8457 matches found
CVE-2026-43268
A flaw was found in the HFS Plus hfsplus filesystem within the Linux kernel. This vulnerability occurs because the hfsplus filesystem incorrectly identifies certain special filesystem objects as regular files. This misclassification can lead to inconsistencies with how the operating system's...
youtube-regex 资源管理错误漏洞
youtube-regex is a YouTube video ID regular expression matching tool developed by RegexHQ. Versions of youtube-regex 1.0.5 and earlier contained a resource management error vulnerability, which was caused by a denial-of-service attack involving regular expressions...
PT-2026-38448
Regex Denial of Service in youtube-regex npm package through version 1.0.5...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via improper validation of user-supplied fields in the filter and sortby parameters. An attacker can cause the backend to return HTTP 500 errors, potentially disrupt service availability, and...
Incorrect Authorization
Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Incorrect Authorization in the admin-api routes due to insufficient authorization checks. An attacker can access backend operational information by...
Incorrect Authorization
Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Incorrect Authorization in the admin-api routes due to insufficient authorization checks. An attacker can access backend operational information by...
Nokogiri CSS selector tokenizer has regular expression backtracking
Summary Nokogiri's CSS selector tokenizer contains regular expressions whose construction may result in exponential regex backtracking on adversarial selectors. Three ReDoS vectors are addressed in this release: 1. String-literal tokenization on certain unterminated quoted-string input. 2...
CVE-2026-33079
In versions 3.0.0a1 through 3.2.0 of Mistune, there is a ReDoS Regular Expression Denial of Service vulnerability in LINKTITLERE that allows an attacker who can supply Markdown for parsing to cause denial of service. The regular expression used for parsing link titles contains overlapping...
DEBIAN-CVE-2026-33079
In versions 3.0.0a1 through 3.2.0 of Mistune, there is a ReDoS Regular Expression Denial of Service vulnerability in LINKTITLERE that allows an attacker who can supply Markdown for parsing to cause denial of service. The regular expression used for parsing link titles contains overlapping...
UBUNTU-CVE-2026-33079
In versions 3.0.0a1 through 3.2.0 of Mistune, there is a ReDoS Regular Expression Denial of Service vulnerability in LINKTITLERE that allows an attacker who can supply Markdown for parsing to cause denial of service. The regular expression used for parsing link titles contains overlapping...
CVE-2026-33079 Mistune ReDoS in LINK_TITLE_RE allows denial of service with crafted Markdown titles
In versions 3.0.0a1 through 3.2.0 of Mistune, there is a ReDoS Regular Expression Denial of Service vulnerability in LINKTITLERE that allows an attacker who can supply Markdown for parsing to cause denial of service. The regular expression used for parsing link titles contains overlapping...
CVE-2026-33079
Mistune 3.0.0a1–3.2.0 contains a ReDoS in LINK_TITLE_RE used for parsing link titles, enabling exponential backtracking when processing Markdown strings with repeated ! sequences and no closing quote. The ambiguity arises from overlapping alternatives in the two branches (double-quoted and single...
CVE-2026-33079 Mistune ReDoS in LINK_TITLE_RE allows denial of service with crafted Markdown titles
In versions 3.0.0a1 through 3.2.0 of Mistune, there is a ReDoS Regular Expression Denial of Service vulnerability in LINKTITLERE that allows an attacker who can supply Markdown for parsing to cause denial of service. The regular expression used for parsing link titles contains overlapping...
CVE-2026-33079
In versions 3.0.0a1 through 3.2.0 of Mistune, there is a ReDoS Regular Expression Denial of Service vulnerability in LINKTITLERE that allows an attacker who can supply Markdown for parsing to cause denial of service. The regular expression used for parsing link titles contains overlapping...
EUVD-2026-27877
Mistune has a ReDoS in LINKTITLERE that allows denial of service via crafted Markdown input...
Mistune has a ReDoS in LINK_TITLE_RE that allows denial of service via crafted Markdown input
Summary A ReDoS Regular Expression Denial of Service vulnerability in LINKTITLERE allows an attacker who can supply Markdown for parsing to cause denial of service. A crafted 58-byte Markdown document blocks the parser for approximately 6 seconds measured on Apple M2, Python 3.14.3, with...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS through the LINKTITLERE regular expression in Markdown parsing. An attacker can cause excessive resource consumption and make the application unresponsive by submitting specially crafted Markdo...
GHSA-8MP2-V27R-99XP Mistune has a ReDoS in LINK_TITLE_RE that allows denial of service via crafted Markdown input
Summary A ReDoS Regular Expression Denial of Service vulnerability in LINKTITLERE allows an attacker who can supply Markdown for parsing to cause denial of service. A crafted 58-byte Markdown document blocks the parser for approximately 6 seconds measured on Apple M2, Python 3.14.3, with...
EUVD-2026-27663
In the Linux kernel, the following vulnerability has been resolved: hfsplus: pretend special inodes as regular files Since commit af153bb63a33 "vfs: catch invalid modes in mayopen" requires any inode be one of SIFDIR/SIFLNK/SIFREG/SIFCHR/SIFBLK/ SIFIFO/SIFSOCK type, use SIFREG for special inodes...
CVE-2026-43268
In the Linux kernel, the following vulnerability has been resolved: hfsplus: pretend special inodes as regular files Since commit af153bb63a33 "vfs: catch invalid modes in mayopen" requires any inode be one of SIFDIR/SIFLNK/SIFREG/SIFCHR/SIFBLK/ SIFIFO/SIFSOCK type, use SIFREG for special inodes...