Lucene search
K

9309 matches found

Vulnrichment
Vulnrichment
added 2025/11/26 1:49 a.m.1 views

CVE-2025-66020 Valibot has a ReDoS vulnerability in `EMOJI_REGEX`

Valibot helps validate data using a schema. In versions from 0.31.0 to 1.1.0, the EMOJIREGEX used in the emoji action is vulnerable to a Regular Expression Denial of Service ReDoS attack. A short, maliciously crafted string e.g., 100 characters can cause the regex engine to consume excessive CPU...

7.5CVSS6.5AI score0.00289EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/26 1:49 a.m.26 views

CVE-2025-66020 Valibot has a ReDoS vulnerability in `EMOJI_REGEX`

Valibot helps validate data using a schema. In versions from 0.31.0 to 1.1.0, the EMOJIREGEX used in the emoji action is vulnerable to a Regular Expression Denial of Service ReDoS attack. A short, maliciously crafted string e.g., 100 characters can cause the regex engine to consume excessive CPU...

7.5CVSS0.00289EPSS
Exploits0References2
OSV
OSV
added 2025/11/26 1:49 a.m.5 views

CVE-2025-66020 Valibot has a ReDoS vulnerability in `EMOJI_REGEX`

Valibot helps validate data using a schema. In versions from 0.31.0 to 1.1.0, the EMOJIREGEX used in the emoji action is vulnerable to a Regular Expression Denial of Service ReDoS attack. A short, maliciously crafted string e.g., 100 characters can cause the regex engine to consume excessive CPU...

7.5CVSS6.7AI score0.00289EPSS
Exploits0References4
CVE
CVE
added 2025/11/26 1:49 a.m.20 views

CVE-2025-66020

Valibot CVE-2025-66020: A ReDoS flaw in the EMOJI_REGEX used by the emoji action affects 0.31.0–1.1.0, caused by catastrophic backtracking in the emoji-related pattern. This can let an attacker craft short input (e.g., under 100 chars) that consumes excessive CPU time, leading to DoS. The issue i...

7.5CVSS6.5AI score0.00289EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/26 12:0 a.m.9 views

PT-2025-48121

Name of the Vulnerable Software and Affected Versions Valibot versions 0.31.0 through 1.1.0 Description Valibot is a data validation library that utilizes schemas. Versions from 0.31.0 to 1.1.0 contain a Regular Expression Denial of Service ReDoS issue within the EMOJI REGEX used in the emoji...

7.5CVSS6.6AI score0.00289EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/11/26 12:0 a.m.4 views

Valibot 安全漏洞

Valibot is an Open Circle open source library for structured data validation. A security vulnerability exists in Valibot versions 0.31.0 through 1.1.0, which stems from EMOJIREGEX being susceptible to a regular expression denial-of-service attack that could result in a denial of service of the...

7.5CVSS6.4AI score0.00289EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2025/11/24 8:58 p.m.197 views

Exploit for Expression Language Injection in Redhat Richfaces

Simplest and most reliable RichFaces Paint2DResource CVE-2018-12...

9.8CVSS7.1AI score0.21375EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.6 views

TencentOS Server 4: mathjax (TSSA-2025:0638)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0638 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

7.5CVSS6.8AI score0.00703EPSS
Exploits1References2
Mageia
Mageia
added 2025/11/18 2:47 a.m.14 views

Updated apache packages fix security vulnerabilities

HTTP response splitting. CVE-2024-42516 SSRF with modheaders setting Content-Type header. CVE-2024-43204 modssl error log variable escaping. CVE-2024-47252 modproxyhttp2 denial of service. CVE-2025-49630 modssl access control bypass with session resumption. CVE-2025-23048 modssl TLS upgrade attac...

9.1CVSS6.9AI score0.04409EPSS
Exploits2References10
OSV
OSV
added 2025/11/14 6:31 p.m.3 views

GHSA-8GW3-RXH4-V6JX expr-eval vulnerable to Prototype Pollution

npm package expr-eval is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue...

