CVE-2026-41040

GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service ReDoS via a crafted input string...

GROWI 安全漏洞

GROWI is an enterprise-level open-source knowledge base/Wiki system built using Node.js and React by GROWI Inc. GROWI has a security vulnerability that stems from a susceptibility to regular expression denial-of-service attacks...

minimatch: minimatch: Denial of Service via specially crafted glob patterns

A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...

@nocobase/database has SQL Injection via String Concatenation through Recursive Eager Loading

Summary The queryParentSQL function in the core database package constructs a recursive CTE query by joining nodeIds with string concatenation instead of using parameterized queries. The nodeIds array contains primary key values read from database rows. An attacker who can create a record with a...

Nuclei: Environment variable disclosure via Response-Derived DSL Expressions

A vulnerability in Nuclei's expression evaluation engine makes it possible for a malicious target server to inject and execute supported DSL expressions. This happens when HTTP response data containing helper/function syntax gets reused by multi-step templates. If the -env-vars / -ev option is...

GHSA-JM34-66CF-QPVR Nuclei: Environment variable disclosure via Response-Derived DSL Expressions

A vulnerability in Nuclei's expression evaluation engine makes it possible for a malicious target server to inject and execute supported DSL expressions. This happens when HTTP response data containing helper/function syntax gets reused by multi-step templates. If the -env-vars / -ev option is...

GHSA-5PV5-XH52-HVRP uutils coreutils has an Incorrect Short Circuit Evaluation Issue

A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized subexpressions during the parsing phase rather than at the execution phase. This implementation flaw prevents the utility from performing proper short-circuiting for logical OR | and AND & operation...

uutils coreutils has an Incorrect Short Circuit Evaluation Issue

A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized subexpressions during the parsing phase rather than at the execution phase. This implementation flaw prevents the utility from performing proper short-circuiting for logical OR | and AND & operation...

UBUNTU-CVE-2026-35378

A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized subexpressions during the parsing phase rather than at the execution phase. This implementation flaw prevents the utility from performing proper short-circuiting for logical OR | and AND & operation...

CVE-2026-35378

A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized subexpressions during the parsing phase rather than at the execution phase. This implementation flaw prevents the utility from performing proper short-circuiting for logical OR | and AND & operation...

minimatch: minimatch: Denial of Service via specially crafted glob patterns

A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the path-to-regexp library

Summary Due to use of the path-to-regexp library, DevOps Test Performance and Rational Performance Tester contain a potential Regular Expression Denial of Service ReDoS vulnerability. Vulnerability Details CVEID:CVE-2026-4923 DESCRIPTION: Impact: When using multiple wildcards, combined with at...

SUSE-SU-2026:21380-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2026-32259: stack out-of-bounds write due to a memory allocation failure in the sixel encoder can lead to a crash bsc1259612. - CVE-2026-32636: out-of-bounds write of a single zero byte due to bug the NewXMLTree method can lead to deni...

EUVD-2026-24545

An incorrect regular expression vulnerability was identified in GitHub Enterprise Server that allowed an attacker to bypass OAuth redirect URI validation. An attacker with knowledge of a first-party OAuth application's registered callback URL could craft a malicious authorization link that, when...

Linux Distros Unpatched Vulnerability : CVE-2026-35378

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized subexpressions during the parsing phase rather than at the...

CVE-2026-4296

An incorrect regular expression vulnerability was identified in GitHub Enterprise Server that allowed an attacker to bypass OAuth redirect URI validation. An attacker with knowledge of a first-party OAuth application's registered callback URL could craft a malicious authorization link that, when...

CVE-2026-4296

CVE-2026-4296 concerns an incorrect regular expression vulnerability in GitHub Enterprise Server that bypasses the OAuth redirect URI validation. An attacker who knows a first-party OAuth app’s registered callback URL could craft a malicious authorization link that, when clicked by a victim, redi...

Regular Expression Denial of Service (ReDoS)

Overview signalk-server is an An implementation of a Signal K server for boats. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the contextMatcher and pathMatcher functions. An attacker can cause the server to become unresponsive and exhaust CPU...

GHSA-7GCJ-PHFF-2884 Signal K Server has an Unauthenticated Regular Expression Denial of Service (ReDoS) via WebSocket Subscription Paths

Summary The SignalK server is vulnerable to an unauthenticated Regular Expression Denial of Service ReDoS attack within its WebSocket subscription handling logic. By injecting unescaped regex metacharacters into the context parameter of a stream subscription, an attacker can force the server's...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the path-to-regexp package

Summary Due to use of the path-to-regexp package, DevOps Test Performance and Rational Performance Tester contain a potential Regular Expression Denial of Service ReDoS vulnerability. Vulnerability Details CVEID:CVE-2026-4867 DESCRIPTION: Impact: A bad regular expression is generated any time you...