Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3332 matches found

UbuntuCve
UbuntuCveadded 2021/02/16 6:15 p.m.17 views

CVE-2021-21317

uap-core in an open-source npm package which contains the core of BrowserScope's original user agent string parser. In uap-core before version 0.11.0, some regexes are vulnerable to regular expression denial of service REDoS due to overlapping capture groups. This allows remote attackers to...

5.3CVSS6.1AI score0.02517EPSS
Exploits0References3
Prion
Prionadded 2021/02/16 6:15 p.m.13 views

Design/Logic Flaw

uap-core in an open-source npm package which contains the core of BrowserScope's original user agent string parser. In uap-core before version 0.11.0, some regexes are vulnerable to regular expression denial of service REDoS due to overlapping capture groups. This allows remote attackers to...

5CVSS5.2AI score0.02517EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2021/02/16 5:45 p.m.17 views

CVE-2021-21317 Denial of Service in uap-core

uap-core in an open-source npm package which contains the core of BrowserScope's original user agent string parser. In uap-core before version 0.11.0, some regexes are vulnerable to regular expression denial of service REDoS due to overlapping capture groups. This allows remote attackers to...

5.3CVSS5.5AI score0.02517EPSS
Exploits0References3
RedHat Linux
RedHat Linuxadded 2021/02/16 2:28 p.m.3 views

nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS

This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters...

7.5CVSS7.4AI score0.03374EPSS
Exploits1References5
RedHat Linux
RedHat Linuxadded 2021/02/16 2:25 p.m.5 views

nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS

This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters...

7.5CVSS7.4AI score0.03374EPSS
Exploits1References5
Tenable Nessus
Tenable Nessusadded 2021/02/16 12:0 a.m.49 views

RHEL 8 : nodejs:14 (RHSA-2021:0551)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0551 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

9.8CVSS7.1AI score0.68558EPSS
Exploits6References17
RedhatCVE
RedhatCVEadded 2021/02/15 9:48 p.m.39 views

CVE-2020-28500

A flaw was found in nodejs-lodash. A Regular Expression Denial of Service ReDoS via the toNumber, trim and trimEnd functions is possible...

5.3CVSS3.4AI score0.07336EPSS
Exploits1References4
RedhatCVE
RedhatCVEadded 2021/02/15 12:33 p.m.41 views

CVE-2020-28493

A flaw was found in python-jinja2. The ReDOS vulnerability of the regex is mainly due to the sub-pattern a-zA-Z0-9.-+.a-zA-Z0-9.-+. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory...

7.5CVSS2.6AI score0.03546EPSS
Exploits1References3
NVD
NVDadded 2021/02/15 11:15 a.m.23 views

CVE-2020-28500

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service ReDoS via the toNumber, trim and trimEnd functions...

5.3CVSS0.07336EPSS
Exploits1References14
OSV
OSVadded 2021/02/15 11:15 a.m.3 views

DEBIAN-CVE-2020-28500

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service ReDoS via the toNumber, trim and trimEnd functions...

5.3CVSS6.5AI score0.07336EPSS
Exploits1References1
OSV
OSVadded 2021/02/15 11:15 a.m.28 views

CVE-2020-28500

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service ReDoS via the toNumber, trim and trimEnd functions...

5.3CVSS6.5AI score
Exploits0References14
OSV
OSVadded 2021/02/15 11:15 a.m.2 views

AZL-44085 CVE-2020-28500 affecting package js-jquery 3.5.0-4

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service ReDoS via the toNumber, trim and trimEnd functions...

5.3CVSS6.7AI score0.07336EPSS
Exploits1References1
UbuntuCve
UbuntuCveadded 2021/02/15 11:15 a.m.39 views

CVE-2020-28500

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service ReDoS via the toNumber, trim and trimEnd functions...

5.3CVSS6.8AI score0.07336EPSS
Exploits1References8
Prion
Prionadded 2021/02/15 11:15 a.m.32 views

Design/Logic Flaw

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service ReDoS via the toNumber, trim and trimEnd functions...

5CVSS6.2AI score0.07336EPSS
Exploits1References14Affected Software19
Cvelist
Cvelistadded 2021/02/15 11:10 a.m.30 views

CVE-2020-28500 Regular Expression Denial of Service (ReDoS)

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service ReDoS via the toNumber, trim and trimEnd functions...

5.3CVSS6.1AI score0.07336EPSS
Exploits1References14
CVE
CVEadded 2021/02/15 11:10 a.m.398 views

CVE-2020-28500

CVE-2020-28500 affects Lodash prior to 4.17.21, vulnerability is Regular Expression Denial of Service (ReDoS) via toNumber, trim and trimEnd. Connected IBM bulletin confirms the issue and enumerates the affected versions; the remediation is to upgrade Lodash to 4.17.21 or later. No exploitation d...

5.3CVSS6AI score0.07336EPSS
Exploits1References14Affected Software1
Debian CVE
Debian CVEadded 2021/02/15 11:10 a.m.34 views

CVE-2020-28500

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service ReDoS via the toNumber, trim and trimEnd functions...

5.3CVSS6.9AI score0.07336EPSS
Exploits1
Positive Technologies
Positive Technologiesadded 2021/02/15 12:0 a.m.2 views

PT-2021-3189

Name of the Vulnerable Software and Affected Versions lodash versions prior to 4.17.21 Description The issue is related to the toNumber, trim, and trimEnd functions in the lodash library, which can lead to an uncontrolled consumption of resources, potentially causing a denial of service. This can...

7.5CVSS6.7AI score0.07336EPSS
Exploits1References41
CVE
CVEadded 2021/02/11 4:11 p.m.295 views

CVE-2021-22880

The CVE-2021-22880 vulnerability affects the Rails Active Record PostgreSQL adapter. It is a REDoS flaw in the money type input validation, exploitable in Rails apps using PostgreSQL money columns. It impacts Active Record versions prior to 6.1.2.1, 6.0.3.5, and 5.2.4.5. Remediation is to upgrade...

7.5CVSS7.1AI score0.04434EPSS
Exploits1References6Affected Software1
RedHat Linux
RedHat Linuxadded 2021/02/11 1:37 p.m.5 views

nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS

This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters...

7.5CVSS7.4AI score0.03374EPSS
Exploits1References5
Rows per page
Query Builder