CVE-2026-6427 a3 Lazy Load <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Element

The a3 Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.7.6 This is due to a regex bug in the filtervideos method that breaks HTML attribute quoting when processing crafted elements, combined with unescaped output in the...

CVE-2026-6427 a3 Lazy Load <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Element

The a3 Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.7.6 This is due to a regex bug in the filtervideos method that breaks HTML attribute quoting when processing crafted elements, combined with unescaped output in the...

EUVD-2026-23128

Istio: AuthorizationPolicy serviceAccounts regex injection via unescaped dots...

Google Chrome < 3.30.33.15 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 3.30.33.15. It is, therefore, affected by multiple vulnerabilities as referenced in the 201501stable-update advisory. - Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.91 allow attackers to cause a...

GHSA-VHXF-7VQR-MRJG DOMPurify allows Cross-site Scripting (XSS)

DOMPurify before 3.2.4 has an incorrect template literal regular expression when SAFEFORTEMPLATES is set to true, sometimes leading to mutation cross-site scripting mXSS...

AZL-40733 CVE-2024-27282 affecting package ruby for versions less than 3.1.4-5

An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1...

CLSA-2023-1699908687 exim: Fix of CVE-2022-3559

CVE-2022-3559: Fix $regex use-after-free...

SUSE CVE-2011-3092

The regex implementation in Google V8, as used in Google Chrome before 19.0.1084.46, allows remote attackers to cause a denial of service invalid write operation or possibly have unspecified other impact via unknown vectors...

SUSE CVE-2011-3903

Google Chrome before 16.0.912.63 does not properly perform regex matching, which allows remote attackers to cause a denial of service out-of-bounds read via unspecified vectors...

SUSE CVE-2013-7176

config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression...

PT-2021-23668 · Unknown +1 · Shell-Quote +1

Name of the Vulnerable Software and Affected Versions: shell-quote versions prior to 1.7.3 Description: The issue allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a...

DEBIAN-CVE-2013-7177

config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression...

UBUNTU-CVE-2012-6109

lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service infinite loop via a crafted Content-Disposion header...

UBUNTU-CVE-2011-3092

The regex implementation in Google V8, as used in Google Chrome before 19.0.1084.46, allows remote attackers to cause a denial of service invalid write operation or possibly have unspecified other impact via unknown vectors...