Lucene search
K

9307 matches found

NVD
NVD
added 2025/12/01 10:15 p.m.6 views

CVE-2025-66303

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A Denial of Service DoS vulnerability has been identified in Grav related to the handling of scheduledat parameters. Specifically, the application fails to properly sanitize input for cron expressions. By manipulating the scheduledat...

4.9CVSS0.00339EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/12/01 9:43 p.m.1 views

CVE-2025-66305 Grav vulnerable to Denial of Service via Improper Input Handling in 'Supported' Parameter

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a Denial of Service DoS vulnerability was identified in the "Languages" submenu of the Grav admin configuration panel /admin/config/system. Specifically, the Supported parameter fails to properly validate user input. If a malformed value ...

6.9CVSS5.8AI score0.00337EPSS
Exploits1References2
OSV
OSV
added 2025/12/01 9:43 p.m.4 views

CVE-2025-66305 Grav vulnerable to Denial of Service via Improper Input Handling in 'Supported' Parameter

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a Denial of Service DoS vulnerability was identified in the "Languages" submenu of the Grav admin configuration panel /admin/config/system. Specifically, the Supported parameter fails to properly validate user input. If a malformed value ...

6.9CVSS6.1AI score0.00337EPSS
Exploits1References4
OSV
OSV
added 2025/12/01 9:35 p.m.6 views

CVE-2025-66303 Grav is vulnerable to a DOS on the admin panel

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A Denial of Service DoS vulnerability has been identified in Grav related to the handling of scheduledat parameters. Specifically, the application fails to properly sanitize input for cron expressions. By manipulating the scheduledat...

4.9CVSS6.7AI score0.00339EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/01 9:35 p.m.2 views

CVE-2025-66303 Grav is vulnerable to a DOS on the admin panel

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A Denial of Service DoS vulnerability has been identified in Grav related to the handling of scheduledat parameters. Specifically, the application fails to properly sanitize input for cron expressions. By manipulating the scheduledat...

4.9CVSS6.4AI score0.00339EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/12/01 9:35 p.m.5 views

CVE-2025-66303 Grav is vulnerable to a DOS on the admin panel

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A Denial of Service DoS vulnerability has been identified in Grav related to the handling of scheduledat parameters. Specifically, the application fails to properly sanitize input for cron expressions. By manipulating the scheduledat...

4.9CVSS0.00339EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/01 9:44 a.m.7 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses transformers-4.51.3-py3-none-any.whl which is vulnerable to CVE-2025-3933.

Summary IBM Maximo Application Suite - Monitor Component uses transformers-4.51.3-py3-none-any.whl which is vulnerable to CVE-2025-3933. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-3933 DESCRIPTION: A Regular Expression Deni...

5.3CVSS6.6AI score0.00431EPSS
Exploits1Affected Software1
Packet Storm
Packet Storm
added 2025/12/01 12:0 a.m.180 views

📄 Commvault CLI 11.36.60 Remote Code Execution

Proof of concept exploit for the Commvault CLI version 11.36.60 remote code execution vulnerability. ============================================================================================================================================= | Title : Commvault CLI 11.36.60 RCE PHP Implementatio...

8.8CVSS8.2AI score0.20719EPSS
Exploits4
CNNVD
CNNVD
added 2025/12/01 12:0 a.m.7 views

Grav 安全漏洞

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a code execution vulnerability that stems from malicious Twig expression injection, which can be exploited by an attacker to cause...

8.8CVSS8.7AI score0.00685EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/11/28 8:8 p.m.7 views

CVE-2025-66020

Valibot helps validate data using a schema. In versions from 0.31.0 to 1.1.0, the EMOJIREGEX used in the emoji action is vulnerable to a Regular Expression Denial of Service ReDoS attack. A short, maliciously crafted string e.g., 100 characters can cause the regex engine to consume excessive CPU...

