CVE-2026-6125

A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of the file /warm-flow/save-json of the component Workflow Definition Handler. The manipulation of the argument listenerPath/skipCondition/permissionFlag results in code...

CVE-2026-29076

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.37.0, cpp-httplib uses std::regex libstdc++ to parse RFC 5987 encoded filename values in multipart Content-Disposition headers. The regex engine in libstdc++ implements backtracking via deep...

EUVD-2018-0666

Malware in sbrugna...

EUVD-2020-16056

Malware in sbrugna...

UBUNTU-CVE-2025-53192

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Expression/Command Delimiters vulnerability in Apache Commons OGNL. This issue affects Apache Commons OGNL: all versions. When using the API Ognl.getValue​, the OGNL engine parses and evaluates the provided expression with powerful capabilities...

glibc: Double free in glibc

A double-free vulnerability has been discovered in glibc GNU C Library. This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could...

glibc: Double free in glibc

A double-free vulnerability has been discovered in glibc GNU C Library. This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could...

USN-7272-1 symfony vulnerabilities

Soner Sayakci discovered that Symfony incorrectly handled cookie storage in the web cache. An attacker could possibly use this issue to obtain sensitive information and access unauthorized resources. CVE-2022-24894 Marco Squarcina discovered that Symfony incorrectly handled the storage of user...

PT-2023-35874 · Git +1 · Clamav

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a stack-buffer-overflow read error. The crash state indicates repeated calls to the parse regex function, suggesting a potential...

CVE-2022-31099 Uncontrolled Recursion in rulex

rulex is a new, portable, regular expression language. When parsing untrusted rulex expressions, the stack may overflow, possibly enabling a Denial of Service attack. This happens when parsing an expression with several hundred levels of nesting, causing the process to abort immediately. This is ...

OSV-2020-1430 Segv on unknown address in clang::Parser::ParseCXXAmbiguousParenExpression

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19617 Crash type: Segv on unknown address Crash state: clang::Parser::ParseCXXAmbiguousParenExpression clang::Parser::ParseParenExpression clang::Parser::ParseCastExpression...

libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c

A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 when parsing invalid XPath expression. Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to crash of the...

EulerOS Virtualization for ARM 64 3.0.2.0 : libxml2 (EulerOS-SA-2019-1614)

According to the versions of the libxml2 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There ...

CVE-2009-5155

In the GNU C Library aka glibc or libc6 before 2.28, parseregexp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service assertion failure and application exit or trigger an incorrect result by attempting a regular-expression match...

DEBIAN-CVE-2009-5155

In the GNU C Library aka glibc or libc6 before 2.28, parseregexp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service assertion failure and application exit or trigger an incorrect result by attempting a regular-expression match...

CVE-2018-14404

A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATHOPAND or XPATHOPOR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerab...

CVE-2017-4971: Spring WebFlow remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

Spring severe of these vulnerabilities have traditionally not too much, before the more serious that problem is Spring's JavaBean automatic binding function, the result can be control class, which can lead to the use of certain characteristics of the execution of arbitrary code, but that...

CVE-2011-1989

Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats...

Design/Logic Flaw

Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats...

Apple Safari / WebKit DoS

Stack overflow stack memory exhaustion on eval expression parsing...