CVE-2025-35036 hibernate-validator insecure default Expression Language interpolation

Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as ...

CVE-2025-35036

CVE-2025-35036 affects Hibernate Validator prior to 6.2.0 and 7.0.0, where user-supplied input may be interpolated into constraint violation messages via Expression Language. This can lead to information disclosure or arbitrary Java code execution. The issue is mitigated in 6.2.0+ and 7.0.0+ by s...

[SECURITY] [DLA 4199-1] tcpdf security update

Debian LTS Advisory DLA-4199-1 [email protected] https://www.debian.org/lts/security/ Santiago Ruano Rincón May 31, 2025 https://wiki.debian.org/LTS Package : tcpdf Version : 6.3.5+dfsg1-1+deb11u1 CVE ID : CVE-2024-22640 CVE-2024-22641 CVE-2024-32489 CVE-2024-51058 CVE-2024-56519...

Exploit for Cross-site Scripting in Ibm Qradar_Security_Information_And_Event_Manager

CVE-2024-28784 — Stored XSS in IBM QRadar SIEM Rule Wizard...

CVE-2025-48887

vLLM, an inference and serving engine for large language models LLMs, has a Regular Expression Denial of Service ReDoS vulnerability in the file vllm/entrypoints/openai/toolparsers/pythonictoolparser.py of versions 0.6.4 up to but excluding 0.9.0. The root cause is the use of a highly complex and...

PYSEC-2025-50

vLLM, an inference and serving engine for large language models LLMs, has a Regular Expression Denial of Service ReDoS vulnerability in the file vllm/entrypoints/openai/toolparsers/pythonictoolparser.py of versions 0.6.4 up to but excluding 0.9.0. The root cause is the use of a highly complex and...

CVE-2025-48887 vLLM has a Regular Expression Denial of Service (ReDoS, Exponential Complexity) Vulnerability in `pythonic_tool_parser.py`

vLLM, an inference and serving engine for large language models LLMs, has a Regular Expression Denial of Service ReDoS vulnerability in the file vllm/entrypoints/openai/toolparsers/pythonictoolparser.py of versions 0.6.4 up to but excluding 0.9.0. The root cause is the use of a highly complex and...

CVE-2025-48887 vLLM has a Regular Expression Denial of Service (ReDoS, Exponential Complexity) Vulnerability in `pythonic_tool_parser.py`

vLLM, an inference and serving engine for large language models LLMs, has a Regular Expression Denial of Service ReDoS vulnerability in the file vllm/entrypoints/openai/toolparsers/pythonictoolparser.py of versions 0.6.4 up to but excluding 0.9.0. The root cause is the use of a highly complex and...

Security Bulletin: IBM App Connect Enterprise is vulnerable to Inefficient Regular Expression Complexity due to Babel ( CVE-2025-27789 )

Summary IBM App Connect Enterprise Discovery Connectors and IBM App Connect Enterprise Runtime are vulnerable to Inefficient Regular Expression Complexity due to Babel. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript. When using...

SQL Injection

Overview apache-superset is a modern, enterprise-ready business intelligence web application. Affected versions of this package are vulnerable to SQL Injection via the sqlExpression fields. An attacker can execute unauthorized sub-queries and access restricted data by injecting SQL. Remediation...

Regular Expression Denial Of Service (ReDoS)

vLLM is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to the use of a highly complex and nested regular expression for tool call detection, which allows an attacker to trigger excessive backtracking and degrade service performance...

Regular Expression Denial Of Service (ReDoS)

vllm is vulnerable to Regular Expression Denial of Service ReDoS attacks. The vulnerability is due to certain regular expression patterns that lead to catastrophic backtracking when processing crafted input, allowing an attacker to slow down or crash the application...

Talking Transactions: Decentralized Communication through Ethereum Input Data Messages (IDMs)

Can you imagine, blockchain transactions can talk! In this paper, we study how they talk and what they talk about. We focus on the input data field of Ethereum transactions, which is designed to allow external callers to interact with smart contracts. In practice, this field also enables users to...

vLLM 安全漏洞

vLLM is a high throughput and memory efficient inference and service engine for LLM from the vLLM open source. A security vulnerability exists in vLLM versions prior to 0.8.0 through 0.9.0, which stems from the fact that supplying an invalid regular expression when using structured output may...

Tenable Security Center Multiple Vulnerabilities (TNS-2025-09)

According to its self-reported version, the Tenable Security Center running on the remote host is prior to 6.6.0 and missing relevant patches. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2025-09 advisory. - In SQLite 3.44.0 through 3.49.0 before 3.49.1, the...

Uncaught Exception

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Uncaught Exception through the guidedregex parameter when using xgrammar validation. An attacker can cause the application to crash by sending an...

Regular Expression Denial Of Service (ReDoS)

marked is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expressions due to catastrophic backtracking when parsing HTML tags and markdown links with specially crafted input...

Regular Expression Denial of Service (ReDoS)

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in multiple locations in the code. An attacker can cause a denial of service by supplying specially craft...

vLLM vulnerable to Regular Expression Denial of Service

Summary A recent review identified several regular expressions in the vllm codebase that are susceptible to Regular Expression Denial of Service ReDoS attacks. These patterns, if fed with crafted or malicious input, may cause severe performance degradation due to catastrophic backtracking. 1...

GHSA-J828-28RJ-HFHP vLLM vulnerable to Regular Expression Denial of Service

Summary A recent review identified several regular expressions in the vllm codebase that are susceptible to Regular Expression Denial of Service ReDoS attacks. These patterns, if fed with crafted or malicious input, may cause severe performance degradation due to catastrophic backtracking. 1...