Security Bulletin:IBM Event Streams is vulnerable to Regular Expression Denial of Service (ReDoS) ( CVE-2025-1302).

Summary IBM Event Streams is vulnerable to Regular Expression Denial of Service ReDoS caused by Inefficient Regular Expression Complexity. This issue affects JavaScript code that is compiled using certain versions of Babel . Babel is a JavaScript transcompiler used for converting modern JavaScrip...

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' via the QLExpressEngine process. An attacker can execute arbitrary code by submitting crafted expressions that trigger...

PT-2025-39688

🔴 Hutool, Expression Language Injection, CVE-2025-51674 Critical https://t.co/MxqQOP8akw...

Regular Expression Denial of Service (ReDoS)

Overview rexml is an An XML toolkit for Ruby. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expressions in CHARACTERREFERENCES. This vulnerability can be exploited when parsing XML content containing numerous...

Regular Expression Denial of Service (ReDoS)

Overview transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the douseweightdecay function. An attacker can cause excessive CPU consumption and make services...

CVE-2025-6921

The huggingface/transformers library, versions prior to 4.53.0, is vulnerable to Regular Expression Denial of Service ReDoS in the AdamWeightDecay optimizer. The vulnerability arises from the douseweightdecay method, which processes user-controlled regular expressions in the includeinweightdecay...

CVE-2025-6921 Regular Expression Denial of Service (ReDoS) in huggingface/transformers

The huggingface/transformers library, versions prior to 4.53.0, is vulnerable to Regular Expression Denial of Service ReDoS in the AdamWeightDecay optimizer. The vulnerability arises from the douseweightdecay method, which processes user-controlled regular expressions in the includeinweightdecay...

CVE-2025-6921

CVE-2025-6921 affects the huggingface/transformers library prior to 4.53.0, causing a Regular Expression Denial of Service (ReDoS) in the AdamWeightDecay optimizer via unsafe handling in _do_use_weight_decay of include_in_weight_decay/exclude_from_weight_decay. IBM Maximo Application Suite Monito...

CVE-2025-6921 Regular Expression Denial of Service (ReDoS) in huggingface/transformers

The huggingface/transformers library, versions prior to 4.53.0, is vulnerable to Regular Expression Denial of Service ReDoS in the AdamWeightDecay optimizer. The vulnerability arises from the douseweightdecay method, which processes user-controlled regular expressions in the includeinweightdecay...

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses vulnerable huggingface/transformers library.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses vulnerable huggingface/transformers library. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-1194 DESCRIPTION: A Regular Expression Denial of...

transformers 资源管理错误漏洞

transformers is a Hugging Face open source application for machine learning. A resource management error vulnerability exists in transformers versions prior to 4.53.0, which stems from a flaw in the douseweightdecay method's handling of user-controlled regular expressions, which could lead to a...

PT-2025-39174

Name of the Vulnerable Software and Affected Versions huggingface/transformers versions prior to 4.53.0 Description The software is susceptible to a Regular Expression Denial of Service ReDoS within the AdamWeightDecay optimizer. The issue stems from the do use weight decay method, which handles...

CVE-2025-10630

Grafana is an open-source platform for monitoring and observability. Grafana-Zabbix is a plugin for Grafana allowing to visualize monitoring data from Zabbix and create dashboards for analyzing metrics and realtime monitoring. Versions 5.2.1 and below contained a ReDoS vulnerability via...

Prototype Pollution

Overview org.webjars.npm:expr-eval is a WebJar for expr-eval Affected versions of this package are vulnerable to Prototype Pollution via the evaluation process, which accesses global values by searching for item.value in expr.functions. An attacker can access prototype, proto, constructor, and...

Prototype Pollution

Overview expr-eval is a Mathematical expression evaluator Affected versions of this package are vulnerable to Prototype Pollution via the evaluation process, which accesses global values by searching for item.value in expr.functions. An attacker can access prototype, proto, constructor, and assig...

Prototype Pollution

Overview expr-eval-fork is a Mathematical expression evaluator fork with prototype pollution fix Affected versions of this package are vulnerable to Prototype Pollution via the evaluation process, which accesses global values by searching for item.value in expr.functions. An attacker can access...

📄 Commvault CLI Argument Injection / Traversal / Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution exploit chain for Commvault, tracked as CVE-2025-57790 and CVE-2025-57791. A command-line injection permits unauthenticated access to the localadmin account, which then facilitates code execution via expression language...

Ubuntu 22.04 LTS : RubyGems vulnerability (USN-7747-1)

The remote Ubuntu 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7747-1 advisory. It was discovered that RubyGems incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause RubyGems to consume resources,...

Hugging Face Transformers library has Regular Expression Denial of Service

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically within the normalizenumbers method of the EnglishNormalizer class. This vulnerability affects versions up to 4.52.4 and is fixed in version 4.53.0. The issue arises fro...

GHSA-RCV9-QM8P-9P6J Hugging Face Transformers library has Regular Expression Denial of Service

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically within the normalizenumbers method of the EnglishNormalizer class. This vulnerability affects versions up to 4.52.4 and is fixed in version 4.53.0. The issue arises fro...