Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989158)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989158 advisory. In the Linux kernel, the following vulnerability has been resolved: mm: khugepaged: skip huge page collapse for special files The read-only THP for filesystems will...

Regular Expression Denial Of Service

Grafana-Zabbix is vulnerable to Regular Expression Denial of Service. The vulnerability is due to inefficient regular-expression handling to user-supplied regex queries, that can trigger catastrophic backtracking, and attackers can exploit this by submitting specially crafted regex patterns that...

macOS 14.x < 14.8.2 Multiple Vulnerabilities (125636)

The remote host is running a version of macOS / Mac OS X that is 14.x prior to 14.8.2. It is, therefore, affected by multiple vulnerabilities: - There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This cou...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: ext4: Only dirty folio entries are marked when regular files are journaled. The fstest generic/388 test occasionally causes a crash that appears as follows: BUG: The kernel dereferes a NULL pointer; address: 0000000000000000… …...

SUSE SLES15 Security Update : poppler (SUSE-SU-2025:3900-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3900-1 advisory. - CVE-2025-43718: Fixed uncontrolled recursion in the regex-based metadata parser when processing specially crafted PDF files allow...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Denial of Service in huggingface/transformers [CVE-2025-5197]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Denial of Service in huggingface/transformers, due to an exploitable issue in the converttfweightnametoptweightname function CVE-2025-5197. Huggingface/transformers is used in our speech service runtimes. This vulnerabilitiy has been...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Denial of Service in huggingface/transformers [CVE-2025-3262, CVE-2025-3264, CVE-2025-3933, CVE-2025-3263]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Denial of Service in huggingface/transformers, due to various issues identified within the package CVE-2025-3262, CVE-2025-3264, CVE-2025-3933, CVE-2025-3263. Huggingface/transformers is used in our speech service runtimes. This...

Regular Expression Denial Of Service (ReDoS)

Transformers is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient handling of numeric strings in the normalizenumbers method of the EnglishNormalizer class, which allows an attacker to exploit crafted input with long digit sequences to cause excessi...

Prevalence of Security and Privacy Risk-Inducing Usage of AI-Based Conversational Agents

Recent improvement gains in large language models LLMs have lead to everyday usage of AI-based Conversational Agents CAs. At the same time, LLMs are vulnerable to an array of threats, including jailbreaks and, for example, causing remote code execution when fed specific inputs. As a result, users...

GO-2025-4033 Apache Traffic Control has an Inefficient Regular Expression Complexity vulnerability in github.com/apache/trafficcontrol

Apache Traffic Control has an Inefficient Regular Expression Complexity vulnerability in github.com/apache/trafficcontrol...

CVE-2025-5342 Denial of Service (DoS)

Zohocorp ManageEngine Exchange Reporter Plus through 5721 are vulnerable to ReDOS vulnerability in the search module...

PT-2025-44411

Name of the Vulnerable Software and Affected Versions ManageEngine Exchange Reporter Plus versions through 5721 Description The software contains a Regular Expression Denial of Service ReDoS issue within its search module. This could potentially disrupt service due to excessive resource consumpti...

PT-2025-51679

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to file type reconstruction when loading from disk within the BFS filesystem. Specifically, the S IFMT bits of the inode-i mode can become invali...

ROS-20251029-04

A plug-in vulnerability in the Grafana-Zabbix web-based data submission tool is related to maximum CPU utilization. Exploitation of the vulnerability could allow an attacker due to a custom request with a regular expression, acting remotely, to cause a denial of service...

Regular Expression Denial of Service (ReDoS)

Overview starlette is a The little ASGI library that shines. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the FileResponse.parserangeheader method. An attacker can exhaust server CPU resources by sending a specially crafted HTTP Range header...

GHSA-7F5H-V6XP-FCQ8 Starlette vulnerable to O(n^2) DoS via Range header merging in ``starlette.responses.FileResponse``

Summary An unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion per request, causing denial‑of‑service for endpoints serving files e.g., StaticFiles or any use of...

Regular Expression Denial Of Service (ReDoS)

transformers is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression processing in the removelanguagecode method of the MarianTokenizer, which allows an attacker to exploit crafted input strings with malformed language code patterns ...

CLSA-2025-1761051864 python3-setuptools: Fix of 2 CVEs

CVE-2022-40897: fix Regular Expression Denial of Service ReDoS in packageindex.py - CVE-2024-6345: fix remote code execution in packageindex module...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987544)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987544 advisory. In the Linux kernel, the following vulnerability has been resolved: mm: khugepaged: skip huge page collapse for special files The read-only THP for filesystems will...

EUVD-2025-34779

An integer overflow vulnerability exists in the QuickJS regular expression engine libregexp due to an inconsistent representation of the bytecode buffer size. The regular expression bytecode is stored in a DynBuf structure, which correctly uses a $\textsize\textt$ an unsigned type, typically...