8483 matches found
CVE-2026-4539 pygments archetype.py AdlLexer redos
A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit has been released...
CVE-2026-4539
CVE-2026-4539 affects the Pygments project, specifically the AdlLexer in pygments/lexers/archetype.py up to version 2.19.2. The issue stems from an inefficient regular expression construct in the AdlLexer, enabling a local-access DoS/slowdown scenario. Publicly released exploit material exists, a...
CVE-2026-2430 Autoptimize <= 3.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lazy-loaded Image Attributes
The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lazy-loading image processing in all versions up to, and including, 3.1.14. This is due to the use of an overly permissive regular expression in the addlazyload function that replaces all occurrences of \ssr...
Regular Expression Denial Of Service (ReDoS)
Valibot is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient processing in the EMOJIREGEX used by the emoji action, which allows an attacker to supply a crafted input that triggers excessive CPU consumption and causes a denial of service...
BIT-PARSE-2026-32770 Parse Server: LiveQuery subscription with invalid regular expression crashes server
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0 and 8.6.43, a remote attacker can crash the Parse Server by subscribing to a LiveQuery with an invalid regular expression pattern. The server process terminates when the invalid...
CVE-2026-30873 OpenWrt Project jsonpath: Memory leak when processing strings, labels, and regexp tokens
OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24.10.6 and 25.12.1, the jpgettoken function, which performs lexical analysis by breaking input expressions into tokens, contains a memory leak vulnerability when extracting string literals, field...
CVE-2026-30873 OpenWrt Project jsonpath: Memory leak when processing strings, labels, and regexp tokens
OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24.10.6 and 25.12.1, the jpgettoken function, which performs lexical analysis by breaking input expressions into tokens, contains a memory leak vulnerability when extracting string literals, field...
CVE-2026-30873
CVE-2026-30873 affects OpenWrt Project’s jsonpath component, specifically the jp_get_token function used during lexical analysis. In OpenWrt releases prior to 24.10.6 and 25.12.1, memory allocated for strings, field labels, and regular expressions is copied to a new jp_opcode object without freei...
PT-2026-26382
OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24.10.6 and 25.12.1, the jp get token function, which performs lexical analysis by breaking input expressions into tokens, contains a memory leak vulnerability when extracting string literals, field...
EUVD-2026-12862
An issue in the VirtualHost configuration handling/parser component of aaPanel v7.57.0 allows attackers to cause a Regular Expression Denial of Service ReDoS via a crafted input...
CVE-2026-29856
An issue in the VirtualHost configuration handling/parser component of aaPanel v7.57.0 allows attackers to cause a Regular Expression Denial of Service ReDoS via a crafted input...
CVE-2026-22178
OpenClaw versions prior to 2026.2.19 construct RegExp objects directly from unescaped Feishu mention metadata in the stripBotMention function, allowing regex injection and denial of service. Attackers can craft nested-quantifier patterns or metacharacters in mention metadata to trigger catastroph...
EUVD-2026-12722
OpenClaw versions prior to 2026.2.19 construct RegExp objects directly from unescaped Feishu mention metadata in the stripBotMention function, allowing regex injection and denial of service. Attackers can craft nested-quantifier patterns or metacharacters in mention metadata to trigger catastroph...
CVE-2026-22178 OpenClaw < 2026.2.19 - ReDoS and Regex Injection via Unescaped Feishu Mention Metadata
OpenClaw versions prior to 2026.2.19 construct RegExp objects directly from unescaped Feishu mention metadata in the stripBotMention function, allowing regex injection and denial of service. Attackers can craft nested-quantifier patterns or metacharacters in mention metadata to trigger catastroph...
CVE-2026-29856
An issue in the VirtualHost configuration handling/parser component of aaPanel v7.57.0 allows attackers to cause a Regular Expression Denial of Service ReDoS via a crafted input...
OpenClaw 安全漏洞
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a denial of service hole that can be exploited by attackers to cause regular expression injection and denial of service...
CVE-2026-29856
An issue in the VirtualHost configuration handling/parser component of aaPanel v7.57.0 allows attackers to cause a Regular Expression Denial of Service ReDoS via a crafted input...
aaPanel 安全漏洞
aaPanel is a simple yet powerful web-based control panel developed under the open source license. Version 7.57.0 of aaPanel contains a security vulnerability, which stems from a regular expression denial-of-service issue in the VirtualHost configuration processing/parser component...
Improper Validation of Syntactic Correctness of Input
Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the LiveQuery subscription when an invalid regular expression patte...
Parse Server LiveQuery subscription with invalid regular expression crashes server
Impact A remote attacker can crash the Parse Server by subscribing to a LiveQuery with an invalid regular expression pattern. The server process terminates when the invalid pattern reaches the regex engine during subscription matching, causing denial of service for all connected clients. Patches...