EUVD-2026-35878

BuddyPress 14.4.0 contains a regular expression injection vulnerability in the activity mention resolver that, when username compatibility mode is enabled, allows attackers to manipulate a REGEXP database clause by crafting mention names containing regex metacharacters. Attackers can submit...

CVE-2026-53674 BuddyPress 14.4.0 REGEXP Injection via @Mention Username Resolution

BuddyPress 14.4.0 contains a regular expression injection vulnerability in the activity mention resolver that, when username compatibility mode is enabled, allows attackers to manipulate a REGEXP database clause by crafting mention names containing regex metacharacters. Attackers can submit...

PT-2026-48336

BuddyPress 14.4.0 contains a regular expression injection vulnerability in the activity mention resolver that, when username compatibility mode is enabled, allows attackers to manipulate a REGEXP database clause by crafting mention names containing regex metacharacters. Attackers can submit...

CVE-2026-44838

RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrators can create patterns such as ^clientid-sensors$ to restrict user access to topics that include...

Rack::Sendfile header-based X-Accel-Mapping regex injection enables unauthorized X-Accel-Redirect

Summary Rack::Sendfilemapaccelpath interpolates the value of the X-Accel-Mapping request header directly into a regular expression when rewriting file paths for X-Accel-Redirect. Because the header value is not escaped, an attacker who can supply X-Accel-Mapping to the backend can inject regex...

OpenClaw Denial of Service Vulnerability (CNVD-2026-15152)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a denial of service hole that can be exploited by attackers to cause regular expression injection and denial of service...

CVE-2026-22178 OpenClaw < 2026.2.19 - ReDoS and Regex Injection via Unescaped Feishu Mention Metadata

OpenClaw versions prior to 2026.2.19 construct RegExp objects directly from unescaped Feishu mention metadata in the stripBotMention function, allowing regex injection and denial of service. Attackers can craft nested-quantifier patterns or metacharacters in mention metadata to trigger catastroph...

EUVD-2021-32236

Malicious code in bioql PyPI...

VulnNodeApp - A Vulnerable Node.Js Application

A vulnerable application made using node.js, express server and ejs template engine. This application is meant for educational purposes only. Setup Clone this repository git clone https://github.com/4auvar/VulnNodeApp.git Application setup: Install the latest node.js version with npm. Open...

CVE-2021-45470

lib/DatabaseLayer.py in cve-search before 4.1.0 allows regular expression injection, which can lead to ReDoS regular expression denial of service or other impacts...

Code injection

lib/DatabaseLayer.py in cve-search before 4.1.0 allows regular expression injection, which can lead to ReDoS regular expression denial of service or other impacts...

CVE-2021-45470

The CVE-2021-45470 entry impacts cve-search prior to 4.1.0, where lib/DatabaseLayer.py is vulnerable to regular expression injection. This flaw can trigger ReDoS (regular expression denial of service) and potentially other impacts as described in multiple sources. Root cause is insufficient input...

GitHub Security Lab: [Python] CWE-400: Regular Expression Injection

This bug was reported directly to GitHub Security Lab...

Discuz! X-Series remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

0x01 vulnerability root causes The root of the problem is that the api/uc. php file in the updatebadwords method, the code is as follows: function updatebadwords$get, $post global $G; if! APIUPDATEBADWORDS return APIRETURNFORBIDDEN; $data = array; ifisarray$post foreach$post as $k = $v...