8432 matches found
CVE-2026-23651
Permissive regular expression in Azure Compute Gallery allows an authorized attacker to elevate privileges locally...
CVE-2026-23651
Permissive regular expression in Azure Compute Gallery allows an authorized attacker to elevate privileges locally...
Incorrect Regular Expression
Overview fastify is an overhead web framework, for Node.js. Affected versions of this package are vulnerable to Incorrect Regular Expression in the Content-Type header validation. An attacker can cause the server to incorrectly process requests with malformed Content-Type headers by sending value...
Microsoft Azure Compute Gallery 安全漏洞
Microsoft Azure Compute Gallery is a service provided by Microsoft in the United States that manages virtual machines. There is a security vulnerability in Azure Compute Gallery, which stems from overly lax regular expressions, potentially allowing authorized attackers to gain local privileges...
Security Bulletin: IBM Event Streams is vulnerable to a denial of service
Summary IBM Event Streams is vulnerable to a denial of service due to excessive regular expression complexity in brace‑expansion CVE-2025-5889 Vulnerability Details CVEID:CVE-2025-5889 DESCRIPTION: A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has be...
BIT-DISCOURSE-2026-28219 Privilege Escalation via Mass Assignment Allows Regular Users to Set Topics as Global Banners
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an improper authorization check in the topic management logic allows authenticated users to modify privileged attributes of their topics. By manipulating specific parameters in a PUT or POST...
BIT-KIBANA-2026-26936 Inefficient Regular Expression Complexity in Kibana Leading to Denial of Service
Inefficient Regular Expression Complexity CWE-1333 in the AI Inference Anonymization Engine in Kibana can lead Denial of Service via Regular Expression Exponential Blowup CAPEC-492...
BIT-ELK-2026-26936 Inefficient Regular Expression Complexity in Kibana Leading to Denial of Service
Inefficient Regular Expression Complexity CWE-1333 in the AI Inference Anonymization Engine in Kibana can lead Denial of Service via Regular Expression Exponential Blowup CAPEC-492...
GHSA-C6HR-W26Q-C636 OpenClaw has ReDoS and regex injection via unescaped Feishu mention metadata in RegExp construction
Summary extensions/feishu/src/bot.ts constructed new RegExp directly from Feishu mention metadata mention.name, mention.key in stripBotMention without escaping regex metacharacters. Affected Packages / Versions - Package: npm openclaw - Affected versions: = 2026.2.17 - First affected release:...
Regular Expression Denial of Service (ReDoS)
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the stripBotMention function in extensions/feishu/src/bot.ts when unescaped Feishu mention metadata is used to construct a regular expressio...
PT-2026-22691
Name of the Vulnerable Software and Affected Versions AFFiNE versions prior to 0.26.0 Description AFFiNE, an open-source workspace and operating system, contains an Open Redirect flaw in the /redirect-proxy endpoint. The issue stems from a flawed domain validation process, where a Regular...
PT-2026-26009
Summary extensions/feishu/src/bot.ts constructed new RegExp directly from Feishu mention metadata mention.name, mention.key in stripBotMention without escaping regex metacharacters. Affected Packages / Versions - Package: npm openclaw - Affected versions: = 2026.2.17 - First affected release:...
CVE-2026-26936
Inefficient Regular Expression Complexity CWE-1333 in the AI Inference Anonymization Engine in Kibana can lead Denial of Service via Regular Expression Exponential Blowup CAPEC-492...
EUVD-2025-208140
A flaw was found in REXML. A remote attacker could exploit inefficient regular expression regex parsing when processing hex numeric character references &x...; in XML documents. This could lead to a Regular Expression Denial of Service ReDoS, impacting the availability of the affected component...
CVE-2025-10990
A flaw was found in REXML. A remote attacker could exploit inefficient regular expression regex parsing when processing hex numeric character references &x...; in XML documents. This could lead to a Regular Expression Denial of Service ReDoS, impacting the availability of the affected component...
CVE-2025-10990
A flaw was found in REXML. A remote attacker could exploit inefficient regular expression regex parsing when processing hex numeric character references &x...; in XML documents. This could lead to a Regular Expression Denial of Service ReDoS, impacting the availability of the affected component...
CVE-2025-10990
A flaw was found in REXML. A remote attacker could exploit inefficient regular expression regex parsing when processing hex numeric character references &x...; in XML documents. This could lead to a Regular Expression Denial of Service ReDoS, impacting the availability of the affected component...
CVE-2025-10990
CVE-2025-10990 affects REXML and describes a Regular Expression Denial of Service (ReDoS) due to inefficient regex parsing of hex numeric character references (&#x...;) in XML. This is noted as the incomplete fix of CVE-2024-49761. The provided documents do not specify affected versions or explic...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the SdkProxyRoutePlanner function. An attacker can cause significant resource consumption and degrade application performance by providing specially crafted input to the nonProxyHosts...
EUVD-2026-9002
A weakness has been identified in snowflakedb snowflake-jdbc up to 4.0.1. Impacted is the function SdkProxyRoutePlanner of the file src/main/java/net/snowflake/client/internal/core/SdkProxyRoutePlanner.java of the component JDBC URL Handler. Executing a manipulation of the argument nonProxyHosts...