CVE-2020-7160

A iccselectdeviceseries expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

CVE-2020-7142

A eventinfocontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

CVE-2020-7171

A guidatadetail expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

CVE-2020-24650

A legend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

CVE-2020-24651

A syslogtempletselectwin expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

CVE-2024-39316

Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.5, Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending...

CVE-2026-21868

Flag Forge is a Capture The Flag CTF platform. Versions 2.3.2 and below have a Regular Expression Denial of Service ReDoS vulnerability in the user profile API endpoint /api/user/username. The application constructs a regular expression dynamically using unescaped user input the username paramete...

CVE-2024-41655

TF2 Item Format helps users format TF2 items to the community standards. Versions of tf2-item-format since at least 4.2.6 and prior to 5.9.14 are vulnerable to a Regular Expression Denial of Service ReDoS attack when parsing crafted user input. This vulnerability can be exploited by an attacker t...

CVE-2024-41148

A code injection vulnerability has been discovered in the Robot Operating System ROS 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'hz' verb, which reports the publishing rate of a topic and accepts a user-provided Python...

CVE-2025-66916

The snailjob component in RuoYi-Vue-Plus versions 5.5.1 and earlier, interface /snail-job/workflow/check-node-expression can execute QLExpress expressions, but it does not filter user input, allowing attackers to use the File class to perform arbitrary file reading and writing...

CVE-2025-66916

The snailjob component in RuoYi-Vue-Plus versions 5.5.1 and earlier, interface /snail-job/workflow/check-node-expression can execute QLExpress expressions, but it does not filter user input, allowing attackers to use the File class to perform arbitrary file reading and writing...

Regular Expression Denial of Service (ReDoS)

Overview diff is a javascript text differencing implementation. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the parsePatch and applyPatch functions if the user input passed without sanitisation. An attacker can cause the process to enter an...

Exploit for Expression Language Injection in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

SploitGPT An autonomous AI penetration testing agent that con...

CVE-2026-0668

A flaw was found in Wikimedia Foundation MediaWiki - VisualData Extension. A remote attacker could exploit an inefficient regular expression, leading to a Regular Expression Denial of Service ReDoS. This vulnerability allows an attacker to provide specially crafted input that causes the regular...

CVE-2026-21868

Flag Forge is a Capture The Flag CTF platform. Versions 2.3.2 and below have a Regular Expression Denial of Service ReDoS vulnerability in the user profile API endpoint /api/user/username. The application constructs a regular expression dynamically using unescaped user input the username paramete...

CVE-2026-21868

CVE-2026-21868 affects Flag Forge, specifically versions 2.3.2 and earlier. The vulnerability is a Regular Expression Denial of Service (ReDoS) in the user profile API endpoint /api/user/[username], where the application builds a regex dynamically from the unescaped username input. An attacker ca...

EUVD-2026-1664

Flag Forge is a Capture The Flag CTF platform. Versions 2.3.2 and below have a Regular Expression Denial of Service ReDoS vulnerability in the user profile API endpoint /api/user/username. The application constructs a regular expression dynamically using unescaped user input the username paramete...

CVE-2026-21868 Flag Forge has ReDoS Vulnerability in User Profile Lookup API

Flag Forge is a Capture The Flag CTF platform. Versions 2.3.2 and below have a Regular Expression Denial of Service ReDoS vulnerability in the user profile API endpoint /api/user/username. The application constructs a regular expression dynamically using unescaped user input the username paramete...

CVE-2026-21868 Flag Forge has ReDoS Vulnerability in User Profile Lookup API

Flag Forge is a Capture The Flag CTF platform. Versions 2.3.2 and below have a Regular Expression Denial of Service ReDoS vulnerability in the user profile API endpoint /api/user/username. The application constructs a regular expression dynamically using unescaped user input the username paramete...

CVE-2025-66916

The CVE-2025-66916 entry references the snailjob component in RuoYi-Vue-Plus versions 5.5.1 and earlier. The vulnerability occurs at the API endpoint /snail-job/workflow/check-node-expression, where QLExpress expressions are executed without input filtering, allowing an attacker to use the File c...