Lucene search
+L

3379 matches found

OSV
OSV
added 2026/07/02 2:13 p.m.3 views

PYSEC-2026-741 XML Entity Expansion in trytond and proteus

An XML Entity Expansion XEE issue was discovered in Tryton Application Platform Server 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform Command Line Client proteus 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. A...

7.5CVSS6AI score0.01927EPSS
Exploits0References10
EUVD
EUVD
added 2026/07/01 8:51 p.m.8 views

EUVD-2026-40297

Rancher has over-inclusive team membership expansion in GitHub App authentication provider...

8.8CVSS5.8AI score0.0037EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/07/01 3:35 a.m.6 views

SUSE CVE-2026-13149

brace-expansion through 5.0.6 is vulnerable to denial of service. The expand function exhibits exponential-time complexity in the number of consecutive non-expanding '' brace groups. An attacker who passes a crafted string to expand, directly or transitively, can cause significant CPU consumption...

7.5CVSS5.7AI score0.00361EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-13149

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - brace-expansion through 5.0.6 is vulnerable to denial of service. The expand function exhibits exponential-time complexity in the number of consecutive...

8.7CVSS6.3AI score0.00361EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/30 6:32 p.m.19 views

EUVD-2026-31974

obanweb: Unbounded range expansion in cron describe causes memory exhaustion...

5.9CVSS5.8AI score0.00341EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/30 2:51 p.m.7 views

CVE-2026-13149

A flaw was found in brace-expansion. An attacker can exploit a vulnerability in the expand function by providing a specially crafted string. This string, containing consecutive non-expanding brace groups, can trigger exponential-time complexity, leading to significant CPU consumption and event-lo...

8.7CVSS5.8AI score0.00361EPSS
Exploits0References5
NVD
NVD
added 2026/06/30 12:16 p.m.8 views

CVE-2026-41053

Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access to any logged in user, in 2.13 before 2.13.6 and 2.14 before 2.14.2...

8.8CVSS0.0037EPSS
Exploits0References1
OSV
OSV
added 2026/06/30 11:38 a.m.4 views

CVE-2026-41053 Over-inclusive team membership expansion in GitHub App authentication provider for Rancher

Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access to any logged in user, in 2.13 before 2.13.6 and 2.14 before 2.14.2...

8.8CVSS5.9AI score0.0037EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/30 11:25 a.m.4 views

Inefficient Algorithmic Complexity

Overview org.webjars.npm:brace-expansion is a WebJar for brace-expansion. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the expand function. An attacker can cause excessive CPU consumption and block the event loop by supplying a specially crafted strin...

8.7CVSS6.3AI score0.00361EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/30 11:25 a.m.7 views

Inefficient Algorithmic Complexity

Overview brace-expansion is a Brace expansion as known from sh/bash Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the expand function. An attacker can cause excessive CPU consumption and block the event loop by supplying a specially crafted string...

8.7CVSS6.3AI score0.00361EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 10:16 a.m.11 views

CVE-2026-13149

brace-expansion through 5.0.6 is vulnerable to denial of service. The expand function exhibits exponential-time complexity in the number of consecutive non-expanding '' brace groups. An attacker who passes a crafted string to expand, directly or transitively, can cause significant CPU consumption...

8.7CVSS0.00361EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 10:16 a.m.4 views

DEBIAN-CVE-2026-13149

brace-expansion through 5.0.6 is vulnerable to denial of service. The expand function exhibits exponential-time complexity in the number of consecutive non-expanding '' brace groups. An attacker who passes a crafted string to expand, directly or transitively, can cause significant CPU consumption...

8.7CVSS5.7AI score0.00361EPSS
Exploits0References1
OSV
OSV
added 2026/06/30 10:16 a.m.13 views

UBUNTU-CVE-2026-13149

brace-expansion through 5.0.6 is vulnerable to denial of service. The expand function exhibits exponential-time complexity in the number of consecutive non-expanding '' brace groups. An attacker who passes a crafted string to expand, directly or transitively, can cause significant CPU consumption...

8.7CVSS5.7AI score0.00361EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/30 8:30 a.m.5 views

CVE-2026-13149

brace-expansion through 5.0.6 is vulnerable to denial of service. The expand function exhibits exponential-time complexity in the number of consecutive non-expanding '' brace groups. An attacker who passes a crafted string to expand, directly or transitively, can cause significant CPU consumption...

8.7CVSS5.7AI score0.00361EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/30 8:30 a.m.39 views

CVE-2026-13149

brace-expansion through 5.0.6 is vulnerable to denial of service. The expand function exhibits exponential-time complexity in the number of consecutive non-expanding '' brace groups. An attacker who passes a crafted string to expand, directly or transitively, can cause significant CPU consumption...

8.7CVSS0.00361EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 8:30 a.m.4 views

CVE-2026-13149

brace-expansion through 5.0.6 is vulnerable to denial of service. The expand function exhibits exponential-time complexity in the number of consecutive non-expanding '' brace groups. An attacker who passes a crafted string to expand, directly or transitively, can cause significant CPU consumption...

8.7CVSS6.2AI score0.00361EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/30 8:30 a.m.8 views

EUVD-2026-40269

brace-expansion through 5.0.6 is vulnerable to denial of service. The expand function exhibits exponential-time complexity in the number of consecutive non-expanding '' brace groups. An attacker who passes a crafted string to expand, directly or transitively, can cause significant CPU consumption...

8.7CVSS5.7AI score0.00361EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 8:30 a.m.84 views

CVE-2026-13149

The CVE-2026-13149 entry concerns the library brace-expansion up to version 5.0.6. The vulnerability is in the expand() function, which exhibits exponential-time complexity proportional to the number of consecutive non-expanding '{}' brace groups. This allows an attacker to craft input that cause...

8.7CVSS5.7AI score0.00361EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-53832

Name of the Vulnerable Software and Affected Versions brace-expansion versions prior to 5.0.7 Description A denial of service issue exists where the expand function exhibits exponential-time complexity when processing consecutive non-expanding '' brace groups. An attacker can provide a crafted...

8.7CVSS6.2AI score0.00361EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.8 views

SUSE SLES12: libpython2_7-1_0 / libpython2_7-1_0-32bit / python / python-32bit / etc (SUSE-SU-2026:2664-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2664-1 advisory. This update for python, python-base, python-doc fixes the following issues Security fixes: - CVE-2026-1703: files may be extracted outside the...

9.1CVSS7.8AI score0.00579EPSS
Exploits2References23
Rows per page
Query Builder