Lucene search
K

1039 matches found

EUVD
EUVD
added 2026/04/21 5:17 p.m.8 views

EUVD-2026-24021

Signal K Server has an Unauthenticated Regular Expression Denial of Service ReDoS via WebSocket Subscription Paths...

7.5CVSS5.7AI score0.00427EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/04/20 7:23 p.m.8 views

CVE-2026-40319

Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a user-supplied regular expression pattern directly to Python's re.search without any timeout or complexity guard. A crafted regex pattern can trigger catastrophic backtracking,...

5.5CVSS5.8AI score0.00149EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/19 12:0 a.m.7 views

MiracleLinux 9 : nodejs:20 (AXSA:2026-452:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-452:01 advisory. minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-26996 minimatch: Minimatch: Denial of Service via catastrophic...

8.7CVSS7.4AI score0.26356EPSS
Exploits2References5
NVD
NVD
added 2026/04/17 6:16 p.m.8 views

CVE-2026-40319

Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a user-supplied regular expression pattern directly to Python's re.search without any timeout or complexity guard. A crafted regex pattern can trigger catastrophic backtracking,...

5.5CVSS0.00149EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/17 5:16 p.m.5 views

CVE-2026-40319 Giskard has a Regular Expression Denial of Service (ReDoS) in RegexMatching Check

Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a user-supplied regular expression pattern directly to Python's re.search without any timeout or complexity guard. A crafted regex pattern can trigger catastrophic backtracking,...

1CVSS5.8AI score0.00149EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/17 5:16 p.m.5 views

CVE-2026-40319

Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a user-supplied regular expression pattern directly to Python's re.search without any timeout or complexity guard. A crafted regex pattern can trigger catastrophic backtracking,...

1CVSS5.8AI score0.00149EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/17 1:2 p.m.9 views

OESA-2026-1967 rubygem-addressable security update

Addressable is a replacement for the URI implementation that is part of Ruby's standard library. It more closely conforms to the relevant RFCs and adds support for URI and URL templates. Security Fixes: Within the URI template implementation in Addressable, two classes of URI template generate...

7.5CVSS5.7AI score0.0036EPSS
Exploits0References2
Veracode
Veracode
added 2026/04/17 8:17 a.m.9 views

Regular Expression Denial Of Service

fast-jwt is vulnerable to Regular Expression Denial of Service. The vulnerability is due to the library allowing regular expressions in claim validation, where a crafted JWT can trigger catastrophic backtracking in the JavaScript regex engine, resulting in significant CPU consumption during...

6.5CVSS5.7AI score0.00262EPSS
Exploits1References4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/16 10:34 p.m.7 views

Security Bulletin: Multiple Vulnerabilities in IBM Aspera Faspex

Summary Multiple Vulnerabilities were addressed in IBM Aspera Faspex 5.0.15.1 Vulnerability Details CVEID:CVE-2025-62718 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking...

9.9CVSS7.3AI score0.01815EPSS
Exploits6Affected Software6
OSV
OSV
added 2026/04/16 12:1 a.m.10 views

RLSA-2026:8339 Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-26996 minimatch: Minimatch: Denial of Service via catastrophi...

7.5CVSS6.9AI score0.26356EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.3 views

RockyLinux 8 : nodejs:20 (RLSA-2026:8339)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:8339 advisory. minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-26996 minimatch: Minimatch: Denial of Service via catastrophic...

8.7CVSS7.4AI score0.26356EPSS
Exploits2References9
RedHat Linux
RedHat Linux
added 2026/04/15 7:16 p.m.10 views

minimatch: minimatch: Denial of Service via specially crafted glob patterns

A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...

8.7CVSS6.6AI score0.00519EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/04/15 7:16 p.m.3 views

minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and...

7.5CVSS6.6AI score0.00472EPSS
Exploits1References5
AlmaLinux
AlmaLinux
added 2026/04/15 12:0 a.m.6 views

Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-26996 minimatch: Minimatch: Denial of Service via catastrophi...

8.7CVSS6.9AI score0.26356EPSS
Exploits2References10
RedHat Linux
RedHat Linux
added 2026/04/14 7:23 a.m.6 views

minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and...

7.5CVSS6.6AI score0.00472EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/04/14 7:23 a.m.4 views

minimatch: minimatch: Denial of Service via specially crafted glob patterns

A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...

8.7CVSS6.6AI score0.00519EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/04/14 7:23 a.m.7 views

Important: Red Hat Security Advisory: nodejs:22 security update

An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

9.8CVSS6.9AI score0.26356EPSS
Exploits2References10
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.9 views

PT-2026-32983

Name of the Vulnerable Software and Affected Versions Giskard versions prior to 1.0.2b1 Description The RegexMatching check in the giskard-checks package passes a user-supplied regular expression pattern directly to the Python re.search function without a timeout, complexity guard, or pattern...

1CVSS5.9AI score0.00149EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/04/13 6:36 p.m.2 views

minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and...

7.5CVSS6.6AI score0.00472EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/04/13 6:36 p.m.6 views

minimatch: minimatch: Denial of Service via specially crafted glob patterns

A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...

8.7CVSS6.6AI score0.00519EPSS
Exploits1References6
Rows per page
Query Builder