CVE-2025-5896 tarojs taro index.js redos

A vulnerability was found in tarojs taro up to 4.1.1. It has been declared as problematic. This vulnerability affects unknown code of the file taro/packages/css-to-react-native/src/index.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely...

CVE-2025-5896 tarojs taro index.js redos

A vulnerability was found in tarojs taro up to 4.1.1. It has been declared as problematic. This vulnerability affects unknown code of the file taro/packages/css-to-react-native/src/index.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely...

CVE-2025-5896

The CVE-2025-5896 entry concerns taro/taro (up to version 4.1.1). The vulnerability exists in taro/packages/css-to-react-native/src/index.js and arises from inefficient regular-expression handling (ReDoS-like behavior) in that code path. The issue can be triggered remotely and, per sources, upgra...

CVE-2025-5892

A vulnerability, which was classified as problematic, has been found in RocketChat up to 7.6.1. This issue affects the function parseMessage of the file /apps/meteor/app/irc/server/servers/RFC2813/parseMessage.js. The manipulation of the argument line leads to inefficient regular expression...

CVE-2025-5895

A vulnerability was found in Metabase 54.10. It has been classified as problematic. This affects the function parseDataUri of the file frontend/src/metabase/lib/dom.js. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit...

CVE-2025-5895 Metabase dom.js parseDataUri redos

A vulnerability was found in Metabase 54.10. It has been classified as problematic. This affects the function parseDataUri of the file frontend/src/metabase/lib/dom.js. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit...

CVE-2025-5895

Summary of CVE-2025-5895 (Metabase) : Multiple sources describe a vulnerability in Metabase 54.10 affecting the function parseDataUri in frontend/src/metabase/lib/dom.js. The issue is described as inefficient regular-expression complexity (a redos-like condition) that can be triggered remotely. P...

CVE-2025-5892 RocketChat parseMessage.js parseMessage redos

A vulnerability, which was classified as problematic, has been found in RocketChat up to 7.6.1. This issue affects the function parseMessage of the file /apps/meteor/app/irc/server/servers/RFC2813/parseMessage.js. The manipulation of the argument line leads to inefficient regular expression...

CVE-2025-5892

CVE-2025-5892 affects Rocket.Chat up to 7.6.1. The issue is in the parseMessage.js function (parseMessage) where manipulation of the line argument causes inefficient regular expression complexity, enabling a potential remote attack. Public exploit information is present in the sources. Remediatio...

CVE-2025-5891

A vulnerability classified as problematic was found in Unitech pm2 up to 6.0.6. This vulnerability affects unknown code of the file /lib/tools/Config.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. The exploit has been disclosed to th...

CVE-2025-5890

A vulnerability classified as problematic has been found in actions toolkit 0.5.0. This affects the function globEscape of the file toolkit/packages/glob/src/internal-pattern.ts of the component glob. The manipulation leads to inefficient regular expression complexity. It is possible to initiate...

CVE-2025-5889

A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely...

CVE-2025-5889

A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely...

CVE-2025-5891

A vulnerability classified as problematic was found in Unitech pm2 up to 6.0.6. This vulnerability affects unknown code of the file /lib/tools/Config.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. The exploit has been disclosed to th...

CVE-2025-5891 Unitech pm2 Config.js redos

A vulnerability classified as problematic was found in Unitech pm2 up to 6.0.6. This vulnerability affects unknown code of the file /lib/tools/Config.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. The exploit has been disclosed to th...

CVE-2025-5891

CVE-2025-5891 affects Unitech pm2 (versions up to 6.0.6; also noted in advisories for 6.0.8) due to incorrect handling in /lib/tools/Config.js that enables an inefficient regular expression pattern, resulting in a Regular Expression Denial of Service (ReDoS). The vulnerability is remotely exploit...

CVE-2025-5890 actions toolkit glob internal-pattern.ts globEscape redos

A vulnerability classified as problematic has been found in actions toolkit 0.5.0. This affects the function globEscape of the file toolkit/packages/glob/src/internal-pattern.ts of the component glob. The manipulation leads to inefficient regular expression complexity. It is possible to initiate...

CVE-2025-5889

The CVE-2025-5889 entry concerns juliangruber brace-expansion prior to 4.0.1. The vulnerability affects the expand function in index.js, causing inefficient regular expression complexity. It may be exploitable remotely and exploitation is described as difficult but publicly disclosed. Upgrading t...

Regular expression Denial of Service - ReDoS

Description A regular expression denial of service ReDoS vulnerability has been identified in the Hugging Face Transformers library's CLVP number normalizer. The vulnerability exists in the normalizenumbers method of the EnglishNormalizer class, which converts numeric strings to their English wor...

Arbitrary Code Injection

org.hibernate.validator:hibernate-validator is vulnerable to Arbitrary Code Injection. The vulnerability is due to expression language injection due to interpolation of user-supplied input in constraint violation messages using Expression Language, which may allow attackers to access sensitive da...