CVE-2025-24026 iTop Inefficient Regular Expression Complexity vulnerability

iTop is an web based IT Service Management tool. Versions prior to 3.2.1 are vulnerable to regular expression denial of service ReDoS that may, under some circumstances, affect iTop server. Version 3.2.1 doesn't use the affected variable in the regular expression. As a workaround, if iTop...

Alibaba Cloud Linux 3 : 0072: nodejs:14 (ALINUX3-SA-2021:0072)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0072 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-22930: RESERVED This candidate ha...

iTop 安全漏洞

iTop is a simple, web-based IT service management tool from Combodo Open Source. A security vulnerability exists in iTop versions prior to 3.2.1 that stems from a regular expression denial of service that may affect the server...

Alibaba Cloud Linux 3 : 0057: python-mako (ALINUX3-SA-2023:0057)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2023:0057 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-40023: Sqlalchemy mako before 1.2.2 is...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to transformers-4.46.3-py3-none-any.whl CVE-2024-12720

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to transformers-4.46.3-py3-none-any.whl CVE-2024-12720. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-12720 DESCRIPTION: A Regular Expression Denial of Service...

Important: amazon-cloudwatch-agent

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

Important: amazon-cloudwatch-agent

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2025-1539)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2 : amazon-cloudwatch-agent (ALAS-2025-2851)

The version of amazon-cloudwatch-agent installed on the remote host is prior to 1.300054.1-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2851 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service [CVE-2024-6827, CVE-2025-1194]

Summary Python modules gunicorn and transformers are used by IBM App Connect Enterprise Certified Container when providing mapping assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service. This bulletin...

CVE-2025-46821 Envoy vulnerable to bypass of RBAC uri_template permission

Envoy is a cloud-native edge/middle/service proxy. Prior to versions 1.34.1, 1.33.3, 1.32.6, and 1.31.8, Envoy's URI template matcher incorrectly excludes the character from a set of valid characters in the URI path. As a result URI path containing the character will not match a URI template...

Regular Expression Denial Of Service (ReDoS)

Transformers is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression processing due to a regex with exponential time complexity in the SubWordJapaneseTokenizer class, leading to excessive backtracking and high CPU usage...

CGI: ReDoS in CGI::Util#escapeElement

A flaw was found in Ruby's CGI gem. The CGI::UtilescapeElement method is vulnerable to Regular expression Denial of Service ReDoS, allowing a specially crafted input to cause a high CPU consumption...

CGI: ReDoS in CGI::Util#escapeElement

A flaw was found in Ruby's CGI gem. The CGI::UtilescapeElement method is vulnerable to Regular expression Denial of Service ReDoS, allowing a specially crafted input to cause a high CPU consumption...

CVE-2025-4215

A vulnerability was found in gorhill uBlock Origin up to 1.63.3b16. It has been classified as problematic. Affected is the function currentStateChanged of the file src/js/1p-filters.js of the component UI. The manipulation leads to inefficient regular expression complexity. It is possible to laun...

CVE-2025-4215

A vulnerability was found in gorhill uBlock Origin up to 1.63.3b16. It has been classified as problematic. Affected is the function currentStateChanged of the file src/js/1p-filters.js of the component UI. The manipulation leads to inefficient regular expression complexity. It is possible to laun...

CVE-2025-4215

CVE-2025-4215 affects gorhill uBlock Origin up to 1.63.3b16, specifically the UI function currentStateChanged in src/js/1p-filters.js. The issue is described as an inefficient regular expression pattern used in filters, which can be triggered remotely and carries a relatively high attack complexi...

CVE-2025-4215 gorhill uBlock Origin UI 1p-filters.js currentStateChanged redos

A vulnerability was found in gorhill uBlock Origin up to 1.63.3b16. It has been classified as problematic. Affected is the function currentStateChanged of the file src/js/1p-filters.js of the component UI. The manipulation leads to inefficient regular expression complexity. It is possible to laun...

Security Bulletin: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing, affects watsonx.data

Summary An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-45338 DESCRIPTION: An attacker can craft an input to the Parse...

CVE-2025-1194

A Regular Expression Denial of Service ReDoS vulnerability was identified in the huggingface/transformers library, specifically in the file tokenizationgptneoxjapanese.py of the GPT-NeoX-Japanese model. The vulnerability occurs in the SubWordJapaneseTokenizer class, where regular expressions...