Lucene search
K

749 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 9 : python-mako-1.1.4-6.el9 (AXSA:2023-5414:01)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-5414:01 advisory. python-mako: REDoS in Lexer class CVE-2022-40023 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory. Note...

7.5CVSS7.5AI score0.01718EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 8 : python39:3.9 and python39-devel:3.9 (AXSA:2024-8950:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8950:01 advisory. python: cpython: tarfile: ReDos via excessive backtracking while parsing header values CVE-2024-6232 Tenable has extracted the preceding description block...

7.5CVSS7.3AI score0.02203EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 8 : ruby:3.0 (AXSA:2024-8502:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8502:01 advisory. ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: ReDoS vulnerability in URI CVE-2023-28755 ruby: ReDoS vulnerability in Time...

9.8CVSS7.3AI score0.02637EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 8 : resource-agents-4.1.1-98.el8 (AXSA:2021-2804:10)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2804:10 advisory. python-pygments: Infinite loop in SML lexer may lead to DoS CVE-2021-20270 python-pygments: ReDoS in multiple lexers CVE-2021-27291 Tenable has...

7.5CVSS8.4AI score0.03832EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 4 : rh-python36-python-pip-9.0.1-5.AXS4, rh-python36-python-3.6.12-1.AXS4, rh-python36-python-virtualenv-15.1.0-3.AXS4 (AXSA:2020-818:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-818:02 advisory. python: XSS vulnerability in the documentation XML-RPC server in servertitle field CVE-2019-16935 python: CRLF injection via the host part of the url...

7.5CVSS7.3AI score0.12826EPSS
Exploits4References8
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 8 : nodejs:14 (AXSA:2023-5289:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5289:01 advisory. decode-uri-component: improper input validation resulting in DoS CVE-2022-38900 glob-parent: Regular Expression Denial of Service CVE-2021-35065...

8.6CVSS7.9AI score0.24928EPSS
Exploits4References8
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 8 : nodejs:12 (AXSA:2021-2440:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2440:01 advisory. nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22930 nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22940...

9.8CVSS8AI score0.37286EPSS
Exploits5References9
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.7 views

MiracleLinux 7 : ruby-2.0.0.648-39.0.2.el7.AXS7 (AXSA:2025-9910:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9910:01 advisory. CVE-2025-27219: fix a potential Denial of Service DoS vulnerability in cookie parsing CVE-2025-27220: fix ReDoS vulnerability exists in the...

8.7CVSS7.1AI score0.01429EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/09 12:0 a.m.9 views

Siemens Ruggedcom ROX Inefficient Regular Expression Complexity (CVE-2024-6232)

There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives. This plugin only works with Tenable.ot. Please visit...

7.5CVSS6.9AI score0.02203EPSS
Exploits2References3
OSV
OSV
added 2026/01/08 12:26 a.m.5 views

CVE-2026-21868 Flag Forge has ReDoS Vulnerability in User Profile Lookup API

Flag Forge is a Capture The Flag CTF platform. Versions 2.3.2 and below have a Regular Expression Denial of Service ReDoS vulnerability in the user profile API endpoint /api/user/username. The application constructs a regular expression dynamically using unescaped user input the username paramete...

7.5CVSS6.7AI score0.00268EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/08 12:26 a.m.3 views

CVE-2026-21868 Flag Forge has ReDoS Vulnerability in User Profile Lookup API

Flag Forge is a Capture The Flag CTF platform. Versions 2.3.2 and below have a Regular Expression Denial of Service ReDoS vulnerability in the user profile API endpoint /api/user/username. The application constructs a regular expression dynamically using unescaped user input the username paramete...

7.5CVSS6.4AI score0.00268EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:10 a.m.4 views

CVE-2026-0621

Anthropic's MCP TypeScript SDK versions up to and including 1.25.1 contain a regular expression denial of service ReDoS vulnerability in the UriTemplate class when processing RFC 6570 exploded array patterns. The dynamically generated regular expression used during URI matching contains nested...

8.7CVSS6.5AI score0.00399EPSS
Exploits1References1
OSV
OSV
added 2026/01/05 9:30 p.m.5 views

GHSA-8R9Q-7V3J-JR4G Anthropic's MCP TypeScript SDK has a ReDoS vulnerability

Impact A ReDoS vulnerability in the UriTemplate class allows attackers to cause denial of service. The partToRegExp function generates a regex pattern with nested quantifiers ^/+?:,^/+ for exploded template variables e.g., /id, ?tags, causing catastrophic backtracking on malicious input. Who is...

8.7CVSS6.4AI score0.00399EPSS
Exploits1References7
OSV
OSV
added 2025/12/29 8:41 p.m.8 views

MGASA-2025-0334 Updated ruby-rack packages fix security vulnerabilities

Unbounded-Parameter DoS in Rack::QueryParser. CVE-2025-46727 ReDoS Vulnerability in Rack::Multipart handlemimehead. CVE-2025-49007 Rack QueryParser has an unsafe default allowing paramslimit bypass via semicolon-separated parameters. CVE-2025-59830 Rack's unbounded multipart preamble buffering...

8.7CVSS6.8AI score0.00911EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/23 2:37 p.m.6 views

Security Bulletin: Vulnerability in micromatch affects IBM Db2 Big SQL on Cloud Pak for Data

Summary A vulnerability in nodes.js module micromatch affects IBM Db2 Big SQL 7 on Cloud Pak for Data 5 Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: The NPM package micromatch prior to 4.0.8 is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability occurs in...

5.3CVSS7.2AI score0.01429EPSS
Exploits1Affected Software1
Cvelist
Cvelist
added 2025/12/22 9:31 p.m.26 views

CVE-2025-68475 Fedify has ReDoS Vulnerability in HTML Parsing Regex

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2, a Regular Expression Denial of Service ReDoS vulnerability exists in Fedify's document loader. The HTML parsing regex at...

7.5CVSS0.00481EPSS
Exploits1References7
Debian
Debian
added 2025/12/22 12:7 a.m.8 views

[SECURITY] [DLA 4418-1] python-mechanize security update

Debian LTS Advisory DLA-4418-1 [email protected] https://www.debian.org/lts/security/ Daniel Leidert December 22, 2025 https://wiki.debian.org/LTS Package : python-mechanize Version : 1:0.4.5-2+deb11u1 CVE ID : CVE-2021-32837 Erik Krogh Kristensen and Rasmus Petersen from the GitHub...

7.5CVSS7AI score0.28661EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/12/22 12:0 a.m.5 views

Debian dla-4418 : python3-mechanize - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4418 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4418-1 [email protected] https://www.debian.org/lts/security/...

7.5CVSS7.2AI score0.28661EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/12/17 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-68142

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PyMdown Extensions is a set of extensions for the Python-Markdown markdown project. Versions prior to 10.16.1 have a ReDOS bug found within the figure caption...

6.9CVSS5.8AI score0.00356EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2025/12/16 8:46 p.m.6 views

PyMdown Extensions has a ReDOS bug in its Figure Capture extension

Impact This issue describes a ReDOS bug found within the figure caption extension pymdownx.blocks.caption . In systems that take unchecked user content, this could cause long hangs when processing the data if a malicious payload was crafted. Patches This issue is patched in Release 10.16.1...

6.9CVSS6.9AI score0.00356EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder