Amazon Linux 2023 : amazon-cloudwatch-agent (ALAS2023-2025-1358)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1358 advisory. SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read...

PT-2026-2108

Name of the Vulnerable Software and Affected Versions Flag Forge versions 2.3.2 and below Description Flag Forge is a Capture The Flag CTF platform susceptible to a Regular Expression Denial of Service ReDoS condition. The issue resides in the user profile API endpoint, /api/user/username. The...

CVE-2026-0668

Inefficient Regular Expression Complexity vulnerability in Wikimedia Foundation MediaWiki - VisualData Extension allows Regular Expression Exponential Blowup.This issue affects MediaWiki - VisualData Extension: 1.45...

CVE-2026-0668 VisualData extension: Regular Expression Denial of Service (ReDoS) via crafted user input

Inefficient Regular Expression Complexity vulnerability in Wikimedia Foundation MediaWiki - VisualData Extension allows Regular Expression Exponential Blowup.This issue affects MediaWiki - VisualData Extension: 1.45...

CVE-2026-0668 VisualData extension: Regular Expression Denial of Service (ReDoS) via crafted user input

Inefficient Regular Expression Complexity vulnerability in Wikimedia Foundation MediaWiki - VisualData Extension allows Regular Expression Exponential Blowup.This issue affects MediaWiki - VisualData Extension: 1.45...

Security Bulletin: Multiple vulnerabilities in IBM Controller

Summary Multiple vulnerabilities were addressed in IBM Controller. Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: The NPM package micromatch prior to 4.0.8 is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability occurs in micromatch.braces in index.js because the...

CVE-1999-0455

The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete files on the server via exprcalc.cfm, which does not restrict access to the server properly...

CVE-2019-16469

Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an expression language injection vulnerability. Successful exploitation could lead to sensitive information disclosure...

CVE-2019-16214

Libra Core before 2019-09-03 has an erroneous regular expression for inline comments, which makes it easier for attackers to interfere with code auditing by using a nonstandard line-break character for a comment. For example, a Move module author can enter the // sequence which introduces a...

CVE-2019-16555

A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way that wasn't interruptible, allowing attackers to have Jenkins evaluate a regular expression without the ability to interrupt this process...

CVE-2019-16405

Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location settings. CVE-2019-16405 and CVE-2019-17501 are similar to one another and may be the same...

CVE-2019-12041

lib/common/htmlre.js in remarkable 1.7.1 allows Regular Expression Denial of Service ReDoS via a CDATA section...

PT-2026-1964

Name of the Vulnerable Software and Affected Versions MediaWiki - VisualData Extension version 1.45 Description An inefficient regular expression complexity issue exists in the MediaWiki - VisualData Extension. This allows for a Regular Expression Exponential Blowup, potentially leading to a deni...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-000169)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000169 advisory. In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words method with html=True and the truncatewordshtml template...

MediaWiki - VisualData Extension 安全漏洞

MediaWiki - VisualData Extension is an open source data visualization extension for MediaWiki. A security vulnerability exists in MediaWiki - VisualData Extension version 1.45, which stems from inefficient regular expression complexity that could lead to exponential regular expression expansion...

Important: amazon-cloudwatch-agent

Issue Overview: SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. CVE-2025-47914 SSH servers parsing GSSAPI authentication requests do not validate the number...

expr-eval: expr-eval: Prototype Pollution

A prototype pollution flaw was found in expr-eval. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution...

Regular Expression Denial of Service (ReDoS)

Overview @modelcontextprotocol/sdk is a Model Context Protocol implementation for TypeScript Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the UriTemplate processing when handling RFC 6570 exploded array patterns. An attacker can cause excessive...

Anthropic's MCP TypeScript SDK has a ReDoS vulnerability

Impact A ReDoS vulnerability in the UriTemplate class allows attackers to cause denial of service. The partToRegExp function generates a regex pattern with nested quantifiers ^/+?:,^/+ for exploded template variables e.g., /id, ?tags, causing catastrophic backtracking on malicious input. Who is...

CVE-2026-0621 MCP TypeScript SDK UriTemplate Exploded Array Pattern ReDoS

Anthropic's MCP TypeScript SDK versions up to and including 1.25.1 contain a regular expression denial of service ReDoS vulnerability in the UriTemplate class when processing RFC 6570 exploded array patterns. The dynamically generated regular expression used during URI matching contains nested...