EUVD-2026-27035

Apache Polaris accepts literal characters in namespace and table names. When it later builds temporary S3 access policies for delegated table access, those same characters appear to be reused unescaped in S3 IAM resource patterns and s3:prefix conditions. In S3 IAM policy matching, is treated as ...

CLSA-2026-1776782592 nodejs: Fix of 2 CVEs

CVE-2026-26996: fix ReDoS in bundled minimatch caused by consecutive non-globstar characters, by coalescing them during pattern compilation - CVE-2026-27904: fix ReDoS in bundled minimatch from nested extglobs and multiple non-adjacent wildcards, by limiting globstar recursion...

CVE-2026-26996

minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service ReDoS when a glob pattern contains many consecutive wildcards followed by a literal character that doesn't appea...

DEBIAN-CVE-2026-26996

minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service ReDoS when a glob pattern contains many consecutive wildcards followed by a literal character that doesn't appea...

UBUNTU-CVE-2026-26996

minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service ReDoS when a glob pattern contains many consecutive wildcards followed by a literal character that doesn't appea...

CVE-2026-26996

CVE-2026-26996 affects minimatch, a glob-to-RegExp utility. Versions 10.2.0 and earlier are vulnerable to a Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal not present in the test string. Each * creates a separate [^/]*?...

CVE-2026-26996

minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service ReDoS when a glob pattern contains many consecutive wildcards followed by a literal character that doesn't appea...

PT-2026-20994

Name of the Vulnerable Software and Affected Versions minimatch versions 10.2.0 and below Description The software is susceptible to Regular Expression Denial of Service ReDoS when processing glob patterns containing numerous consecutive wildcards followed by a literal character absent from the...

CVE-2026-2327

Versions of the package markdown-it from 13.0.0 and before 14.1.1 are vulnerable to Regular Expression Denial of Service ReDoS due to the use of the regex /+$/ in the linkify function. An attacker can supply a long sequence of characters followed by a non-matching character, which triggers...

Regular Expression Denial of Service (ReDoS)

Overview markdown-it is a modern pluggable markdown parser. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to the use of the regex /+$/ in the linkify function. An attacker can supply a long sequence of characters followed by a non-matching...

Friday Squid Blogging: 1994 Lair of Squid Game

I didnt know: In 1994, Hewlett-Packard released a miracle machine: the HP 200LX pocket-size PC. In the depths of the device, among the MS-DOS productivity apps built into its fixed memory, there lurked a first-person maze game called Lair of Squid. … In Lair of Squid, youre trapped in an underwat...

Format string

An authenticated malicious user could acquire the simple mail transfer protocol SMTP Password in cleartext format, despite it being protected and hidden behind asterisks. The attacker could then perform further attacks using the SMTP credentials...

SUSE CVE-2004-0930

The msfnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service CPU consumption via a SAMBA request that contains multiple wildcard characters...

Email-Prediction-Asterisks - Script That Allows You To Identify The Emails Hidden Behind Asterisks

Email prediction asterisks is a script that allows you to identify the emails hidden behind asterisks. It is a perfect application for osint analysts and security forces. It allows to intelligently predict, using Intelx leaks, which emails are related to the person we are looking for. It also...

GaussDB Kernel: Avoiding Asterisks (*) or 0.0.0.0 in Listening IP Addresses

Listening IP addresses must not contain asterisks or 0.0.0.0 because an asterisk or 0.0.0.0 indicates that all available IP addresses will be listened on. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

openGauss: Avoiding Asterisks (*) or 0.0.0.0 in Monitored IP Addresses

Monitored IP addresses must not contain asterisks or 0.0.0.0 because an asterisk or 0.0.0.0 indicates that all available IP addresses will be monitored. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

AZL-40794 CVE-2019-6293 affecting package flex for versions less than 2.6.4-7

An issue was discovered in the function markbeginningasnormal in nfa.c in flex 2.6.4. There is a stack exhaustion problem caused by the markbeginningasnormal function making recursive calls to itself in certain scenarios involving lots of '' characters. Remote attackers could leverage this...

UBUNTU-CVE-2019-6293

An issue was discovered in the function markbeginningasnormal in nfa.c in flex 2.6.4. There is a stack exhaustion problem caused by the markbeginningasnormal function making recursive calls to itself in certain scenarios involving lots of '' characters. Remote attackers could leverage this...

PT-2019-18080 · Gnu +1 · Flex +1

Name of the Vulnerable Software and Affected Versions: flex version 2.6.4 Description: The issue is caused by the mark beginning as normal function making recursive calls to itself in certain scenarios involving lots of '' characters, leading to a stack exhaustion problem. Remote attackers could...

Default credentials

The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 on Windows allows local users to obtain 1 user and 2 database passwords by using a password revealer utility on a field containing a series of asterisks...