CVE-2023-46453

Certain GL.iNet devices with 4.x firmware allow authentication bypass resulting in administrative control of the device via a username that is both a valid SQL statement and a valid regular expression. For example, this affects version 4.3.7 on GL-MT3000 GL-AR300M GL-B1300 GL-AX1800 GL-AR750S...

CVE-2023-46453

GL.iNet devices running firmware 4.x (notably 4.3.7 on models such as GL-MT3000, GL-AR300M, GL-B1300, GL-AX1800, GL-AR750S, GL-MT2500, GL-AXT1800, GL-X3000, GL-SFT1200) are affected by CVE-2023-46453, an authentication bypass in the web interface. The root cause involves a vulnerable authenticati...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerabilities in minimatch-3.1.2.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerabilities in minimatch-3.1.2.tgz Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to...

EUVD-2025-209731

Regex Denial of Service in youtube-regex npm package through version 1.0.5...

CVE-2026-43268

A flaw was found in the HFS Plus hfsplus filesystem within the Linux kernel. This vulnerability occurs because the hfsplus filesystem incorrectly identifies certain special filesystem objects as regular files. This misclassification can lead to inconsistencies with how the operating system's...

PT-2026-38448

Regex Denial of Service in youtube-regex npm package through version 1.0.5...

youtube-regex 资源管理错误漏洞

youtube-regex is a YouTube video ID regular expression matching tool developed by RegexHQ. Versions of youtube-regex 1.0.5 and earlier contained a resource management error vulnerability, which was caused by a denial-of-service attack involving regular expressions...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via improper validation of user-supplied fields in the filter and sortby parameters. An attacker can cause the backend to return HTTP 500 errors, potentially disrupt service availability, and...

Incorrect Authorization

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Incorrect Authorization in the admin-api routes due to insufficient authorization checks. An attacker can access backend operational information by...

Incorrect Authorization

Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Incorrect Authorization in the admin-api routes due to insufficient authorization checks. An attacker can access backend operational information by...

Nokogiri CSS selector tokenizer has regular expression backtracking

Summary Nokogiri's CSS selector tokenizer contains regular expressions whose construction may result in exponential regex backtracking on adversarial selectors. Three ReDoS vectors are addressed in this release: 1. String-literal tokenization on certain unterminated quoted-string input. 2...

CVE-2026-33079

In versions 3.0.0a1 through 3.2.0 of Mistune, there is a ReDoS Regular Expression Denial of Service vulnerability in LINKTITLERE that allows an attacker who can supply Markdown for parsing to cause denial of service. The regular expression used for parsing link titles contains overlapping...

DEBIAN-CVE-2026-33079

In versions 3.0.0a1 through 3.2.0 of Mistune, there is a ReDoS Regular Expression Denial of Service vulnerability in LINKTITLERE that allows an attacker who can supply Markdown for parsing to cause denial of service. The regular expression used for parsing link titles contains overlapping...

UBUNTU-CVE-2026-33079

In versions 3.0.0a1 through 3.2.0 of Mistune, there is a ReDoS Regular Expression Denial of Service vulnerability in LINKTITLERE that allows an attacker who can supply Markdown for parsing to cause denial of service. The regular expression used for parsing link titles contains overlapping...

CVE-2026-33079

In versions 3.0.0a1 through 3.2.0 of Mistune, there is a ReDoS Regular Expression Denial of Service vulnerability in LINKTITLERE that allows an attacker who can supply Markdown for parsing to cause denial of service. The regular expression used for parsing link titles contains overlapping...

CVE-2026-33079 Mistune ReDoS in LINK_TITLE_RE allows denial of service with crafted Markdown titles

In versions 3.0.0a1 through 3.2.0 of Mistune, there is a ReDoS Regular Expression Denial of Service vulnerability in LINKTITLERE that allows an attacker who can supply Markdown for parsing to cause denial of service. The regular expression used for parsing link titles contains overlapping...

CVE-2026-33079

Mistune 3.0.0a1–3.2.0 contains a ReDoS in LINK_TITLE_RE used for parsing link titles, enabling exponential backtracking when processing Markdown strings with repeated ! sequences and no closing quote. The ambiguity arises from overlapping alternatives in the two branches (double-quoted and single...

CVE-2026-33079 Mistune ReDoS in LINK_TITLE_RE allows denial of service with crafted Markdown titles

In versions 3.0.0a1 through 3.2.0 of Mistune, there is a ReDoS Regular Expression Denial of Service vulnerability in LINKTITLERE that allows an attacker who can supply Markdown for parsing to cause denial of service. The regular expression used for parsing link titles contains overlapping...

EUVD-2026-27877

Mistune has a ReDoS in LINKTITLERE that allows denial of service via crafted Markdown input...

Mistune has a ReDoS in LINK_TITLE_RE that allows denial of service via crafted Markdown input

Summary A ReDoS Regular Expression Denial of Service vulnerability in LINKTITLERE allows an attacker who can supply Markdown for parsing to cause denial of service. A crafted 58-byte Markdown document blocks the parser for approximately 6 seconds measured on Apple M2, Python 3.14.3, with...