6602 matches found
CVE-2025-15506
A vulnerability was found in AcademySoftwareFoundation OpenColorIO up to 2.5.0. This issue affects the function ConvertToRegularExpression of the file src/OpenColorIO/FileRules.cpp. Performing a manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has...
CVE-2025-15506
A vulnerability was found in AcademySoftwareFoundation OpenColorIO up to 2.5.0. This issue affects the function ConvertToRegularExpression of the file src/OpenColorIO/FileRules.cpp. Performing a manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has...
CVE-2025-15506
A vulnerability was found in AcademySoftwareFoundation OpenColorIO up to 2.5.0. This issue affects the function ConvertToRegularExpression of the file src/OpenColorIO/FileRules.cpp. Performing a manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has...
CVE-2025-15506 AcademySoftwareFoundation OpenColorIO FileRules.cpp ConvertToRegularExpression out-of-bounds
A vulnerability was found in AcademySoftwareFoundation OpenColorIO up to 2.5.0. This issue affects the function ConvertToRegularExpression of the file src/OpenColorIO/FileRules.cpp. Performing a manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has...
CVE-2025-15506
The CVE-2025-15506 issue affects AcademySoftwareFoundation OpenColorIO (up to 2.5.0) in the ConvertToRegularExpression function within src/OpenColorIO/FileRules.cpp. The vulnerability enables an out-of-bounds read when a specific manipulation is performed, with local access required. Public explo...
Regular Expression Denial of Service (ReDoS)
Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the flatten function. An attacker can cause excessive processing times by providing ...
CVE-2014-4720
Email::Address module before 1.904 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service CPU consumption via vectors related to "backtracking into the phrase," a different vulnerability than CVE-2014-0477...
CVE-2022-37262
A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal 2.2.4 via the source and sourceWithComments variable in main.js...
CVE-2022-31781
Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service ReDoS in the way it handles Content Types. Specially crafted Content Types may cause catastrophic backtracking, taking exponential time to complete. Specifically, this is about the regular expression used on...
CVE-2024-39316
Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.5, Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending...
CVE-2026-21868
Flag Forge is a Capture The Flag CTF platform. Versions 2.3.2 and below have a Regular Expression Denial of Service ReDoS vulnerability in the user profile API endpoint /api/user/username. The application constructs a regular expression dynamically using unescaped user input the username paramete...
CVE-2024-41655
TF2 Item Format helps users format TF2 items to the community standards. Versions of tf2-item-format since at least 4.2.6 and prior to 5.9.14 are vulnerable to a Regular Expression Denial of Service ReDoS attack when parsing crafted user input. This vulnerability can be exploited by an attacker t...
Regular Expression Denial of Service (ReDoS)
Overview diff is a javascript text differencing implementation. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the parsePatch and applyPatch functions if the user input passed without sanitisation. An attacker can cause the process to enter an...
CVE-2026-0668
A flaw was found in Wikimedia Foundation MediaWiki - VisualData Extension. A remote attacker could exploit an inefficient regular expression, leading to a Regular Expression Denial of Service ReDoS. This vulnerability allows an attacker to provide specially crafted input that causes the regular...
CVE-2026-21868
Flag Forge is a Capture The Flag CTF platform. Versions 2.3.2 and below have a Regular Expression Denial of Service ReDoS vulnerability in the user profile API endpoint /api/user/username. The application constructs a regular expression dynamically using unescaped user input the username paramete...
CVE-2026-21868
CVE-2026-21868 affects Flag Forge, specifically versions 2.3.2 and earlier. The vulnerability is a Regular Expression Denial of Service (ReDoS) in the user profile API endpoint /api/user/[username], where the application builds a regex dynamically from the unescaped username input. An attacker ca...
EUVD-2026-1664
Flag Forge is a Capture The Flag CTF platform. Versions 2.3.2 and below have a Regular Expression Denial of Service ReDoS vulnerability in the user profile API endpoint /api/user/username. The application constructs a regular expression dynamically using unescaped user input the username paramete...
CVE-2026-21868 Flag Forge has ReDoS Vulnerability in User Profile Lookup API
Flag Forge is a Capture The Flag CTF platform. Versions 2.3.2 and below have a Regular Expression Denial of Service ReDoS vulnerability in the user profile API endpoint /api/user/username. The application constructs a regular expression dynamically using unescaped user input the username paramete...
CVE-2026-21868 Flag Forge has ReDoS Vulnerability in User Profile Lookup API
Flag Forge is a Capture The Flag CTF platform. Versions 2.3.2 and below have a Regular Expression Denial of Service ReDoS vulnerability in the user profile API endpoint /api/user/username. The application constructs a regular expression dynamically using unescaped user input the username paramete...
PT-2026-2108
Name of the Vulnerable Software and Affected Versions Flag Forge versions 2.3.2 and below Description Flag Forge is a Capture The Flag CTF platform susceptible to a Regular Expression Denial of Service ReDoS condition. The issue resides in the user profile API endpoint, /api/user/username. The...