7.5CVSS6.8AI score0.00289EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/28 2:57 p.m.8 views

CVE-2025-12140

The application contains an insecure 'redirectToUrl' mechanism that incorrectly processes the value of the 'redirectUrlParameter' parameter. The application interprets the entered string of characters as a Java expression, allowing an unauthenticated attacer to perform arbitrary code execution...

9.3CVSS7.9AI score0.00359EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/27 3:31 p.m.4 views

EUVD-2025-199823

The application contains an insecure 'redirectToUrl' mechanism that incorrectly processes the value of the 'redirectUrlParameter' parameter. The application interprets the entered string of characters as a Java expression, allowing an unauthenticated attacer to perform arbitrary code execution...

9.3CVSS7.1AI score0.00359EPSS
Exploits0References2
NVD
NVD
added 2025/11/27 2:15 p.m.5 views

CVE-2025-12140

The application contains an insecure 'redirectToUrl' mechanism that incorrectly processes the value of the 'redirectUrlParameter' parameter. The application interprets the entered string of characters as a Java expression, allowing an unauthenticated attacer to perform arbitrary code execution...

9.3CVSS0.00359EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/27 12:0 a.m.8 views

PT-2025-48268

The application contains an insecure 'redirectToUrl' mechanism that incorrectly processes the value of the 'redirectUrlParameter' parameter. The application interprets the entered string of characters as a Java expression, allowing an unauthenticated attacer to perform arbitrary code execution...

9.3CVSS7.5AI score0.00359EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/26 7:33 p.m.15 views

EUVD-2025-199685

Valibot has a ReDoS vulnerability in EMOJIREGEX...

7.5CVSS6.4AI score0.00289EPSS
Exploits0References3
OSV
OSV
added 2025/11/26 7:33 p.m.2 views

GHSA-VQPR-J7V3-HQW9 Valibot has a ReDoS vulnerability in `EMOJI_REGEX`

Summary The EMOJIREGEX used in the emoji action is vulnerable to a Regular Expression Denial of Service ReDoS attack. A short, maliciously crafted string e.g., 100 characters can cause the regex engine to consume excessive CPU time minutes, leading to a Denial of Service DoS for the application...

7.5CVSS6.8AI score0.00289EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/11/26 7:33 p.m.6 views

Valibot has a ReDoS vulnerability in `EMOJI_REGEX`

Summary The EMOJIREGEX used in the emoji action is vulnerable to a Regular Expression Denial of Service ReDoS attack. A short, maliciously crafted string e.g., 100 characters can cause the regex engine to consume excessive CPU time minutes, leading to a Denial of Service DoS for the application...

7.5CVSS7.1AI score0.00289EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2025/11/26 2:42 a.m.2 views

Regular Expression Denial of Service (ReDoS)

Overview valibot is a The modular and type safe schema library for validating structural data Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the EMOJIREGEX. An attacker can cause excessive CPU consumption and disrupt application availability by...

8.7CVSS6.5AI score0.00289EPSS
Exploits0References2
NVD
NVD
added 2025/11/26 2:15 a.m.24 views

CVE-2025-66020

Valibot helps validate data using a schema. In versions from 0.31.0 to 1.1.0, the EMOJIREGEX used in the emoji action is vulnerable to a Regular Expression Denial of Service ReDoS attack. A short, maliciously crafted string e.g., 100 characters can cause the regex engine to consume excessive CPU...

7.5CVSS0.00289EPSS
Exploits0References2
CVE
CVE
added 2025/11/26 1:49 a.m.19 views

CVE-2025-66020

Valibot CVE-2025-66020: A ReDoS flaw in the EMOJI_REGEX used by the emoji action affects 0.31.0–1.1.0, caused by catastrophic backtracking in the emoji-related pattern. This can let an attacker craft short input (e.g., under 100 chars) that consumes excessive CPU time, leading to DoS. The issue i...

7.5CVSS6.5AI score0.00289EPSS
Exploits0References2
Rows per page
Query Builder