PT-2026-20979

Name of the Vulnerable Software and Affected Versions libssh versions prior to 0.11.4-1.1 Description A denial of service condition can occur due to a malformed SFTP message. Recommendations Update to version 0.11.4-1.1 or later...

PT-2026-28674

Name of the Vulnerable Software and Affected Versions path-to-regexp versions prior to 8.4.0 Description The software is susceptible to a Regular Expression Denial of Service ReDoS condition when handling multiple wildcard characters combined with at least one parameter. This issue arises because...

PT-2026-20977

Name of the Vulnerable Software and Affected Versions libssh-config versions prior to 0.11.4-1.1 Description A buffer underflow issue exists in the ssh get hexa function when processing invalid input. This can potentially lead to unexpected behavior or compromise the system. Recommendations Updat...

PT-2026-26486

Name of the Vulnerable Software and Affected Versions league/commonmark versions 2.3.0 through 2.8.1 Description The DomainFilteringAdapter within the Embed extension is susceptible to an allowlist bypass because of a missing hostname boundary assertion in the domain-matching regular expression. ...

CVE-2023-54282 media: tuners: qt1010: replace BUG_ON with a regular error

In the Linux kernel, the following vulnerability has been resolved: media: tuners: qt1010: replace BUGON with a regular error BUGON is unnecessary here, and in addition it confuses smatch. Replacing this with an error return help resolve this smatch warning: drivers/media/tuners/qt1010.c:350...

CVE-2025-68475

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2, a Regular Expression Denial of Service ReDoS vulnerability exists in Fedify's document loader. The HTML parsing regex at...

Security Bulletin: Multiple vulnerabilities in IBM® Db2® affect IBM® Db2® Big SQL.

Summary There are multiple vulnerabilities in IBM® Db2® 11.5 used by IBM® Db2® Big SQL 7 on IBM Cloud Pak for Data 4.7 and earlier. Vulnerability Details CVEID:CVE-2015-8383 DESCRIPTION: PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a deni...

CVE-2025-68475

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2, a Regular Expression Denial of Service ReDoS vulnerability exists in Fedify's document loader. The HTML parsing regex at...

Regular Expression Denial of Service (ReDoS)

Overview @fedify/fedify is an An ActivityPub server framework Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via docloader.ts. An attacker can cause the event loop to become unresponsive by supplying a specially crafted HTML payload that triggers...

Fedify has ReDoS Vulnerability in HTML Parsing Regex

Hi Fedify team! 👋 Thank you for your work on Fedify—it's a fantastic library for building federated applications. While reviewing the codebase, I discovered a Regular Expression Denial of Service ReDoS vulnerability that I'd like to report. I hope this helps improve the project's security. ---...

EUVD-2025-204741

Fedify has ReDoS Vulnerability in HTML Parsing Regex...

GHSA-RCHF-XWX2-HM93 Fedify has ReDoS Vulnerability in HTML Parsing Regex

Hi Fedify team! 👋 Thank you for your work on Fedify—it's a fantastic library for building federated applications. While reviewing the codebase, I discovered a Regular Expression Denial of Service ReDoS vulnerability that I'd like to report. I hope this helps improve the project's security. ---...

CVE-2025-68475

CVE-2025-68475 describes a ReDoS in Fedify's HTML document loader. A vulnerable regex in packages/fedify/src/runtime/docloader.ts uses nested quantifiers that enable catastrophic backtracking when parsing malicious HTML, potentially blocking the Node.js event loop. Affected versions are prior to ...

CVE-2025-68475 Fedify has ReDoS Vulnerability in HTML Parsing Regex

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2, a Regular Expression Denial of Service ReDoS vulnerability exists in Fedify's document loader. The HTML parsing regex at...

PT-2025-52723

Name of the Vulnerable Software and Affected Versions Fedify versions prior to 1.6.13 Fedify versions prior to 1.7.14 Fedify versions prior to 1.8.15 Fedify versions prior to 1.9.2 Description Fedify is a TypeScript library used for building federated server applications based on ActivityPub. A...

Mozilla Firefox < 3.0.15

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 3.0.15. It is, therefore, affected by a vulnerability as referenced in the mfsa2009-55 advisory. - Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute...

Security Bulletin: Multiple vulnerabilities that affect IBM Db2 Intelligence Center (CVE-2025-47913, CVE-2022-25927, CVE-2025-6493, CWE-400, CWE-1333, CVE-2025-14687

Summary Multiple vulnerabilties fixed with Db2 Intelligence Center 1.1.3. Vulnerability Details CVEID:CVE-2025-47913 DESCRIPTION: SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. CVSS Source: CISA ADP CVSS Base...

CVE-2025-68142

A flaw was found in PyMdown Extensions. This vulnerability allows a Regular Expression Denial of Service ReDOS via a crafted malicious payload in unchecked user content processed by the figure caption extension pymdownx.blocks.caption. Mitigation To mitigate this issue, avoid using the...

Regular Expression Denial Of Service (ReDoS)

Yarn is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to improper handling of user-controlled options in the setOptions function, which allows a local attacker to supply crafted input that triggers excessive regular expression processing and causes a denial of...

SUSE CVE-2025-68266

In the Linux kernel, the following vulnerability has been resolved: bfs: Reconstruct file type when loading from disk syzbot is reporting that SIFMT bits of inode-imode can become bogus when the SIFMT bits of the 32bits "mode" field loaded from disk are corrupted or when the 32bits "attributes"...