8488 matches found
GHSA-7GCJ-PHFF-2884 Signal K Server has an Unauthenticated Regular Expression Denial of Service (ReDoS) via WebSocket Subscription Paths
Summary The SignalK server is vulnerable to an unauthenticated Regular Expression Denial of Service ReDoS attack within its WebSocket subscription handling logic. By injecting unescaped regex metacharacters into the context parameter of a stream subscription, an attacker can force the server's...
Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the path-to-regexp package
Summary Due to use of the path-to-regexp package, DevOps Test Performance and Rational Performance Tester contain a potential Regular Expression Denial of Service ReDoS vulnerability. Vulnerability Details CVEID:CVE-2026-4867 DESCRIPTION: Impact: A bad regular expression is generated any time you...
EUVD-2026-24151
Tekton Pipelines has VerificationPolicy regex pattern bypass via substring matching...
Permissive Regular Expression
Overview Affected versions of this package are vulnerable to Permissive Regular Expression in the VerificationPolicy module when matchin refSource.URITekton. An attacker can alter verification modes or keys and potentially compromise the integrity of CI/CD pipelines by supplying resources source...
CVE-2026-39320
The Signal K Server CVE-2026-39320 affects versions prior to 2.25.0, where an unauthenticated Regular Expression Denial of Service (ReDoS) can be triggered via WebSocket subscription handling. The root cause is injection of unescaped regex metacharacters into the context parameter of a stream sub...
CVE-2026-39320 Signal K Server has an Unauthenticated Regular Expression Denial of Service (ReDoS) via WebSocket Subscription Paths
Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.25.0 are vulnerable to an unauthenticated Regular Expression Denial of Service ReDoS attack within the WebSocket subscription handling logic. By injecting unescaped regex metacharacters into the...
CVE-2026-39320
Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.25.0 are vulnerable to an unauthenticated Regular Expression Denial of Service ReDoS attack within the WebSocket subscription handling logic. By injecting unescaped regex metacharacters into the...
Tekton Pipelines 安全漏洞
Tekton Pipelines is a cloud-native pipeline developed by Tekton Open Source. There are security vulnerabilities in versions 0.43.0 to 1.11.0 of Tekton Pipelines. These vulnerabilities stem from improper regular expression matching, which could allow attackers to bypass resource verification...
PT-2026-33877
Name of the Vulnerable Software and Affected Versions Signal K Server versions prior to 2.25.0 Description An unauthenticated Regular Expression Denial of Service ReDoS exists within the WebSocket subscription handling logic. By injecting unescaped regex metacharacters into the context parameter ...
Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-010872)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010872 advisory. In the Linux kernel, the following vulnerability has been resolved: bfs: Reconstruct file type when loading from disk syzbot is reporting that SIFMT bits of...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010726)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010726 advisory. An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the ODIRECTORY flag, and tries to open a regular file, nfsatomicope...
ROS-20260420-73-0038
Vulnerability in nodejs-minimatch related to the use of regular expression with inefficient computational complexity. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
Giskard Has A Regular Expression Denial Of Service (ReDoS) In RegexMatching Check
Summary The RegexMatching check in the "giskard-checks" package passes a user-supplied regular expression pattern directly to Python's re.search without any timeout, complexity guard, or pattern validation. An attacker who can control the regex pattern or the text being matched can craft inputs...
CVE-2026-40319
CVE-2026-40319 affects Giskard’s giskard-checks RegexMatching, where a user-supplied regex pattern is passed to Python's re.search() without a timeout or complexity guard in versions prior to 1.0.2b1. This can cause catastrophic backtracking (ReDoS) and potentially hang the process. Exploitation ...
CVE-2026-40319 Giskard has a Regular Expression Denial of Service (ReDoS) in RegexMatching Check
Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a user-supplied regular expression pattern directly to Python's re.search without any timeout or complexity guard. A crafted regex pattern can trigger catastrophic backtracking,...
CVE-2026-40319 Giskard has a Regular Expression Denial of Service (ReDoS) in RegexMatching Check
Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a user-supplied regular expression pattern directly to Python's re.search without any timeout or complexity guard. A crafted regex pattern can trigger catastrophic backtracking,...
Regular Expression Denial Of Service
fast-jwt is vulnerable to Regular Expression Denial of Service. The vulnerability is due to the library allowing regular expressions in claim validation, where a crafted JWT can trigger catastrophic backtracking in the JavaScript regex engine, resulting in significant CPU consumption during...
[SECURITY] Fedora 43 Update: podman-5.8.2-1.fc43
podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...
ROS-20260417-73-0021
Vulnerability in python-PyPDF2 related to the use of regular expression with inefficient computational complexity. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
Giskard 安全漏洞
Giskard is an open-source evaluation and testing framework for artificial intelligence systems developed by Giskard. Versions of Giskard prior to 1.0.2b1 contained security vulnerabilities. These vulnerabilities stemmed from the direct passing of user-provided regular expressions to the re.search...