Regular Expression Denial of Service (ReDoS)

Overview transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the SETTINGRE regular expression in /commands/chat.py. An attacker can cause significant performance...

Rethinking and Exploring String-Based Malware Family Classification in the Era of LLMs and RAG

Malware Family Classification MFC aims to identify the fine-grained family e.g., GuLoader or BitRAT to which a potential malware sample belongs, in contrast to malware detection or sample classification that predicts only an Yes/No. Accurate family identification can greatly facilitate automated...

undertow: special character in query results in server errors

A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability...

Security update for python39

This update for python39 fixes the following issues: python39 was updated from version 3.9.21 to version 3.9.23: Security issues fixed: CVE-2025-4516: Fixed blocking DecodeError handling vulnerability, which could lead to DoS bsc1243273 CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4517:...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not checking for empty strings, which could lead to a buffer overflow...

Astra Linux – Vulnerability in cups

The vulnerability of the cupsArrayAddStrings function on CUPS printing servers stems from the operation that occurs outside of the buffer in memory. Exploiting this vulnerability allows an attacker to access confidential data, compromise its integrity, and cause service failures...

TencentOS Server 2: openssl (TSSA-2023:0337)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0337 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

DEBIAN-CVE-2025-6052

A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be writte...

PT-2025-37210

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A buffer overflow issue was identified in the add tuning control function within the ALSA subsystem. The sprintf function call could exceed the allocated buffer size of 44 bytes if the...

Regular expression Denial of Service - ReDoS

Description A regular expression denial of service ReDoS vulnerability has been identified in the Hugging Face Transformers library's CLVP number normalizer. The vulnerability exists in the normalizenumbers method of the EnglishNormalizer class, which converts numeric strings to their English wor...

VulnCheck KEV: CVE-2025-47916

Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the themeeditor controller file: /applications/core/modules/front/system/themeeditor.php, where a protected method named customCss can be invoked by...

GNU C Library 安全漏洞

The GNU C library is a standard library implementation of C developed by the GNU project to provide core API support for Linux systems, and is the basis for most C programs to run. The GNU C library suffers from a security vulnerability. An attacker could exploit the vulnerability to overwrite...

PT-2025-23035 · Unknown +1 · Net-Cidr-Lite +2

Name of the Vulnerable Software and Affected Versions: Net::CIDR::Set versions 0.10 through 0.13 Description: The issue arises from the improper handling of leading zero characters in IP CIDR address strings, potentially allowing attackers to bypass access control based on IP addresses. This is d...

SUSE-SU-2025:20346-1 Security update for python311

This update for python311 fixes the following issues: - Updated to 3.11.12: - gh-131809: Updated bundled libexpat to 2.7.1 - gh-131261: Upgraded to libexpat 2.7.0 - CVE-2025-0938: Fixed functions urllib.parse.urlsplit and urlparse accepting domain names including square brackets bsc1236705 -...

CVE-2024-9147

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Bna Informatics PosPratik allows XSS Through HTTP Query Strings. This issue affects PosPratik: before v3.2.1...

CVE-2023-29927

Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Low-privileged Sage users, particularly those on a workstation setup in the "Windows Peer-to-Peer Network" or "Client Server Network" Sage 300 configurations, could recover the SQL connectio...

CVE-2023-2831

Mattermost fails to unescape Markdown strings in a memory-efficient way, allowing an attacker to cause a Denial of Service by sending a message containing a large number of escaped characters...

CVE-2023-41705

Processing of user-defined DAV user-agent strings is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of DAV user-agents now gets monitored, and the related request is terminated if a...

CVE-2023-32687

tgstation-server is a toolset to manage production BYOND servers. Starting in version 4.7.0 and prior to 5.12.1, instance users with the list chat bots permission can read chat bot connections strings without the associated permission. This issue is patched in version 5.12.1. As a workaround,...

CVE-2022-40432

The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0...