Rack::Sendfile header-based X-Accel-Mapping regex injection enables unauthorized X-Accel-Redirect

Summary Rack::Sendfilemapaccelpath interpolates the value of the X-Accel-Mapping request header directly into a regular expression when rewriting file paths for X-Accel-Redirect. Because the header value is not escaped, an attacker who can supply X-Accel-Mapping to the backend can inject regex...

OpenClaw Denial of Service Vulnerability (CNVD-2026-15152)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a denial of service hole that can be exploited by attackers to cause regular expression injection and denial of service...

CVE-2026-22178 OpenClaw < 2026.2.19 - ReDoS and Regex Injection via Unescaped Feishu Mention Metadata

OpenClaw versions prior to 2026.2.19 construct RegExp objects directly from unescaped Feishu mention metadata in the stripBotMention function, allowing regex injection and denial of service. Attackers can craft nested-quantifier patterns or metacharacters in mention metadata to trigger catastroph...

EUVD-2021-32236

Malicious code in bioql PyPI...

VulnNodeApp - A Vulnerable Node.Js Application

A vulnerable application made using node.js, express server and ejs template engine. This application is meant for educational purposes only. Setup Clone this repository git clone https://github.com/4auvar/VulnNodeApp.git Application setup: Install the latest node.js version with npm. Open...

CVE-2021-45470

lib/DatabaseLayer.py in cve-search before 4.1.0 allows regular expression injection, which can lead to ReDoS regular expression denial of service or other impacts...

Code injection

lib/DatabaseLayer.py in cve-search before 4.1.0 allows regular expression injection, which can lead to ReDoS regular expression denial of service or other impacts...

CVE-2021-45470

The CVE-2021-45470 entry impacts cve-search prior to 4.1.0, where lib/DatabaseLayer.py is vulnerable to regular expression injection. This flaw can trigger ReDoS (regular expression denial of service) and potentially other impacts as described in multiple sources. Root cause is insufficient input...

GitHub Security Lab: [Python] CWE-400: Regular Expression Injection

This bug was reported directly to GitHub Security Lab...

Discuz! X-Series remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

0x01 vulnerability root causes The root of the problem is that the api/uc. php file in the updatebadwords method, the code is as follows: function updatebadwords$get, $post global $G; if! APIUPDATEBADWORDS return APIRETURNFORBIDDEN; $data = array; ifisarray$post foreach$post as $k = $v...