132 matches found
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...
CVE-2026-15154 Guardrails-detectors: guardrails-detectors: unauthenticated regular-expression denial of service (redos) via detector_params.regex
A flaw was found in guardrails-detectors, a component of Red Hat OpenShift AI. This vulnerability, known as Regular Expression Denial of Service ReDoS, allows a remote attacker to provide specially crafted regular expressions to the public detection API. This can cause catastrophic backtracking,...
CVE-2026-15154
A flaw was found in guardrails-detectors, a component of Red Hat OpenShift AI. This vulnerability, known as Regular Expression Denial of Service ReDoS, allows a remote attacker to provide specially crafted regular expressions to the public detection API. This can cause catastrophic backtracking,...
SUSE CVE-2026-44631
Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...
ALPINE-CVE-2026-44631
Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...
CVE-2026-44631
Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...
EUVD-2026-35095
Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...
CVE-2026-44631 Apache HTTP Server: Heap Underflow in `ap_regname` via Signed Char Overflow
Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...
CVE-2026-44631
Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...
CVE-2026-44796
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot UI object-bulk-rename endpoints for example, /dcim/interfaces/rename/ were vulnerable to application-wide denial of service via maliciously crafted regular expressions in the find field in...
CVE-2026-44796
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot UI object-bulk-rename endpoints for example, /dcim/interfaces/rename/ were vulnerable to application-wide denial of service via maliciously crafted regular expressions in the find field in...
CVE-2026-44796 Nautobot: Object bulk rename UI actions vulnerable to denial of service by crafted regular expression (REDoS)
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot UI object-bulk-rename endpoints for example, /dcim/interfaces/rename/ were vulnerable to application-wide denial of service via maliciously crafted regular expressions in the find field in...
Astra Linux – Vulnerability in libonig
A NULL pointer dereference in the matchat function in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause a denial of service by providing a crafted regular expression. Oniguruma vulnerabilities often affect Ruby, as well as common optional libraries used in PHP and Rust...
CVE-2026-4744
CVE-2026-4744 is an out-of-bounds read in rizonesoft Notepad3 prior to 6.25.714.1, affecting the scintilla/oniguruma/src modules (regcomp.C). The issue is a parser vulnerability that can lead to remote code execution. Remediation: update Notepad3 to version 6.25.714.1 or later. Exploitation detai...
CVE-2026-4744 Notepad3 Bundled Oniguruma compile_string_node() Heap Buffer Overflow via Crafted Regex Pattern Allows Arbitrary Code Execution
Out-of-bounds Read vulnerability in rizonesoft Notepad3 scintilla/oniguruma/src modules. This vulnerability is associated with program files regcomp.C. This issue affects Notepad3: before 6.25.714.1...
CVE-2026-30925 Parse Server affected by Regular Expression Denial of Service (ReDoS) via `$regex` query in LiveQuery
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.0-alpha.14 and 8.6.11, a malicious client can subscribe to a LiveQuery with a crafted $regex pattern that causes catastrophic backtracking, blocking the Node.js event loop. This...
MiracleLinux 4 : bind-9.8.2-0.17.4.0.1rc1.AXS4 (AXSA:2013-318:03)
"The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-318:03 advisory. BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names ...
Integer Underflow (Wrap or Wraparound)
Overview Affected versions of this package are vulnerable to Integer Underflow Wrap or Wraparound due to improper handling of buffer size calculations in the libregexp engine. An attacker can achieve out-of-bounds memory writes by supplying a specially crafted regular expression that causes an...
EUVD-2015-8265
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2016-9108
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in the jsregcomp function in regexp.c in Artifex Software, Inc. MuJS before commit b6de34ac6d8bb7dd5461c57940acfbd3ee7fd93e allows attackers to...