SUSE CVE-2025-61908

Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, when creating an invalid reference, such as a reference to null, dereferencing results in a segmentation fault. This can be used by any API user with access to an API endpoint that allows specifying a...

EUVD-2025-34884

Ash has authorization bypass when bypass policy condition evaluates to true...

Ash has authorization bypass when bypass policy condition evaluates to true

Summary Bypass policies incorrectly authorize requests when their condition evaluates to true but their authorization checks fail and no other policies apply. Impact Resources with bypass policies can be accessed without proper authorization when: - Bypass condition evaluates to true - Bypass...

CVE-2025-41253

The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server...

CVE-2025-48044

Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2. This issue affects ash: from pkg:hex/[email protected] before pkg:hex/[email protected]...

CVE-2025-48044

Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2. This issue affects ash: from pkg:hex/[email protected] before pkg:hex/[email protected]...

CVE-2025-48044 Authorization bypass when bypass policy condition evaluates to true

Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2. This issue affects ash: from pkg:hex/[email protected] before pkg:hex/[email protected]...

EUVD-2025-34779

An integer overflow vulnerability exists in the QuickJS regular expression engine libregexp due to an inconsistent representation of the bytecode buffer size. The regular expression bytecode is stored in a DynBuf structure, which correctly uses a $\textsize\textt$ an unsigned type, typically...

UBUNTU-CVE-2025-61908

Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, when creating an invalid reference, such as a reference to null, dereferencing results in a segmentation fault. This can be used by any API user with access to an API endpoint that allows specifying a...

CVE-2025-61921

A flaw was found in Sinatra. A Regular Expression Denial of Service ReDoS vulnerability can be triggered when parsing the If-Match and If-None-Match HTTP headers. A remote attacker can exploit this issue by sending a specially crafted header to an application endpoint that uses the etag method,...

CVE-2025-61908 Icinga 2 Denial of Service (DoS) By Dereferencing Invalid Reference

Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, when creating an invalid reference, such as a reference to null, dereferencing results in a segmentation fault. This can be used by any API user with access to an API endpoint that allows specifying a...

CVE-2025-62495

An integer overflow vulnerability exists in the QuickJS regular expression engine libregexp due to an inconsistent representation of the bytecode buffer size. The regular expression bytecode is stored in a DynBuf structure, which correctly uses a $\textsize\textt$ an unsigned type, typically...

EUVD-2025-34761

Spring Cloud Gateway Server Webflux is vulnerable to Expression Language Injection...

Spring Cloud Gateway Server Webflux is vulnerable to Expression Language Injection

The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server...

GHSA-FWXX-WV44-7QFG Spring Cloud Gateway Server Webflux is vulnerable to Expression Language Injection

The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server...

CVE-2025-41253

The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server...

CVE-2025-41253 Spring Cloud Gateway Webflux SpEL Injection Vulnerability Allowing Exposure of Environment Variables

The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server...

CVE-2025-41253 Spring Cloud Gateway Webflux SpEL Injection Vulnerability Allowing Exposure of Environment Variables

The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server...

GHSA-9M49-P2J3-C6XM Apache Traffic Control has an Inefficient Regular Expression Complexity vulnerability

UNSUPPORTED WHEN ASSIGNED Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control. This issue affects Apache Traffic Control: all versions. People with access to the management interface of the Traffic Router component could specify malicious patterns and cause...

Apache Traffic Control has an Inefficient Regular Expression Complexity vulnerability

UNSUPPORTED WHEN ASSIGNED Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control. This issue affects Apache Traffic Control: all versions. People with access to the management interface of the Traffic Router component could specify malicious patterns and cause...