GHSA-VXMW-7H4F-HQXH PyPI publish GitHub Action vulnerable to injectable expression expansions in action steps

Summary gh-action-pypi-publish makes use of GitHub Actions expression expansions i.e. $ ... in contexts that are potentially attacker controllable. Depending on the trigger used to invoke gh-action-pypi-publish, this may allow an attacker to execute arbitrary code within the context of a workflow...

Promptcraft Forge Studio 安全漏洞

Promptcraft Forge Studio is a developer toolkit for Marcelo Tessaro Individual Developer. A security vulnerability exists in Promptcraft Forge Studio that stems from improperly cleaning up user input using a regular expression blacklist, which could lead to the execution of a malicious payload...

A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js.

...

Linux Distros Unpatched Vulnerability : CVE-2022-50048

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: possible module reference underflow in error path dst-ops is set on whe...

Linux Distros Unpatched Vulnerability : CVE-2021-3765

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - validator.js is vulnerable to Inefficient Regular Expression Complexity CVE-2021-3765 Note that Nessus relies on the presence of the package as reported by the...

Remote Code Execution (RCE)

Apache Commons OGNL is vulnerable to Remote Code Execution RCE. The vulnerability is due to incomplete blocklist restrictions in the OGNL engine when parsing and evaluating expressions, which allows an attacker to bypass protections and potentially achieve arbitrary code execution...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to transformers-4.48.0-py3-none-any.whl CVE-2025-2099

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to transformers-4.48.0-py3-none-any.whl CVE-2025-2099. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-2099 DESCRIPTION: A vulnerability in the preprocessstring...

Linux Distros Unpatched Vulnerability : CVE-2025-54364

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. optiondescriptions employs an inefficient regular...

Linux Distros Unpatched Vulnerability : CVE-2025-53192

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Expression/Command Delimiters vulnerability in Apache Commons OGNL. This issue affects Apache Commons OGNL:...

Exploit for Authentication Bypass Using an Alternate Path or Channel in Ivanti Endpoint_Manager_Mobile

CVE-2025-4428 & CVE-2025-4427 CVE-2025-4428 is a post-auth re...

Linux Distros Unpatched Vulnerability : CVE-2023-2199

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.0 before 15.10.8, all versions starting from 15.11 before 15.11.7, all...

Linux Distros Unpatched Vulnerability : CVE-2018-7158

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The 'path' module in the Node.js 4.x release line contains a potential regular expression denial of service ReDoS vector. The code in question was replaced in...

Regular Expression Denial of Service (ReDoS)

Overview turndown is an A library that converts HTML to Markdown Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the replacement function in commonmark-rules.js. An attacker can cause excessive resource consumption. PoC js const attackString =...

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.npm:turndown is an A library that converts HTML to Markdown Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the replacement function in commonmark-rules.js. An attacker can cause excessive resource consumption. PoC js const...

CVE-2025-9670 mixmark-io turndown commonmark-rules.js redos

A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released...

DEBIAN-CVE-2025-58050

The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the scs:... Scan SubString verb when combined with...

CVE-2025-58050 PCRE2: heap-buffer-overflow read in match_ref due to missing boundary restoration in SCS

The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the scs:... Scan SubString verb when combined with...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the regular expression matching engine due to missing boundary restoration in SCS. An attacker can cause a heap buffer over-read and potentially disclose sensitive information or cause a denial of service by...

Linux Distros Unpatched Vulnerability : CVE-2021-33454

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasmexprgetintnum in libyasm/expr.c. CVE-2021-33454 Note that Nessus relie...

Linux Distros Unpatched Vulnerability : CVE-2020-7760

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is locate...