Lucene search
+L

750 matches found

github
github
added 2025/12/16 8:46 p.m.8 views

PyMdown Extensions has a ReDOS bug in its Figure Capture extension

Impact This issue describes a ReDOS bug found within the figure caption extension pymdownx.blocks.caption . In systems that take unchecked user content, this could cause long hangs when processing the data if a malicious payload was crafted. Patches This issue is patched in Release 10.16.1...

6.9CVSS6.9AI score0.00363EPSS
Exploits1References5Affected Software1
debiancve
debiancve
added 2025/12/16 6:6 p.m.7 views

CVE-2025-68142

PyMdown Extensions is a set of extensions for the Python-Markdown markdown project. Versions prior to 10.16.1 have a ReDOS bug found within the figure caption extension pymdownx.blocks.caption. In systems that take unchecked user content, this could cause long hanges when processing the data if a...

6.9CVSS5.3AI score0.00363EPSS
Exploits1
cvelist
cvelist
added 2025/12/16 6:6 p.m.31 views

CVE-2025-68142 PyMdown Extensions has ReDOS bug in Figure Capture extension

PyMdown Extensions is a set of extensions for the Python-Markdown markdown project. Versions prior to 10.16.1 have a ReDOS bug found within the figure caption extension pymdownx.blocks.caption. In systems that take unchecked user content, this could cause long hanges when processing the data if a...

6.9CVSS0.00363EPSS
Exploits1References3
ibm
ibm
added 2025/12/05 3:40 p.m.7 views

Security Bulletin: CodeMirror Regex Vulnerability Enables ReDoS Before 5.58.2, affects watsonx.data

Summary This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. Th...

7.5CVSS6.6AI score0.05197EPSS
Exploits1Affected Software1
nessus
nessus
added 2025/12/04 12:0 a.m.5 views

RockyLinux 9 : python-mako (RLSA-2023:2258)

The remote RockyLinux 9 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2023:2258 advisory. python-mako: REDoS in Lexer class CVE-2022-40023 Tenable has extracted the preceding description block directly from the RockyLinux security advisory. Note that...

7.5CVSS7.5AI score0.01718EPSS
Exploits1References3
osv
osv
added 2025/12/03 9:5 a.m.12 views

RLSA-2023:2258 Moderate: python-mako security update

Mako is a template library written in Python. It provides a familiar, non-XML syntax which compiles into Python modules for maximum performance. Security Fixes: python-mako: REDoS in Lexer class CVE-2022-40023 For more details about the security issues, including the impact, a CVSS score,...

7.5CVSS6.5AI score0.01718EPSS
Exploits1References2
rocky
rocky
added 2025/12/03 9:5 a.m.14 views

python-mako security update

An update is available for python-mako. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mako is a template library written in Python. It provides a familiar,...

7.5CVSS6.7AI score0.01718EPSS
Exploits1
osv
osv
added 2025/12/03 9:2 a.m.7 views

RLSA-2023:2893 Moderate: python-mako security update

Mako is a template library written in Python. It provides a familiar, non-XML syntax which compiles into Python modules for maximum performance. Security Fixes: mako: REDoS in Lexer class CVE-2022-40023 For more details about the security issues, including the impact, a CVSS score, acknowledgment...

7.5CVSS6.5AI score0.01718EPSS
Exploits1References2
nessus
nessus
added 2025/12/03 12:0 a.m.6 views

SUSE SLED15: libruby2_5-2_5 / ruby2.5 / ruby2.5-devel / ruby2.5-devel-extra / etc (SUSE-SU-2025:4264-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4264-1 advisory. - CVE-2024-35221: Fixed remote DoS via YAML manifest bsc1225905 - CVE-2024-47220: Fixed HTTP request smuggling...

8.7CVSS6.6AI score0.01429EPSS
Exploits0References26
osv
osv
added 2025/11/26 1:49 a.m.6 views

CVE-2025-66020 Valibot has a ReDoS vulnerability in `EMOJI_REGEX`

Valibot helps validate data using a schema. In versions from 0.31.0 to 1.1.0, the EMOJIREGEX used in the emoji action is vulnerable to a Regular Expression Denial of Service ReDoS attack. A short, maliciously crafted string e.g., 100 characters can cause the regex engine to consume excessive CPU...

7.5CVSS6.7AI score0.00296EPSS
Exploits0References4
mageia
mageia
added 2025/11/13 11:37 p.m.6 views

Updated python-py packages fix security vulnerability

The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expression Denial of Service attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. CVE-2022-42969...

7.5CVSS7AI score0.01546EPSS
Exploits1References3
osv
osv
added 2025/11/02 12:18 p.m.4 views

SUSE-SU-2025:3911-1 Security update for rav1e

This update for rav1e fixes the following issues: - CVE-2022-24713: Updated crate regex to 1.5.5 that resolves a ReDoS issue bsc1196972...

7.5CVSS5.8AI score0.1446EPSS
Exploits1References3
redhatcve
redhatcve
added 2025/10/31 3:11 p.m.6 views

CVE-2025-5342

Zohocorp ManageEngine Exchange Reporter Plus through 5721 are vulnerable to ReDOS vulnerability in the search module...

6.5CVSS6.9AI score0.01037EPSS
Exploits0References1
osv
osv
added 2025/10/30 3:15 p.m.6 views

CVE-2025-5342

Zohocorp ManageEngine Exchange Reporter Plus through 5721 are vulnerable to ReDOS vulnerability in the search module...

6.5CVSS5.8AI score0.01037EPSS
Exploits0References1
nvd
nvd
added 2025/10/30 3:15 p.m.4 views

CVE-2025-5342

Zohocorp ManageEngine Exchange Reporter Plus through 5721 are vulnerable to ReDOS vulnerability in the search module...

6.5CVSS0.01037EPSS
Exploits0References1
euvd
euvd
added 2025/10/30 2:20 p.m.6 views

EUVD-2025-37005

Zohocorp ManageEngine Exchange Reporter Plus through 5721 are vulnerable to ReDOS vulnerability in the search module...

4.3CVSS6.4AI score0.01037EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/10/30 2:20 p.m.4 views

CVE-2025-5342 Denial of Service (DoS)

Zohocorp ManageEngine Exchange Reporter Plus through 5721 are vulnerable to ReDOS vulnerability in the search module...

4.3CVSS6.5AI score0.01037EPSS
Exploits0References1
cve
cve
added 2025/10/16 8:40 a.m.20 views

CVE-2025-61581

CVE-2025-61581 describes an Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control affecting all versions. The description states that users with access to the Traffic Router management interface could supply malicious patterns, potentially causing unavailability. The p...

7.5CVSS6.5AI score0.00687EPSS
Exploits0References2Affected Software1
vulnrichment
vulnrichment
added 2025/10/16 8:40 a.m.2 views

CVE-2025-61581 Apache Traffic Control: ReDoS issue in Traffic Router configuration

UNSUPPORTED WHEN ASSIGNED Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control. This issue affects Apache Traffic Control: all versions. People with access to the management interface of the Traffic Router component could specify malicious patterns and cause...

6.5AI score0.00687EPSS
Exploits0References1
rubygems
rubygems
added 2025/10/10 12:0 a.m.9 views

Sinatra is vulnerable to ReDoS through ETag header value generation

Summary There is a denial of service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method is used when constructing the response and you are using Ruby = 3.2...

7.5CVSS6.5AI score0.00458EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder