Lucene search
K

9309 matches found

Veracode
Veracode
added 2025/10/24 4:27 a.m.7 views

Regular Expression Denial Of Service (ReDoS)

transformers is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression processing in the removelanguagecode method of the MarianTokenizer, which allows an attacker to exploit crafted input strings with malformed language code patterns ...

7.5CVSS7.2AI score0.00483EPSS
Exploits1References5Affected Software1
GithubExploit
GithubExploit
added 2025/10/24 3:33 a.m.164 views

Exploit for Expression Language Injection in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Penetration Testing & Vulnerability Research Cheatsheet 🛡️ !...

10CVSS6.3AI score0.99999EPSS
Exploits347
OSV
OSV
added 2025/10/21 1:4 p.m.5 views

CLSA-2025-1761051864 python3-setuptools: Fix of 2 CVEs

CVE-2022-40897: fix Regular Expression Denial of Service ReDoS in packageindex.py - CVE-2024-6345: fix remote code execution in packageindex module...

8.8CVSS7.4AI score0.02617EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/10/20 9:27 p.m.14 views

CVE-2025-48044

Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2. This issue affects ash: from pkg:hex/[email protected] before pkg:hex/[email protected]...

8.6CVSS7AI score0.0081EPSS
Exploits0References1
OSV
OSV
added 2025/10/20 5:49 p.m.4 views

CLSA-2025-1760982550 Fix CVE(s): CVE-2022-48174

SECURITYUPDATE: avoid segfault on $0::0/009J - debian/patches/CVE-2022-48174.patch: Fix shell segfault in malformed arithmetic expressions - CVE-2022-48174...

9.8CVSS7.1AI score0.02979EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/10/17 11:22 p.m.3 views

SUSE CVE-2025-61908

Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, when creating an invalid reference, such as a reference to null, dereferencing results in a segmentation fault. This can be used by any API user with access to an API endpoint that allows specifying a...

6.5CVSS6.8AI score0.00487EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/17 6:3 p.m.3 views

EUVD-2025-34884

Ash has authorization bypass when bypass policy condition evaluates to true...

8.6CVSS6.5AI score0.0081EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/10/17 6:3 p.m.9 views

Ash has authorization bypass when bypass policy condition evaluates to true

Summary Bypass policies incorrectly authorize requests when their condition evaluates to true but their authorization checks fail and no other policies apply. Impact Resources with bypass policies can be accessed without proper authorization when: - Bypass condition evaluates to true - Bypass...

8.6CVSS7.3AI score0.0081EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/17 4:55 p.m.4 views

CVE-2025-41253

The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server...

7.5CVSS6.8AI score0.00435EPSS
Exploits0References1
OSV
OSV
added 2025/10/17 2:15 p.m.5 views

CVE-2025-48044

Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2. This issue affects ash: from pkg:hex/[email protected] before pkg:hex/[email protected]...

8.6CVSS7AI score0.0081EPSS
Exploits0References2
NVD
NVD
added 2025/10/17 2:15 p.m.5 views

CVE-2025-48044

Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2. This issue affects ash: from pkg:hex/[email protected] before pkg:hex/[email protected]...

8.6CVSS0.0081EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/10/17 1:52 p.m.12 views

CVE-2025-48044 Authorization bypass when bypass policy condition evaluates to true

Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2. This issue affects ash: from pkg:hex/[email protected] before pkg:hex/[email protected]...

8.6CVSS0.0081EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/16 6:30 p.m.6 views

EUVD-2025-34779

An integer overflow vulnerability exists in the QuickJS regular expression engine libregexp due to an inconsistent representation of the bytecode buffer size. The regular expression bytecode is stored in a DynBuf structure, which correctly uses a $\textsize\textt$ an unsigned type, typically...

7.1CVSS7AI score0.00417EPSS
Exploits1References3
OSV
OSV
added 2025/10/16 6:15 p.m.7 views

UBUNTU-CVE-2025-61908

Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, when creating an invalid reference, such as a reference to null, dereferencing results in a segmentation fault. This can be used by any API user with access to an API endpoint that allows specifying a...

7.1CVSS5.8AI score0.00487EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/10/16 5:59 p.m.4 views

CVE-2025-61921

A flaw was found in Sinatra. A Regular Expression Denial of Service ReDoS vulnerability can be triggered when parsing the If-Match and If-None-Match HTTP headers. A remote attacker can exploit this issue by sending a specially crafted header to an application endpoint that uses the etag method,...

6.9CVSS5.9AI score0.00448EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2025/10/16 5:16 p.m.1 views

CVE-2025-61908 Icinga 2 Denial of Service (DoS) By Dereferencing Invalid Reference

Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, when creating an invalid reference, such as a reference to null, dereferencing results in a segmentation fault. This can be used by any API user with access to an API endpoint that allows specifying a...

7.1CVSS6.4AI score0.00487EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/10/16 3:51 p.m.6 views

CVE-2025-62495

An integer overflow vulnerability exists in the QuickJS regular expression engine libregexp due to an inconsistent representation of the bytecode buffer size. The regular expression bytecode is stored in a DynBuf structure, which correctly uses a $\textsize\textt$ an unsigned type, typically...

8.8CVSS7.5AI score0.00417EPSS
Exploits1References2
OSV
OSV
added 2025/10/16 3:30 p.m.4 views

GHSA-FWXX-WV44-7QFG Spring Cloud Gateway Server Webflux is vulnerable to Expression Language Injection

The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server...

7.5CVSS5.9AI score0.00435EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/10/16 3:30 p.m.10 views

Spring Cloud Gateway Server Webflux is vulnerable to Expression Language Injection

The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server...

7.5CVSS6.8AI score0.00435EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2025/10/16 3:30 p.m.4 views

EUVD-2025-34761

Spring Cloud Gateway Server Webflux is vulnerable to Expression Language Injection...

7.5CVSS6.7AI score0.00435EPSS
Exploits0References5
Rows per page
Query Builder