CVE-2025-10990

A flaw was found in REXML. A remote attacker could exploit inefficient regular expression regex parsing when processing hex numeric character references &x...; in XML documents. This could lead to a Regular Expression Denial of Service ReDoS, impacting the availability of the affected component...

EUVD-2021-0208

Malware in sbrugna...

CVE-2025-58353 Promptcraft Forge Studio: Complete Sanitizer Bypass Enables XSS via Overlapping Patterns

Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. All versions of Promptcraft Forge Studio sanitize user input using regex blacklists such as replace/javascript:/gi, ''. Because the package uses multi-character tokens and each replacement ...

Important: python3.9

Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...

CVE-2024-54157

In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector...

pygments: ReDoS in pygments

A denial-of-service vulnerability related to regular expressions was discovered in Pygments, specifically in the file pygments/lexers/smithy.py. An attacker could exploit this flaw by sending a carefully crafted request, leading to a denial-of-service situation...

Apache MXNet 安全漏洞

Apache MXNet is an open source deep learning software framework from the Apache Apache Foundation in the United States. It is used for training and deploying deep neural networks. A security vulnerability exists in Apache MXNet incubating versions prior to 1.9.1, which stems from the use of regul...

The vulnerability of the Flash Player software, which allows a violator to execute arbitrary code

The vulnerability of the RegExp class in the Flash Player software platform arises from a violation of the buffer’s initial limit. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary code upon processing regular expressions when the user visits a specially...

The vulnerability of Google Chrome browser allows a perpetrator to trigger a service failure or cause other effects.

The vulnerability of Google Chrome’s Regular Expressions package is related to errors in the code. Exploiting this vulnerability can allow a malicious actor to cause service interruptions or other effects such as memory corruption through the use of a null-length qualifier...

PCRE Denial of Service Vulnerability (CNVD-2015-07881)

PCRE Perl Compatible Regular Expressions is a software developer Philip Hazel developed a use of C language written in open source regular expression library. A security vulnerability exists in PCRE versions prior to 8.38, which stems from the program's failure to properly handle '?123' and relat...