Lucene search
K

67 matches found

vulnersOsv
vulnersOsv
added 2026/03/25 9:13 p.m.9 views

@10xsai/cloudflare-router-nx-plugin (=1.0.0), @4itech/schematics (>=11.7.1 <=11.7.6) +977 more potentially affected by CVE-2026-33672 via picomatch (>=4.0.1 <=4.0.3)

picomatch NPM version =4.0.1, =11.7.1, =1.2.0, =8.3.0, =1.0.25, =0.0.47, =10.0.0, =10.0.0, =13.0.0, =10.0.0, =0.0.1-development, =0.0.1, =2.0.0, =1.0.57, =1.0.100 and more Source cves: CVE-2026-33672 Source advisory: SNYK:JS-PICOMATCH-15765513...

5.3CVSS5.7AI score0.0041EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/25 9:13 p.m.6 views

4itech-schematics (>=11.3.0 <=11.7.0-5), @4itech/schematics (=11.7.0) +71 more potentially affected by CVE-2026-33672 via picomatch (=3.0.1)

picomatch NPM version =3.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on picomatch and may be impacted: - 4itech-schematics =11.3.0, =10.0.0-alpha.1, =10.0.0-alpha.1, =10.0.0-alpha.1, =0.1700.0, =0.1700.0, =17.0.0, =0.1700.0, =17.0.0, =17.0.0,...

5.3CVSS5.7AI score0.0041EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/25 9:13 p.m.9 views

4itech-schematics (>=11.0.0 <=11.3.0-1), @142vip/midway (>=0.1.6-alpha.2 <=0.1.6-alpha.12) +570 more potentially affected by CVE-2026-33672 via picomatch (>=2.1.1 <=2.3.1)

picomatch NPM version =2.1.1, =11.0.0, =0.1.6-alpha.2, =7.4.1, =0.0.1, =1.0.1, =0.0.2, =2.0.0, =9.0.0, =9.2.0-alpha.9, =9.2.0-alpha.9, =1.0.101, =1.1.0, =1.4.1 and more Source cves: CVE-2026-33672 Source advisory: SNYK:JS-PICOMATCH-15765513...

5.3CVSS5.7AI score0.0041EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/25 9:13 p.m.6 views

@10xsai/cloudflare-router-nx-plugin (=1.0.0), @4itech/schematics (>=11.7.1 <=11.7.6) +977 more potentially affected by CVE-2026-33672 via picomatch (>=4.0.1 <=4.0.3)

picomatch NPM version =4.0.1, =11.7.1, =1.2.0, =8.3.0, =1.0.25, =0.0.47, =10.0.0, =10.0.0, =13.0.0, =10.0.0, =0.0.1-development, =0.0.1, =2.0.0, =1.0.57, =1.0.100 and more Source cves: CVE-2026-33672 Source advisory: OSV:GHSA-3V7F-55P6-F55P...

5.3CVSS5.7AI score0.0041EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/25 9:13 p.m.5 views

4itech-schematics (>=11.3.0 <=11.7.0-5), @4itech/schematics (=11.7.0) +71 more potentially affected by CVE-2026-33672 via picomatch (=3.0.1)

picomatch NPM version =3.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on picomatch and may be impacted: - 4itech-schematics =11.3.0, =10.0.0-alpha.1, =10.0.0-alpha.1, =10.0.0-alpha.1, =0.1700.0, =0.1700.0, =17.0.0, =0.1700.0, =17.0.0, =17.0.0,...

5.3CVSS5.7AI score0.0041EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/25 9:13 p.m.7 views

4itech-schematics (>=11.0.0 <=11.3.0-1), @142vip/midway (>=0.1.6-alpha.2 <=0.1.6-alpha.12) +572 more potentially affected by CVE-2026-33672 via picomatch (>=1.2.0 <=2.3.1)

picomatch NPM version =1.2.0, =11.0.0, =0.1.6-alpha.2, =7.4.1, =0.0.1, =1.0.1, =0.0.2, =2.0.0, =9.0.0, =9.2.0-alpha.9, =9.2.0-alpha.9, =1.0.101, =1.1.0, =1.4.1 and more Source cves: CVE-2026-33672 Source advisory: OSV:GHSA-3V7F-55P6-F55P...

