PT-2026-40718

Name of the Vulnerable Software and Affected Versions Nautobot versions prior to 2.4.33 Nautobot versions prior to 3.1.2 Description UI object-bulk-rename endpoints, such as "/dcim/interfaces/rename/", are susceptible to an application-wide denial of service. This occurs when maliciously crafted...

CVE-2026-35458

Gotenberg is an API for converting document formats. In 8.29.1 and earlier, Gotenberg uses dlclark/regexp2 to compile user-supplied scope patterns without setting a proper timeout. Users with access to features using this logic can hang workers indefinitely...

GHSA-MF3J-86QX-CQ5J Parse Server has Regular Expression Denial of Service (ReDoS) via `$regex` query in LiveQuery

Impact A malicious client can subscribe to a LiveQuery with a crafted $regex pattern that causes catastrophic backtracking, blocking the Node.js event loop. This makes the entire Parse Server unresponsive, affecting all clients. Any Parse Server deployment with LiveQuery enabled is affected. The...

CVE-2020-3408

A vulnerability in the Split DNS feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The vulnerability occurs because the regular expression regex engine that...