9307 matches found
CVE-2025-66303
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A Denial of Service DoS vulnerability has been identified in Grav related to the handling of scheduledat parameters. Specifically, the application fails to properly sanitize input for cron expressions. By manipulating the scheduledat...
CVE-2025-66305 Grav vulnerable to Denial of Service via Improper Input Handling in 'Supported' Parameter
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a Denial of Service DoS vulnerability was identified in the "Languages" submenu of the Grav admin configuration panel /admin/config/system. Specifically, the Supported parameter fails to properly validate user input. If a malformed value ...
CVE-2025-66305 Grav vulnerable to Denial of Service via Improper Input Handling in 'Supported' Parameter
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a Denial of Service DoS vulnerability was identified in the "Languages" submenu of the Grav admin configuration panel /admin/config/system. Specifically, the Supported parameter fails to properly validate user input. If a malformed value ...
CVE-2025-66303 Grav is vulnerable to a DOS on the admin panel
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A Denial of Service DoS vulnerability has been identified in Grav related to the handling of scheduledat parameters. Specifically, the application fails to properly sanitize input for cron expressions. By manipulating the scheduledat...
CVE-2025-66303 Grav is vulnerable to a DOS on the admin panel
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A Denial of Service DoS vulnerability has been identified in Grav related to the handling of scheduledat parameters. Specifically, the application fails to properly sanitize input for cron expressions. By manipulating the scheduledat...
CVE-2025-66303 Grav is vulnerable to a DOS on the admin panel
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A Denial of Service DoS vulnerability has been identified in Grav related to the handling of scheduledat parameters. Specifically, the application fails to properly sanitize input for cron expressions. By manipulating the scheduledat...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses transformers-4.51.3-py3-none-any.whl which is vulnerable to CVE-2025-3933.
Summary IBM Maximo Application Suite - Monitor Component uses transformers-4.51.3-py3-none-any.whl which is vulnerable to CVE-2025-3933. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-3933 DESCRIPTION: A Regular Expression Deni...
📄 Commvault CLI 11.36.60 Remote Code Execution
Proof of concept exploit for the Commvault CLI version 11.36.60 remote code execution vulnerability. ============================================================================================================================================= | Title : Commvault CLI 11.36.60 RCE PHP Implementatio...
Grav 安全漏洞
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a code execution vulnerability that stems from malicious Twig expression injection, which can be exploited by an attacker to cause...
CVE-2025-66020
Valibot helps validate data using a schema. In versions from 0.31.0 to 1.1.0, the EMOJIREGEX used in the emoji action is vulnerable to a Regular Expression Denial of Service ReDoS attack. A short, maliciously crafted string e.g., 100 characters can cause the regex engine to consume excessive CPU...
CVE-2025-12140
The application contains an insecure 'redirectToUrl' mechanism that incorrectly processes the value of the 'redirectUrlParameter' parameter. The application interprets the entered string of characters as a Java expression, allowing an unauthenticated attacer to perform arbitrary code execution...
EUVD-2025-199823
The application contains an insecure 'redirectToUrl' mechanism that incorrectly processes the value of the 'redirectUrlParameter' parameter. The application interprets the entered string of characters as a Java expression, allowing an unauthenticated attacer to perform arbitrary code execution...
CVE-2025-12140
The application contains an insecure 'redirectToUrl' mechanism that incorrectly processes the value of the 'redirectUrlParameter' parameter. The application interprets the entered string of characters as a Java expression, allowing an unauthenticated attacer to perform arbitrary code execution...
PT-2025-48268
The application contains an insecure 'redirectToUrl' mechanism that incorrectly processes the value of the 'redirectUrlParameter' parameter. The application interprets the entered string of characters as a Java expression, allowing an unauthenticated attacer to perform arbitrary code execution...
EUVD-2025-199685
Valibot has a ReDoS vulnerability in EMOJIREGEX...
GHSA-VQPR-J7V3-HQW9 Valibot has a ReDoS vulnerability in `EMOJI_REGEX`
Summary The EMOJIREGEX used in the emoji action is vulnerable to a Regular Expression Denial of Service ReDoS attack. A short, maliciously crafted string e.g., 100 characters can cause the regex engine to consume excessive CPU time minutes, leading to a Denial of Service DoS for the application...
Valibot has a ReDoS vulnerability in `EMOJI_REGEX`
Summary The EMOJIREGEX used in the emoji action is vulnerable to a Regular Expression Denial of Service ReDoS attack. A short, maliciously crafted string e.g., 100 characters can cause the regex engine to consume excessive CPU time minutes, leading to a Denial of Service DoS for the application...
Regular Expression Denial of Service (ReDoS)
Overview valibot is a The modular and type safe schema library for validating structural data Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the EMOJIREGEX. An attacker can cause excessive CPU consumption and disrupt application availability by...
CVE-2025-66020
Valibot helps validate data using a schema. In versions from 0.31.0 to 1.1.0, the EMOJIREGEX used in the emoji action is vulnerable to a Regular Expression Denial of Service ReDoS attack. A short, maliciously crafted string e.g., 100 characters can cause the regex engine to consume excessive CPU...
CVE-2025-66020
Valibot CVE-2025-66020: A ReDoS flaw in the EMOJI_REGEX used by the emoji action affects 0.31.0–1.1.0, caused by catastrophic backtracking in the emoji-related pattern. This can let an attacker craft short input (e.g., under 100 chars) that consumes excessive CPU time, leading to DoS. The issue i...