28 matches found
EUVD-2026-35878
BuddyPress 14.4.0 contains a regular expression injection vulnerability in the activity mention resolver that, when username compatibility mode is enabled, allows attackers to manipulate a REGEXP database clause by crafting mention names containing regex metacharacters. Attackers can submit...
Axios: Regular Expression Denial of Service (ReDoS) via Cookie Name Injection
Summary Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line build a regular expression from the configured XSRF cookie name without escaping regex metacharacters. In standard browser environments, an attacker who can influence the cookie name passed to axios can cause...
GHSA-7G26-2QGJ-CHFG CarrierWave has a denylisted_content_type bypass via Unescaped Regex Metacharacters
Summary CarrierWave's contenttypedenylist check fails to escape regex metacharacters in string entries, causing the denylist to silently not match the content types it is intended to block. Note: CarrierWave is aware contenttypedenylist is deprecated for the security reason, but it still used by...
PT-2026-43454
Summary CarrierWave's content type denylist check fails to escape regex metacharacters in string entries, causing the denylist to silently not match the content types it is intended to block. Note: CarrierWave is aware content type denylist is deprecated for the security reason, but it still used...
GHSA-7GCJ-PHFF-2884 Signal K Server has an Unauthenticated Regular Expression Denial of Service (ReDoS) via WebSocket Subscription Paths
Summary The SignalK server is vulnerable to an unauthenticated Regular Expression Denial of Service ReDoS attack within its WebSocket subscription handling logic. By injecting unescaped regex metacharacters into the context parameter of a stream subscription, an attacker can force the server's...
SUSE CVE-2026-34763
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If root contains regex metacharacters such as +, , or ., the prefix...
GHSA-7MQQ-6CF9-V2QP Rack has a root directory disclosure via unescaped regex interpolation in Rack::Directory
Summary Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If root contains regex metacharacters such as +, , or ., the prefix stripping can fail and the generated directory listing may expose the full filesystem pa...
CVE-2026-34763
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If root contains regex metacharacters such as +, , or ., the prefix...
CVE-2026-25478
Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to 2.20.0, CORSConfig.allowedoriginsregex is constructed using a regex built from configured allowlist values and used with fullmatch for validation. Because metacharacters are not escaped, a malicious origin can match...
CVE-2026-25479 Litestar has an AllowedHosts validation bypass due to unescaped regex metacharacters in configured host patterns
Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to 2.20.0, in litestar.middleware.allowedhosts, allowlist entries are compiled into regex patterns in a way that allows regex metacharacters to retain special meaning e.g., . matches any character. This enables a bypass...
CVE-2026-25479 Litestar has an AllowedHosts validation bypass due to unescaped regex metacharacters in configured host patterns
Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to 2.20.0, in litestar.middleware.allowedhosts, allowlist entries are compiled into regex patterns in a way that allows regex metacharacters to retain special meaning e.g., . matches any character. This enables a bypass...
CVE-2026-25479 Litestar has an AllowedHosts validation bypass due to unescaped regex metacharacters in configured host patterns
Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to 2.20.0, in litestar.middleware.allowedhosts, allowlist entries are compiled into regex patterns in a way that allows regex metacharacters to retain special meaning e.g., . matches any character. This enables a bypass...
CVE-2026-25479
Litestar is an ASGI framework. Prior to 2.20.0, litestar.middleware.allowed_hosts compiles allowlist entries into regex patterns in a way that lets regex metacharacters retain special meaning (e.g., . matches any character). This can enable a bypass where a host that matches the regex is not the ...
CVE-2026-25478 Litestar has a CORS origin allowlist bypass due to unescaped regex metacharacters in allowed origins
Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to 2.20.0, CORSConfig.allowedoriginsregex is constructed using a regex built from configured allowlist values and used with fullmatch for validation. Because metacharacters are not escaped, a malicious origin can match...
CVE-2026-25478
Litestar (ASGI framework) contains a vulnerability in CORSConfig.allowed_origins_regex prior to 2.20.0 where a regex built from allowlist values is used with fullmatch without escaping metacharacters, allowing a malicious origin to match unexpectedly. Impact is indicated as HIGH (CVSS 3.1: AV:N/A...
Litestar's AllowedHosts has a validation bypass due to unescaped regex metacharacters in configured host patterns
Summary AllowedHosts host validation can be bypassed because configured host patterns are turned into regular expressions without escaping regex metacharacters notably .. A configured allowlist entry like example.com can match exampleXcom Details In litestar.middleware.allowedhosts, allowlist...
GHSA-2P2X-HPG8-CQP2 Litestar's CORS origin allowlist has a bypass due to unescaped regex metacharacters in allowed origins
Summary CORS origin validation can be bypassed because the allowed-origins allowlist is compiled into a regex without escaping metacharacters notably .. An allowed origin like https://good.example can match https://goodXexample, resulting in Access-Control-Allow-Origin being set for an untrusted...
Radicale regex metacharacters injection in the user name
Radicale before 1.1 allows remote authenticated users to bypass ownerwrite and owneronly limitations via regex metacharacters in the user name, as demonstrated by...
DEBIAN-CVE-2015-8748
Radicale before 1.1 allows remote authenticated users to bypass ownerwrite and owneronly limitations via regex metacharacters in the user name, as demonstrated by "."...
Buffer overflow
Radicale before 1.1 allows remote authenticated users to bypass ownerwrite and owneronly limitations via regex metacharacters in the user name, as demonstrated by "."...