CVE-2026-54300

The CVE-2026-54300 issue affects the Astro package @astrojs/netlify (Netlify adapter). Before version 7.0.13, the adapter converts image.remotePatterns into Netlify Image CDN images.remote_images regexes with broader semantics than Astro’s canonical matcher. Specifically, wildcards like .example....

CVE-2025-71379 vllm - Regular Expression Denial of Service in Multiple Components

vLLM versions = 0.6.3 and 0.9.0 contain multiple regular expression denial of service ReDoS vulnerabilities. Several regex patterns — in vllm/lora/utils.py, the phi4mini tool parser, and the OpenAI-compatible serving chat endpoint — are susceptible to catastrophic backtracking. An attacker...

Incomplete List of Disallowed Inputs

Overview @astrojs/netlify is a Deploy your site to Netlify Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the conversion process of image.remotePatterns to Netlify Image CDN images.remoteimages regular expressions. An attacker can access image-like...

CVE-2026-44631

A flaw was found in Apache HTTP Server. This buffer underwrite vulnerability occurs when processing crafted regular expressions in the server's configuration. An attacker could potentially exploit this to cause a denial of service. Mitigation Only loadtrustedApache configuration; the bug triggers...

OESA-2026-2658 perl security update

Perl 5 is a highly capable, feature-rich programming language with over 30 years of development. Perl 5 runs on over 100 platforms from portables to mainframes and is suitable for both rapid prototyping and large scale development projects. Security Fixes: Perl versions through 5.43.10 have a hea...

SUSE-SU-2026:22058-1 Security update for python-Pygments

This update for python-Pygments fixes the following issue: - CVE-2026-4539: Denial of Service via inefficient regular expression processing in AdlLexer bsc1260796...

Svelte 安全漏洞

Svelte is an open-source approach to building web applications. Versions of Svelte from 5.51.5 to 5.55.7 contained a security vulnerability. This vulnerability stemmed from the exponential increase in time taken for internal regular expression tests, which could lead to denial-of-service attacks...

CVE-2026-44631

Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

Apache HTTP Server 安全漏洞

Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. There were security vulnerabilities in Apache HTTP Server versions 2.4.0 to 2.4.67. These...

PT-2026-47325

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.0 through 2.4.67 Description A buffer underwrite issue exists when using crafted regular expressions within the configuration. Recommendations Upgrade to version 2.4.68...

tiny-regex-c 资源管理错误漏洞

tiny-regex-c is a lightweight regular expression parsing library developed by Kokke. There is a resource management vulnerability in tiny-regex-c, which stems from improper operation of the matchstar function in the pattern processing component of the file re.c. This vulnerability may lead to...

PT-2026-47240

A flaw has been found in kokke tiny-regex-c up to f2632c6d9ed25272987471cdb8b70395c2460bdb. This vulnerability affects the function matchstar of the file re.c of the component Pattern Handler. This manipulation causes inefficient regular expression complexity. The attack is restricted to local...

CVE-2026-8888

Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp without complexity validation. An on-path attacker can inject specific patterns to cause catastrophic backtracking, resulting in...

Sanic-CORS 安全漏洞

Sanic-CORS is a cross-domain resource sharing extension developed by Ashley Sommer. Versions of Sanic-CORS 2.2.0 and earlier contain security vulnerabilities. These vulnerabilities stem from improper use of regular expressions in the trymatch function; no anchor is added at the end, allowing...

CVE-2026-8888

Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp without complexity validation. An on-path attacker can inject specific patterns to cause catastrophic backtracking, resulting in...

CVE-2026-8888 CVE-2026-8888

Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp without complexity validation. An on-path attacker can inject specific patterns to cause catastrophic backtracking, resulting in...

CVE-2026-8888 CVE-2026-8888

Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp without complexity validation. An on-path attacker can inject specific patterns to cause catastrophic backtracking, resulting in...

CVE-2026-10692

A weakness has been identified in johnhuang316 code-index-mcp up to 2.14.0. Affected is the function issaferegexpattern of the component searchcodeadvanced. Executing a manipulation of the argument regex can lead to inefficient regular expression complexity. It is possible to launch the attack...

PT-2026-46053

Name of the Vulnerable Software and Affected Versions Securly Chrome Extension version 3.0.7 Description The software downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions using the new RegExp function without complexity validation. An on-path...

Desktop Commander MCP 安全漏洞

Desktop Commander MCP is an MCP server developed by Eduard Ruzga. Versions of Desktop Commander MCP prior to 0.2.38 contained security vulnerabilities. These vulnerabilities stemmed from the operation of the startsearch component in the src/search-manager.ts file with respect to the SearchResult...