CVE-2025-66020

Valibot CVE-2025-66020: A ReDoS flaw in the EMOJI_REGEX used by the emoji action affects 0.31.0–1.1.0, caused by catastrophic backtracking in the emoji-related pattern. This can let an attacker craft short input (e.g., under 100 chars) that consumes excessive CPU time, leading to DoS. The issue i...

CVE-2025-66020 Valibot has a ReDoS vulnerability in `EMOJI_REGEX`

Valibot helps validate data using a schema. In versions from 0.31.0 to 1.1.0, the EMOJIREGEX used in the emoji action is vulnerable to a Regular Expression Denial of Service ReDoS attack. A short, maliciously crafted string e.g., 100 characters can cause the regex engine to consume excessive CPU...

CVE-2025-66020 Valibot has a ReDoS vulnerability in `EMOJI_REGEX`

Valibot helps validate data using a schema. In versions from 0.31.0 to 1.1.0, the EMOJIREGEX used in the emoji action is vulnerable to a Regular Expression Denial of Service ReDoS attack. A short, maliciously crafted string e.g., 100 characters can cause the regex engine to consume excessive CPU...

CVE-2025-66020 Valibot has a ReDoS vulnerability in `EMOJI_REGEX`

Valibot helps validate data using a schema. In versions from 0.31.0 to 1.1.0, the EMOJIREGEX used in the emoji action is vulnerable to a Regular Expression Denial of Service ReDoS attack. A short, maliciously crafted string e.g., 100 characters can cause the regex engine to consume excessive CPU...

Valibot 安全漏洞

Valibot is an Open Circle open source library for structured data validation. A security vulnerability exists in Valibot versions 0.31.0 through 1.1.0, which stems from EMOJIREGEX being susceptible to a regular expression denial-of-service attack that could result in a denial of service of the...

PT-2025-48121

Name of the Vulnerable Software and Affected Versions Valibot versions 0.31.0 through 1.1.0 Description Valibot is a data validation library that utilizes schemas. Versions from 0.31.0 to 1.1.0 contain a Regular Expression Denial of Service ReDoS issue within the EMOJI REGEX used in the emoji...

[SECURITY] Fedora 42 Update: podman-5.7.0-1.fc42

podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...

CVE-2025-62730

SOPlanning is vulnerable to Privilege Escalation via the user management tab. A user with the user_manage_team role can modify permissions and assign administrative rights to any user, including themselves, enabling escalation to admin. The issue affects both Bulk Update and standard user-right e...

CVE-2025-62730 Privilege Escalation via Incorrect Authorization in SOPlanning

SOPlanning is vulnerable to Privilege Escalation in user management tab. Users with usermanageteam role are allowed to modify permissions of users. However, they are able to assign administrative permissions to any user including themselves. This allow a malicious authenticated attacker with this...

TencentOS Server 4: mathjax (TSSA-2025:0638)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0638 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

PT-2025-47599

Name of the Vulnerable Software and Affected Versions SOPlanning versions prior to 1.55 Description SOPlanning has a flaw that allows privilege escalation through the user management tab. Users assigned the user manage team role can modify user permissions, including granting administrative...

Mattermost Server < 11.0.0 Multiple Vulnerabilities (MMSA-2024-00337, MMSA-2025-00493, MMSA-2025-00540)

The version of Mattermost Server installed on the remote host is affected by multiple vulnerabilities as referenced in the MMSA-2024-00337, MMSA-2025-00493, MMSA-2025-00540 advisory. - Mattermost versions 11 fail to properly restrict access to archived channel search API which allows guest users ...

GO-2025-4131 Mattermost allows regular users to access archived channel content and files in github.com/mattermost/mattermost-server

Mattermost allows regular users to access archived channel content and files in github.com/mattermost/mattermost-server...

CVE-2025-41436

Mattermost versions 11.0 fail to properly enforce the "Allow users to view archived channels" setting which allows regular users to access archived channel content and files via the "Open in Channel" functionality from followed threads...

[SECURITY] Fedora 41 Update: rust-regex-1.12.2-1.fc41

An implementation of regular expressions for Rust. This implementation uses finite automata and guarantees linear time matching on all inputs...

[SECURITY] Fedora 41 Update: rust-regex-automata-0.4.13-1.fc41

Automata construction and matching using regular expressions...

CVE-2025-62484

Inefficient regular expression complexity in certain Zoom Workplace Clients before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access...

Mattermost allows regular users to access archived channel content and files

Mattermost versions 11.0 fail to properly enforce the "Allow users to view archived channels" setting which allows regular users to access archived channel content and files via the "Open in Channel" functionality from followed threads...

GHSA-X3HX-CH7P-8XGG Mattermost allows regular users to access archived channel content and files

Mattermost versions 11.0 fail to properly enforce the "Allow users to view archived channels" setting which allows regular users to access archived channel content and files via the "Open in Channel" functionality from followed threads...

CVE-2025-41436

Mattermost versions 11.0 fail to properly enforce the "Allow users to view archived channels" setting which allows regular users to access archived channel content and files via the "Open in Channel" functionality from followed threads...