CVE-2026-8888

The CVE-2026-8888 entry applies to the Securly Chrome Extension (v3.0.7). It downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp() without complexity validation, enabling an on-path attacker to inject patterns that cause catastrop...

CVE-2026-8888 CVE-2026-8888

Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp without complexity validation. An on-path attacker can inject specific patterns to cause catastrophic backtracking, resulting in...

EUVD-2026-34168

Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp without complexity validation. An on-path attacker can inject specific patterns to cause catastrophic backtracking, resulting in...

CVE-2026-8888

Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp without complexity validation. An on-path attacker can inject specific patterns to cause catastrophic backtracking, resulting in...

CVE-2026-8888 CVE-2026-8888

Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp without complexity validation. An on-path attacker can inject specific patterns to cause catastrophic backtracking, resulting in...

CVE-2026-6657

A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the alloworiginpat configuration is used. The issue arises from the use of re.match for validating the Origin header, which only anchors at the start of the string. This allow...

Permissive Regular Expression

Overview Affected versions of this package are vulnerable to Permissive Regular Expression in the use of re.match to verify alloworiginpat values. This allows an attacker to bypass intended CORS restrictions and gain unauthorized access to sensitive API responses. Code execution is possible by...

CVE-2026-10692

A weakness has been identified in johnhuang316 code-index-mcp up to 2.14.0. Affected is the function issaferegexpattern of the component searchcodeadvanced. Executing a manipulation of the argument regex can lead to inefficient regular expression complexity. It is possible to launch the attack...

PT-2026-46053

Name of the Vulnerable Software and Affected Versions Securly Chrome Extension version 3.0.7 Description The software downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions using the new RegExp function without complexity validation. An on-path...

Desktop Commander MCP 安全漏洞

Desktop Commander MCP is an MCP server developed by Eduard Ruzga. Versions of Desktop Commander MCP prior to 0.2.38 contained security vulnerabilities. These vulnerabilities stemmed from the operation of the startsearch component in the src/search-manager.ts file with respect to the SearchResult...

Jupyter Server 安全漏洞

Jupyter Server is an application developed by the Jupyter organization that provides backend services for Jupyter web applications. There are security vulnerabilities in the version of Jupyter Server from 1.12.0 to 2.17.0. These vulnerabilities stem from the use of re.match in CORS source...

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management via improper handling of user roles in the api process. An attacker can gain unauthorized administrative privileges by sending crafted requests after authenticating as a regular user. Remediation Upgrade...

CVE-2026-10291

CVE-2026-10291 affects Enderfga claw-orchestrator (up to 3.7.0). The vulnerability lies in the function validateRegex in claw-orchestrator/src/embedded-server.ts of the Session Grep Endpoint , where manipulating the argument body.pattern leads to inefficient regular expression complexity. Remote ...

CVE-2026-10291

A security vulnerability has been detected in Enderfga claw-orchestrator up to 3.7.0. The impacted element is the function validateRegex of the file claw-orchestrator/src/embedded-server.ts of the component Session Grep Endpoint. The manipulation of the argument body.pattern leads to inefficient...

CVE-2026-44796

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot UI object-bulk-rename endpoints for example, /dcim/interfaces/rename/ were vulnerable to application-wide denial of service via maliciously crafted regular expressions in the find field in...

Sequence of Processor Instructions Leads to Unexpected Behavior

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Sequence of Processor Instructions Leads to Unexpected Behavior through the fielddelete process. An attacker can permanently remove...

Incorrect Regular Expression

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Incorrect Regular Expression via the ip-restriction middleware. An attacker can bypass configured deny rules for IPv6 addresses by submitting non-canonical representations, such as...

USN-8343-1: multipart vulnerability

It was discovered that multipart had an ambiguous regular expression alternation when handling certain HTTP header values. A remote attacker could possibly use this issue to cause multipart to use excessive resources, leading to a denial of service...

GHSA-8V8V-G73J-492J Symfony's JsonPath Evaluates Attacker-Controlled Regular Expressions in match()/search() Without Limits — ReDoS

Description The JsonPath component's match and search filter functions compile a caller-supplied pattern straight into pregmatch: php 'match' = @pregmatch\sprintf'/^%s$/u', $this-transformJsonPathRegex$argList1, $value, 'search' = @pregmatch"/$this-transformJsonPathRegex$argList1/u", $value,...

CVE-2026-44796

Nautobot contains a DoS vulnerability in UI object-bulk-rename endpoints (for example, /dcim/interfaces/rename/) where maliciously crafted regular expressions in the find field, when used with the use_regex flag, can cause an application-wide denial of service. The issue affects pre-fix versions ...