Mozilla Firefox < 3.0.15

The version of Firefox installed on the remote Windows host is prior to 3.0.15. It is, therefore, affected by a vulnerability as referenced in the mfsa2009-55 advisory. - Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary...

SUSE CVE-2025-8262

A vulnerability was found in yarnpkg Yarn up to 1.22.22. It has been classified as problematic. Affected is the function explodeHostedGitFragment of the file src/resolvers/exotics/hosted-git-resolver.js. The manipulation leads to inefficient regular expression complexity. It is possible to launch...

GPT Academic Denial of Service Vulnerability (CNVD-2025-22736)

GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. GPT Academic suffers from a denial of service vulnerability that stems from the use of insecure regular expressions. An attacker could exploit this vulnerability to cause a regular...

PYSEC-2024-8

The JSON loader in Embedchain before 0.1.57 allows a ReDoS regular expression denial of service via a long string to json.py...

SUSE CVE-2007-2164

Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service browser crash or abort via JavaScript that matches a regular expression against a long string, as demonstrated using /./...

PT-2022-8071 · Rgb2Hex · Rgb2Hex

Name of the Vulnerable Software and Affected Versions: rgb2hex versions up to 0.1.5 Description: A vulnerability was found in the rgb2hex software, affecting some unknown processing. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely...

UBUNTU-CVE-2021-35065

The glob-parent package before 6.0.1 for Node.js allows ReDoS regular expression denial of service attacks against the enclosure regular expression...

Gitlab -- Multiple vulnerabilities

Gitlab reports: Path Traversal in LFS Upload Path traversal allows saving packages in arbitrary location Kubernetes agent API leaks private repos Terraform state deletion API exposes object storage URL Stored-XSS in error message of build-dependencies Git credentials persisted on disk Potential...

CVE-2019-5645

By sending a specially crafted HTTP GET request to a listening Rapid7 Metasploit HTTP handler, an attacker can register an arbitrary regular expression. When evaluated, this malicious handler can either prevent new HTTP handler sessions from being established, or cause a resource exhaustion on th...

Security Bulletin: API Connect minimatch CVE-2017-1556

Summary API Connect has addressed the following vulnerability. API Connect is vulnerable to a regular expression attack that could allow an authenticated attacker to use a regex and cause the system to slow or hang. Vulnerability Details CVEID: CVE-2017-1556 DESCRIPTION: IBM API Connect is...

CVE-2017-1556

IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular expression attack that could allow an authenticated attacker to use a regex and cause the system to slow or hang. IBM X-Force ID: 131546...

CVE-2017-1556

CVE-2017-1556 affects IBM API Connect versions 5.0.7.0–5.0.7.2. The vulnerability is a regular expression attack that could allow an authenticated attacker to provide inputs via regex to slow down or hang the system. IBM’s security bulletin notes the affected product and versions, with a fixed re...

DEBIAN-CVE-2013-2494

libdns in ISC DHCP 4.2.x before 4.2.5-P1 allows remote name servers to cause a denial of service memory consumption via vectors involving a regular expression, as demonstrated by a memory-exhaustion attack against a machine running a dhcpd process, a related issue to CVE-2013-2266...

UBUNTU-CVE-2013-2494

libdns in ISC DHCP 4.2.x before 4.2.5-P1 allows remote name servers to cause a denial of service memory consumption via vectors involving a regular expression, as demonstrated by a memory-exhaustion attack against a machine running a dhcpd process, a related issue to CVE-2013-2266...

CVE-2007-4771

CVE-2007-4771 is a heap-based overflow in ICU’s regex handling (doInterval in regexcmp.cpp) affecting ICU 3.8.1 and earlier. Attackers could cause memory consumption or denial of service by processing a crafted regular expression that writes a large amount of data to the backtracking stack. Affec...