Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS through the manipulation of the Name argument. An attacker can cause the application to consume excessive resources leading to a denial of service by sending crafted inputs designed to trigger...

CVE-2025-3986

A vulnerability was found in Apereo CAS 5.2.6. It has been declared as problematic. This vulnerability affects unknown code of the file cas-5.2.6\core\cas-server-core-configuration-metadata-repository\src\main\java\org\apereo\cas\metadata\rest\CasConfigurationMetadataServerController.java. The...

CVE-2025-3985

A vulnerability was found in Apereo CAS 5.2.6. It has been classified as problematic. This affects the function ResponseEntity of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\ManageRegisteredServicesMultiActionController.java. The...

CVE-2025-3986

Summary for CVE-2025-3986 : Multiple sources describe a vulnerability in Apereo CAS 5.2.6 affecting the CasConfigurationMetadataServerController.java, where manipulation of the Name argument leads to inefficient regular-expression processing (ReDoS). The issue is exploitable remotely and an explo...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the search function. An attacker can occupy excessive system resources by passing a malicious string with nested groups as the query parameter. PoC https://xxxx.sso.com/search?query=.11...

CVE-2025-3985 Apereo CAS ResponseEntity redos

A vulnerability was found in Apereo CAS 5.2.6. It has been classified as problematic. This affects the function ResponseEntity of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\ManageRegisteredServicesMultiActionController.java. The...

CVE-2025-3985

CVE-2025-3985 affects Apereo CAS 5.2.6. The vulnerability lies in the ManageRegisteredServicesMultiActionController.java handling of the Query argument, causing inefficient regular expression backtracking (ReDoS) and potential remote exploitation. Public disclosures exist, with no fixed version r...

CVE-2025-3985 Apereo CAS ResponseEntity redos

A vulnerability was found in Apereo CAS 5.2.6. It has been classified as problematic. This affects the function ResponseEntity of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\ManageRegisteredServicesMultiActionController.java. The...

PT-2025-18016

Name of the Vulnerable Software and Affected Versions Apereo CAS version 5.2.6 Description A vulnerability was found in Apereo CAS, affecting the function ResponseEntity of the file ManageRegisteredServicesMultiActionController.java. The manipulation of the argument Query leads to inefficient...

PT-2025-18017

Name of the Vulnerable Software and Affected Versions Apereo CAS version 5.2.6 Description A vulnerability was found in the software, affecting the CasConfigurationMetadataServerController.java file. The manipulation of the Name argument leads to inefficient regular expression complexity, allowin...

CVE-2025-2811

A vulnerability was found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT250...

CVE-2025-2811 GL.iNet GL-A1300 Slate Plus API redos

A vulnerability was found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT250...

CVE-2025-2811 GL.iNet GL-A1300 Slate Plus API redos

A vulnerability was found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT250...

PT-2025-17954 · Gl.Inet · Gl-A1300 Slate Plus +22

Name of the Vulnerable Software and Affected Versions: GL.iNet GL-A1300 Slate Plus version 4.x GL.iNet GL-AR300M16 Shadow version 4.x GL.iNet GL-AR300M Shadow version 4.x GL.iNet GL-AR750 Creta version 4.x GL.iNet GL-AR750S-EXT Slate version 4.x GL.iNet GL-AX1800 Flint version 4.x GL.iNet...

Regular Expression Denial of Service (ReDoS)

Overview transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the token2json function in the processingdonut module. An attacker can cause high CPU usage and potential...

SUSE-SU-2025:1369-1 Security update for ruby2.5

This update for ruby2.5 fixes the following issues: - CVE-2025-27219: Fixed denial of service in CGI::Cookie.parse bsc1237804 - CVE-2025-27220: Fixed ReDoS in CGI::UtilescapeElement bsc1237806 Other fixes: - Improved fix for CVE-2024-47220 bsc1230930, bsc1235773...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (python-django) security update

An update for python-django is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CGI: ReDoS in CGI::Util#escapeElement

A flaw was found in Ruby's CGI gem. The CGI::UtilescapeElement method is vulnerable to Regular expression Denial of Service ReDoS, allowing a specially crafted input to cause a high CPU consumption...

K000150967: Angular JS vulnerabilities CVE-2023-26117 and CVE-2023-26118

Security Advisory Description CVE-2023-26117 Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted...

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.npm:brace-expansion is a WebJar for brace-expansion. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the expand function, which is prone to catastrophic backtracking on very long malicious inputs. PoC js import index from...