5.3CVSS5.7AI score0.0041EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/25 9:13 p.m.8 views

org.webjars.npm:angular-devkit__architect (=0.1902.8), org.webjars.npm:angular-devkit__core (=19.2.8) +2 more potentially affected by CVE-2026-33672 via org.webjars.npm:picomatch (=4.0.2)

org.webjars.npm:picomatch MAVEN version =4.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:picomatch and may be impacted: - org.webjars.npm:angular-devkitarchitect =0.1902.8 - org.webjars.npm:angular-devkitcore =19.2.8 -...

5.3CVSS5.8AI score0.0041EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/03/25 9:13 p.m.21 views

Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching

Impact picomatch is vulnerable to a method injection vulnerability CWE-1321 affecting the POSIXREGEXSOURCE object. Because the object inherits from Object.prototype, specially crafted POSIX bracket expressions e.g., :constructor: can reference inherited method names. These methods are implicitly...

5.3CVSS6.1AI score0.0041EPSS
Exploits0References4Affected Software1
vulnersOsv
vulnersOsv
added 2026/03/25 9:12 p.m.16 views

@10xsai/cloudflare-router-nx-plugin (=1.0.0), @4itech/schematics (>=11.7.1 <=11.7.6) +977 more potentially affected by CVE-2026-33671 via picomatch (>=4.0.1 <=4.0.3)

picomatch NPM version =4.0.1, =11.7.1, =1.2.0, =8.3.0, =1.0.25, =0.0.47, =10.0.0, =10.0.0, =13.0.0, =10.0.0, =0.0.1-development, =0.0.1, =2.0.0, =1.0.57, =1.0.100 and more Source cves: CVE-2026-33671 Source advisory: OSV:GHSA-C2C7-RCM5-VVQJ...

7.5CVSS5.7AI score0.00412EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/25 9:12 p.m.7 views

4itech-schematics (>=11.3.0 <=11.7.0-5), @4itech/schematics (=11.7.0) +71 more potentially affected by CVE-2026-33671 via picomatch (=3.0.1)

picomatch NPM version =3.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on picomatch and may be impacted: - 4itech-schematics =11.3.0, =10.0.0-alpha.1, =10.0.0-alpha.1, =10.0.0-alpha.1, =0.1700.0, =0.1700.0, =17.0.0, =0.1700.0, =17.0.0, =17.0.0,...

7.5CVSS5.7AI score0.00412EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/25 9:12 p.m.6 views

@10xsai/cloudflare-router-nx-plugin (=1.0.0), @4itech/schematics (>=11.7.1 <=11.7.6) +977 more potentially affected by CVE-2026-33671 via picomatch (>=4.0.1 <=4.0.3)

picomatch NPM version =4.0.1, =11.7.1, =1.2.0, =8.3.0, =1.0.25, =0.0.47, =10.0.0, =10.0.0, =13.0.0, =10.0.0, =0.0.1-development, =0.0.1, =2.0.0, =1.0.57, =1.0.100 and more Source cves: CVE-2026-33671 Source advisory: SNYK:JS-PICOMATCH-15765511...

7.5CVSS5.7AI score0.00412EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/25 9:12 p.m.7 views

4itech-schematics (>=11.3.0 <=11.7.0-5), @4itech/schematics (=11.7.0) +71 more potentially affected by CVE-2026-33671 via picomatch (=3.0.1)

picomatch NPM version =3.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on picomatch and may be impacted: - 4itech-schematics =11.3.0, =10.0.0-alpha.1, =10.0.0-alpha.1, =10.0.0-alpha.1, =0.1700.0, =0.1700.0, =17.0.0, =0.1700.0, =17.0.0, =17.0.0,...

