33 matches found
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : Vim vulnerabilities (USN-8171-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8171-1 advisory. Nathan Mills discovered that Vim could crash when parsing certain regular expressions...
CVE-2026-30314
Ridvay Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations...
PT-2026-29253
Ridvay Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations...
CVE-2026-30307
Roo Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, i...
CVE-2025-10990 Rexml: rexml: denial of service via inefficient regex parsing
A flaw was found in REXML. A remote attacker could exploit inefficient regular expression regex parsing when processing hex numeric character references &x...; in XML documents. This could lead to a Regular Expression Denial of Service ReDoS, impacting the availability of the affected component...
CVE-2025-10990 Rexml: rexml: denial of service via inefficient regex parsing
A flaw was found in REXML. A remote attacker could exploit inefficient regular expression regex parsing when processing hex numeric character references &x...; in XML documents. This could lead to a Regular Expression Denial of Service ReDoS, impacting the availability of the affected component...
📄 libxml2 2.9.14 Remote Code Execution
libxml2 version 2.9.14 2022 proof of concept exploit for a heap buffer overflow in the xmlRegEpxFromParse function in xmlregexp.c. This version from the author is in the form of a Metasploit module...
CVE-2025-66305
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a Denial of Service DoS vulnerability was identified in the "Languages" submenu of the Grav admin configuration panel /admin/config/system. Specifically, the Supported parameter fails to properly validate user input. If a malformed value ...
SUSE-SU-2025:3910-1 Security update for poppler
This update for poppler fixes the following issues: - CVE-2025-43718: fixed uncontrolled recursion in the regex-based metadata parser when processing specially crafted PDF files bsc1250908 - CVE-2025-52885: improved pointer handling that could have led to dangling pointers when the vector is...
rexml: REXML: Denial of Service via inefficient regex parsing
A flaw was found in REXML. A remote attacker could exploit inefficient regular expression regex parsing when processing hex numeric character references &x...; in XML documents. This could lead to a Regular Expression Denial of Service ReDoS, impacting the availability of the affected component...
CVE-2025-58451 Cattown Vulnerable to Inefficient Regular Expression Complexity and Uncontrolled Resource Consumption
Cattown is a JavaScript markdown parser. Versions prior to 1.0.2 used regular expressions with inefficient, potentially exponential worst-case complexity. This could cause excessive CPU usage due to excessive backtracking on crafted inputs. In turn, the excessive CPU usage could lead to resource...
Amazon Linux 2 : docker (ALASNITRO-ENCLAVES-2025-057)
The version of docker installed on the remote host is prior to 20.10.17-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2025-057 advisory. Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could...
USN-7442-1 ruby2.3, ruby2.5 vulnerabilities
It was discovered that the Ruby CGI gem incorrectly handled parsing certain cookies. A remote attacker could possibly use this issue to consume resources, leading to a denial of service. CVE-2025-27219 It was discovered that the Ruby CGI gem incorrectly handled parsing certain regular expressions...
USN-7418-1 ruby2.7, ruby3.0, ruby3.2, ruby3.3 vulnerabilities
It was discovered that Ruby incorrectly handled parsing of an XML document that has specific XML characters in an attribute value using REXML gem. An attacker could use this issue to cause Ruby to crash, resulting in a denial of service. This issue only affected in Ubuntu 22.04 LTS, Ubuntu 24.04...
golang: regexp/syntax: limit memory used by parsing regexps
A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as...
Regular Expression Denial Of Service (ReDoS)
zod is vulnerable to Denial of Service DoS. The vulnerability is due to an inefficient regex expression that parses email addresses. An attacker can submit long email addresses, which will cause the Zod application to crash or become unresponsive...
golang: regexp/syntax: limit memory used by parsing regexps
A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as...
Moderate: golang-github-cpuguy83-md2man security, bug fix, and enhancement update
go-md2man converts markdown into roff man pages. Security Fixes: golang: regexp/syntax: limit memory used by parsing regexps CVE-2022-41715 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed...
ALSA-2023:2357 Moderate: git-lfs security and bug fix update
Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang:...
golang: regexp/syntax: limit memory used by parsing regexps
A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as...