1156 matches found
minimatch: minimatch: Denial of Service via specially crafted glob patterns
A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...
minimatch: minimatch: Denial of Service via specially crafted glob patterns
A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...
OPENSUSE-SU-2026:20803-1 Security update for patterns-glibc-hwcaps
This update for patterns-glibc-hwcaps fixes the following issues: The pattern is moved from PackageHub to regular SLES. It requires packages for the x8664 v3 architecture and is automatically pulled in when this architecture is present. These packages are optimized for the x8664 v3 architecture t...
SUSE-SU-2026:21215-1 Security update for patterns-glibc-hwcaps
This update for patterns-glibc-hwcaps fixes the following issues: The pattern is moved from PackageHub to regular SLES. It requires packages for the x8664 v3 architecture and is automatically pulled in when this architecture is present. These packages are optimized for the x8664 v3 architecture t...
Regular Expression Denial Of Service (ReDoS)
minimatch is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient handling of multiple consecutive wildcards in glob patterns, leading to exponential backtracking in regex evaluation, which allows an attacker to cause significant performance degradatio...
Regular Expression Denial Of Service (ReDoS)
minimatch is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to nested extglob patterns generating regex with unbounded quantifiers, which allows an attacker to trigger catastrophic backtracking via crafted patterns and inputs, leading to significant performance...
ALSA-2026:7350 Important: nodejs:24 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Nodejs denial of service CVE-2026-21637 brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion...
PT-2026-31791
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he list files tool in FileTools validates the directory parameter against workspace boundaries via validate path, but passes the pattern parameter directly to Path.glob without any validation. Since Python's Path.glob supports .. pa...
CVE-2026-40031
MemProcFS before 5.17 contains multiple unsafe library-loading patterns that enable DLL and shared-library hijacking across six attack surfaces, including bare-name LoadLibraryU and dlopen calls without path qualification for vmmpyc, libMSCompression, and plugin DLLs. An attacker who places a...
minimatch: minimatch: Denial of Service via specially crafted glob patterns
A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...
minimatch: minimatch: Denial of Service via specially crafted glob patterns
A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...
GHSA-H27X-RFFW-24P4 Addressable has a Regular Expression Denial of Service in Addressable templates
Impact Within the URI template implementation in Addressable, two classes of URI template generate regular expressions vulnerable to catastrophic backtracking: 1. Templates using the explode modifier with any expansion operator e.g., foo, +var, var, /var, .var, ;var, ?var, &var generate patterns...
RHEL 8 : nodejs:22 (RHSA-2026:7123)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7123 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...
CVE-2026-35458
Gotenberg is an API for converting document formats. In 8.29.1 and earlier, Gotenberg uses dlclark/regexp2 to compile user-supplied scope patterns without setting a proper timeout. Users with access to features using this logic can hang workers indefinitely...
CVE-2026-35458
Gotenberg is an API for converting document formats. In 8.29.1 and earlier, Gotenberg uses dlclark/regexp2 to compile user-supplied scope patterns without setting a proper timeout. Users with access to features using this logic can hang workers indefinitely...
CVE-2026-35458
Gotenberg CVE-2026-35458 affects the Chromium module of Gotenberg (forms/chromium/screenshot/url) where user-supplied scope patterns are compiled with dlclark/regexp2 without a timeout, enabling ReDoS/backtracking that can hang workers and impact availability. Affected code paths and versions are...
CVE-2026-35458 Gotenberg has a ReDoS via extraHttpHeaders scope feature
Gotenberg is an API for converting document formats. In 8.29.1 and earlier, Gotenberg uses dlclark/regexp2 to compile user-supplied scope patterns without setting a proper timeout. Users with access to features using this logic can hang workers indefinitely...
Gotenberg 安全漏洞
Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg prior to 8.29.1 contained security vulnerabilities. These vulnerabilities stemmed from the use of dlclark/regexp2 to compile user-provid...
PT-2026-30852
Gotenberg is an API for converting document formats. In 8.29.1 and earlier, Gotenberg uses dlclark/regexp2 to compile user-supplied scope patterns without setting a proper timeout. Users with access to features using this logic can hang workers indefinitely...
SUSE-SU-2026:20973-1 Security update for cockpit-repos
This update for cockpit-repos fixes the following issue: - CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string bsc1258637...