PT-2026-22691

Name of the Vulnerable Software and Affected Versions AFFiNE versions prior to 0.26.0 Description AFFiNE, an open-source workspace and operating system, contains an Open Redirect flaw in the /redirect-proxy endpoint. The issue stems from a flawed domain validation process, where a Regular...

PT-2026-26009

Summary extensions/feishu/src/bot.ts constructed new RegExp directly from Feishu mention metadata mention.name, mention.key in stripBotMention without escaping regex metacharacters. Affected Packages / Versions - Package: npm openclaw - Affected versions: = 2026.2.17 - First affected release:...

EUVD-2025-208140

A flaw was found in REXML. A remote attacker could exploit inefficient regular expression regex parsing when processing hex numeric character references &x...; in XML documents. This could lead to a Regular Expression Denial of Service ReDoS, impacting the availability of the affected component...

CVE-2025-10990

A flaw was found in REXML. A remote attacker could exploit inefficient regular expression regex parsing when processing hex numeric character references &x...; in XML documents. This could lead to a Regular Expression Denial of Service ReDoS, impacting the availability of the affected component...

CVE-2025-10990

A flaw was found in REXML. A remote attacker could exploit inefficient regular expression regex parsing when processing hex numeric character references &x...; in XML documents. This could lead to a Regular Expression Denial of Service ReDoS, impacting the availability of the affected component...

CVE-2025-10990

CVE-2025-10990 affects REXML and describes a Regular Expression Denial of Service (ReDoS) due to inefficient regex parsing of hex numeric character references (&#x...;) in XML. This is noted as the incomplete fix of CVE-2024-49761. The provided documents do not specify affected versions or explic...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the SdkProxyRoutePlanner function. An attacker can cause significant resource consumption and degrade application performance by providing specially crafted input to the nonProxyHosts...

EUVD-2026-9002

A weakness has been identified in snowflakedb snowflake-jdbc up to 4.0.1. Impacted is the function SdkProxyRoutePlanner of the file src/main/java/net/snowflake/client/internal/core/SdkProxyRoutePlanner.java of the component JDBC URL Handler. Executing a manipulation of the argument nonProxyHosts...

CVE-2026-3293

A weakness has been identified in snowflakedb snowflake-jdbc up to 4.0.1. Impacted is the function SdkProxyRoutePlanner of the file src/main/java/net/snowflake/client/internal/core/SdkProxyRoutePlanner.java of the component JDBC URL Handler. Executing a manipulation of the argument nonProxyHosts...

EUVD-2026-8866

Inefficient Regular Expression Complexity CWE-1333 in the AI Inference Anonymization Engine in Kibana can lead Denial of Service via Regular Expression Exponential Blowup CAPEC-492...

CVE-2026-26936

Inefficient Regular Expression Complexity CWE-1333 in the AI Inference Anonymization Engine in Kibana can lead Denial of Service via Regular Expression Exponential Blowup CAPEC-492...

CVE-2026-26936

Inefficient Regular Expression Complexity CWE-1333 in the AI Inference Anonymization Engine in Kibana can lead Denial of Service via Regular Expression Exponential Blowup CAPEC-492...

CWE-346: CORS Origin Validation Bypass via `re.match()` in `allow_origin_pat`

This report is not public...

Regular Expression Denial of Service (ReDoS)

Overview minimatch is a minimal matching utility. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. An attacker can cause excessive resource consumption and application unresponsiveness by supplying specially crafted nested extglob patterns that trigg...

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.npm:minimatch is a minimal matching utility. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. An attacker can cause excessive resource consumption and application unresponsiveness by supplying specially crafted nested extglob...

CVE-2026-27904 minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions

minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested extglobs produce regexps with nested unbounded quantifiers e.g. ?:?:a|b, which exhibit catastrophic...

EUVD-2026-8721

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause regular expression denial of service by sending specially crafted input to a merge request endpoint und...

UBUNTU-CVE-2026-1388

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause regular expression denial of service by sending specially crafted input to a merge request endpoint und...

CVE-2026-1388

GitLab CE/EE is affected by CVE-2026-1388: vulnerable in all versions up to but not including 18.7.5 (9.2–), up to but not including 18.8.5, and up to but not including 18.9.1. The issue is an inefficient regular expression that could allow an unauthenticated user to cause a Denial of Service by ...

CVE-2026-1388 Inefficient Regular Expression Complexity in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause regular expression denial of service by sending specially crafted input to a merge request endpoint und...