42 matches found
CVE-2024-13926
The WP-Syntax WordPress plugin through 1.2 does not properly handle input, allowing an attacker to create a post containing a large number of tags, thereby exploiting a catastrophic backtracking issue in the regular expression processing to cause a DoS...
CVE-2024-13926 WP-Syntax <= 1.2 - Author+ Potential ReDoS
The WP-Syntax WordPress plugin through 1.2 does not properly handle input, allowing an attacker to create a post containing a large number of tags, thereby exploiting a catastrophic backtracking issue in the regular expression processing to cause a DoS...
CVE-2024-13926
CVE-2024-13926 affects the WP-Syntax WordPress plugin (versions up to 1.2). The vulnerability arises from improper input handling that lets an attacker craft a post with a large number of tags, triggering a catastrophic backtracking issue in the regular expression engine and causing a DoS. The en...
PT-2025-17359 · WordPress · Wp-Syntax
Name of the Vulnerable Software and Affected Versions: WP-Syntax WordPress plugin versions 1.2 and earlier Description: The issue arises from the plugin's improper handling of input, allowing an attacker to create a post with a large number of tags. This exploits a catastrophic backtracking issue...
SUSE CVE-2025-27220
In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method...
CVE-2025-25289 @octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
@octokit/request-error is an error class for Octokit request errors. Starting in version 1.0.0 and prior to version 6.1.7, a Regular Expression Denial of Service ReDoS vulnerability exists in the processing of HTTP request headers. By sending an authorization header containing an excessively long...
GHSA-XX4V-PRFH-6CGC @octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Summary A Regular Expression Denial of Service ReDoS vulnerability exists in the processing of HTTP request headers. By sending an authorization header containing an excessively long sequence of spaces followed by a newline and "@", an attacker can exploit inefficient regular expression processin...
PT-2024-29584
Name of the Vulnerable Software and Affected Versions fast-xml-parser versions prior to 4.4.1 Description A ReDOS issue exists in the currency.js component of the fast-xml-parser library, specifically affecting the experimental version 5. This issue can cause a denial of service during currency...
pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py
A flaw was found in Python Setuptools due to a regular expression Denial of Service ReDoS present in packageindex.py. This issue could allow a remote attacker to cause a denial of service via HTML in a crafted package or custom PackageIndex page...
OPENSUSE-SU-2024:0077-1 Security update for python-Django
This update for python-Django fixes the following issues: - CVE-2024-27351: Fixed a denial-of-service in regular expression of django.utils.text.Truncator.words boo1220358...
CVE-2021-40894
A Regular Expression Denial of Service ReDOS vulnerability was discovered in underscore-99xp v1.7.2 when the deepValueSearch function is called...
USN-5460-1 vim vulnerabilities
It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. CVE-2022-0554 It was discovered that Vim was not properly performing bounds checks for column numbers when replacing tabs...
PT-2022-16962
Name of the Vulnerable Software and Affected Versions ESAPI versions prior to 2.3.0.0 Description There is a potential for a cross-site scripting vulnerability in ESAPI caused by an incorrect regular expression for onsiteURL in the antisamy-esapi.xml configuration file. This can cause javascript:...
CVE-2021-42257
The CVE-2021-42257 issue affects check_smart prior to version 6.9.1, where an unprivileged user could gain unintended drive access because the check only matches a substring of a device path (the /dev/bus substring and a number) via an unanchored regular expression. The root cause is a permissive...
CVE-2021-23346
This affects the package html-parse-stringify before 2.0.1; all versions of package html-parse-stringify2. Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process...
MGASA-2020-0452 Updated oniguruma packages fix security vulnerability
In Oniguruma, an attacker able to supply a regular expression for compilation may be able to overflow a buffer by one byte in concatoptexactstr in src/regcomp.c CVE-2020-26159...
GHSA-M45F-4828-5CV5 Regular Expression Denial of Service in highcharts
Withdrawn: Duplicate of GHSA-xmc8-cjfr-phx3...
PYSEC-2020-340
In Mozilla Bleach before 3.1.4, bleach.clean behavior parsing style attributes could result in a regular expression denial of service ReDoS...
OPENSUSE-SU-2020:0274-1 Security update for python3
This update for python3 fixes the following issues: Security issues fixed: - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs bsc1162825. - CVE-2020-8492: Fixed a regular expression in urrlib that was prone to denial of service via HTTP bsc1162367. Non-security issue...
CVE-2015-5144
Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an 1 email message to the EmailValidator, a ...