Lucene search
+L

18 matches found

Snyk
Snyk
added 2026/02/10 6:47 p.m.7 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the matchpattern function due to inefficient processing of the complex regular expressions. An attacker can cause resource exhaustion by supplying specially crafted input that...

5.5CVSS6.4AI score0.00223EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-8315

Malware in sbrugna...

3.9CVSS4.6AI score0.00227EPSS
Exploits0References2
OSV
OSV
added 2025/10/03 4:16 p.m.4 views

DEBIAN-CVE-2025-10728

When the module renders a Svg file that contains a element, it might end up rendering it recursively leading to stack overflow DoS...

9.4CVSS5.3AI score0.00203EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/10 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2021-35942

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The wordexp function in the GNU C Library aka glibc through 2.33 may crash or read arbitrary memory in parseparam in posix/wordexp.c when called with an...

9.1CVSS7.3AI score0.02678EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/05/28 5:49 p.m.29 views

vLLM has a Regular Expression Denial of Service (ReDoS, Exponential Complexity) Vulnerability in `pythonic_tool_parser.py`

Summary A Regular Expression Denial of Service ReDoS vulnerability exists in the file vllm/entrypoints/openai/toolparsers/pythonictoolparser.py of the vLLM project. The root cause is the use of a highly complex and nested regular expression for tool call detection, which can be exploited by an...

6.5CVSS6.7AI score0.00426EPSS
Exploits1References6Affected Software1
RedhatCVE
RedhatCVE
added 2025/03/22 11:43 a.m.10 views

CVE-2024-6851

In version 3.22.0 of aimhubio/aim, the LocalFileManager.cleanup function in the aim tracking server accepts a user-specified glob-pattern for deleting files. The function does not verify that the matched files are within the directory managed by LocalFileManager, allowing a maliciously crafted...

7.5CVSS7AI score0.00953EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.11 views

Aim Path Traversal vulnerability

In version 3.22.0 of aimhubio/aim, the LocalFileManager.cleanup function in the aim tracking server accepts a user-specified glob-pattern for deleting files. The function does not verify that the matched files are within the directory managed by LocalFileManager, allowing a maliciously crafted...

7.5CVSS6.9AI score0.00953EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2025/03/20 10:15 a.m.7 views

CVE-2024-6851

In version 3.22.0 of aimhubio/aim, the LocalFileManager.cleanup function in the aim tracking server accepts a user-specified glob-pattern for deleting files. The function does not verify that the matched files are within the directory managed by LocalFileManager, allowing a maliciously crafted...

7.5CVSS0.00953EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:9 a.m.52 views

CVE-2024-6851

CVE-2024-6851 affects aimhubio/aim v3.22.0. The LocalFileManager._cleanup function accepts a user-supplied glob-pattern and does not verify that matched files stay within the directory managed by LocalFileManager, allowing a crafted glob-pattern to delete arbitrary files. Reported impact is arbit...

7.5CVSS7.5AI score0.00953EPSS
Exploits1References1Affected Software1
FreeBSD
FreeBSD
added 2025/03/12 12:0 a.m.19 views

gitea -- Multiple vulnerabilities

[email protected] reports: Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied. go-redis ...

7.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/07/27 12:0 a.m.7 views

PT-2023-35925 · Oracle · Java.Base

Name of the Vulnerable Software and Affected Versions: java.base affected versions not specified Description: A security exception crash has been reported in java.base. The crash occurs in the java.util.regex.Pattern class, specifically in the Loop.match, GroupTail.match, and BranchConn.match...

7AI score
Exploits0References2
CNNVD
CNNVD
added 2023/06/25 12:0 a.m.5 views

GNU C Library 安全漏洞

Gnu glibc is a core component of the Linux system used to implement the C standard library, providing underlying API support for applications, following the POSIX and ISO C standards. A denial of service vulnerability exists in Gnu glibc, which stems from an endpattern in the GNU C library that...

5.5CVSS6.5AI score0.00317EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:10 a.m.2 views

SUSE CVE-2007-4782

PHP before 5.2.3 allows context-dependent attackers to cause a denial of service application crash via 1 a long string in the pattern parameter to the glob function; or 2 a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined...

5CVSS7.6AI score0.04696EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2022/01/24 9:45 a.m.4 views

OpenJDK: Unexpected exception thrown in regex Pattern (Libraries, 8268813)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...

5.3CVSS7.4AI score0.03782EPSS
Exploits0References4
OSV
OSV
added 2020/02/02 2:15 p.m.2 views

DEBIAN-CVE-2019-20446

In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially...

6.5CVSS6.9AI score0.02125EPSS
Exploits0References1
OSV
OSV
added 2018/05/31 8:29 p.m.2 views

DEBIAN-CVE-2016-10540

Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript RegExp objects. The primary function, minimatchpath, pattern in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the pattern parameter...

7.5CVSS7.6AI score0.01743EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/03/09 5:0 p.m.14 views

CVE-2017-17149

Huawei HiWallet App with the versions before 8.0.4 has an arbitrary lock pattern change vulnerability. It needs to verify the user's Huawei ID during lock pattern change. An attacker with root privilege who gets a user's smart phone may bypass Huawei ID verification by special operation. Successf...

4.4AI score0.00227EPSS
Exploits0References1
Debian
Debian
added 2016/01/30 10:52 p.m.32 views

[SECURITY] [DLA 406-1] phpmyadmin security update

Package : phpmyadmin Version : 4:3.3.7-11 CVE ID : CVE-2016-2039 CVE-2016-2041 Several flaws were discovered in the CSRF authentication code of phpMyAdmin. CVE-2016-2039 The XSRF/CSRF token is generated with a weak algorithm using functions that do not return cryptographically secure values...

7.5CVSS6.6AI score0.02648EPSS
Exploits0
Rows per page
Query Builder