41 matches found
MGASA-2025-0290 Updated ruby packages fix security vulnerabilities
Net::IMAP vulnerable to possible DoS by memory exhaustion. CVE-2025-25186 In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it...
EUVD-2002-2154
Malware in sbrugna...
EUVD-2017-18163
Malware in sbrugna...
EUVD-2009-0366
Malware in sbrugna...
EUVD-2019-7013
Malware in sbrugna...
EUVD-2013-6959
Malware in sbrugna...
EUVD-2017-4374
Malware in sbrugna...
EUVD-2020-5609
Malware in sbrugna...
EUVD-2022-4672
Malicious code in bioql PyPI...
EUVD-2022-3503
Malicious code in bioql PyPI...
PT-2025-31053 · Unknown +1 · Yarnpkg Yarn +1
Name of the Vulnerable Software and Affected Versions: yarnpkg Yarn versions up to 1.22.22 Description: A vulnerability exists in the explodeHostedGitFragment function within the src/resolvers/exotics/hosted-git-resolver.js file. This manipulation results in inefficient regular expression...
CVE-2025-43880
CVE-2025-43880 affects GROWI up to version 7.1.5, due to an inefficient regular expression (CWE-1333) that can allow a logged-in user to cause a DoS. The issue is documented across multiple sources (NVD, JVN, Red Hat) with a remediation recommending upgrading to GROWI v7.1.6 or later. Exploitatio...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the listNames function. An attacker can cause significant CPU consumption and degrade server performance by supplying a crafted regular expression and influencing the set of resource names...
CVE-2025-5895
A vulnerability was found in Metabase 54.10. It has been classified as problematic. This affects the function parseDataUri of the file frontend/src/metabase/lib/dom.js. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit...
CVE-2025-48887 vLLM has a Regular Expression Denial of Service (ReDoS, Exponential Complexity) Vulnerability in `pythonic_tool_parser.py`
vLLM, an inference and serving engine for large language models LLMs, has a Regular Expression Denial of Service ReDoS vulnerability in the file vllm/entrypoints/openai/toolparsers/pythonictoolparser.py of versions 0.6.4 up to but excluding 0.9.0. The root cause is the use of a highly complex and...
CVE-2022-4891
A vulnerability has been found in Sisimai up to 4.25.14p11 and classified as problematic. This vulnerability affects the function toplain of the file lib/sisimai/string.rb. The manipulation leads to inefficient regular expression complexity. The exploit has been disclosed to the public and may be...
CVE-2021-43805
Solidus is a free, open-source ecommerce platform built on Rails. Versions of Solidus prior to 3.1.4, 3.0.4, and 2.11.13 have a denial of service vulnerability that could be exploited during a guest checkout. The regular expression used to validate a guest order's email was subject to exponential...
CVE-2021-3810
code-server is vulnerable to Inefficient Regular Expression Complexity...
Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (python-django) security update
An update for python-django is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
CVE-2024-13926
The WP-Syntax WordPress plugin through 1.2 does not properly handle input, allowing an attacker to create a post containing a large number of tags, thereby exploiting a catastrophic backtracking issue in the regular expression processing to cause a DoS...