Medium: ruby3.2

Issue Overview: Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time while the...

CBL Mariner 2.0 Security Update: python-setuptools / python3 (CVE-2022-40897)

The version of python-setuptools / python3 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-40897 advisory. - Python Packaging Authority PyPA setuptools before 65.5.1 allows remote attackers to cau...

CVE-2024-13896

The WP-GeSHi-Highlight — rock-solid syntax highlighting for 259 languages WordPress plugin through 1.4.3 processes user-supplied input as a regular expression via the wpgeshifilterreplacecode function, which could lead to Regular Expression Denial of Service ReDoS issue...

Security Bulletin: IBM Aspera Desktop App has multiple vulnerabilities related to Open Source dependencies (CVE-2025-27789 and CVE-2025-24010 )

Summary IBM Aspera Desktop App is affected by inefficient regular expression complexity which can cause excessive CPU cycles and lack of validation on the Origin header which could cause an unauthorized access to any functionality accessible to the communication source. These vulnerabilities have...

CVE-2024-13896

The WP-GeSHi-Highlight — rock-solid syntax highlighting for 259 languages WordPress plugin through 1.4.3 processes user-supplied input as a regular expression via the wpgeshifilterreplacecode function, which could lead to Regular Expression Denial of Service ReDoS issue...

CVE-2024-13896

The WP-GeSHi-Highlight — rock-solid syntax highlighting for 259 languages WordPress plugin through 1.4.3 processes user-supplied input as a regular expression via the wpgeshifilterreplacecode function, which could lead to Regular Expression Denial of Service ReDoS issue...

CVE-2024-13896 WP-GeSHi-Highlight <= 1.4.3 - Author+ ReDoS

The WP-GeSHi-Highlight — rock-solid syntax highlighting for 259 languages WordPress plugin through 1.4.3 processes user-supplied input as a regular expression via the wpgeshifilterreplacecode function, which could lead to Regular Expression Denial of Service ReDoS issue...

CVE-2024-13896 WP-GeSHi-Highlight <= 1.4.3 - Author+ ReDoS

The WP-GeSHi-Highlight — rock-solid syntax highlighting for 259 languages WordPress plugin through 1.4.3 processes user-supplied input as a regular expression via the wpgeshifilterreplacecode function, which could lead to Regular Expression Denial of Service ReDoS issue...

CVE-2024-13896

CVE-2024-13896 affects WP-GeSHi-Highlight for WordPress up to version 1.4.3. The plugin processes user-supplied input as a regular expression in wp_geshi_filter_replace_code(), which could trigger a Regular Expression Denial of Service (ReDoS). This is described in multiple connected records (inc...

PT-2025-15917 · WordPress · Wp-Geshi-Highlight

Name of the Vulnerable Software and Affected Versions: WP-GeSHi-Highlight versions 1.4.3 and earlier Description: The WP-GeSHi-Highlight WordPress plugin processes user-supplied input as a regular expression via the wp geshi filter replace code function, which could lead to a Regular Expression...

Suricata 安全漏洞

Suricata is a network IDS, IPS and NSM engine from the Open Information Security Foundation. A security vulnerability exists in Suricata that stems from a PCRE rule issue that could lead to an infinite loop...

Regular Expression Denial Of Service

uptime-kuma is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regex processing due to catastrophic backtracking triggered by crafted input during notification creation via the web service...

CVE-2025-32014 estree-util-value-to-estree allows prototype pollution in generated ESTree

estree-util-value-to-estree converts a JavaScript value to an ESTree expression. When generating an ESTree from a value with a property named proto, valueToEstree would generate an object that specifies a prototype instead. This vulnerability is fixed in 3.3.3...

CVE-2025-32014 estree-util-value-to-estree allows prototype pollution in generated ESTree

estree-util-value-to-estree converts a JavaScript value to an ESTree expression. When generating an ESTree from a value with a property named proto, valueToEstree would generate an object that specifies a prototype instead. This vulnerability is fixed in 3.3.3...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service [CVE-2024-21538]

Summary Node.js module cross-spawn is used by IBM App Connect Enterprise Certified Container when handling internal metrics. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability ...

Denial Of Service (DoS)

@mozilla/readability is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression processing caused by specially crafted titles, allowing an attacker to cause a local denial of service...

PT-2025-16186 · Git +1 · Javaparser

Name of the Vulnerable Software and Affected Versions: JavaParser affected versions not specified Description: The software is susceptible to a security exception triggered during the parsing of Java expressions. The crash state involves com.github.javaparser.GeneratedJavaParser.Expression,...

Security Bulletin: IBM Security QRadar Analyst Workflow for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. The update addresses these issues. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certa...

Important: thunderbird

Issue Overview: Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100. CVE-2022-29912 The parent process would not properly check whether the Speech Synthesis feature is...

GHSA-HX7H-9VF7-5XHG Uptime Kuma's Regular Expression in pushdeeer and whapi file Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

Summary There is a ReDoS vulnerability risk in the system, specifically when administrators create notification through the web servicepushdeer and whapi. If a string is provided that triggers catastrophic backtracking in the regular expression, it may lead to a ReDoS attack. Details The regular...