66 matches found
Astra Linux – Vulnerability in node-cookiejar
Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service ReDoS attacks through the Cookie.parse function, which uses an insecure regular expression...
CLSA-2025-1764324770 Fix CVE(s): CVE-2022-30688
SECURITY UPDATE: insecure regex patterns for interpreter detection - debian/patches/CVE-2022-30688.patch: prevent local privilege escalation by anchoring interpreter regex patterns - CVE-2022-30688...
EUVD-2022-7081
Malicious code in bioql PyPI...
EUVD-2022-6284
Malicious code in bioql PyPI...
EUVD-2025-31772
Malicious code in bioql PyPI...
CVE-2025-10659
The CVE-2025-10659 entry concerns MegaSys/MegaSys Telenium Online Web Application. A PHP endpoint accessible to unauthenticated network users improperly terminates a regular expression check, failing to validate or sanitize input. This leads to an OS command injection remote code execution risk o...
PT-2025-40025
Name of the Vulnerable Software and Affected Versions MegaSys Telenium Online Web Application affected versions not specified Description The Telenium Online Web Application contains a critical command injection flaw stemming from an insecurely terminated regular expression check within a PHP...
ManageEngine SupportCenter Plus < 14.9 Build 14940 Privilege Escalation
The version of ManageEngine SupportCenter Plus installed on the remote host is prior to 14.9 Build 14940. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-8309 advisory. - A privilege escalation vulnerability caused by the overly permissive regular expression regex rule...
K000150967: Angular JS vulnerabilities CVE-2023-26117 and CVE-2023-26118
Security Advisory Description CVE-2023-26117 Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted...
XML External Entity (XXE) Injection
Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection due to the usage of improperly secured regular expressions in the scan and findCharSet methods of the XmlScanner class. By exploiting UCS-4 encoding and encoding guessing techniques, attackers can...
Regular Expression Denial Of Service (ReDoS)
uri is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to the insecure Regex pattern used for the RFC3986URI and RFC3986relativeref parameters in the rfc3986parser.rb, which allows an attacker to crash the application by providing maliciously crafted URI...
Regular Expression Denial Of Service (ReDoS)
time is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to the insecure Regex pattern used in the rfc2822 function of time.rb, which allows an attacker to crash the application by providing an invalid time...
DEBIAN-CVE-2023-26118
Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service ReDoS via the element due to the usage of an insecure regular expression in the inputurl functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result ...
CVE-2023-26117
Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic...
CVE-2023-26117
Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic...
UBUNTU-CVE-2023-26117
Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic...
CVE-2023-26116
Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service ReDoS via the angular.copy utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in...
UBUNTU-CVE-2023-26118
Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service ReDoS via the element due to the usage of an insecure regular expression in the inputurl functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result ...
UBUNTU-CVE-2023-26116
Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service ReDoS via the angular.copy utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic...