiling regex with named capturing groups can cause Babel to generate a .replace polyfill with quadratic complexity on certain replacement patterns. The issue requires that code uses untrusted strings as the second argument to ....

Regular Expression Denial Of Service (ReDoS)

Giskard is vulnerable to Remote Code Execution ReDoS. The vulnerability is due to inefficient regex handling when processing specific text patterns, allowing an attacker to cause a denial of service DoS by triggering prolonged regex evaluation times...

USN-7101-1 pydantic vulnerability

It was discovered that Pydantic incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause a denial of service via a crafted email string...

CVE-2024-48572

A User enumeration vulnerability in AquilaCMS 1.409.20 and prior allows unauthenticated attackers to obtain email addresses via the "Add a user" feature. The vulnerability occurs due to insufficiently validated user input being processed as a regular expression, which is then matched against emai...

Medium: perl

Issue Overview: A crafted regular expression when compiled by perl 5.30.0 through 5.38.0 can cause a one-byte attacker controlled buffer overflow in a heap allocated buffer. CVE-2023-47038 In Perl before 5.38.2, Sparseunipropstring in regcomp.c can write to unallocated space because a property na...

USN-5665-1 pcre3 vulnerabilities

It was discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service. CVE-2017-6004 It was discovered that PCRE incorrectly handled certain Unicode encoding. A remote attacke...

JFinal 注入漏洞

JFinal is a Java language based WEB ORM open source framework. jFinal cms in versions prior to 5.1.0 there is a denial of service vulnerability , the vulnerability stems from the application of regular expressions on the insecure handling of user input , the attacker can use the vulnerability...

httpd: URL normalization inconsistency

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes '/', directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing wi...

USN-4201-1 ruby2.3, ruby2.5 vulnerabilities

It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this issue to pass path matching what can lead to an unauthorized access. CVE-2019-15845 It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could use this issue to...

httpd: URL normalization inconsistency

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes '/', directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing wi...

Ubuntu 14.04 LTS / 16.04 LTS : Perl vulnerabilities (USN-3625-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3625-1 advisory. It was discovered that Perl incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause Perl to hang,...

Design/Logic Flaw

In uClibc 0.9.33.2, there is stack exhaustion uncontrolled recursion in the checkdstlimitscalcpos1 function in misc/regex/regexec.c when processing a crafted regular expression...

CVE-2016-7040

Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to execute arbitrary shell commands by leveraging the ability to view and filter collections...