MAL-2026-5310 Malicious code in regexp-ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 33f86b654ba85b8393a661095dbca749a30cc352525fa1712773654a8221e2e3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in regexp-ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 33f86b654ba85b8393a661095dbca749a30cc352525fa1712773654a8221e2e3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2026-35041

fast-jwt provides fast JSON Web Token JWT implementation. From 5.0.0 to 6.2.0, a denial-of-service condition exists in fast-jwt when the allowedAud verification option is configured using a regular expression. Because the aud claim is attacker-controlled and the library evaluates it against the...

ROOT-APP-NPM-CVE-2024-45296 CVE-2024-45296 in @rootio/path-to-regexp - Patched by Root

Root has patched CVE-2024-45296 in the @rootio/path-to-regexp package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2024-52798 CVE-2024-52798 in @rootio/path-to-regexp - Patched by Root

Root has patched CVE-2024-52798 in the @rootio/path-to-regexp package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-4926 CVE-2026-4926 in @rootio/path-to-regexp - Patched by Root

Root has patched CVE-2026-4926 in the @rootio/path-to-regexp package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-4867 CVE-2026-4867 in @rootio/path-to-regexp - Patched by Root

Root has patched CVE-2026-4867 in the @rootio/path-to-regexp package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-4923 CVE-2026-4923 in @rootio/path-to-regexp - Patched by Root

Root has patched CVE-2026-4923 in the @rootio/path-to-regexp package for Root:npm. Multiple fixed versions available...

CVE-2026-8888

Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp without complexity validation. An on-path attacker can inject specific patterns to cause catastrophic backtracking, resulting in...

CLSA-2026-1780391238 Fix CVE(s): CVE-2026-8376

SECURITY UPDATE: heap buffer overflow in the regexp compiler 32-bit - debian/patches/CVE-2026-8376.patch: guard against an SSizet overflow when sizing the joined fixed-substring buffer in Perlstudychunk in regcomp.c; backported from upstream commit 5e7f119eb2bb1181be908701f22bf7068e722f1c. -...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in path-to-regexp-0.1.12.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in path-to-regexp-0.1.12.tgz Vulnerability Details CVEID:CVE-2026-4867 DESCRIPTION: Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses path-to-regexp-0.1.12.tgz which is vulnerable to CVE-2026-4867

Summary Security Bulletin: IBM Maximo Application Suite - Monitor Component uses path-to-regexp-0.1.12.tgz which is vulnerable to CVE-2026-4867.This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-4867 DESCRIPTION: Impact: A bad regular expression ...

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to a vulnerability in path-to-regexp

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to a vulnerability in path-to-regexp. CVE-2026-4867 The vulnerability have been addressed. Vulnerability Details CVEID:CVE-2026-4867 DESCRIPTION: Impact: A bad regular expression is generated any time...

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in path-to-regexp

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in path-to-regexp. CVE-2026-4923, CVE-2026-4926 The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-4923 DESCRIPTION: Impact: When using multiple...

CVE-2026-8376

Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perlstudychunk in regcompstudy.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a lar...

UBUNTU-CVE-2026-9256

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string that references...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Path-to-Regexp vulnerability (USN-8290-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8290-1 advisory. It was discovered that Path-to-Regexp incorrectly handled route patterns containing multiple named parameters...

USN-8290-1: Path-to-Regexp vulnerability

It was discovered that Path-to-Regexp incorrectly handled route patterns containing multiple named parameters separated by non-delimiter characters such as hyphens. An attacker could possibly use this issue to cause a denial of service via catastrophic backtracking in the generated regular...

Astra Linux - уязвимость в thunderbird, firefox

It was possible to interrupt the processing of a RegExp bailout and execute additional JavaScript code, potentially triggering garbage collection when the engine did not expect it. This vulnerability has been fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8...

Astra Linux - уязвимость в firefox, thunderbird

When calling JS::CheckRegExpSyntax, a syntax error may be set, resulting in the call to convertToRuntimeErrorAndClear. A path within the function might attempt to allocate memory when no memory is available, causing a newly created Out of Memory exception to be misinterpreted as a syntax error...