Lucene search
+L

3349 matches found

osv
osv
added 2026/03/10 9:4 p.m.3 views

GHSA-F45G-68Q3-5W8X Elysia has a string URL format ReDoS

Impact t.String format: 'url' is vulnerable to redos Repeating a partial url format protocol and hostname multiple times cause regex to slow down significantly js 'http://a'.repeatn Here's a table demonstrating how long it takes to process repeated partial url format | n repeat | elapsedms | | --...

7.5CVSS5.9AI score0.00494EPSS
Exploits1References4
cvelist
cvelist
added 2026/03/10 8:12 p.m.28 views

CVE-2026-30837 Elysia has a string URL format redos

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Prior to 1.4.26 , t.String format: 'url' is vulnerable to ReDoS. Repeating a partial url format protocol and hostname multiple times cause regex to slow down...

7.5CVSS0.00494EPSS
Exploits1References2
cve
cve
added 2026/03/10 8:12 p.m.14 views

CVE-2026-30837

Elysia (TypeScript framework) prior to v1.4.26 is affected by a ReDoS in t.String({ format: 'url' }) where repeating a partial URL format (protocol/hostname) makes the regex slow, potentially causing DoS. The issue is fixed in v1.4.26. Affected component: the URL string format validation function...

7.5CVSS5.8AI score0.00494EPSS
Exploits1References2Affected Software1
euvd
euvd
added 2026/03/10 8:12 p.m.6 views

EUVD-2026-10861

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Prior to 1.4.26 , t.String format: 'url' is vulnerable to ReDoS. Repeating a partial url format protocol and hostname multiple times cause regex to slow down...

7.5CVSS5.8AI score0.00494EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2026/03/10 12:0 a.m.5 views

PT-2026-24422

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Prior to 1.4.26 , t.String format: 'url' is vulnerable to ReDoS. Repeating a partial url format protocol and hostname multiple times cause regex to slow down...

7.5CVSS5.8AI score0.00494EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2026/03/10 12:0 a.m.5 views

PT-2026-24625

Impact t.String format: 'url' is vulnerable to redos Repeating a partial url format protocol and hostname multiple times cause regex to slow down significantly js 'http://a'.repeatn Here's a table demonstrating how long it takes to process repeated partial url format | n repeat | elapsed ms | | -...

7.5CVSS5.8AI score
Exploits0References4
astralinux
astralinux
added 2026/03/03 9:29 a.m.3 views

Astra Linux – Vulnerability in Ruby 3.1

A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby, up to 3.2.1. The Time parser improperly handles invalid URLs that contain specific characters. This causes an increase in execution time when parsing strings into Time objects. The fixed versions are 0.1.1 and 0.2.2...

5.3CVSS7.1AI score0.02452EPSS
Exploits0References3
github
github
added 2026/03/02 10:17 p.m.10 views

OpenClaw has ReDoS and regex injection via unescaped Feishu mention metadata in RegExp construction

Summary extensions/feishu/src/bot.ts constructed new RegExp directly from Feishu mention metadata mention.name, mention.key in stripBotMention without escaping regex metacharacters. Affected Packages / Versions - Package: npm openclaw - Affected versions: = 2026.2.17 - First affected release:...

8.2CVSS5.9AI score0.00311EPSS
Exploits0References6Affected Software1
ibm
ibm
added 2026/03/02 12:25 p.m.8 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service (CVE-2026-2327)

Summary Node.js module markdown-it is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationServer and IntegrationRuntime operands are vulnerable to regular expression denial of service ReDoS. This bulletin provides...

7.5CVSS5.9AI score0.00503EPSS
Exploits0Affected Software1
ptsecurity
ptsecurity
added 2026/03/02 12:0 a.m.9 views

PT-2026-26009

Summary extensions/feishu/src/bot.ts constructed new RegExp directly from Feishu mention metadata mention.name, mention.key in stripBotMention without escaping regex metacharacters. Affected Packages / Versions - Package: npm openclaw - Affected versions: = 2026.2.17 - First affected release:...

8.2CVSS5.8AI score0.00311EPSS
Exploits0References10
cvelist
cvelist
added 2026/02/27 5:32 a.m.31 views

CVE-2026-3293 snowflakedb snowflake-jdbc JDBC URL SdkProxyRoutePlanner.java SdkProxyRoutePlanner redos

A weakness has been identified in snowflakedb snowflake-jdbc up to 4.0.1. Impacted is the function SdkProxyRoutePlanner of the file src/main/java/net/snowflake/client/internal/core/SdkProxyRoutePlanner.java of the component JDBC URL Handler. Executing a manipulation of the argument nonProxyHosts...

4.8CVSS0.00209EPSS
Exploits1References8
cvelist
cvelist
added 2026/02/26 1:6 a.m.29 views

CVE-2026-27903 minimatch has a ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments

minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, matchOne performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent GLOBSTAR...

7.5CVSS0.00517EPSS
Exploits1References1
cve
cve
added 2026/02/26 1:6 a.m.244 views

CVE-2026-27903

The CVE concerns minimatch prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, where matchOne() can backtrack unboundedly when a glob includes multiple non-adjacent GLOBSTAR segments. This causes exponential-like time complexity (O(C(n, k))) and can stall the Node.js eve...

7.5CVSS5.5AI score0.00517EPSS
Exploits1References1Affected Software1
nessus
nessus
added 2026/02/20 12:0 a.m.4 views

Atlassian Confluence 8.5.x < 9.2.1 / 9.3.x < 9.4.0 / 9.5.x < 9.5.1 / 10.0.x < 10.2.3 / 10.2.6 (CONFSERVER-102185)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-102185 advisory. - Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrust...

7.5CVSS6.7AI score0.02761EPSS
Exploits1References2
nessus
nessus
added 2026/02/20 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-26996

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular...

8.7CVSS6.7AI score0.00519EPSS
Exploits1References4
osv
osv
added 2026/02/12 6:30 a.m.12 views

GHSA-38C4-R59V-3VQW markdown-it is has a Regular Expression Denial of Service (ReDoS)

Versions of the package markdown-it from 13.0.0 and before 14.1.1 are vulnerable to Regular Expression Denial of Service ReDoS due to the use of the regex /+$/ in the linkify function. An attacker can supply a long sequence of characters followed by a non-matching character, which triggers...

6.9CVSS5.9AI score0.00503EPSS
Exploits0References6
nessus
nessus
added 2026/02/10 12:0 a.m.5 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005308)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005308 advisory. Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Racks media type parser to take much longer than expected, leading to a...

7.5CVSS6.5AI score0.35376EPSS
Exploits1References4
nessus
nessus
added 2026/02/05 12:0 a.m.3 views

Atlassian Jira Service Management Data Center and Server 10.3.0 < 10.3.16 (JSDSERVER-16497)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16497 advisory. - Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to...

8.7CVSS5.7AI score0.00873EPSS
Exploits0References2
ibm
ibm
added 2026/01/30 10:5 a.m.13 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Regular Expression Denial of Service (ReDoS) due to cross-spawn

Summary cross-spawn is used by IBM watsonx Orchestrate Developer Edition as part of image: tools-runtime Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReD...

8.7CVSS5.9AI score0.00873EPSS
Exploits0Affected Software1
nessus
nessus
added 2026/01/22 12:0 a.m.8 views

Azure Linux 3.0 Security Update: ruby / rubygem-rexml (CVE-2024-49761)

The version of ruby / rubygem-rexml installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-49761 advisory. - REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it...

8.7CVSS7.2AI score0.01429EPSS
Exploits0References2
Rows per page
Query Builder