9190 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-32723
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Prism is a syntax highlighting library. Some languages before 1.24.0 are vulnerable to Regular Expression Denial of Service ReDoS. When Prism is used to highlig...
CVE-2025-54364
Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. optiondescriptions employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings containing a...
CVE-2025-54363
Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. extractfullsummaryfromsignature employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings...
PT-2025-33897 · Microsoft +1 · Knack +1
Name of the Vulnerable Software and Affected Versions: Microsoft Knack version 0.12.0 Description: The software contains a Regular expression Denial of Service ReDoS issue within the knack.introspection module. Recommendations: At the moment, there is no information about a newer version that...
CVE-2025-54364
Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. optiondescriptions employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings containing a...
CVE-2025-54364
Summary (CVE-2025-54364) Microsoft Knack 0.12.0 contains a vulnerability in the knack.introspection module where option_descriptions uses an inefficient regex "\s(:param)\s+(.+?)\s:(.*)" that can backtrack catastrophically with crafted docstrings containing lots of whitespace, potentially causing...
CVE-2025-54363
Microsoft Knack 0.12.0 is affected by a Regular Expression Denial of Service (ReDoS) in the knack.introspection module. The extract_full_summary_from_signature uses an inefficient pattern "\s(:param)\s+(.+?)\s:(.*)" that can catastrophically backtrack when processing crafted docstrings with lots ...
Linux Distros Unpatched Vulnerability : CVE-2020-10693
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if...
Linux Distros Unpatched Vulnerability : CVE-2016-1688
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The regexp aka regular expression implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes,...
CVE-2025-54364
Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. optiondescriptions employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings containing a...
CVE-2025-54363
Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. extractfullsummaryfromsignature employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings...
Linux Distros Unpatched Vulnerability : CVE-2022-22950
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cau...
Linux Distros Unpatched Vulnerability : CVE-2022-21222
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expression in the reattr...
Linux Distros Unpatched Vulnerability : CVE-2021-32786
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users...
SUSE CVE-2025-53192
UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Expression/Command Delimiters vulnerability in Apache Commons OGNL. This issue affects Apache Commons OGNL: all versions. When using the API Ognl.getValue, the OGNL engine parses and evaluates the provided expression with powerful capabilities,...
CVE-2025-4690
A regular expression used by AngularJS' linky https://docs.angularjs.org/api/ngSanitize/filter/linky filter to detect URLs in input text is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input, this can cause a Regular expression Denial of Service ReDoS...
UBUNTU-CVE-2025-4690
A regular expression used by AngularJS' linky https://docs.angularjs.org/api/ngSanitize/filter/linky filter to detect URLs in input text is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input, this can cause a Regular expression Denial of Service ReDoS...
Regular Expression Denial of Service (ReDoS)
Overview angular-sanitize is an AngularJS module for sanitizing HTML Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the linky filter. An attacker can cause excessive resource consumption and degrade application performance by submitting speciall...
Regular Expression Denial of Service (ReDoS)
Overview org.webjars.npm:angular-sanitize is an AngularJS module for sanitizing HTML Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the linky filter. An attacker can cause excessive resource consumption and degrade application performance by...
CVE-2025-4690 AngularJS 'linky' filter ReDoS
A regular expression used by AngularJS' linky https://docs.angularjs.org/api/ngSanitize/filter/linky filter to detect URLs in input text is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input, this can cause a Regular expression Denial of Service ReDoS...