Lucene search
K

3339 matches found

Cvelist
Cvelist
added 2026/02/27 5:32 a.m.29 views

CVE-2026-3293 snowflakedb snowflake-jdbc JDBC URL SdkProxyRoutePlanner.java SdkProxyRoutePlanner redos

A weakness has been identified in snowflakedb snowflake-jdbc up to 4.0.1. Impacted is the function SdkProxyRoutePlanner of the file src/main/java/net/snowflake/client/internal/core/SdkProxyRoutePlanner.java of the component JDBC URL Handler. Executing a manipulation of the argument nonProxyHosts...

4.8CVSS0.00209EPSS
Exploits1References8
Cvelist
Cvelist
added 2026/02/26 1:6 a.m.29 views

CVE-2026-27903 minimatch has a ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments

minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, matchOne performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent GLOBSTAR...

7.5CVSS0.00517EPSS
Exploits1References1
CVE
CVE
added 2026/02/26 1:6 a.m.222 views

CVE-2026-27903

The CVE concerns minimatch prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, where matchOne() can backtrack unboundedly when a glob includes multiple non-adjacent GLOBSTAR segments. This causes exponential-like time complexity (O(C(n, k))) and can stall the Node.js eve...

7.5CVSS5.5AI score0.00517EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/02/20 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-26996

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular...

8.7CVSS6.7AI score0.00519EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/02/20 12:0 a.m.4 views

Atlassian Confluence 8.5.x < 9.2.1 / 9.3.x < 9.4.0 / 9.5.x < 9.5.1 / 10.0.x < 10.2.3 / 10.2.6 (CONFSERVER-102185)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-102185 advisory. - Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrust...

7.5CVSS6.7AI score0.02761EPSS
Exploits1References2
OSV
OSV
added 2026/02/12 6:30 a.m.10 views

GHSA-38C4-R59V-3VQW markdown-it is has a Regular Expression Denial of Service (ReDoS)

Versions of the package markdown-it from 13.0.0 and before 14.1.1 are vulnerable to Regular Expression Denial of Service ReDoS due to the use of the regex /+$/ in the linkify function. An attacker can supply a long sequence of characters followed by a non-matching character, which triggers...

6.9CVSS5.9AI score0.00503EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.5 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005308)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005308 advisory. Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Racks media type parser to take much longer than expected, leading to a...

7.5CVSS6.5AI score0.35376EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/02/05 12:0 a.m.3 views

Atlassian Jira Service Management Data Center and Server 10.3.0 < 10.3.16 (JSDSERVER-16497)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16497 advisory. - Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to...

8.7CVSS5.7AI score0.00873EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 10:5 a.m.11 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Regular Expression Denial of Service (ReDoS) due to cross-spawn

Summary cross-spawn is used by IBM watsonx Orchestrate Developer Edition as part of image: tools-runtime Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReD...

8.7CVSS5.9AI score0.00873EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.7 views

Azure Linux 3.0 Security Update: ruby / rubygem-rexml (CVE-2024-49761)

The version of ruby / rubygem-rexml installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-49761 advisory. - REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it...

8.7CVSS7.2AI score0.01429EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.7 views

Azure Linux 3.0 Security Update: uglify-js (CVE-2022-25858)

The version of uglify-js installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-25858 advisory. - The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial...

7.5CVSS5.6AI score0.0232EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 8 : python39:3.9 and python39-devel:3.9 (AXSA:2024-8950:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8950:01 advisory. python: cpython: tarfile: ReDos via excessive backtracking while parsing header values CVE-2024-6232 Tenable has extracted the preceding description block...

7.5CVSS7.3AI score0.02203EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 7 : rh-nodejs8-nodejs-8.17.0-2.el7 (AXSA:2020-200:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-200:01 advisory. nodejs-brace-expansion: Regular expression denial of service CVE-2017-18077 nodejs-chownr: TOCTOU vulnerability in chownr function in chownr.js...

9.8CVSS8.4AI score0.03342EPSS
Exploits4References8
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.2 views

MiracleLinux 9 : python3.9-3.9.19-8.el9.1 (AXSA:2024-9260:07)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9260:07 advisory. python: cpython: tarfile: ReDos via excessive backtracking while parsing header values CVE-2024-6232 Tenable has extracted the preceding description block...

7.5CVSS7.1AI score0.02203EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 8 : python-mako-1.0.6-14.el8 (AXSA:2023-5682:02)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-5682:02 advisory. mako: REDoS in Lexer class CVE-2022-40023 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory. Note that...

7.5CVSS7.5AI score0.01718EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 9 : python3.12-3.12.5-2.el9.1 (AXSA:2024-9402:16)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9402:16 advisory. python: cpython: tarfile: ReDos via excessive backtracking while parsing header values CVE-2024-6232 Tenable has extracted the preceding description block...

7.5CVSS7.1AI score0.02203EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 8 : ruby:3.1 (AXSA:2024-7629:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7629:01 advisory. ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: ReDoS vulnerability in URI CVE-2023-28755 ruby: ReDoS vulnerability - upstream's...

8.8CVSS8.3AI score0.02637EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 8 : nodejs:14 (AXSA:2021-2448:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2448:01 advisory. nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22930 nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22940...

9.8CVSS8AI score0.37286EPSS
Exploits5References9
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 8 : nodejs:14 nodejs-nodemon-2.0.20-2.module+el8+1579+35966ec0, nodejs-packaging-23-3.module+el8+1579+35966ec0, nodejs-14.21.1-2.module+el8+1579+35966ec0 (AXSA:2023-4653:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-4653:01 advisory. minimist: prototype pollution CVE-2021-44906 node-fetch: exposure of sensitive information to an unauthorized actor CVE-2022-0235 nodejs-minimatch:...

9.8CVSS6.8AI score0.14663EPSS
Exploits4References6
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 8 : python27:2.7 (AXSA:2024-8406:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8406:01 advisory. pypa-setuptools: Regular Expression Denial of Service ReDoS in packageindex.py CVE-2022-40897 python: use after free in heappushpop of heapq module...

9.8CVSS7.6AI score0.04268EPSS
Exploits5References6
Rows per page
Query Builder