7.5CVSS5.7AI score0.00412EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/25 9:12 p.m.8 views

4itech-schematics (>=11.0.0 <=11.3.0-1), @142vip/midway (>=0.1.6-alpha.2 <=0.1.6-alpha.12) +570 more potentially affected by CVE-2026-33671 via picomatch (>=2.1.1 <=2.3.1)

picomatch NPM version =2.1.1, =11.0.0, =0.1.6-alpha.2, =7.4.1, =0.0.1, =1.0.1, =0.0.2, =2.0.0, =9.0.0, =9.2.0-alpha.9, =9.2.0-alpha.9, =1.0.101, =1.1.0, =1.4.1 and more Source cves: CVE-2026-33671 Source advisory: SNYK:JS-PICOMATCH-15765511...

7.5CVSS5.7AI score0.00412EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/25 9:12 p.m.6 views

org.webjars.npm:angular-devkit__architect (=0.1902.8), org.webjars.npm:angular-devkit__core (=19.2.8) +2 more potentially affected by CVE-2026-33671 via org.webjars.npm:picomatch (=4.0.2)

org.webjars.npm:picomatch MAVEN version =4.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:picomatch and may be impacted: - org.webjars.npm:angular-devkitarchitect =0.1902.8 - org.webjars.npm:angular-devkitcore =19.2.8 -...

7.5CVSS5.8AI score0.00412EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/25 9:12 p.m.8 views

4itech-schematics (>=11.0.0 <=11.3.0-1), @142vip/midway (>=0.1.6-alpha.2 <=0.1.6-alpha.12) +572 more potentially affected by CVE-2026-33671 via picomatch (>=1.2.0 <=2.3.1)

picomatch NPM version =1.2.0, =11.0.0, =0.1.6-alpha.2, =7.4.1, =0.0.1, =1.0.1, =0.0.2, =2.0.0, =9.0.0, =9.2.0-alpha.9, =9.2.0-alpha.9, =1.0.101, =1.1.0, =1.4.1 and more Source cves: CVE-2026-33671 Source advisory: OSV:GHSA-C2C7-RCM5-VVQJ...

7.5CVSS5.7AI score0.00412EPSS
Exploits0
OSV
OSV
added 2026/03/25 9:12 p.m.3 views

GHSA-C2C7-RCM5-VVQJ Picomatch has a ReDoS vulnerability via extglob quantifiers

Impact picomatch is vulnerable to Regular Expression Denial of Service ReDoS when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as + and , especially when combined with overlapping alternatives or nested extglobs, are compiled into regular expressions that c...

7.5CVSS6.6AI score0.00412EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/25 9:12 p.m.15 views

Picomatch has a ReDoS vulnerability via extglob quantifiers

Impact picomatch is vulnerable to Regular Expression Denial of Service ReDoS when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as + and , especially when combined with overlapping alternatives or nested extglobs, are compiled into regular expressions that c...

7.5CVSS5.5AI score0.00412EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.14 views

PT-2026-28172

Name of the Vulnerable Software and Affected Versions Picomatch versions prior to 4.0.4 Picomatch versions prior to 3.0.2 Picomatch versions prior to 2.3.2 Description Picomatch, a glob matcher written in JavaScript, is susceptible to Regular Expression Denial of Service ReDoS when processing...

7.5CVSS5.9AI score0.00412EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.12 views

PT-2026-28173

Name of the Vulnerable Software and Affected Versions Picomatch versions prior to 4.0.4 Picomatch versions prior to 3.0.2 Picomatch versions prior to 2.3.2 Description Picomatch, a JavaScript glob matcher, contains a flaw where specially crafted POSIX bracket expressions, such as :constructor:, c...

5.3CVSS6.1AI score0.0041EPSS
Exploits0References15
Github Security Blog
Github Security Blog
added 2024/04/03 4:46 p.m.280 views

Vite's `server.fs.deny` did not deny requests for patterns with directories.

Summary Vite dev server option server.fs.deny did not deny requests for patterns with directories. An example of such a pattern is /foo//. Impact Only apps setting a custom server.fs.deny that includes a pattern with directories, and explicitly exposing the Vite dev server to the network using...

5.9CVSS6.9AI score0.00711EPSS
Exploits0References9Affected Software1
Rows per page
Query Builder