Lucene search
+L

77 matches found

GitLab Advisory Database
GitLab Advisory Database
added 2026/07/09 12:0 a.m.7 views

org.hl7.fhir.core: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint

All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The utility intended to secure this evaluation did so incorrectly, and did not fully cover all places in which evaluation was being done. An attacker can send a resource...

7.5CVSS6.1AI score
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/07/02 8:13 p.m.3 views

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.npm:jsonata is a JSON query and transformation language Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the $toMillis function. An attacker can cause resource exhaustion by providing specially crafted inputs that trigger...

8.7CVSS5.9AI score
Exploits0References2
Cvelist
Cvelist
added 2026/06/17 10:14 p.m.28 views

CVE-2026-45617 LiquidJS: ReDoS via Quadratic Backtracking in `strip_html` Filter Regex

LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, the built-in striphtml filter uses a regex containing four flawed lazy-quantified alternatives, leading to ReDoS via quadratic backtracking. When the input contains many script...

7.5CVSS0.00385EPSS
Exploits0References3
CVE
CVE
added 2026/06/11 3:34 p.m.128 views

CVE-2026-44496

CVE-2026-44496 affects Axios in browser environments where Axios reads document.cookie. Versions before 0.32.0 (0.x branch) and before 1.16.0 (1.x branch) build a regex from the configured XSRF cookie name without escaping regex metacharacters, enabling expensive regex backtracking and potential ...

7.5CVSS5.5AI score0.00622EPSS
Exploits1References32Affected Software1
OSV
OSV
added 2026/06/11 6:54 a.m.8 views

SUSE-SU-2026:2363-1 Security update for cockpit

This update for cockpit fixes the following issues - CVE-2026-4802: remote command execution via unsanitized user-controlled parameters within crafted links in system logs UI bsc1265040. - CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory...

9.8CVSS6.8AI score0.01402EPSS
Exploits2References9
UbuntuCve
UbuntuCve
added 2026/06/09 12:0 a.m.2 views

CVE-2026-41848

Applications may be vulnerable to a Regular Expression Denial of Service ReDoS attack if an attacker is able to provide a pattern which is then directly or indirectly supplied to one of the following methods in AntPathMatcher: matchString pattern, String path, matchStartString pattern, String pat...

7.5CVSS6.1AI score0.00317EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/20 3:35 p.m.11 views

Regular Expression Denial of Service (ReDoS)

Overview symfony/json-path is an Eases JSON navigation using the JSONPath syntax as described in RFC 9535 Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the match and search filter functions in the JsonPath component. An attacker can cause denia...

8.2CVSS5.7AI score0.0057EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 8:23 p.m.9 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in the FHIRPathEngine. An attacker can exhaust system resources and cause service disruption by submitting specially crafted regular...

8.7CVSS5.8AI score0.00086EPSS
Exploits0References2
OSV
OSV
added 2026/05/18 5:40 p.m.9 views

GHSA-65X3-RW7Q-GX94 multiparty vulnerable to ReDoS via filename parsing

Impact [email protected] and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser. A multipart upload with a long header value containing !filename="1 repeated can cause regex matching to take seconds, blocking...

7.5CVSS5.8AI score0.00335EPSS
Exploits0References6
Snyk
Snyk
added 2026/05/14 8:29 p.m.10 views

Regular Expression Denial of Service (ReDoS)

Overview svelte is a package for building web applications. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS through the svelte:element tag validation process. An attacker can cause significant performance degradation by supplying specially crafted ta...

5.9CVSS5.8AI score0.00421EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 2:38 p.m.7 views

Security Bulletin: IBM Edge Data Collector uses picomatch-2.3.1.tgz which is vulnerable to CVE-2026-33671, CVE-2026-33672.

Summary IBM Edge Data Collector uses picomatch-2.3.1.tgz which is vulnerable to CVE-2026-33671, CVE-2026-33672. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-33671 DESCRIPTION: Picomatch is a glob matcher written JavaScript. Versions prior t...

7.5CVSS6.1AI score0.00412EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2026/04/21 5:17 p.m.11 views

Regular Expression Denial of Service (ReDoS)

Overview signalk-server is an An implementation of a Signal K server for boats. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the contextMatcher and pathMatcher functions. An attacker can cause the server to become unresponsive and exhaust CPU...

8.7CVSS5.8AI score0.00427EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/24 10:13 p.m.8 views

Scriban: Built-in operations bypass LoopLimit and delay cancellation, enabling Denial of Service

Summary Scriban's LoopLimit only applies to script loop statements, not to expensive iteration performed inside operators and builtins. An attacker can submit a single expression such as 1..1000000 | array.size and force large amounts of CPU work even when LoopLimit is set to a very small value...

6AI score
Exploits0References2Affected Software2
Vulnrichment
Vulnrichment
added 2026/03/18 12:0 a.m.6 views

CVE-2026-29856

An issue in the VirtualHost configuration handling/parser component of aaPanel v7.57.0 allows attackers to cause a Regular Expression Denial of Service ReDoS via a crafted input...

5.8AI score0.00337EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/12 11:55 p.m.7 views

Regular Expression Denial of Service (ReDoS)

Overview langchain-classic is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the parse function in the MRKLOutputParser class. An attacker can cause excessive CPU consumption and significan...

8.7CVSS5.7AI score0.0041EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/09 7:48 p.m.4 views

Regular Expression Denial of Service (ReDoS)

Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the flatten function. An attacker can cause excessive processing times by providing ...

6.9CVSS6.7AI score0.00391EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.5 views

PT-2026-28674

Name of the Vulnerable Software and Affected Versions path-to-regexp versions prior to 8.4.0 Description The software is susceptible to a Regular Expression Denial of Service ReDoS condition when handling multiple wildcard characters combined with at least one parameter. This issue arises because...

5.9CVSS5.8AI score0.00353EPSS
Exploits0References274
Snyk
Snyk
added 2025/12/02 6:39 a.m.6 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the validatequery routine used for FTS5 query validation. The regular expression used to tokenize user-supplied search strings contains nested repetition, allowing crafted input to trigger...

6.9CVSS6.6AI score
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-10572

Malware in sbrugna...

6.5CVSS6.6AI score0.01455EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-18856

Malicious code in bioql PyPI...

6.9CVSS5.6AI score0.00448EPSS
Exploits0References5
Rows per page
Query Builder