Incorrect Regular Expression

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Incorrect Regular Expression via the ip-restriction middleware. An attacker can bypass configured deny rules for IPv6 addresses by submitting non-canonical representations, such as...

CVE-2026-40110

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python's re.match to check incoming origins against the alloworiginpat configuration value. Because re.match only anchors at the start of the string and does not require a...

CVE-2026-23651

Permissive regular expression in Azure Compute Gallery allows an authorized attacker to elevate privileges locally...

Security Bulletin: Vulnerability in minimatch-3.0.4.tgz affects IBM Db2 Data Management Console(CVE-2022-3517)

Summary minimatch-3.0.4.tgz open source library is used by IBM Db2 Data Management Console . This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID:CVE-2022-3517 DESCRIPTION: minimatch is vulnerable to a denial of service, caused by a regular...

Incorrect Regular Expression

Hono is vulnerable to Incorrect Regular Expression. The vulnerability is due to improper validation of IPv4 octet ranges in the IP Restriction Middleware, which allows an attacker to craft malformed IP addresses to bypass IP-based access controls...

MiracleLinux 7 : python3-setuptools-39.2.0-10.0.5.0.1.el7.AXS7 (AXSA:2025-11012:02)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-11012:02 advisory. CVE-2022-40897: fix Regular Expression Denial of Service ReDoS in packageindex.py CVE-2024-6345: fix remote code execution in packageindex module...

Security Bulletin: Multiple vulnerabilities that affect IBM Db2 Intelligence Center (CVE-2025-47913, CVE-2022-25927, CVE-2025-6493, CWE-400, CWE-1333, CVE-2025-14687

Summary Multiple vulnerabilties fixed with Db2 Intelligence Center 1.1.3. Vulnerability Details CVEID:CVE-2025-47913 DESCRIPTION: SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. CVSS Source: CISA ADP CVSS Base...

EUVD-2017-0222

Malware in sbrugna...

EUVD-2017-17737

Malware in sbrugna...

EUVD-2015-2419

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2022-31086

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 incorrect...

Security Bulletin: IBM Storage Ceph is vulnerable to cross site scripting and denial of service via regular expressions in Grafana

Summary Grafana is used by IBM Storage Ceph as a metrics dashboard, requiring the use of angular to function. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2022-25869, CVE-2023-26118, CVE-2022-25844, CVE-2023-26116, CVE-2024-21490, CVE-2023-26117...

CVE-2021-39938

A vulnerable regular expression pattern in GitLab CE/EE since version 8.15 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to cause uncontrolled resource consumption leading to Denial of Service via specially crafted...

Security Bulletin: The Dashboard of IBM Sterling B2B Integrator is Vulnerable to Denial of Service Due to Prototype (CVE-2020-27511)

Summary IBM Sterling B2B Integrator has addressed the denial of service security vulnerability Vulnerability Details CVEID:CVE-2020-27511 DESCRIPTION: Prototype is vulnerable to a denial of service, caused by a regular expression denial of service ReDOS flaw in the stripTags and unescapeHTML...

rubygem-globalid: ReDoS vulnerability

A flaw was found in rubygem-globalid. RubyGem’s GlobalID gem is vulnerable to a denial of service issue caused by a regular expression denial of service ReDoS flaw in the model name parsing. By sending a specially-crafted regex input, a remote attacker can cause a denial of service...

SUSE CVE-2006-4566

Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service crash via a malformed JavaScript regular expression that ends with a backslash in an unterminated character set "\", which leads to a buffer over-read...

SUSE CVE-2015-8384

PCRE before 8.38 mishandles the /?J?'d'?'d'\gd/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScri...

GHSA-3RFM-JHWJ-7488 loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable

A Regular expression denial of service ReDoS flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js. A badly or maliciously formed string could be used to send crafted requests that cause a system to crash or take ...

GHSA-7F3X-2WCX-HWW8 steal vulnerable to Regular Expression Denial of Service via input variable

A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal via the input variable in main.js...

nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes

A regular expression denial of service ReDoS vulnerability was found in nodejs-ansi-regex. This could possibly cause an application using ansi-regex to use an excessive amount of CPU time when matching crafted ANSI escape codes...