CVE-2026-42596

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, the default deny-lists used by Gotenberg's downloadFrom feature and webhook feature are bypassable. Because the filter is regex-based and case-sensitive, an unauthenticated attacker can supply URLs such as...

GHSA-4VMC-GM8V-M35H Gotenberg vulnerable to unauthenticated SSRF via default deny-list bypass in downloadFrom and webhook

Summary The default deny-lists used by Gotenberg's downloadFrom feature and webhook feature are bypassable. Because the filter is regex-based and case-sensitive, an unauthenticated attacker can supply URLs such as http://::ffff:127.0.0.1:... and reach loopback or private HTTP services that the...

EUVD-2020-0499

Malware in sbrugna...

[SECURITY] Fedora 38 Update: python-pygments-2.14.0-2.fc38

Pygments is a generic syntax highlighter suitable for use in code hosting, forums, wikis or other applications that need to prettify source code. Highlights are: a wide range of over 500 languages and other text formats is supported special attention is paid to details that increase highlighting...

nodejs-angular: XSS due to regex-based HTML replacement

A XSS flaw was found in nodejs-angular. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "" elements in "" ones changes parsing behavior, leading to possibly unsanitizing code...

nodejs-angular: XSS due to regex-based HTML replacement

A XSS flaw was found in nodejs-angular. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "" elements in "" ones changes parsing behavior, leading to possibly unsanitizing code...

Pytest Security Breach

Pytest is a Python language-based testing framework from the Pytest team. Pytest has a security vulnerability in py.path.svnwc that stems from a denial of service via a regular expression in py.path from the python-py svnwc component can be exploited by an attacker who can use the vulnerability t...

CVE-2020-14177

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Regex-based Denial of Service DoS vulnerability in JQL version searching. The affected versions are before version 7.13.16; from version 7.14.0 before 8.5.7; from versi...

Denial of service

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Regex-based Denial of Service DoS vulnerability in JQL version searching. The affected versions are before version 7.13.16; from version 7.14.0 before 8.5.7; from versi...

CVE-2020-14177

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Regex-based Denial of Service DoS vulnerability in JQL version searching. The affected versions are before version 7.13.16; from version 7.14.0 before 8.5.7; from versi...

Regex DoS via JQL version searching - CVE-2020-14177

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Regex-based Denial of Service DoS vulnerability in JQL version searching. Affected versions: version 7.13.16 8.0.0 ≤ version 8.5.7 8.6.0 ≤ version 8.10.2 8.11.0 ≤ versi...

Regex DoS via JQL version searching - CVE-2020-14177

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Regex-based Denial of Service DoS vulnerability in JQL version searching. Affected versions: version 7.13.16 8.0.0 ≤ version 8.5.7 8.6.0 ≤ version 8.10.2 8.11.0 ≤ versi...

Cross-site Scripting (XSS)

angular is vulnerable to cross-site scripting XSS. The vulnerability exists as the regex-based replacement, XHTMLTAGREGEXP, could convert sanitized code which has wrapped into , into unsanitized code...

CVE-2020-7676

angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "" elements in "" ones changes parsing behavior, leading to possibly unsanitizing code...

UBUNTU-CVE-2020-7676

angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "" elements in "" ones changes parsing behavior, leading to possibly unsanitizing code...

CVE-2020-7676

angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "" elements in "" ones changes parsing behavior, leading to possibly unsanitizing code...

Cross-site Scripting (XSS)

Overview angular is a package that lets you write client-side web applications as if you had a smarter browser. It also lets you use HTML as your template language and lets you extend HTML’s syntax to express your application’s components clearly and succinctly. Affected versions of this package...

Updated radicale packages fix CVE-2015-8748

Updated radicale package fixes security vulnerabilities: If an attacker is able to authenticate with a user name like .', he can bypass read/write limitations imposed by regex-based rules, including the built-in rules ownerwrite' read for everybody, write for the calendar owner and owneronly' rea...

Debian DSA-3462-1 : radicale - security update

Two vulnerabilities were fixed in radicale, a CardDAV/CalDAV server. - CVE-2015-8747 The not configured by default and not available on Wheezy multifilesystem storage backend allows read and write access to arbitrary files still subject to the DAC permissions of the user the radicale server is...

[SECURITY] [DSA 3462-1] radicale security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3462-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez January 30, 2016 https://www.debian.org/security/faq -...