3 matches found
Signal K Server has an Unauthenticated Regular Expression Denial of Service (ReDoS) via WebSocket Subscription Paths
Summary The SignalK server is vulnerable to an unauthenticated Regular Expression Denial of Service ReDoS attack within its WebSocket subscription handling logic. By injecting unescaped regex metacharacters into the context parameter of a stream subscription, an attacker can force the server's...
GHSA-W83Q-MCMX-MH42 n8n Vulnerable to LDAP Filter Injection in LDAP Node
Impact A flaw in the LDAP node's filter escape logic allowed LDAP metacharacters to pass through unescaped when user-controlled input was interpolated into LDAP search filters. In workflows where external user input is passed via expressions into the LDAP node's search parameters, an attacker cou...
CVE-2026-25478 Litestar has a CORS origin allowlist bypass due to unescaped regex metacharacters in allowed origins
Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to 2.20.0, CORSConfig.allowedoriginsregex is constructed using a regex built from configured allowlist values and used with fullmatch for validation. Because metacharacters are not escaped, a malicious origin can match...