CVE-2026-41040

GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service ReDoS via a crafted input string...

hospital-waf-mcp

Hospital WAF Management System Release: v1.0.0 Languag...

GROWI 安全漏洞

GROWI is an enterprise-level open-source knowledge base/Wiki system built using Node.js and React by GROWI Inc. GROWI has a security vulnerability that stems from a susceptibility to regular expression denial-of-service attacks...

minimatch: minimatch: Denial of Service via specially crafted glob patterns

A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...

uutils coreutils Uses Incorrectly-Resolved Name or Reference

The cp utility in uutils coreutils, when performing recursive copies -R, incorrectly treats character and block device nodes as stream sources rather than preserving them. Because the implementation reads bytes into regular files at the destination instead of using mknod, device semantics are...

GHSA-RX8H-33GR-VHJ9 uutils coreutils' comm utility incorrectly consumes data from non-regular file inputs before performing comparison operations

The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The arefilesidentical function opens and reads from both input paths to compare content without first verifying if the paths refer to regular files. If an input pat...

uutils coreutils has an Unchecked Return Value Issue

The dd utility in uutils coreutils suppresses errors during file truncation operations by unconditionally calling Result::ok on truncation attempts. While intended to mimic GNU behavior for special files like /dev/null, the uutils implementation also hides failures on regular files and directorie...

EUVD-2026-24998

The cp utility in uutils coreutils, when performing recursive copies -R, incorrectly treats character and block device nodes as stream sources rather than preserving them. Because the implementation reads bytes into regular files at the destination instead of using mknod, device semantics are...

GHSA-67HP-F6HQ-2H6G uutils coreutils Uses Incorrectly-Resolved Name or Reference

The cp utility in uutils coreutils, when performing recursive copies -R, incorrectly treats character and block device nodes as stream sources rather than preserving them. Because the implementation reads bytes into regular files at the destination instead of using mknod, device semantics are...

EUVD-2026-24979

The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The arefilesidentical function opens and reads from both input paths to compare content without first verifying if the paths refer to regular files. If an input pat...

uutils coreutils' comm utility incorrectly consumes data from non-regular file inputs before performing comparison operations

The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The arefilesidentical function opens and reads from both input paths to compare content without first verifying if the paths refer to regular files. If an input pat...

CVE-2026-35347

The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The arefilesidentical function opens and reads from both input paths to compare content without first verifying if the paths refer to regular files. If an input pat...

CVE-2026-35358

The CVE concerns the cp utility in the uutils coreutils project. When performing recursive copies (-R), it mishandles character and block device nodes by treating them as regular stream sources instead of preserving device semantics. The implementation reads bytes into destination regular files r...

CVE-2026-35358

The cp utility in uutils coreutils, when performing recursive copies -R, incorrectly treats character and block device nodes as stream sources rather than preserving them. Because the implementation reads bytes into regular files at the destination instead of using mknod, device semantics are...

CVE-2026-35347

CVE-2026-35347 affects the uutils coreutils comm utility. The are_files_identical routine opens and reads both input paths to compare content without verifying that inputs are regular files. As a result, feeding non-regular inputs (e.g., FIFOs or pipes) drains the streams before the comparison, c...

CVE-2026-35347

The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The arefilesidentical function opens and reads from both input paths to compare content without first verifying if the paths refer to regular files. If an input pat...

CVE-2026-35347 uutils coreutils comm Silent Data Loss or Denial of Service via Improper Input Validation

The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The arefilesidentical function opens and reads from both input paths to compare content without first verifying if the paths refer to regular files. If an input pat...

CVE-2026-35347 uutils coreutils comm Silent Data Loss or Denial of Service via Improper Input Validation

The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The arefilesidentical function opens and reads from both input paths to compare content without first verifying if the paths refer to regular files. If an input pat...

CVE-2026-35344

The CVE describes a flaw in the dd utility from uutils coreutils: when truncating files, it unconditionally calls Result::ok(), suppressing errors. This behavior mirrors GNU for special files like /dev/null but also hides failures on regular files or directories caused by full disks or read-only ...

CVE-2026-35344 uutils coreutils dd Silent Data Corruption via Unconditional Truncation Error Suppression

The dd utility in uutils coreutils suppresses errors during file truncation operations by unconditionally calling Result::ok on truncation attempts. While intended to mimic GNU behavior for special files like /dev/null, the uutils implementation also hides failures on regular files and directorie...