CVE-2025-69873

CVE-2025-69873 affects ajv (up to v8.17.1). The pattern keyword using $data accepts runtime data and passes it to JavaScript RegExp() without validation, enabling ReDoS with crafted input (e.g., "^(a|a)*$"). This can cause significant CPU usage per request when dynamic schema validation is used. ...

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.npm:ajv is an Another JSON Schema Validator Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to improper validation of the pattern keyword when combined with $data references. An attacker can cause the application to become...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the matchpattern function due to inefficient processing of the complex regular expressions. An attacker can cause resource exhaustion by supplying specially crafted input that...

GHSA-9FFM-FXG3-XRHH NiceGUI's Path Traversal via Unsanitized FileUpload.name Enables Arbitrary File Write

Summary NiceGUI's FileUpload.name property exposes client-supplied filename metadata without sanitization, enabling path traversal when developers use the pattern UPLOADDIR / file.name. Malicious filenames containing ../ sequences allow attackers to write files outside intended directories, with...

PT-2026-6528

Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern in github.com/rancher/local-path-provisioner...

Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern

Impact A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories. Example: apiVersion: storage.k8s.io/v1 kind: StorageClass metadata:...

The First 90 Seconds: How Early Decisions Shape Incident Response Investigations

Many incident response failures do not come from a lack of tools, intelligence, or technical skills. They come from what happens immediately after detection, when pressure is high, and information is incomplete. I have seen IR teams recover from sophisticated intrusions with limited telemetry. I...

PT-2026-6443

Impact A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories. Example: apiVersion: storage.k8s.io/v1 kind: StorageClass metadata:...

PT-2026-6543

Name of the Vulnerable Software and Affected Versions rancher.io/local-path-provisioner versions prior to 0.0.34 Description A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or...

CVE-2020-37065 StreamRipper32 2.6 - Buffer Overflow

StreamRipper32 version 2.6 contains a buffer overflow vulnerability in the Station/Song Section that allows attackers to overwrite memory by manipulating the SongPattern input. Attackers can craft a malicious payload exceeding 256 bytes to potentially execute arbitrary code and compromise the...

CVE-2020-37065 StreamRipper32 2.6 - Buffer Overflow

StreamRipper32 version 2.6 contains a buffer overflow vulnerability in the Station/Song Section that allows attackers to overwrite memory by manipulating the SongPattern input. Attackers can craft a malicious payload exceeding 256 bytes to potentially execute arbitrary code and compromise the...

CVE-2020-37065

CVE-2020-37065 affects StreamRipper32 version 2.6. The vulnerability is a buffer overflow in the Station/Song Section triggered by the SongPattern input, where payloads exceeding 256 bytes can overwrite memory and potentially lead to arbitrary code execution and application compromise. Documented...

YARA-X 1.12.0

YARA-X is a re-incarnation of YARA, a pattern matching tool designed with malware researchers in mind. This new incarnation intends to be faster, safer and more user-friendly than its predecessor. The ultimate goal of YARA-X is replacing YARA as the default pattern matching tool for malware...

Incorrect Regular Expression

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Incorrect Regular Expression in the form of the IPV4REGEX pattern not properly matching IPv4 octet ranges, and passing values above 255 on to convertIPv4ToBinary. An attacker can gain...

SUSE CVE-2025-68383

Improper Validation of Specified Index, Position, or Offset in Input CWE-1285 in Filebeat Syslog parser and the Libbeat Dissect processor can allow a user to trigger a Buffer Overflow CAPEC-100 and cause a denial of service panic/crash of the Filebeat process via either a malformed Syslog message...

Pytest security vulnerabilities

Pytest is a testing framework based on the Python language, developed by the Pytest team. Pytest versions 9.0.2 and earlier have security vulnerabilities. These vulnerabilities stem from reliance on directories with the /tmp/pytest-of-user naming pattern, which could allow local users to launch...

Azure Linux 3.0 Security Update: doxygen (CVE-2025-6140)

The version of doxygen installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-6140 advisory. - A vulnerability, which was classified as problematic, was found in spdlog up to 1.15.1. This affects the...

Azure Linux 3.0 Security Update: kernel (CVE-2025-37969)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37969 advisory. - In the Linux kernel, the following vulnerability has been resolved: iio: imu: stlsm6dsx: fix possible lockup...

MiracleLinux 9 : redis:7 (AXSA:2024-9438:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9438:01 advisory. redis: Redis SORTRO may bypass ACL configuration CVE-2023-41053 redis: possible bypass of Unix socket permissions on startup CVE-2023-45145 redis:...

EUVD-2026-3110

Malicious code in @riag-libs/pattern-library-react-hooks npm...