Lucene search
K

9309 matches found

Veracode
Veracode
added 2025/11/04 12:33 p.m.5 views

Regular Expression Denial Of Service

Grafana-Zabbix is vulnerable to Regular Expression Denial of Service. The vulnerability is due to inefficient regular-expression handling to user-supplied regex queries, that can trigger catastrophic backtracking, and attackers can exploit this by submitting specially crafted regex patterns that...

4.3CVSS6.9AI score0.00323EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/11/03 12:0 a.m.6 views

macOS 14.x < 14.8.2 Multiple Vulnerabilities (125636)

The remote host is running a version of macOS / Mac OS X that is 14.x prior to 14.8.2. It is, therefore, affected by multiple vulnerabilities: - There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This cou...

9.8CVSS6.9AI score0.73495EPSS
Exploits7References52
AstraLinux
AstraLinux
added 2025/11/01 10:54 a.m.4 views

Astra Linux – Vulnerability in configobj

All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate function, using .+?.. Note: This vulnerability can only be exploited by developers who place the offending values in server-side configuration files...

5.9CVSS6.2AI score0.01259EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/11/01 12:0 a.m.5 views

SUSE SLES15: libpoppler-cpp0 / libpoppler-devel / libpoppler-glib-devel / etc (SUSE-SU-2025:3900-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3900-1 advisory. - CVE-2025-43718: Fixed uncontrolled recursion in the regex-based metadata parser when processing specially crafted PDF files allow...

8.6CVSS6.5AI score0.00156EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/31 6:48 p.m.8 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Denial of Service in huggingface/transformers [CVE-2025-5197]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Denial of Service in huggingface/transformers, due to an exploitable issue in the converttfweightnametoptweightname function CVE-2025-5197. Huggingface/transformers is used in our speech service runtimes. This vulnerabilitiy has been...

5.3CVSS6.6AI score0.00361EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/31 6:45 p.m.21 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Denial of Service in huggingface/transformers [CVE-2025-3262, CVE-2025-3264, CVE-2025-3933, CVE-2025-3263]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Denial of Service in huggingface/transformers, due to various issues identified within the package CVE-2025-3262, CVE-2025-3264, CVE-2025-3933, CVE-2025-3263. Huggingface/transformers is used in our speech service runtimes. This...

7.5CVSS7.4AI score0.00431EPSS
Exploits4Affected Software1
Veracode
Veracode
added 2025/10/31 6:30 a.m.5 views

Regular Expression Denial Of Service (ReDoS)

Transformers is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient handling of numeric strings in the normalizenumbers method of the EnglishNormalizer class, which allows an attacker to exploit crafted input with long digit sequences to cause excessi...

5.3CVSS5.3AI score0.00349EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2025/10/30 6:32 p.m.6 views

CLSA-2025-1761844489 Fix of 9 CVEs

SECURITY UPDATE: multiple vulnerabilities in AWK implementation - debian/patches/CVE-2021-423xx-awk.patch: fix issues with argument parsing, delete statement validation, length parsing, post-increment/decrement on literals, expression handling, regex splitting, use-after-realloc, and maxfields...

7.2CVSS7AI score0.02793EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/30 5:9 p.m.4 views

CVE-2025-62792

Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.12.0, a buffer over-read occurs in wexpressionmatch when strlen is called on strtest, because the corresponding buffer is not being properly NULL terminated during its allocation in OSCleanMSG...

7.5CVSS6.8AI score0.0035EPSS
Exploits1References1
OSV
OSV
added 2025/10/30 3:2 p.m.3 views

GO-2025-4033 Apache Traffic Control has an Inefficient Regular Expression Complexity vulnerability in github.com/apache/trafficcontrol

Apache Traffic Control has an Inefficient Regular Expression Complexity vulnerability in github.com/apache/trafficcontrol...

7.5CVSS7AI score0.00672EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/30 2:20 p.m.8 views

CVE-2025-5342 Denial of Service (DoS)

Zohocorp ManageEngine Exchange Reporter Plus through 5721 are vulnerable to ReDOS vulnerability in the search module...

4.3CVSS0.01037EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.4 views

PT-2025-44411

Name of the Vulnerable Software and Affected Versions ManageEngine Exchange Reporter Plus versions through 5721 Description The software contains a Regular Expression Denial of Service ReDoS issue within its search module. This could potentially disrupt service due to excessive resource consumpti...

6.5CVSS6.6AI score0.01037EPSS
Exploits0References5
NVD
NVD
added 2025/10/29 5:15 p.m.3 views

CVE-2025-62792

Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.12.0, a buffer over-read occurs in wexpressionmatch when strlen is called on strtest, because the corresponding buffer is not being properly NULL terminated during its allocation in OSCleanMSG...

7.5CVSS0.0035EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/10/29 4:50 p.m.2 views

CVE-2025-62792 Wazuh vulnerable to Heap-based Buffer Over-read in w_expression_match

Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.12.0, a buffer over-read occurs in wexpressionmatch when strlen is called on strtest, because the corresponding buffer is not being properly NULL terminated during its allocation in OSCleanMSG...

6.9CVSS6.5AI score0.0035EPSS
Exploits1References1
Redos
Redos
added 2025/10/29 12:0 a.m.7 views

ROS-20251029-04

A plug-in vulnerability in the Grafana-Zabbix web-based data submission tool is related to maximum CPU utilization. Exploitation of the vulnerability could allow an attacker due to a custom request with a regular expression, acting remotely, to cause a denial of service...

4.3CVSS6.7AI score0.00323EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/10/29 12:0 a.m.6 views

PT-2025-44326

Name of the Vulnerable Software and Affected Versions Wazuh versions prior to 4.12.0 Description Wazuh, a free and open source platform for threat prevention, detection, and response, contains a flaw where a buffer over-read can occur in the w expression match function. This happens when strlen i...

7.5CVSS6.7AI score0.0035EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/10/29 12:0 a.m.4 views

Wazuh 安全漏洞

Wazuh is a Wazuh open source application. It is used to collect, aggregate, index and analyze security data to help organizations detect intrusions, threats and behavioral anomalies. A security vulnerability exists in Wazuh versions prior to 4.12.0, which stems from the failure to properly...

7.5CVSS6.5AI score0.0035EPSS
Exploits1References2
OSV
OSV
added 2025/10/28 8:38 p.m.2 views

GHSA-7F5H-V6XP-FCQ8 Starlette vulnerable to O(n^2) DoS via Range header merging in ``starlette.responses.FileResponse``

Summary An unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion per request, causing denial‑of‑service for endpoints serving files e.g., StaticFiles or any use of...

7.5CVSS6.5AI score0.00638EPSS
Exploits0References6
Snyk
Snyk
added 2025/10/28 8:38 p.m.5 views

Regular Expression Denial of Service (ReDoS)

Overview starlette is a The little ASGI library that shines. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the FileResponse.parserangeheader method. An attacker can exhaust server CPU resources by sending a specially crafted HTTP Range header...

8.7CVSS6.8AI score0.00638EPSS
Exploits0References2
Veracode
Veracode
added 2025/10/24 1:13 p.m.7 views

Expression Language Injection

Spring Cloud Gateway Server Webflux is vulnerable to Expression Language Injection. The vulnerability is due to unsafe SpEL evaluation in routes due to the actuator gateway endpoint being exposed and accessible to untrusted users; attackers can create routes that use SpEL to read environment...

7.5CVSS6.6AI score0.00435EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder