UBUNTU-CVE-2026-44496

Axios is a promise based HTTP client for the browser and Node.js. Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line build a regular expression from the configured XSRF cookie name without escaping regex metacharacters. In standard browser environments, an attacker who...

EUVD-2026-34103

unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...

CVE-2026-27145

x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number...

python: Quadratic complexity in os.path.expandvars() with user-controlled template

A vulnerability in Python’s os.path.expandvars function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denia...

ROS-20260508-73-0014

Vulnerability in nodejs-minimatch related to the use of regular expression with inefficient computational complexity. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

Amazon Linux 2 : golang, --advisory ALAS2-2026-3259 (ALAS-2026-3259)

The version of golang installed on the remote host is prior to 1.25.9-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3259 advisory. SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at...

python: Quadratic complexity in os.path.expandvars() with user-controlled template

A vulnerability in Python’s os.path.expandvars function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denia...

CVE-2026-31937

Suricata is a network IDS, IPS and NSM engine. Prior to version 7.0.15, inefficiency in DCERPC buffering can lead to a performance degradation. This issue has been patched in version 7.0.15...

UBUNTU-CVE-2026-31932

Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, inefficiency in KRB5 buffering can lead to performance degradation. This issue has been patched in versions 7.0.15 and 8.0.4...

CVE-2026-31933

Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, specially crafted traffic can cause Suricata to slow down, affecting performance in IDS mode. This issue has been patched in versions 7.0.15 and 8.0.4...

Exploit for Inefficient Regular Expression Complexity in Ua-Parser-Js_Project Ua-Parser-Js

No d...

Oracle Linux 10 : gnutls (ELSA-2026-3477)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-3477 advisory. - Fix CVE-2025-9820, CVE-2025-14831, drop unused patches - Fix PKCS11 token initialization label overflow CVE-2025-9820 - Fix name constraint processi...

PT-2026-22079

Name of the Vulnerable Software and Affected Versions minimatch versions prior to 10.2.3 minimatch versions prior to 9.0.7 minimatch versions prior to 8.0.6 minimatch versions prior to 7.4.8 minimatch versions prior to 6.2.2 minimatch versions prior to 5.1.8 minimatch versions prior to 4.2.5...

PT-2026-22078

Name of the Vulnerable Software and Affected Versions minimatch versions prior to 3.1.3 minimatch versions 3.1.3 through 4.2.5 minimatch versions 4.2.5 through 5.1.8 minimatch versions 5.1.8 through 6.2.2 minimatch versions 6.2.2 through 7.4.8 minimatch versions 7.4.8 through 8.0.6 minimatch...

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

MiracleLinux 7 : bind-9.11.4-26.P2.16.0.2.el7.AXS7 (AXSA:2024-8817:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8817:03 advisory. CVE-2024-1737: add a limit to the number of RRs in RRSets and RR types for single name CVE-2024-1975: remove support for SIG0 message verification F...

OESA-2025-2867 golang security update

. Security Fixes: crypto/x509: Exclude subdomain constraints do not restrict wildcard SANs Exclude subdomain constraints in certificate chains do not restrict the use of wildcard SANs in leaf certificates. For example, excluding the constraint on the subdomain test.example.com does not prevent th...

CLSA-2025-1766136361 exiv2: Fix of CVE-2025-55304

CVE-2025-55304: add new method appendIccProfile to fix quadratic performance issue...

Low: python3.13

Issue Overview: If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment variables. CVE-2025-6075 Affected Packages: python3.13 Issue Correction: Run dnf update python3.13 --releasever 2023.9.20251208 or dnf update --advisory...

Low: python3.12

Issue Overview: If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment variables. CVE-2025-6075 Affected Packages: python3.12 Issue Correction: Run dnf update python3.12 --releasever 2023.9.20251208 or dnf update --advisory...