CVE-2026-40319

CVE-2026-40319 affects Giskard’s giskard-checks RegexMatching, where a user-supplied regex pattern is passed to Python's re.search() without a timeout or complexity guard in versions prior to 1.0.2b1. This can cause catastrophic backtracking (ReDoS) and potentially hang the process. Exploitation ...

CVE-2026-33671

Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service ReDoS when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as + and , especially when combined with overlapping...

SUSE-SU-2026:0779-1 Security update for libssh

This update for libssh fixes the following issues: - CVE-2026-0964: improper sanitation of paths received from SCP servers can cause path traversal bsc1258049. - CVE-2026-0965: possible denial of service when parsing unexpected configuration files bsc1258045. - CVE-2026-0966: buffer underflow in...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via user-supplied regex query. An attacker can cause excessive CPU consumption by submitting crafted regular expressions. Details Denial of Service DoS describes a family of attacks, all aimed ...

redis: String matching commands (like SCAN or KEYS) with a specially crafted pattern to trigger a denial-of-service attack

A vulnerability was found in Redis. This flaw allows authenticated users issuing specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands to trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process...

PT-2023-7295

Name of the Vulnerable Software and Affected Versions BusyBox version 1.36.1 Description A use-after-free issue was found in the copyvar function of the awk.c file in BusyBox. This issue can be triggered by a crafted awk pattern, potentially allowing an attacker to execute arbitrary code...

Regular Expression Denial Of Service (ReDoS)

uri is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to the insecure Regex pattern used for the RFC3986URI and RFC3986relativeref parameters in the rfc3986parser.rb, which allows an attacker to crash the application by providing maliciously crafted URI...

OESA-2023-1184 redis security update

Redis is an advanced key-value store. It is often referred to as a dattructure server since keys can contain strings, hashes ,lists, sets anorted sets. Security Fixes: Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands like SCAN or KEYS with...

SUSE CVE-2022-36021

Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands like SCAN or KEYS with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18...

DEBIAN-CVE-2022-36021

Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands like SCAN or KEYS with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18...

UBUNTU-CVE-2022-36021

Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands like SCAN or KEYS with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18...

PT-2023-1718

Name of the Vulnerable Software and Affected Versions: Redis versions prior to 6.0.18 Redis versions prior to 6.2.11 Redis versions prior to 7.0.9 Description: Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands like SCAN or KEYS with a...

SUSE CVE-2021-42378

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvari function...

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function

...

DEBIAN-CVE-2021-42378

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvari function...

AZL-6348 CVE-2021-42381 affecting package busybox for versions less than 1.35.0-1

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hashinit function...

PT-2021-5546 · Busybox +5 · Busybox +5

Name of the Vulnerable Software and Affected Versions: Busybox affected versions not specified Description: A use-after-free issue in Busybox's awk applet can lead to denial of service and possibly code execution when processing a crafted awk pattern in the next input file function. This could...

BusyBox 资源管理错误漏洞

BusyBox is a set of applications containing several linux commands and tools by Denis Vlasenko, a Ukrainian personal developer. A resource management error vulnerability exists in the Busybox awk applet, which stems from a denial of service due to "use after free" in Busybox's awk applet when...

perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS

Perl before 5.30.3 has an integer overflow related to mishandling of a "PLregkindOPn == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection...

Super Forms < 4.9.703 - Unauthenticated PHP File Upload to RCE

The plugin uses the jQuery File Upload library, but does not properly ensure that PHP files are forbidden. Note: Exploitation of the issue is not as easy as the original advisory in the references states. If a form from the plugin with an upload field is present on the blog, and is used to upload...