CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1029 matches found

OSV•added 2026/04/07 5:16 p.m.•1 views

UBUNTU-CVE-2026-35611

Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. From 2.3.0 to before 2.9.0, within the URI template implementation in Addressable, two classes of URI template generate regular expressions vulnerable to catastrophic backtracking...

7.5CVSS5.7AI score0.00027EPSS

Exploits0References6

Vulnrichment•added 2026/04/07 4:38 p.m.•0 views

CVE-2026-35611 Addressable has a Regular Expression Denial of Service in Addressable templates

7.5CVSS5.8AI score0.00027EPSS

Exploits0References1

AlpineLinux•added 2026/04/07 4:38 p.m.•1 views

CVE-2026-35611

7.5CVSS5.2AI score0.00027EPSS

Exploits0

Cvelist•added 2026/04/07 4:38 p.m.•16 views

CVE-2026-35611 Addressable has a Regular Expression Denial of Service in Addressable templates

7.5CVSS0.00027EPSS

Exploits0References1

ATTACKERKB•added 2026/04/07 4:38 p.m.•1 views

CVE-2026-35611

7.5CVSS5.8AI score0.00027EPSS

Exploits0References2Affected Software1

CVE•added 2026/04/07 4:38 p.m.•38 views

CVE-2026-35611

Addressable (Ruby URI template implementation) versions 2.3.0–before 2.9.0 are affected by two classes of URI template generation that create regular expressions susceptible to catastrophic backtracking. Templates using the explode modifier with any expansion operator (e.g., {foo*}, {+var*}, {#va...

7.5CVSS5.8AI score0.00027EPSS

Exploits0References1Affected Software1

Debian CVE•added 2026/04/07 4:38 p.m.•3 views

CVE-2026-35611

7.5CVSS5.2AI score0.00027EPSS

Exploits0

CNNVD•added 2026/04/07 12:0 a.m.•6 views

Addressable 安全漏洞

Addressable is a Ruby library developed by Bob Aman. Versions of Addressable from 2.3.0 to 2.9.0 contained a security vulnerability. This vulnerability stemmed from the URI template implementation; two types of regular expressions generated by the URI templates had catastrophic backtracking, whic...

7.5CVSS5.8AI score0.00027EPSS

Exploits0References1

Positive Technologies•added 2026/04/07 12:0 a.m.•3 views

PT-2026-30910

Name of the Vulnerable Software and Affected Versions Addressable versions 2.3.0 through 2.8.9 Description Addressable, an alternative URI implementation for Ruby, contains a flaw in its URI template implementation. Templates utilizing the '' explode modifier with any expansion operator e.g., foo...

7.5CVSS5.9AI score0.00027EPSS

Exploits0References5

RedhatCVE•added 2026/04/06 10:57 a.m.•1 views

CVE-2026-34939

PraisonAI is a multi-agent teams system. Prior to version 4.5.90, MCPToolIndex.searchtools compiles a caller-supplied string directly as a Python regular expression with no validation, sanitization, or timeout. A crafted regex causes catastrophic backtracking in the re engine, blocking the Python...

7.5CVSS5.8AI score0.00021EPSS

Exploits1References1

NVD•added 2026/04/03 11:17 p.m.•1 views

CVE-2026-34939

7.5CVSS0.00021EPSS

Exploits1References1

Vulnrichment•added 2026/04/03 10:52 p.m.•3 views

CVE-2026-34939 PraisonAI: ReDoS via Unvalidated User-Controlled Regex in MCPToolIndex.search_tools()

6.5CVSS5.8AI score0.00021EPSS

Exploits1References1

Cvelist•added 2026/04/03 10:52 p.m.•16 views

CVE-2026-34939 PraisonAI: ReDoS via Unvalidated User-Controlled Regex in MCPToolIndex.search_tools()

6.5CVSS0.00021EPSS

Exploits1References1

ATTACKERKB•added 2026/04/03 10:52 p.m.•2 views

CVE-2026-34939

6.5CVSS5.8AI score0.00021EPSS

Exploits1References2Affected Software1

OSV•added 2026/04/01 11:21 p.m.•2 views

GHSA-8W9J-HC3G-3G7F PraisonAI Has ReDoS via Unvalidated User-Controlled Regex in MCPToolIndex.search_tools()

Summary MCPToolIndex.searchtools compiles a caller-supplied string directly as a Python regular expression with no validation, sanitization, or timeout. A crafted regex causes catastrophic backtracking in the re engine, blocking the Python thread for hundreds of seconds and causing a complete...

6.5CVSS5.9AI score0.00021EPSS

Exploits1References3

Github Security Blog•added 2026/04/01 11:21 p.m.•6 views

PraisonAI Has ReDoS via Unvalidated User-Controlled Regex in MCPToolIndex.search_tools()

7.5CVSS5.9AI score0.00021EPSS

Exploits1References3Affected Software1

Snyk•added 2026/04/01 11:21 p.m.•6 views

Regular Expression Denial of Service (ReDoS)

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

7.5CVSS5.9AI score0.00021EPSS

Exploits1References2

Positive Technologies•added 2026/04/01 12:0 a.m.•3 views

PT-2026-29826

Summary MCPToolIndex.search tools compiles a caller-supplied string directly as a Python regular expression with no validation, sanitization, or timeout. A crafted regex causes catastrophic backtracking in the re engine, blocking the Python thread for hundreds of seconds and causing a complete...

6.5CVSS5.9AI score0.00021EPSS

Exploits1References4

RedHat Linux•added 2026/03/31 4:12 p.m.•4 views

minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and...

7.5CVSS5.9AI score0.00026EPSS

Exploits1References5