SUSE CVE-2026-28356

multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 and 1.4.0-dev, the parseoptionsheader function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted HTTP or multipar...

CVE-2026-32249 NFA regex engine NULL pointer dereference affects Vim < 9.2.0137

Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range e.g. 0-0\u05bb, incorrectly emits the composing bytes of that character as separate NFA...

EUVD-2026-11607

multipart vulnerable to ReDoS in parseoptionsheader...

Regular Expression Denial of Service (ReDoS)

Overview multipart is a Parser for multipart/form-data Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the parseoptionsheader function due to the use of a regular expression with ambiguous alternation. An attacker can cause significant resource...

UBUNTU-CVE-2026-28356

multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 and 1.4.0-dev, the parseoptionsheader function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted HTTP or multipar...

EUVD-2026-11342

Parse Server has a SQL injection via query field name when using PostgreSQL...

Malicious Package

Overview transform-member-expression-literals is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it...

BIT-PARSE-2026-30925 Parse Server affected by Regular Expression Denial of Service (ReDoS) via `$regex` query in LiveQuery

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.0 and 8.6.11, a malicious client can subscribe to a LiveQuery with a crafted $regex pattern that causes catastrophic backtracking, blocking the Node.js event loop. This makes the...

CVE-2026-3968 AutohomeCorp frostmourne Oracle Nashorn JavaScript ExpressionRule.java scriptEngine.eval code injection

A vulnerability has been found in AutohomeCorp frostmourne up to 1.0. This affects the function scriptEngine.eval of the file ExpressionRule.java of the component Oracle Nashorn JavaScript Engine. Such manipulation of the argument EXPRESSION leads to code injection. The attack can be executed...

EUVD-2026-11493

A vulnerability has been found in AutohomeCorp frostmourne up to 1.0. This affects the function scriptEngine.eval of the file ExpressionRule.java of the component Oracle Nashorn JavaScript Engine. Such manipulation of the argument EXPRESSION leads to code injection. The attack can be executed...

Regular Expression Denial of Service (ReDoS)

Overview elysia is an Ergonomic Framework for Human Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the t.String process when handling URL formats. An attacker can cause significant performance degradation and service unavailability by submitting...

EUVD-2026-10860

Elysia has a string URL format ReDoS...

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

CVE Docker Lab A collection of Docker-based reproduction envi...

Security Bulletin: A security vulnerability in spring-expression-5.3.31.jar affects IBM DevOps Code ClearCase [CVE-2024-38808]

Summary A security vulnerability in spring-expression-5.3.31.jar affects IBM DevOps Code ClearCase CVE-2024-38808 Vulnerability Details CVEID:CVE-2024-38808 DESCRIPTION: In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially...

CVE-2025-70030

An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity 4.19 was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4...

Parse Server has Regular Expression Denial of Service (ReDoS) via `$regex` query in LiveQuery

Impact A malicious client can subscribe to a LiveQuery with a crafted $regex pattern that causes catastrophic backtracking, blocking the Node.js event loop. This makes the entire Parse Server unresponsive, affecting all clients. Any Parse Server deployment with LiveQuery enabled is affected. The...

GHSA-MF3J-86QX-CQ5J Parse Server has Regular Expression Denial of Service (ReDoS) via `$regex` query in LiveQuery

Impact A malicious client can subscribe to a LiveQuery with a crafted $regex pattern that causes catastrophic backtracking, blocking the Node.js event loop. This makes the entire Parse Server unresponsive, affecting all clients. Any Parse Server deployment with LiveQuery enabled is affected. The...

Regular Expression Denial of Service (ReDoS)

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the handling of $regex in the LiveQuery component. An attacker can cause the...

CVE-2026-30925

CVE-2026-30925 affects Parse Server with LiveQuery enabled. A crafted $regex subscription can cause catastrophic backtracking in JavaScript regex evaluation on the Node.js event loop, blocking the server and making the entire deployment unresponsive. This impacts all clients for affected deployme...

CVE-2026-30925 Parse Server affected by Regular Expression Denial of Service (ReDoS) via `$regex` query in LiveQuery

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.0-alpha.14 and 8.6.11, a malicious client can subscribe to a LiveQuery with a crafted $regex pattern that causes catastrophic backtracking, blocking the Node.js event loop. This...