Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to exponential backtracking in multipart [CVE-2026-28356]

Summary IBM Watson Speech Services Cartridge is vulnerable to exponential backtracking in multipart due to the parseoptionsheader function in multipart.py, that uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted...

minimatch: minimatch: Denial of Service via specially crafted glob patterns

A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...

minimatch: minimatch: Denial of Service via specially crafted glob patterns

A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS through the LINKTITLERE regular expression in Markdown parsing. An attacker can cause excessive resource consumption and make the application unresponsive by submitting specially crafted Markdo...

PT-2026-38088

Name of the Vulnerable Software and Affected Versions Mistune versions 3.0.0a1 through 3.2.0 Description A Regular Expression Denial of Service ReDoS exists in the LINK TITLE RE regular expression. An attacker can provide specially crafted Markdown for parsing that triggers catastrophic...

minimatch: minimatch: Denial of Service via specially crafted glob patterns

A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...

minimatch: minimatch: Denial of Service via specially crafted glob patterns

A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...

minimatch: minimatch: Denial of Service via specially crafted glob patterns

A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...

Regular Expression Denial Of Service (ReDoS)

minimatch is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient handling of multiple consecutive wildcards in glob patterns, leading to exponential backtracking in regex evaluation, which allows an attacker to cause significant performance degradatio...

CVE-2026-28356 ReDoS in multipart 1.3.0 - `parse_options_header()`

multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 and 1.4.0-dev, the parseoptionsheader function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted HTTP or multipar...

CVE-2026-26996

minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service ReDoS when a glob pattern contains many consecutive wildcards followed by a literal character that doesn't appea...

minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern

Summary minimatch is vulnerable to Regular Expression Denial of Service ReDoS when a glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string. Each compiles to a separate ^/? regex group, and when the match fails, V8's regex engine...

UBUNTU-CVE-2025-11175

Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' vulnerability in The Wikimedia Foundation Mediawiki - DiscussionTools Extension allows Regular Expression Exponential Blowup.This issue affects Mediawiki - DiscussionTools Extensio...

EUVD-2021-0250

Malware in sbrugna...

EUVD-2025-20217

Malicious code in bioql PyPI...

Regular Expression Denial Of Service (ReDoS)

Transformers is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression complexity in the SETTINGRE variable within chat.py, which allows an attacker to exploit exponential backtracking using specially crafted input...

CVE-2025-3262

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the huggingface/transformers repository, specifically in version 4.49.0. The vulnerability is due to inefficient regular expression complexity in the SETTINGRE variable within the transformers/commands/chat.py file. The...

CVE-2025-3262 Regular Expression Denial of Service (ReDoS) in huggingface/transformers

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the huggingface/transformers repository, specifically in version 4.49.0. The vulnerability is due to inefficient regular expression complexity in the SETTINGRE variable within the transformers/commands/chat.py file. The...

Regular Expression Denial Of Service (ReDoS)

Transformers is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression processing due to nested quantifiers in the preprocessstring function of transformers.testingutils, which can cause exponential backtracking and high CPU usage when...

Regular expression Denial of Service - ReDoS

Description The regex defined in the variable SETTINGRE contains repetition groups and non-optimized quantifiers, which can lead to exponential backtracking when receiving "almost matching" payloads. This may degrade the application's performance or even cause a denial-of-service DoS when...