Scriban Affected by Memory Exhaustion (OOM) via Unbounded String Generation (Denial of Service)

TemplateContext.LimitToString defaults to 0 unlimited. While Scriban implements a default LoopLimit of 1000, an attacker can still cause massive memory allocation via exponential string growth. Doubling a string for just 30 iterations generates over 1GB of text, instantly exhausting heap memory a...

DEBIAN-CVE-2026-31899

CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to Kozea/CairoSVG has exponential denial of service via recursive element amplification in cairosvg/defs.py. This causes CPU exhaustion from a small input...

CVE-2026-31899 CairoSVG vulnerable to Exponential DoS via recursive <use> element amplification

CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to Kozea/CairoSVG has exponential denial of service via recursive element amplification in cairosvg/defs.py. This causes CPU exhaustion from a small input...

CVE-2026-31899 CairoSVG vulnerable to Exponential DoS via recursive <use> element amplification

CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to Kozea/CairoSVG has exponential denial of service via recursive element amplification in cairosvg/defs.py. This causes CPU exhaustion from a small input...

CVE-2026-28356 ReDoS in multipart 1.3.0 - `parse_options_header()`

multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 and 1.4.0-dev, the parseoptionsheader function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted HTTP or multipar...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005611)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005611 advisory. In the Linux kernel, the following vulnerability has been resolved: net: ena: fix shift-out-of-bounds in exponential backoff The ENA adapters on our instances...

EUVD-2026-8866

Inefficient Regular Expression Complexity CWE-1333 in the AI Inference Anonymization Engine in Kibana can lead Denial of Service via Regular Expression Exponential Blowup CAPEC-492...

CVE-2026-26936 Inefficient Regular Expression Complexity in Kibana Leading to Denial of Service

Inefficient Regular Expression Complexity CWE-1333 in the AI Inference Anonymization Engine in Kibana can lead Denial of Service via Regular Expression Exponential Blowup CAPEC-492...

CVE-2026-26936

Inefficient Regular Expression Complexity CWE-1333 in the AI Inference Anonymization Engine in Kibana can lead Denial of Service via Regular Expression Exponential Blowup CAPEC-492...

CVE-2026-26936

CVE-2026-26936 affects Kibana’s AI Inference Anonymization Engine. The issue is an Inefficient Regular Expression Complexity (CWE-1333) that can cause Denial of Service via Regular Expression Exponential Blowup (CAPEC-492). According to the CVE entry, the exploitability is network-based with low ...

PT-2026-22165

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description An issue exists in the AI Inference Anonymization Engine within Kibana that can result in a denial of service. This is due to inefficient regular expression complexity, specifically a regular...

Elastic Kibana 安全漏洞

Elastic Kibana is a data visualization dashboard software provided by the Elastic company. There is a security vulnerability in Elastic Kibana, which stems from the inefficient complexity of regular expressions used by the AI reasoning anonymization engine. This vulnerability may lead to...

CVE-2026-26996

minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service ReDoS when a glob pattern contains many consecutive wildcards followed by a literal character that doesn't appea...

minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern

Summary minimatch is vulnerable to Regular Expression Denial of Service ReDoS when a glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string. Each compiles to a separate ^/? regex group, and when the match fails, V8's regex engine...

SUSE CVE-2026-25547

@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service DoS issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, t...

CVE-2026-25547

@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service DoS issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, t...

CVE-2026-25547

Affected software: @isaacs/brace-expansion (hybrid CJS/ESM TypeScript fork of brace-expansion). Issue: DoS from unbounded brace range expansion when a pattern contains repeated numeric brace ranges, causing exponential growth and high CPU/memory usage. Root cause: eager generation of all possible...

CVE-2026-25547 Uncontrolled Resource Consumption in @isaacs/brace-expansion

@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service DoS issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, t...

GHSA-7H2J-956F-4VF2 @isaacs/brace-expansion has Uncontrolled Resource Consumption

Summary @isaacs/brace-expansion is vulnerable to a Denial of Service DoS issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the...

@isaacs/brace-expansion has Uncontrolled Resource Consumption

Summary @isaacs/brace-expansion is vulnerable to a Denial of Service DoS issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the...