EUVD-2026-0800

Anthropic's MCP TypeScript SDK versions up to and including 1.25.1 contain a regular expression denial of service ReDoS vulnerability in the UriTemplate class when processing RFC 6570 exploded array patterns. The dynamically generated regular expression used during URI matching contains nested...

CVE-2026-0621 MCP TypeScript SDK UriTemplate Exploded Array Pattern ReDoS

Anthropic's MCP TypeScript SDK versions up to and including 1.25.1 contain a regular expression denial of service ReDoS vulnerability in the UriTemplate class when processing RFC 6570 exploded array patterns. The dynamically generated regular expression used during URI matching contains nested...

CVE-2025-15453

Milvus up to 2.6.7 is affected in the HTTP Endpoint component: the expr.Exec in pkg/util/expr/expr.go can deserialize crafted input, enabling remote code execution. Public exploit exists; remote exploitation may occur with a crafted code parameter sent to /expr, as noted by multiple sources. Reme...

CVE-2025-15453 milvus HTTP Endpoint expr.go expr.Exec deserialization

A security vulnerability has been detected in milvus up to 2.6.7. This vulnerability affects the function expr.Exec of the file pkg/util/expr/expr.go of the component HTTP Endpoint. The manipulation of the argument code leads to deserialization. Remote exploitation of the attack is possible. The...

Important: amazon-cloudwatch-agent

Issue Overview: SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. CVE-2025-47914 SSH servers parsing GSSAPI authentication requests do not validate the number...

milvus 代码问题漏洞

milvus is a high-performance cloud-native vector database open-sourced by The Milvus Project. A code issue vulnerability exists in milvus version 2.6.7 and earlier, which stems from the incorrect manipulation of the parameter code of the function expr.Exec in the file pkg/util/expr/expr.go of the...

Exploit for Improper Control of Dynamically-Managed Code Resources in N8N

n8nCVE-2025-686...

Regular Expression Denial of Service (ReDoS)

Overview raxe is a RAXE Community Edition - AI Security for Everyone. 460+ threat detection rules, L2 CPU-based ML, always free. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in matcher.py, which may attempt to test pattern matches indefinitely...

PT-2026-28674

Name of the Vulnerable Software and Affected Versions path-to-regexp versions prior to 8.4.0 Description The software is susceptible to a Regular Expression Denial of Service ReDoS condition when handling multiple wildcard characters combined with at least one parameter. This issue arises because...

PT-2026-26486

Name of the Vulnerable Software and Affected Versions league/commonmark versions 2.3.0 through 2.8.1 Description The DomainFilteringAdapter within the Embed extension is susceptible to an allowlist bypass because of a missing hostname boundary assertion in the domain-matching regular expression. ...

Exploit for Expression Language Injection in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

🔴 ExploitDB RAG A RAG Retrieval Augmented Generation system...

Exploit for CVE-2025-68613

--- 📑 Table of Contents - 🎯 Executive Summary-exec...

Exploit for CVE-2025-68613

CVE-2025-68613 – n8n Critical RCE Exploitation Overview T...

Exploit for CVE-2025-68613

n8n Authenticated Expression Injection RCE – CVE-2025-68613...

AlmaLinux 9 : opentelemetry-collector (ALSA-2025:23729)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2025:23729 advisory. github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation CVE-2025-68156 Tenable has extracted the preceding...

CVE-2025-68475

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2, a Regular Expression Denial of Service ReDoS vulnerability exists in Fedify's document loader. The HTML parsing regex at...

Security Bulletin: Multiple vulnerabilities in IBM® Db2® affect IBM® Db2® Big SQL.

Summary There are multiple vulnerabilities in IBM® Db2® 11.5 used by IBM® Db2® Big SQL 7 on IBM Cloud Pak for Data 4.7 and earlier. Vulnerability Details CVEID:CVE-2015-8383 DESCRIPTION: PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a deni...

opentelemetry-collector security update

An update is available for opentelemetry-collector. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Collector with the supported components for a Rocky Enterpris...

RLSA-2025:23729 Important: opentelemetry-collector security update

Collector with the supported components for a Rocky Enterprise Software Foundation build of OpenTelemetry Security Fixes: github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation CVE-2025-68156 For more details about the security issues, including the...

n8n Node.js Package 0.211.0 < 1.120.4 / 1.121.0 Remote Code Execution via Expression Injection (CVE-2025-68613)

The version of the n8n Node.js Package installed on the remote host is 0.211.0 prior to 1.120.4, or 1.121.0. It is, therefore, affected by a remote code execution vis expression injection vulnerability: - n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior...