Lucene search
K

3342 matches found

Snyk
Snyk
added 5 days ago5 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...

8.7CVSS6AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 7:38 p.m.8 views

CVE-2026-58578

LobeChat before version 2.2.10-canary.15 contains a regular expression denial of service ReDoS vulnerability that allows authenticated attackers to block the Node.js event loop by supplying a catastrophic-backtracking pattern in a GitHub repository URL path during skill import. Attackers can craf...

7.1CVSS5.8AI score0.00305EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/29 5:2 a.m.11 views

CVE-2025-71379

A flaw was found in vLLM. Multiple regular expression denial of service ReDoS vulnerabilities exist in versions greater than or equal to 0.6.3 and less than 0.9.0. An attacker can exploit this by submitting crafted input with nested or repeated structures to specific regex patterns within vLLM,...

7.5CVSS5.8AI score0.00321EPSS
Exploits1References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 2:27 p.m.3 views

Security Bulletin: DataStage on Cloud Pak for Data has several vulnerabilities due to open source software

Summary Open source packages are used as part of the overall processing in DataStage on Cloud Pak for Data. Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacker can pass...

9.8CVSS6.8AI score0.01535EPSS
Exploits1Affected Software1
NVD
NVD
added 2026/06/17 11:17 p.m.11 views

CVE-2026-45617

LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, the built-in striphtml filter uses a regex containing four flawed lazy-quantified alternatives, leading to ReDoS via quadratic backtracking. When the input contains many script...

7.5CVSS0.00385EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2026/06/17 12:0 a.m.9 views

HAPI FHIR: Incomplete fix for CVE-2026-45367: DSTU2 FHIRPathEngine.matches() missing RegexTimeout protection allows ReDoS

The fix for CVE-2026-45367 added RegexTimeout protection to the matches function in DSTU2016MAY, DSTU3, R4, R4B, and R5, but the DSTU2 module was incompletely patched. In org.hl7.fhir.dstu2, replaceMatches was updated while matches at line 2462 still calls the raw String.matchessw without any...

7.5CVSS5.3AI score0.00354EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/16 10:39 a.m.9 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js module path-to-regexp

Summary IBM App Connect Enterprise runtime and IBM App Connect Enterprise Discovery Connectors are vulnerable to multiple vulnerabilities due to Node.js module path-to-regexp. Vulnerability Details CVEID:CVE-2026-4867 DESCRIPTION: Impact: A bad regular expression is generated any time you have...

7.5CVSS5.5AI score0.00791EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.255 views

Spring Framework 5.3.x < 5.3.49 / 6.1.x < 6.1.28 / 6.2.x < 6.2.18.1 / 7.0.x < 7.0.7.1 Multiple Vulnerabilities

The version of Spring Framework installed on the remote host is 5.3.x prior to 5.3.49, 6.1.x prior to 6.1.28, 6.2.x prior to 6.2.18.1, or 7.0.x prior to 7.0.7.1. It is, therefore, affected by multiple vulnerabilities: - IDs for WebSocket sessions in the spring-websocket module are not...

9.8CVSS5.6AI score0.00399EPSS
Exploits0References30
Cvelist
Cvelist
added 2026/06/09 4:22 p.m.29 views

CVE-2026-42567 Svelte: ReDoS in `<svelte:element>` Tag Validation

Svelte is a performance oriented web framework. From version 5.51.5 to before version 5.55.7, an internal regex in the Svelte runtime can take exponential time to test in . This issue has been patched in version 5.55.7...

5.9CVSS0.00421EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 4:22 p.m.9 views

CVE-2026-42567 Svelte: ReDoS in `<svelte:element>` Tag Validation

Svelte is a performance oriented web framework. From version 5.51.5 to before version 5.55.7, an internal regex in the Svelte runtime can take exponential time to test in . This issue has been patched in version 5.55.7...

5.9CVSS5.4AI score0.00421EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-41848

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Applications may be vulnerable to a Regular Expression Denial of Service ReDoS attack if an attacker is able to provide a pattern which is then directly or...

7.5CVSS5.6AI score0.00317EPSS
Exploits0References3
OSV
OSV
added 2026/06/02 11:45 p.m.2 views

CVE-2026-10692 johnhuang316 code-index-mcp search_code_advanced is_safe_regex_pattern redos

A weakness has been identified in johnhuang316 code-index-mcp up to 2.14.0. Affected is the function issaferegexpattern of the component searchcodeadvanced. Executing a manipulation of the argument regex can lead to inefficient regular expression complexity. It is possible to launch the attack...

5.3CVSS5.5AI score0.0031EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/06/02 11:30 p.m.11 views

CVE-2026-10691 wonderwhy-er DesktopCommanderMCP start_search search-manager.ts redos

A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component startsearch. Performing a manipulation of the argument SearchResult results in inefficient regular expression complexity. It is...

5.3CVSS5.4AI score0.00354EPSS
Exploits0References9
OSV
OSV
added 2026/06/01 8:45 p.m.3 views

CVE-2026-10291 Enderfga claw-orchestrator Session Grep Endpoint embedded-server.ts validateRegex redos

A security vulnerability has been detected in Enderfga claw-orchestrator up to 3.7.0. The impacted element is the function validateRegex of the file claw-orchestrator/src/embedded-server.ts of the component Session Grep Endpoint. The manipulation of the argument body.pattern leads to inefficient...

5.3CVSS5.4AI score0.00354EPSS
Exploits0References11
OSV
OSV
added 2026/05/27 6:8 p.m.8 views

GHSA-R7G9-XPMJ-5FCQ LiquidJS Vulnerable to ReDoS via Quadratic Backtracking in `strip_html` Filter Regex

Summary The built-in striphtml filter in liquidjs uses a regex containing four lazy-quantified alternatives. When the input contains many |||/g, '' The regex contains four lazy patterns: 1. 2. 3. 4. For an input like 'script'.repeatN, the engine encounters N starting positions. At each one it mus...

7.5CVSS5.8AI score0.00385EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.13 views

Unity Linux 20.1060e / 20.1070e Security Update: python-flask-restx (UTSA-2026-016606)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016606 advisory. Flask-RESTX pypi package flask-restx is a community driven fork of Flask-RESTPlus. Flask-RESTX before version 0.5.1 is vulnerable to ReDoS Regular Expression Denial ...

7.5CVSS7.1AI score0.01804EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Jinja2

This issue affects the Jinja2 package versions starting from 0.0.0 and earlier than 2.11.3. The ReDoS vulnerability is primarily caused by the punctuationre regex operator and its use of multiple wildcards. The last wildcard is the most exploitable, as it is used to search for trailing punctuatio...

5.3CVSS7.1AI score0.03546EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in python-setuptools

Python Packaging Authority PyPA’s setuptools before version 65.5.1 allows remote attackers to cause a denial of service through HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service ReDoS vulnerability present in packageindex.py...

5.9CVSS6.8AI score0.02617EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.10 views

Astra Linux – Vulnerability in Ruby 2.5

A ReDoS vulnerability was discovered in the URI component before 0.12.2 for Ruby. The URI parser improperly handles invalid URLs that contain specific characters. There is an increase in execution time when parsing strings into URI objects using rfc2396parser.rb and rfc3986parser.rb. NOTE: This...

5.3CVSS6.5AI score0.01698EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Python 3.7, Python 2.7

There is a flaw in the urllib’s AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server to which an HTTP client such as a web browser connects can trigger a Regular Expression Denial of Service ReDOS during an authentication request. This occurs when the server sends a...

6.5CVSS6.8AI score0.04675EPSS
Exploits1References2
Rows per page
Query Builder