7.3CVSS7.2AI score0.00413EPSS
Exploits1References10
NVD
NVD
added 2025/11/14 5:16 p.m.7 views

CVE-2025-13204

npm package expr-eval is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue...

7.3CVSS0.00413EPSS
Exploits1References7
CVE
CVE
added 2025/11/14 5:2 p.m.32 views

CVE-2025-13204

CVE-2025-13204 (npm expr-eval) is a Prototype Pollution vulnerability in the expr-eval package. An attacker with access to the express eval interface can leverage JavaScript prototype-based inheritance to achieve arbitrary code execution. The issue is mitigated by the npm expr-eval-fork package, ...

7.3CVSS7.5AI score0.00413EPSS
Exploits1References7Affected Software1
EUVD
EUVD
added 2025/11/14 5:2 p.m.4 views

EUVD-2025-197614

npm package expr-eval is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue...

7.3CVSS7.3AI score0.00413EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2025/11/14 4:5 p.m.8 views

CVE-2025-62484

Inefficient regular expression complexity in certain Zoom Workplace Clients before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access...

9.8CVSS7.3AI score0.00256EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2025/11/14 9:2 a.m.5 views

netfilter: nft_objref: validate objref and objrefmap expressions

...

5.5CVSS7AI score0.00166EPSS
Exploits0
CNNVD
CNNVD
added 2025/11/14 12:0 a.m.3 views

JavaScript Expression Evaluator 安全漏洞

JavaScript Expression Evaluator is a math calculator by Matthew Crumley Personal Developer. A security vulnerability exists in JavaScript Expression Evaluator that stems from prototype contamination and could lead to the execution of arbitrary code...

7.3CVSS6.7AI score0.00413EPSS
Exploits1References7
OSV
OSV
added 2025/11/13 11:37 p.m.5 views

MGASA-2025-0290 Updated ruby packages fix security vulnerabilities

Net::IMAP vulnerable to possible DoS by memory exhaustion. CVE-2025-25186 In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it...

7.5CVSS6.8AI score0.00784EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2025/11/13 10:32 p.m.6 views

@omni-co/vega-lite (>=6.2.0-fork.2 <=6.2.0-fork.2-beta.2), arakawa (=0.1.0-alpha.1) +3 more potentially affected by CVE-2025-59840 via vega-expression (=6.0.0)

vega-expression NPM version =6.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on vega-expression and may be impacted: - @omni-co/vega-lite =6.2.0-fork.2, =6.0.0, =6.0.0, =6.0.0, =6.3.1 Source cves: CVE-2025-59840 Source advisory: OSV:GHSA-7F2V-3QQ3-V...

8.1CVSS6AI score0.00334EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/11/13 10:32 p.m.6 views

@0xgg/echomd (>=1.0.0 <=1.0.4), @ajuhos/malloy-tests (>=0.0.332 <=0.0.334) +361 more potentially affected by CVE-2025-59840 via vega-expression (>=1.2.1 <=5.1.2)

vega-expression NPM version =1.2.1, =1.0.0, =0.0.332, =0.0.332, =1.1.5, =0.0.1, =0.20.0, =0.20.0, =2.4.22, =0.4.1-canary.195, =0.0.0, =0.1.0, =0.3.0, =0.8.8 and more Source cves: CVE-2025-59840 Source advisory: OSV:GHSA-7F2V-3QQ3-VVJF...

8.1CVSS6.5AI score0.00334EPSS
Exploits0
Snyk
Snyk
added 2025/11/13 8:43 p.m.2 views

Cross-site Scripting (XSS)

Overview vega-expression is a Vega expression parser and code generator. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the toString function in environments where the VEGADEBUG global variable is present. An attacker can execute arbitrary JavaScript code by...

8.1CVSS5.6AI score0.00334EPSS
Exploits0References2
Rows per page
Query Builder