Lucene search
K

3339 matches found

CVE
CVE
added 2026/03/23 11:7 p.m.28 views

CVE-2026-33169

CVE-2026-33169 affects Active Support (Rails core extensions). The issue arises in NumberToDelimitedConverter, which uses a lookahead-based regular expression with gsub! to insert thousands delimiters. Interaction between a repeated lookahead group and gsub! can cause quadratic time complexity on...

6.9CVSS5.8AI score0.00498EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2026/03/23 11:7 p.m.21 views

CVE-2026-33169 Rails Active Support has a possible ReDoS vulnerability in number_to_delimited

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. NumberToDelimitedConverter uses a lookahead-based regular expression with gsub! to insert thousands delimiters. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, the interaction between th...

6.9CVSS0.00498EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/03/23 8:52 p.m.12 views

Rails Active Support has a possible ReDoS vulnerability in number_to_delimited

Impact NumberToDelimitedConverter used a regular expression with gsub! to insert thousands delimiters. This could produce quadratic time complexity on long digit strings. Releases The fixed releases are available at the normal locations. Credit This issue was responsibly reported by Hackerone...

6.9CVSS5AI score0.00498EPSS
Exploits0References10Affected Software1
EUVD
EUVD
added 2026/03/23 8:52 p.m.5 views

EUVD-2026-14622

Rails Active Support has a possible ReDoS vulnerability in numbertodelimited...

6.9CVSS5.8AI score0.00498EPSS
Exploits0References7
RubySec
RubySec
added 2026/03/23 12:0 a.m.10 views

Rails Active Support has a possible ReDoS vulnerability in number_to_delimited

Impact NumberToDelimitedConverter used a regular expression with gsub! to insert thousands delimiters. This could produce quadratic time complexity on long digit strings. Releases The fixed releases are available at the normal locations...

6.9CVSS5.7AI score0.00498EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/03/22 5:35 a.m.125 views

CVE-2026-4539

CVE-2026-4539 affects the Pygments project, specifically the AdlLexer in pygments/lexers/archetype.py up to version 2.19.2. The issue stems from an inefficient regular expression construct in the AdlLexer, enabling a local-access DoS/slowdown scenario. Publicly released exploit material exists, a...

4.8CVSS5.4AI score0.00156EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/22 5:35 a.m.36 views

CVE-2026-4539 pygments archetype.py AdlLexer redos

A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit has been released...

4.8CVSS0.00156EPSS
Exploits0References5
CVE
CVE
added 2026/03/18 1:34 a.m.13 views

CVE-2026-22178

CVE-2026-22178 concerns OpenClaw. Vulnerability arises when versions prior to 2026.2.19 construct RegExp objects directly from unescaped Feishu mention metadata inside stripBotMention(), enabling regex injection and potential ReDoS. Attackers can craft nested-quantifier patterns or metacharacters...

8.2CVSS5.8AI score0.00311EPSS
Exploits0References4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/16 4:29 a.m.6 views

Security Bulletin: Inefficient Regular Expression Complexity (ReDoS) Vulnerability in nth-check affect IBM watsonx.data

Summary nth-check is vulnerable to Inefficient Regular Expression Complexity. These can affect IBM watsonx.data. Vulnerability Details CVEID:CVE-2021-3803 DESCRIPTION: nth-check is vulnerable to Inefficient Regular Expression Complexity CWE:CWE-1333: Inefficient Regular Expression Complexity CVSS...

7.5CVSS5.7AI score0.02014EPSS
Exploits1Affected Software1
OSV
OSV
added 2026/03/12 6:32 p.m.4 views

GHSA-P2M9-WCP5-6QW3 multipart vulnerable to ReDoS in `parse_options_header()`

Summary The parseoptionsheader function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted HTTP or multipart segment headers. This can be abused for denial of service DoS attacks against web...

7.5CVSS5.8AI score0.00606EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/12 4:45 p.m.24 views

CVE-2026-28356 ReDoS in multipart 1.3.0 - `parse_options_header()`

multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 and 1.4.0-dev, the parseoptionsheader function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted HTTP or multipar...

7.5CVSS0.00606EPSS
Exploits0References1
OSV
OSV
added 2026/03/10 9:4 p.m.3 views

GHSA-F45G-68Q3-5W8X Elysia has a string URL format ReDoS

Impact t.String format: 'url' is vulnerable to redos Repeating a partial url format protocol and hostname multiple times cause regex to slow down significantly js 'http://a'.repeatn Here's a table demonstrating how long it takes to process repeated partial url format | n repeat | elapsedms | | --...

7.5CVSS5.9AI score0.00494EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/10 9:4 p.m.8 views

Elysia has a string URL format ReDoS

Impact t.String format: 'url' is vulnerable to redos Repeating a partial url format protocol and hostname multiple times cause regex to slow down significantly js 'http://a'.repeatn Here's a table demonstrating how long it takes to process repeated partial url format | n repeat | elapsedms | | --...

7.5CVSS5.8AI score0.00494EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/03/10 8:12 p.m.27 views

CVE-2026-30837 Elysia has a string URL format redos

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Prior to 1.4.26 , t.String format: 'url' is vulnerable to ReDoS. Repeating a partial url format protocol and hostname multiple times cause regex to slow down...

7.5CVSS0.00494EPSS
Exploits1References2
CVE
CVE
added 2026/03/10 8:12 p.m.13 views

CVE-2026-30837

Elysia (TypeScript framework) prior to v1.4.26 is affected by a ReDoS in t.String({ format: 'url' }) where repeating a partial URL format (protocol/hostname) makes the regex slow, potentially causing DoS. The issue is fixed in v1.4.26. Affected component: the URL string format validation function...

7.5CVSS5.8AI score0.00494EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/03/10 8:12 p.m.6 views

EUVD-2026-10861

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Prior to 1.4.26 , t.String format: 'url' is vulnerable to ReDoS. Repeating a partial url format protocol and hostname multiple times cause regex to slow down...

7.5CVSS5.8AI score0.00494EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.4 views

PT-2026-24625

Impact t.String format: 'url' is vulnerable to redos Repeating a partial url format protocol and hostname multiple times cause regex to slow down significantly js 'http://a'.repeatn Here's a table demonstrating how long it takes to process repeated partial url format | n repeat | elapsed ms | | -...

7.5CVSS5.8AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.4 views

PT-2026-24422

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Prior to 1.4.26 , t.String format: 'url' is vulnerable to ReDoS. Repeating a partial url format protocol and hostname multiple times cause regex to slow down...

7.5CVSS5.8AI score0.00494EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/02 10:17 p.m.9 views

OpenClaw has ReDoS and regex injection via unescaped Feishu mention metadata in RegExp construction

Summary extensions/feishu/src/bot.ts constructed new RegExp directly from Feishu mention metadata mention.name, mention.key in stripBotMention without escaping regex metacharacters. Affected Packages / Versions - Package: npm openclaw - Affected versions: = 2026.2.17 - First affected release:...

8.2CVSS5.9AI score0.00311EPSS
Exploits0References6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/02 12:25 p.m.8 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service (CVE-2026-2327)

Summary Node.js module markdown-it is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationServer and IntegrationRuntime operands are vulnerable to regular expression denial of service ReDoS. This bulletin provides...

7.5CVSS5.9AI score0.00503EPSS
Exploits0Affected Software1
Rows per page
Query Builder