Regular Expression Denial Of Service (ReDoS)

Hugging Face Transformers is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to the use of a regex pattern /^/^// in the converttfweightnametoptweightname function, which allows attackers to craft malicious input strings causing catastrophic backtracking and...

Linux Distros Unpatched Vulnerability : CVE-2019-9192

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the GNU C Library aka glibc or libc6 through 2.29, checkdstlimitscalcpos1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '|\1\1' in grep, ...

Trust Me, I Know This Function: Hijacking LLM Static Analysis Using Bias

Large Language Models LLMs are increasingly trusted to perform automated code review and static analysis at scale, supporting tasks such as vulnerability detection, summarization, and refactoring. In this paper, we identify and exploit a critical vulnerability in LLM-based code analysis: an...

Linux Distros Unpatched Vulnerability : CVE-2006-6893

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Tor allows remote attackers to discover the IP address of a hidden service by accessing this service at a high rate, thereby changing the server's CPU temperatu...

Linux Distros Unpatched Vulnerability : CVE-2016-5007

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping...

DEBIAN-CVE-2025-54363

Microsoft Knack 0.12.0 allows Regular expression Denial of Service ReDoS in the knack.introspection module. extractfullsummaryfromsignature employs an inefficient regular expression pattern: "\s:param\s+.+?\s:." that is susceptible to catastrophic backtracking when processing crafted docstrings...

Linux Distros Unpatched Vulnerability : CVE-2019-20454

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode...

CVE-2025-50461

A deserialization vulnerability exists in Volcengine's verl 3.0.0, specifically in the scripts/modelmerger.py script when using the "fsdp" backend. The script calls torch.load with weightsonly=False on user-supplied .pt files, allowing attackers to execute arbitrary code if a maliciously crafted...

Linux Distros Unpatched Vulnerability : CVE-2023-20860

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismat...

Linux Distros Unpatched Vulnerability : CVE-2023-50291

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of th...

Security update for systemd

This update for systemd fixes the following issues: Remove the script used to help migrating the language and locale settings located in /etc/sysconfig/language on old systems to the systemd default locations bsc1247074 The script was introduced more than 7 years ago and all systems running TW...

SUSE-SU-2025:20597-1 Security update for systemd

This update for systemd fixes the following issues: - Remove the script used to help migrating the language and locale settings located in /etc/sysconfig/language on old systems to the systemd default locations bsc1247074 The script was introduced more than 7 years ago and all systems running TW...

Linux Distros Unpatched Vulnerability : CVE-2020-10029

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The GNU C Library aka glibc or libc6 before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains...

Malicious code in email-pattern (npm)

The package email-pattern was found to contain malicious code...

Malicious code in pattern-recognizer (npm)

The package pattern-recognizer was found to contain malicious code...

Malicious code in tgam-pattern-library (npm)

The package tgam-pattern-library was found to contain malicious code...

Malicious code in block-pattern-explorer (npm)

The package block-pattern-explorer was found to contain malicious code...

Malicious code in 121block-pattern-explorer (npm)

The package 121block-pattern-explorer was found to contain malicious code...

Malicious code in stats-pattern-library (npm)

The package stats-pattern-library was found to contain malicious code...

MAL-2025-28917 Malicious code in pattern-recognizer (npm)

The package pattern-recognizer was found to contain malicious code...