Lucene search
K

1082 matches found

CVE
CVE
added yesterday25 views

CVE-2026-45305

Summary of CVE-2026-45305 (Symfony YAML Parser ReDoS) Symfony’s YAML handling (Symfony\Component\Yaml\Parser::cleanup) can hang parsing crafted input due to the use of overlapping quantifiers in regular expressions for YAML directive, comment, and document marker cleanup. This is a client-side pa...

8.7CVSS6.1AI score0.00076EPSS
Exploits0References6
CVE
CVE
added yesterday14 views

CVE-2026-45756

Summary (CVE-2026-45756) : The Symfony JsonPath component allows attacker-controlled regular expressions in the match() and search() filters to be compiled directly into PCRE without length or backtracking limits, enabling catastrophic backtracking (ReDoS) and denial of service. Affected are Symf...

8.2CVSS6.1AI score0.00082EPSS
Exploits0References4
EUVD
EUVD
added 2 days ago4 views

EUVD-2026-43313

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to validate the length and content of message attachment field values, which allows an authenticated attacker to cause a denial of service for all users in a channel via a post containing a specially crafted payload tha...

6.5CVSS6.1AI score0.0024EPSS
Exploits0References2
NVD
NVD
added 2 days ago4 views

CVE-2026-6850

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to validate the length and content of message attachment field values, which allows an authenticated attacker to cause a denial of service for all users in a channel via a post containing a specially crafted payload tha...

6.5CVSS0.0024EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-6850 Crafted message attachment causes client-side denial of service via markdown parser regex backtracking in Mattermost

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to validate the length and content of message attachment field values, which allows an authenticated attacker to cause a denial of service for all users in a channel via a post containing a specially crafted payload tha...

6.5CVSS0.0024EPSS
Exploits0References1
CVE
CVE
added 2 days ago12 views

CVE-2026-6850

Mattermost is affected (versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x

6.5CVSS6.1AI score0.0024EPSS
Exploits0References1Affected Software1
NVD
NVD
added 5 days ago7 views

CVE-2026-57584

Phalcon is a high-performance, full-stack PHP framework. Prior to 5.15.0, every Phalcon MVC application built with a default router registers a built-in route whose compiled PCRE pattern contains the nested quantifier /., and the same construct is produced by the /:params placeholder and the CLI...

8.7CVSS0.00419EPSS
Exploits0References4
CVE
CVE
added 5 days ago7 views

CVE-2026-57584

Phalcon (PHP framework) is affected by a ReDoS in the default MVC router. Prior to 5.15.0, the built‑in router registers a route whose PCRE pattern contains a nested quantifier, and Phalcon\Mvc\Router::handle() matches this against the request URI on every request. A crafted path (e.g., repeated ...

8.7CVSS6.1AI score0.00419EPSS
Exploits0References4
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-57584 Phalcon: Catastrophic backtracking (ReDoS) in the default Phalcon Router route lead to remote unauthenticated DoS

Phalcon is a high-performance, full-stack PHP framework. Prior to 5.15.0, every Phalcon MVC application built with a default router registers a built-in route whose compiled PCRE pattern contains the nested quantifier /., and the same construct is produced by the /:params placeholder and the CLI...

8.7CVSS0.00419EPSS
Exploits0References4
OSV
OSV
added 5 days ago2 views

CVE-2026-57584 Phalcon: Catastrophic backtracking (ReDoS) in the default Phalcon Router route lead to remote unauthenticated DoS

Phalcon is a high-performance, full-stack PHP framework. Prior to 5.15.0, every Phalcon MVC application built with a default router registers a built-in route whose compiled PCRE pattern contains the nested quantifier /., and the same construct is produced by the /:params placeholder and the CLI...

8.7CVSS6.1AI score0.00419EPSS
Exploits0References6
NVD
NVD
added 6 days ago11 views

CVE-2026-59220

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.2 before 0.10.0, the SKILLMENTIONRE and stripre regular expressions in backend/openwebui/utils/middleware.py parsed skill mentions with overlapping quantifiers, allowing an authenticated chat message...

6.5CVSS0.00319EPSS
Exploits1References3
CVE
CVE
added 6 days ago7 views

CVE-2026-59220

Open WebUI (self-hosted AI platform) has a ReDoS in theSkill mention handling. In versions before 0.10.0, the SKILL_MENTION_RE and strip_re regexes in backend/open_webui/utils/middleware.py parsed mentions with overlapping quantifiers, allowing an authenticated user to send a message containing ...

6.5CVSS6AI score0.00319EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42621

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.2 before 0.10.0, the SKILLMENTIONRE and stripre regular expressions in backend/openwebui/utils/middleware.py parsed skill mentions with overlapping quantifiers, allowing an authenticated chat message...

6.5CVSS6AI score0.00319EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 6 days ago12 views

CVE-2026-59220

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.2 before 0.10.0, the SKILLMENTIONRE and stripre regular expressions in backend/openwebui/utils/middleware.py parsed skill mentions with overlapping quantifiers, allowing an authenticated chat message...

6.5CVSS6AI score0.00319EPSS
Exploits1References4Affected Software1
OSV
OSV
added 6 days ago3 views

CVE-2026-59220 Open WebUI: ReDoS in skill-mention regexes causes whole-instance DoS on default config

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.2 before 0.10.0, the SKILLMENTIONRE and stripre regular expressions in backend/openwebui/utils/middleware.py parsed skill mentions with overlapping quantifiers, allowing an authenticated chat message...

6.5CVSS6.1AI score0.00319EPSS
Exploits1References5
Snyk
Snyk
added 6 days ago4 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...

8.7CVSS6AI score
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...

8.7CVSS6AI score
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the VALUE regex pattern within the selector parsing process. An attacker can cause excessive CPU consumption and block server threads by submitting specially crafted attribute selectors with...

8.7CVSS6AI score
Exploits0References2
NVD
NVD
added last week8 views

CVE-2026-55470

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to 6.9.10, the fix for CVE-2026-45367 incompletely patched the DSTU2 module, leaving FHIRPathEngine.matches in org.hl7.fhir.dstu2/utils/FHIRPathEngine.java to call raw String.matchessw...

7.5CVSS0.00354EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added last week5 views

CVE-2026-55470

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to 6.9.10, the fix for CVE-2026-45367 incompletely patched the DSTU2 module, leaving FHIRPathEngine.matches in org.hl7.fhir.dstu2/utils/FHIRPathEngine.java to call raw String.matchessw...

7.5CVSS5.9AI score0.00354EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder