Astra Linux - уязвимость в firefox, thunderbird, rust-regex

Regex is an implementation of regular expressions for the Rust language. The regex crate includes built-in measures to prevent denial-of-service attacks caused by untrusted regexes or untrusted inputs matched by trusted regexes. These measures already provide reasonable defaults to prevent attack...

PT-2026-41778

Summary All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The FHIRPath functions matches, matchesFull, and replaceMatches pass user-controlled regular expressions directly to Java's Pattern.compile and String.replaceAll without...

Astra Linux - уязвимость в chromium

Before version 100.0.4896.88, using the "after free" feature in regular expressions in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

CVE-2026-6991

A vulnerability was determined in colinhacks Zod up to 4.3.6. The impacted element is an unknown function of the file packages/zod/src/v4/core/regexes.ts of the component CUID Data Type Handler. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit h...

CVE-2026-6991

A vulnerability was determined in colinhacks Zod up to 4.3.6. The impacted element is an unknown function of the file packages/zod/src/v4/core/regexes.ts of the component CUID Data Type Handler. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit h...

EUVD-2026-25667

A vulnerability was determined in colinhacks Zod up to 4.3.6. The impacted element is an unknown function of the file packages/zod/src/v4/core/regexes.ts of the component CUID Data Type Handler. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit h...

CVE-2026-6991 colinhacks Zod CUID Data Type regexes.ts sql injection

A vulnerability was determined in colinhacks Zod up to 4.3.6. The impacted element is an unknown function of the file packages/zod/src/v4/core/regexes.ts of the component CUID Data Type Handler. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit h...

CVE-2026-6991 colinhacks Zod CUID Data Type regexes.ts sql injection

A vulnerability was determined in colinhacks Zod up to 4.3.6. The impacted element is an unknown function of the file packages/zod/src/v4/core/regexes.ts of the component CUID Data Type Handler. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit h...

Zod 注入漏洞

Zod is a validation library developed by Colin McDonnell, with a focus on TypeScript. Versions of Zod 4.3.6 and earlier contained a injection vulnerability. This vulnerability stemmed from an unknown feature in the Component CUID Data Type Handler, specifically the file...

WordPress plugin Autoptimize 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

EUVD-2026-1047

AIOHTTP has unicode match groups in regexes for ASCII protocol elements...

Linux Distros Unpatched Vulnerability : CVE-2022-30688

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Regexes to detect the Perl, Python, and Ruby interpreters are not anchored,...

CVE-2025-54796

Copyparty is a portable file server. Versions prior to 1.18.9, the filter parameter for the "Recent Uploads" page allows arbitrary RegExes. If this feature is enabled which is the default, an attacker can craft a filter which deadlocks the server. This is fixed in version 1.18.9...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the filter parameter in the Recent Uploads page. An attacker can cause the server to become unresponsive by submitting specially crafted regular expressions. Note: This is exploitable if the Recent Uploads...

CVE-2025-54796

Copyparty is a portable file server. Versions prior to 1.18.9, the filter parameter for the "Recent Uploads" page allows arbitrary RegExes. If this feature is enabled which is the default, an attacker can craft a filter which deadlocks the server. This is fixed in version 1.18.9...

CVE-2024-25355

s3-url-parser 1.0.3 is vulnerable to Denial of service via the regexes component...

CVE-2024-10076 Jetpack < 13.8, Boost < 3.4.8 - Contributor+ Stored XSS

The Jetpack WordPress plugin before 13.8, Jetpack Boost WordPress plugin before 3.4.8 use regexes in the Site Accelerator features when switching image URLs to their CDN counterpart. Unfortunately, some of them may match patterns it shouldn’t, ultimately making it possible for contributor and abo...

Linux Distros Unpatched Vulnerability : CVE-2022-24713

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caus...

FOSUserBundle Entropy is lost in the TokenGenerator

Description Because of the usage of baseconvert which looses precision for large inputs, the entropy of tokens generated by FOSUserBundle for the email confirmation and password resetting is lost. This makes these tokens much less random than they are expected to be, and so not cryptographically...

GHSA-R4Q9-XX5G-J24P s3-url-parser vulnerable to Denial of Service via regexes component

s3-url-parser 1.0.3 is vulnerable to denial of service via the regexes component...