1982 matches found
EUVD-2026-41420
LobeChat before version 2.2.10-canary.15 contains a regular expression denial of service ReDoS vulnerability that allows authenticated attackers to block the Node.js event loop by supplying a catastrophic-backtracking pattern in a GitHub repository URL path during skill import. Attackers can craf...
Security Bulletin: Multiple vulnerabilities in Open Source affect IBM Cloud Pak System
Summary Multiple vulnerabilities in Open Source affect IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input...
CVE-2026-52794 Sentry: Inefficient Regular Expression Complexity in sentry
Sentry is an error tracking and performance monitoring tool. From 24.4.0 until 26.5.2, a Regular Expression Denial of Service ReDoS vulnerability exists in Sentry's event ingestion pipeline, where a regex applied to attacker-controlled fields on incoming events can be made to consume...
EUVD-2025-210290
vLLM versions = 0.6.3 and 0.9.0 contain multiple regular expression denial of service ReDoS vulnerabilities. Several regex patterns — in vllm/lora/utils.py, the phi4mini tool parser, and the OpenAI-compatible serving chat endpoint — are susceptible to catastrophic backtracking. An attacker...
CVE-2025-71379
CVE-2025-71379 affects vLLM versions 0.6.3 through 0.8.x (before 0.9.0). The vulnerability is a set of regular expression denial of service (ReDoS) flaws in multiple components: (1) regex patterns in vllm/lora/utils.py, (2) the phi4mini tool parser, and (3) the OpenAI-compatible serving chat endp...
Astra Linux – Vulnerability in Python 2.7, Pypy
In Python versions 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an HTTP server can perform Regular Expression Denial of Service ReDoS attacks against clients due to the use of urllib.request.AbstractBasicAuthHandler, which allows catastrophi...
Astra Linux – Vulnerability in pillow
Packages with version numbers 5.2.0 and earlier, as well as 8.3.2, are vulnerable to Regular Expression Denial of Service ReDoS attacks through the getrgb function...
Astra Linux – Vulnerability in node-hosted-git-info
Packages that use hosted-git-info before version 3.0.8 are vulnerable to Regular Expression Denial of Service ReDoS attacks due to the regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expressions have a polynomial worst-case time complexity...
Astra Linux – Vulnerability in node-get-func-name
get-func-name is a module that securely and consistently retrieves the name of a function, both in Node.js and in the browser. Versions prior to 2.0.1 are vulnerable to a denial-of-service attack caused by regular expressions, which can lead to a denial of service when parsing malicious input. Th...
Astra Linux – Vulnerability in Ruby 2.5
In the CGI gem before version 0.4.2 for Ruby, there is a Regular Expression Denial of Service ReDoS vulnerability in the UtilescapeElement method...
Astra Linux – Vulnerability in Python-Django
In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are vulnerable to a ReDoS regular expression denial of service attack due to a very large number of domain name labels for emails and URLs...
Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by Regular Expression Denial of Service.
Summary minimatch-9.0.5.tgz is used by IBM Sterling Connect:Direct Web Services CVE-2026-26996, CVE-2026-27903, CVE-2026-27904. Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the formatDate function when processing an excessively long or attacker-controlled date format string. An attacker can cause high CPU and memory consumption, leading to application...
CVE-2026-42567
A flaw was found in Svelte, a web framework. An internal regular expression regex in the Svelte runtime, specifically when processing , can be exploited by a remote attacker. By providing specially crafted input, an attacker can cause the regex to take an exponential amount of time to process,...
CVE-2026-41848
Applications may be vulnerable to a Regular Expression Denial of Service ReDoS attack if an attacker is able to provide a pattern which is then directly or indirectly supplied to one of the following methods in AntPathMatcher: matchString pattern, String path, matchStartString pattern, String pat...
EUVD-2026-35336
Applications may be vulnerable to a Regular Expression Denial of Service ReDoS attack if an attacker is able to provide a pattern which is then directly or indirectly supplied to one of the following methods in AntPathMatcher: matchString pattern, String path, matchStartString pattern, String pat...
PT-2026-47659
Name of the Vulnerable Software and Affected Versions Spring Framework versions 7.0.0 through 7.0.7 Spring Framework versions 6.2.0 through 6.2.18 Spring Framework versions 6.1.0 through 6.1.27 Spring Framework versions 5.3.0 through 5.3.48 Description Applications are susceptible to a Regular...
CVE-2026-52778
YesWiki is a wiki system written in PHP. Prior to version 4.6.6, an unsafe execution vulnerability exists in the Bazar form field calculator CalcField.php of YesWiki. The application attempts to sanitize user-defined mathematical formulas using a complex recursive regular expression before passin...
Spring Framework Denial of Service via AntPathMatcher
Applications may be vulnerable to a Regular Expression Denial of Service ReDoS attack if an attacker is able to provide a pattern which is then directly or indirectly supplied to one of the following methods in AntPathMatcher :...
PT-2026-47441
Name of the Vulnerable Software and Affected Versions YesWiki versions prior to 4.6.6 Description An unsafe execution issue exists in the Bazar form field calculator CalcField.php. The application uses a complex recursive regular expression to sanitize user-defined mathematical formulas before th...