CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9286 matches found

Snyk•added 2026/05/06 11:28 p.m.•5 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via improper validation of user-supplied fields in the filter and sortby parameters. An attacker can cause the backend to return HTTP 500 errors, potentially disrupt service availability, and...

5.4CVSS5.5AI score0.00253EPSS

Exploits1References3

Github Security Blog•added 2026/05/06 9:41 p.m.•6 views

Valtimo has SpEL injection via StandardEvaluationContext that allows Remote Code Execution by admin users

Summary Multiple classes evaluate Spring Expression Language SpEL expressions from user-supplied input using StandardEvaluationContext, which provides unrestricted access to Java types and methods. An authenticated user with the ADMIN role can achieve Remote Code Execution and credential...

9.1CVSS6AI score0.00576EPSS

Exploits0References3Affected Software3

Github Security Blog•added 2026/05/06 6:24 p.m.•15 views

Nokogiri CSS selector tokenizer has regular expression backtracking

Summary Nokogiri's CSS selector tokenizer contains regular expressions whose construction may result in exponential regex backtracking on adversarial selectors. Three ReDoS vectors are addressed in this release: 1. String-literal tokenization on certain unterminated quoted-string input. 2...

5.8AI score

Exploits0References2Affected Software1

NVD•added 2026/05/06 6:16 p.m.•13 views

CVE-2026-33079

In versions 3.0.0a1 through 3.2.0 of Mistune, there is a ReDoS Regular Expression Denial of Service vulnerability in LINKTITLERE that allows an attacker who can supply Markdown for parsing to cause denial of service. The regular expression used for parsing link titles contains overlapping...

8.7CVSS0.00348EPSS

Exploits0References2

OSV•added 2026/05/06 6:16 p.m.•5 views

DEBIAN-CVE-2026-33079

8.7CVSS5.8AI score0.00348EPSS

Exploits0References1

OSV•added 2026/05/06 6:16 p.m.•3 views

UBUNTU-CVE-2026-33079

8.7CVSS5.8AI score0.00348EPSS

Exploits0References3

Debian CVE•added 2026/05/06 5:25 p.m.•7 views

CVE-2026-33079

8.7CVSS5.8AI score0.00348EPSS

Exploits0

CVE•added 2026/05/06 5:25 p.m.•16 views

CVE-2026-33079

Mistune 3.0.0a1–3.2.0 contains a ReDoS in LINK_TITLE_RE used for parsing link titles, enabling exponential backtracking when processing Markdown strings with repeated ! sequences and no closing quote. The ambiguity arises from overlapping alternatives in the two branches (double-quoted and single...

8.7CVSS5.8AI score0.00348EPSS

Exploits0References2

Vulnrichment•added 2026/05/06 5:25 p.m.•9 views

CVE-2026-33079 Mistune ReDoS in LINK_TITLE_RE allows denial of service with crafted Markdown titles

8.7CVSS5.8AI score0.00348EPSS

Exploits0References2

Cvelist•added 2026/05/06 5:25 p.m.•40 views

CVE-2026-33079 Mistune ReDoS in LINK_TITLE_RE allows denial of service with crafted Markdown titles

8.7CVSS0.00348EPSS

Exploits0References2

EUVD•added 2026/05/06 4:52 p.m.•11 views

EUVD-2026-27877

Mistune has a ReDoS in LINKTITLERE that allows denial of service via crafted Markdown input...

8.7CVSS5.8AI score0.00348EPSS

Exploits0References2

OSV•added 2026/05/06 4:52 p.m.•4 views

GHSA-8MP2-V27R-99XP Mistune has a ReDoS in LINK_TITLE_RE that allows denial of service via crafted Markdown input

Summary A ReDoS Regular Expression Denial of Service vulnerability in LINKTITLERE allows an attacker who can supply Markdown for parsing to cause denial of service. A crafted 58-byte Markdown document blocks the parser for approximately 6 seconds measured on Apple M2, Python 3.14.3, with...

8.7CVSS6AI score0.00348EPSS

Exploits0References4

Github Security Blog•added 2026/05/06 4:52 p.m.•7 views

Mistune has a ReDoS in LINK_TITLE_RE that allows denial of service via crafted Markdown input

8.7CVSS6AI score0.00348EPSS

Exploits0References4Affected Software1

Snyk•added 2026/05/06 4:52 p.m.•6 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS through the LINKTITLERE regular expression in Markdown parsing. An attacker can cause excessive resource consumption and make the application unresponsive by submitting specially crafted Markdo...

8.7CVSS5.8AI score0.00348EPSS

Exploits0References2

Packet Storm•added 2026/05/06 12:0 a.m.•69 views

📄 MikroORM 7.0.5 SQL Injection

MikroORM versions 7.0.5 and below suffer from a remote SQL injection vulnerability. CVE-2026-43220 MikroORM SQL Injection ★ CVE-2026-43220 MikroORM SQL Injection PoC ★ https://github.com/user-attachments/assets/33724cfc-6151-47ff-9415-2f50c5124cd1 Overview CVE-2026-43220 is a SQL Injection...

5.5CVSS5.9AI score0.00127EPSS

Exploits1

Positive Technologies•added 2026/05/06 12:0 a.m.•16 views

PT-2026-38275

Name of the Vulnerable Software and Affected Versions com.ritense.valtimo:document versions 12.0.0 through 12.31.0 com.ritense.valtimo:case versions 13.0.0 through 13.22.0 com.ritense.valtimo:contract versions 13.4.0 through 13.22.0 Description Valtimo is an open-source business process automatio...

9.1CVSS6AI score0.00576EPSS

Exploits0References4

Packet Storm News•added 2026/05/06 12:0 a.m.•6 views

YARA-X 1.16.0

YARA-X is a re-incarnation of YARA, a pattern matching tool designed with malware researchers in mind. This new incarnation intends to be faster, safer and more user-friendly than its predecessor. The ultimate goal of YARA-X is replacing YARA as the default pattern matching tool for malware...

5.8AI score

Exploits0

NVD•added 2026/05/05 10:16 p.m.•7 views

CVE-2026-40110

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python's re.match to check incoming origins against the alloworiginpat configuration value. Because re.match only anchors at the start of the string and does not require a...

7.6CVSS0.00357EPSS

Exploits0References4