Regular Expression Denial Of Service (ReDoS)

transformers is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression processing in the removelanguagecode method of the MarianTokenizer, which allows an attacker to exploit crafted input strings with malformed language code patterns ...

EUVD-2024-37586

Malicious code in bioql PyPI...

EUVD-2025-29032

Malicious code in bioql PyPI...

Hugging Face Transformers is vulnerable to ReDoS through its MarianTokenizer

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically affecting the MarianTokenizer's removelanguagecode method. This vulnerability is present in version 4.52.4 and has been fixed in version 4.53.0. The issue arises from...

CVE-2025-6638

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically affecting the MarianTokenizer's removelanguagecode method. This vulnerability is present in version 4.52.4 and has been fixed in version 4.53.0. The issue arises from...

CVE-2025-6638

CVE-2025-6638 affects Hugging Face Transformers, specifically MarianTokenizer.remove_language_code(). The vulnerability arises from inefficient regex processing that can be triggered by crafted input patterns, causing high CPU usage and potential DoS. Affected version: 4.52.4; fixed in 4.53.0. IB...

CVE-2025-6638 Regular Expression Denial of Service (ReDoS) in huggingface/transformers

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically affecting the MarianTokenizer's removelanguagecode method. This vulnerability is present in version 4.52.4 and has been fixed in version 4.53.0. The issue arises from...

PT-2025-37307

Name of the Vulnerable Software and Affected Versions: Hugging Face Transformers versions prior to 4.53.0 Description: A Regular Expression Denial of Service ReDoS vulnerability exists in the Hugging Face Transformers library, specifically affecting the remove language code method within the...

Regular expression Denial of Service - ReDoS

Description A regular expression denial of service ReDoS vulnerability has been identified in the Hugging Face Transformers library's MarianTokenizer. The vulnerability exists in the removelanguagecode method of the MarianTokenizer class, which processes text to remove language codes. The method...

CVE-2024-51709

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mariandz TeleAdmin teleadmin allows Reflected XSS.This issue affects TeleAdmin: from n/a through = 1.0.0...

CVE-2024-49654

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Marian Heddesheimer Extra Privacy for Elementor extra-privacy-for-elementor allows Reflected XSS.This issue affects Extra Privacy for Elementor: from n/a through = 0.1.3...

CVE-2024-49654 WordPress Extra Privacy for Elementor plugin <= 0.1.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Marian Heddesheimer Extra Privacy for Elementor extra-privacy-for-elementor allows Reflected XSS.This issue affects Extra Privacy for Elementor: from n/a through = 0.1.3...

CVE-2024-38738

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Marian Kadanka Change From Email allows Stored XSS.This issue affects Change From Email: from n/a through 1.2.1...

CVE-2024-38738

CVE-2024-38738 is a stored XSS in the WordPress Change From Email plugin affecting versions up to 1.2.1. The vulnerability arises from improper input neutralization during web page generation, enabling stored cross-site scripting. Public sources consistently reference Change From Email

Rare Interviews with Enigma Cryptanalyst Marian Rejewski

The Polish Embassy has posted a series of short interview segments with Marian Rejewski, the first person to crack the Enigma. Details from his biography...

Barracuda Spam Firewall 3.5.11.020, Model 600 - SQL Injection Vuln

No description provided by source. CVE Number: CVE-2008-1094 Vulnerability: SQL Injection Risk: Medium Attack vector: From Remote Vulnerability Discovered: 16th June 2008 Vendor Notified: 16th June 2008 Advisory Released: 15th December 2008 Abstract Barracuda Networks Spam Firewall is vulnerable ...

Unfixed XSS vulnerability at www.freakz.ro

Security researcher Marian, has submitted on 08/10/2011 a cross-site-scripting XSS vulnerability affecting www.freakz.ro, which at the time of submission ranked 83365 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 13/12/2011. It is currently...

Apache Struts 2 Cross Site Scripting

Security Advisory: MVSA-11-006 CVE: CVE-2011-1772 Vendor: Apache Software Foundation Product: Struts 2 Framework Vulnerabilities: Multiple Reflected XSS in XWork error pages Risk: High Attack Vector: From Remote Authentication: Not Required References: -...

Unfixed XSS vulnerability at img.b-zone.ro

Security researcher Marian, has submitted on 05/04/2011 a cross-site-scripting XSS vulnerability affecting img.b-zone.ro, which at the time of submission ranked 1595872 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 11/12/2011. It is currently...

MVSA-10-001 - Google Message Security SaaS - SQL Injection vulnerabilities

Security Advisory: MVSA-10-001 Vendor: Google Service: Google Message Security SaaS powered by Postini - Message Center II Vulnerabilities: SQL Injection Risk: High Attack Vector: From Remote Authentication: Required Reference: http://www.ventuneac.net/security-advisories/MVSA-10-001...