Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the listNames function. An attacker can cause significant CPU consumption and degrade server performance by supplying a crafted regular expression and influencing the set of resource names...

SUSE CVE-2022-50048

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: possible module reference underflow in error path dst-ops is set on when nftexprclone fails, but module refcount has not been bumped yet, therefore nftexprdestroy leads to module reference underflow...

CVE-2025-45525

A NULL pointer dereference vulnerability has been identified in the JavaScript library microlight version 0.0.7, a lightweight syntax highlighting library. When processing elements with non-standard CSS color values, the library fails to validate the result of a regular expression match before...

Regular Expression Denial of Service (ReDoS) in AdamWeightDecay Optimizer

The AdamWeightDecay optimizer is vulnerable to Regular Expression Denial of Service ReDoS. If an attacker can control the patterns in the includeinweightdecay or excludefromweightdecay lists, they can provide a malicious regular expression that causes catastrophic backtracking. When the optimizer...

UBUNTU-CVE-2022-50048

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: possible module reference underflow in error path dst-ops is set on when nftexprclone fails, but module refcount has not been bumped yet, therefore nftexprdestroy leads to module reference underflow...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the html.parser.HTMLParser process that has worse-case quadratic complexity. An attacker can cause excessive resource consumption and application downtime by submitting specially crafted...

Security Bulletin: IBM Cloud Pak for Data is vulnerable to Inefficient Regular Expression Complexity due to axios ( CWE-1333)

Summary Potential vulnerabilities in axios module has been identified that may affect IBM Cloud Pak for Data. Vulnerability Details IBM X-Force ID: 386108 DESCRIPTION: axios is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the format method. By...

Security Bulletin: IBM Cloud Pak for Data is vulnerable to Inefficient Regular Expression Complexity due to cross-spawn ( CVE-2024-21538 )

Summary Potential vulnerabilities in cross-spawn module CVE-2024-21538 has been identified that may affect IBM Cloud Pak for Data. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular...

TencentOS Server 3: nodejs (TSSA-2023:0049)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0049 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 3: nodejs:18 (TSSA-2023:0232)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0232 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 4: python-configobj (TSSA-2024:1010)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:1010 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 3: nodejs:16 (TSSA-2023:0231)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0231 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Regular expression Denial of Service - ReDoS

Description A regular expression denial of service ReDoS vulnerability has been identified in the Hugging Face Transformers library's MarianTokenizer. The vulnerability exists in the removelanguagecode method of the MarianTokenizer class, which processes text to remove language codes. The method...

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

CVE-2022-26134 - Atlassian Confluence OGNL Injection RCE...

Security Bulletin: A vulnerability in Babel affects IBM Robotic Process Automation and could result in inefficient regular expression complexity (CVE-2025-27789).

Summary A vulnerability in Babel affects IBM Robotic Process Automation and could result in inefficient regular expression complexity CVE-2025-27789. Babel is used by IBM Robotic Process Automation as part of it's UI framework. This security bulletin identifies the fixes required to resolve the...

Regular Expression Denial Of Service (ReDoS)

brace-expansion is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient handling of complex or nested patterns in regular expressions within the expand function of the file index.js, allows an attacker to remotely cause excessive resource consumption...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2025-1677)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2025-1678)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP11 : ruby (EulerOS-SA-2025-1677)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method.CVE-2025-272...

Hibernate Validator < 6.2 / 7.0 Arbitrary RCE

Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as ...