CVE-2024-28254

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The ‎AlertUtil::validateExpression method evaluates an SpEL expression using getValue which by default uses the...

CVE-2024-28848

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The ‎CompiledRule::validateExpression method evaluates an SpEL expression using an StandardEvaluationContext, allowing the...

CVE-2024-0715

Expression Language Injection vulnerability in Hitachi Global Link Manager on Windows allows Code Injection.This issue affects Hitachi Global Link Manager: before 8.8.7-03...

CVE-2024-8048

In Progress Telerik Reporting versions prior to 2024 Q3 18.2.24.924, a code execution attack is possible using object injection via insecure expression evaluation...

Security Bulletin: IBM Cloud Pak for Network Automation 2.7.5 addresses multiple security vulnerabilities.

Summary IBM Cloud Pak for Network Automation 2.7.5 addresses multiple security vulnerabilities. Vulnerability Details CVEID:CVE-2024-32879 DESCRIPTION: Python Social Auth Django could allow a remote authenticated attacker to bypass security restrictions, caused by improper handling of case...

openSUSE Security Advisory (SUSE-SU-2025:0310-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for python-pydantic

This update for python-pydantic fixes the following issues: CVE-2024-3772: Fixed Regular expression DoS bsc1222806 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed f...

SUSE-SU-2025:0310-1 Security update for python-pydantic

This update for python-pydantic fixes the following issues: - CVE-2024-3772: Fixed Regular expression DoS bsc1222806...

CVE-2025-0367

In versions 3.1.0 and lower of the Splunk Supporting Add-on for Active Directory, also known as SA-ldapsearch, a vulnerable regular expression pattern could lead to a Regular Expression Denial of Service ReDoS attack...

CVE-2025-0367 Regular Expression Denial of Service (ReDoS) in Splunk Supporting Add-on for Active Directory (SA-ldapsearch)

In versions 3.1.0 and lower of the Splunk Supporting Add-on for Active Directory, also known as SA-ldapsearch, a vulnerable regular expression pattern could lead to a Regular Expression Denial of Service ReDoS attack...

CVE-2025-0367

CVE-2025-0367 affects the Splunk Supporting Add-on for Active Directory (SA-ldapsearch). The vulnerable component is a regular expression pattern in versions 3.1.0 and earlier, which can be exploited to trigger a Regular Expression Denial of Service (ReDoS). Public records indicate a potential im...

CVE-2025-0367 Regular Expression Denial of Service (ReDoS) in Splunk Supporting Add-on for Active Directory (SA-ldapsearch)

In versions 3.1.0 and lower of the Splunk Supporting Add-on for Active Directory, also known as SA-ldapsearch, a vulnerable regular expression pattern could lead to a Regular Expression Denial of Service ReDoS attack...

Security Bulletin: The Dashboard of IBM Sterling B2B Integrator is Vulnerable to Denial of Service Due to Prototype (CVE-2020-27511)

Summary IBM Sterling B2B Integrator has addressed the denial of service security vulnerability Vulnerability Details CVEID:CVE-2020-27511 DESCRIPTION: Prototype is vulnerable to a denial of service, caused by a regular expression denial of service ReDOS flaw in the stripTags and unescapeHTML...

Security Bulletin: Vulnerability in Eclipse EE4J Jakarta Expression Language affects watsonx.data

Summary Eclipse EE4J Jakarta Expression Language is vulnerable to bypass security restrictions attacks. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2021-28170 DESCRIPTION: Eclipse EE4J Jakarta Expression Language could allow a remote attacker to bypass security restrictions,...

Security Bulletin: IBM QRadar Network Packet Capture includes components with multiple known vulnerabilities

Summary The product includes multiple vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. IBM has addressed the relevant CVEs. Vulnerability Details CVEID:CVE-2024-4032 DESCRIPTION: An unspecified error with ipaddress considers some not...

Splunk Supporting Add-on for Active Directory 安全漏洞

Splunk Supporting Add-on for Active Directory SA-ldapsearch is an add-on for Active Directory from Splunk. A security vulnerability exists in Splunk Supporting Add-on for Active Directory version 3.1.0 and earlier, which stems from a vulnerable regular expression pattern that could lead to a...

Security Bulletin: A pillarjs path-to-regexp vulnerability affects IBM Safer Payments (CVE-2024-45296)

Summary pillarjs path-to-regexp is used by IBM Safer Payments as part of UI navigation routes. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: pillarjs Path-to-RegExp is vulnerable to a denial of service, caused by a regular expression denial of...

Security Bulletin: A vulnerability in react affects IBM Robotic Process Automation and may result in a denial of service (CVE-2024-45296).

Summary A vulnerability in React affects IBM Robotic Process Automation and may result in a denial of service. React is used by IBM Robotic Process Automation as part of it's UI Framework. This bulletin identifies the security fix to apply to address the vulnerability. Vulnerability Details...

Security Bulletin: IBM App Connect Enterprise is vulnerable to Regular Expression Denial of Service (ReDoS) due to cross-spawn(CVE-2024-21538)

Summary IBM App Connect Enterprise is vulnerable to Regular Expression Denial of Service ReDoS due to cross-spawn. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper...

Security Bulletin: IBM App Connect Enterprise is vulnerable to backtracking due to path-to-regexp (CVE-2024-52798)

Summary IBM App Connect Enterprise Connector Discovery and OpenAPI Editor and IBM App Connect Enterprise Discovery Connectors are vulnerable to backtracking due to path-to-regexp. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION: path-to-regexp turns path strings into a regular expressions...