CVE-2020-7163

A navigationto expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

CVE-2020-7190

A deviceselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

CVE-2020-7185

A tvxlanlegend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

CVE-2020-7194

A perfaddormoddevicemonitor expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

CVE-2020-7173

A actionselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

CVE-2020-7155

A select expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

CVE-2020-7195

A iccselectrules expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

CVE-2020-7159

A customtemplateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

CVE-2020-7160

A iccselectdeviceseries expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

CVE-2020-7142

A eventinfocontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

CVE-2020-7171

A guidatadetail expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

CVE-2020-24650

A legend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

CVE-2020-24651

A syslogtempletselectwin expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

CVE-2024-39316

Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.5, Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending...

CVE-2026-21868

Flag Forge is a Capture The Flag CTF platform. Versions 2.3.2 and below have a Regular Expression Denial of Service ReDoS vulnerability in the user profile API endpoint /api/user/username. The application constructs a regular expression dynamically using unescaped user input the username paramete...

CVE-2024-41655

TF2 Item Format helps users format TF2 items to the community standards. Versions of tf2-item-format since at least 4.2.6 and prior to 5.9.14 are vulnerable to a Regular Expression Denial of Service ReDoS attack when parsing crafted user input. This vulnerability can be exploited by an attacker t...

CVE-2024-41148

A code injection vulnerability has been discovered in the Robot Operating System ROS 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'hz' verb, which reports the publishing rate of a topic and accepts a user-provided Python...

CVE-2025-66916

The snailjob component in RuoYi-Vue-Plus versions 5.5.1 and earlier, interface /snail-job/workflow/check-node-expression can execute QLExpress expressions, but it does not filter user input, allowing attackers to use the File class to perform arbitrary file reading and writing...

CVE-2025-66916

The snailjob component in RuoYi-Vue-Plus versions 5.5.1 and earlier, interface /snail-job/workflow/check-node-expression can execute QLExpress expressions, but it does not filter user input, allowing attackers to use the File class to perform arbitrary file reading and writing...

Regular Expression Denial of Service (ReDoS)

Overview diff is a javascript text differencing implementation. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the parsePatch and applyPatch functions if the user input passed without sanitisation. An attacker can cause the process to enter an...