9311 matches found
MediaWiki - VisualData Extension 安全漏洞
MediaWiki - VisualData Extension is an open source data visualization extension for MediaWiki. A security vulnerability exists in MediaWiki - VisualData Extension version 1.45, which stems from inefficient regular expression complexity that could lead to exponential regular expression expansion...
Important: amazon-cloudwatch-agent
Issue Overview: SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. CVE-2025-47914 SSH servers parsing GSSAPI authentication requests do not validate the number...
PT-2026-1964
Name of the Vulnerable Software and Affected Versions MediaWiki - VisualData Extension version 1.45 Description An inefficient regular expression complexity issue exists in the MediaWiki - VisualData Extension. This allows for a Regular Expression Exponential Blowup, potentially leading to a deni...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-000169)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000169 advisory. In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words method with html=True and the truncatewordshtml template...
expr-eval: expr-eval: Prototype Pollution
A prototype pollution flaw was found in expr-eval. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution...
Regular Expression Denial of Service (ReDoS)
Overview @modelcontextprotocol/sdk is a Model Context Protocol implementation for TypeScript Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the UriTemplate processing when handling RFC 6570 exploded array patterns. An attacker can cause excessive...
Anthropic's MCP TypeScript SDK has a ReDoS vulnerability
Impact A ReDoS vulnerability in the UriTemplate class allows attackers to cause denial of service. The partToRegExp function generates a regex pattern with nested quantifiers ^/+?:,^/+ for exploded template variables e.g., /id, ?tags, causing catastrophic backtracking on malicious input. Who is...
EUVD-2026-0800
Anthropic's MCP TypeScript SDK versions up to and including 1.25.1 contain a regular expression denial of service ReDoS vulnerability in the UriTemplate class when processing RFC 6570 exploded array patterns. The dynamically generated regular expression used during URI matching contains nested...
CVE-2026-0621 MCP TypeScript SDK UriTemplate Exploded Array Pattern ReDoS
Anthropic's MCP TypeScript SDK versions up to and including 1.25.1 contain a regular expression denial of service ReDoS vulnerability in the UriTemplate class when processing RFC 6570 exploded array patterns. The dynamically generated regular expression used during URI matching contains nested...
CVE-2026-0621 MCP TypeScript SDK UriTemplate Exploded Array Pattern ReDoS
Anthropic's MCP TypeScript SDK versions up to and including 1.25.1 contain a regular expression denial of service ReDoS vulnerability in the UriTemplate class when processing RFC 6570 exploded array patterns. The dynamically generated regular expression used during URI matching contains nested...
CVE-2025-15453 milvus HTTP Endpoint expr.go expr.Exec deserialization
A security vulnerability has been detected in milvus up to 2.6.7. This vulnerability affects the function expr.Exec of the file pkg/util/expr/expr.go of the component HTTP Endpoint. The manipulation of the argument code leads to deserialization. Remote exploitation of the attack is possible. The...
CVE-2025-15453
Milvus up to 2.6.7 is affected in the HTTP Endpoint component: the expr.Exec in pkg/util/expr/expr.go can deserialize crafted input, enabling remote code execution. Public exploit exists; remote exploitation may occur with a crafted code parameter sent to /expr, as noted by multiple sources. Reme...
milvus 代码问题漏洞
milvus is a high-performance cloud-native vector database open-sourced by The Milvus Project. A code issue vulnerability exists in milvus version 2.6.7 and earlier, which stems from the incorrect manipulation of the parameter code of the function expr.Exec in the file pkg/util/expr/expr.go of the...
Important: amazon-cloudwatch-agent
Issue Overview: SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. CVE-2025-47914 SSH servers parsing GSSAPI authentication requests do not validate the number...
Exploit for Improper Control of Dynamically-Managed Code Resources in N8N
n8nCVE-2025-686...
Regular Expression Denial of Service (ReDoS)
Overview raxe is a RAXE Community Edition - AI Security for Everyone. 460+ threat detection rules, L2 CPU-based ML, always free. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in matcher.py, which may attempt to test pattern matches indefinitely...
PT-2026-28674
Name of the Vulnerable Software and Affected Versions path-to-regexp versions prior to 8.4.0 Description The software is susceptible to a Regular Expression Denial of Service ReDoS condition when handling multiple wildcard characters combined with at least one parameter. This issue arises because...
PT-2026-26486
Name of the Vulnerable Software and Affected Versions league/commonmark versions 2.3.0 through 2.8.1 Description The DomainFilteringAdapter within the Embed extension is susceptible to an allowlist bypass because of a missing hostname boundary assertion in the domain-matching regular expression. ...
Exploit for Expression Language Injection in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
🔴 ExploitDB RAG A RAG Retrieval Augmented Generation system...
Exploit for CVE-2025-68613
--- 📑 Table of Contents - 🎯 Executive Summary-exec...