PT-2026-48341

Name of the Vulnerable Software and Affected Versions Net::IMAP versions prior to 0.5.15 Net::IMAP versions prior to 0.6.5 Description Several commands in the Net::IMAP Ruby client accept raw string arguments that are only validated to prevent CRLF injection and are then sent verbatim. An incorre...

Debian dla-4621 : glibc-doc - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4621 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4621-1 [email protected]...

CVE-2026-6427 a3 Lazy Load <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Element

The a3 Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.7.6 This is due to a regex bug in the filtervideos method that breaks HTML attribute quoting when processing crafted elements, combined with unescaped output in the...

CVE-2026-6427 a3 Lazy Load <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Element

The a3 Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.7.6 This is due to a regex bug in the filtervideos method that breaks HTML attribute quoting when processing crafted elements, combined with unescaped output in the...

EUVD-2026-23128

Istio: AuthorizationPolicy serviceAccounts regex injection via unescaped dots...

Google Chrome < 3.30.33.15 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 3.30.33.15. It is, therefore, affected by multiple vulnerabilities as referenced in the 201501stable-update advisory. - Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.91 allow attackers to cause a...

GHSA-VHXF-7VQR-MRJG DOMPurify allows Cross-site Scripting (XSS)

DOMPurify before 3.2.4 has an incorrect template literal regular expression when SAFEFORTEMPLATES is set to true, sometimes leading to mutation cross-site scripting mXSS...

AZL-40733 CVE-2024-27282 affecting package ruby for versions less than 3.1.4-5

An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1...

CLSA-2023-1699908687 exim: Fix of CVE-2022-3559

CVE-2022-3559: Fix $regex use-after-free...

SUSE CVE-2011-3092

The regex implementation in Google V8, as used in Google Chrome before 19.0.1084.46, allows remote attackers to cause a denial of service invalid write operation or possibly have unspecified other impact via unknown vectors...

SUSE CVE-2011-3903

Google Chrome before 16.0.912.63 does not properly perform regex matching, which allows remote attackers to cause a denial of service out-of-bounds read via unspecified vectors...

SUSE CVE-2013-7176

config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression...

PT-2021-23668

Name of the Vulnerable Software and Affected Versions shell-quote versions prior to 1.7.3 Description The issue allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a...

DEBIAN-CVE-2013-7177

config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression...

UBUNTU-CVE-2012-6109

lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service infinite loop via a crafted Content-Disposion header...

UBUNTU-CVE-2011-3092

The regex implementation in Google V8, as used in Google Chrome before 19.0.1084.46, allows remote attackers to cause a denial of service invalid write operation or possibly have unspecified other impact via unknown vectors...