Lucene search
K

667 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 7 : java-11-openjdk-11.0.7.10-4.el7 (AXSA:2020-011:04)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-011:04 advisory. OpenJDK: Incorrect bounds checks in NIO Buffers Libraries, 8234841 CVE-2020-2803 OpenJDK: Incorrect type checks in MethodType.readObject Libraries,...

8.3CVSS6.7AI score0.0623EPSS
Exploits0References14
Snyk
Snyk
added 2026/01/13 9:21 p.m.5 views

Double Free

Overview Affected versions of this package are vulnerable to Double Free in the Regexp compilation process. An attacker can execute arbitrary code or cause a denial of service by supplying a specially crafted regular expression source string. Remediation A fix was pushed into the master branch bu...

9.8CVSS7.5AI score0.02744EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.4 views

MiracleLinux 7 : firefox-128.8.0-1.0.1.el7.AXS7 (AXSA:2025-9734:08)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-9734:08 advisory. firefox: Use-after-free in WebTransportChild CVE-2025-1931 firefox: AudioIPC StreamData could trigger a use-after-free in the Browser process...

8.8CVSS6.8AI score0.00519EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.3 views

MiracleLinux 8 : firefox-128.8.0-1.el8_10.ML.1 (AXSA:2025-9730:07)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-9730:07 advisory. firefox: Use-after-free in WebTransportChild CVE-2025-1931 firefox: AudioIPC StreamData could trigger a use-after-free in the Browser process...

8.8CVSS6.8AI score0.00519EPSS
Exploits1References10
RedhatCVE
RedhatCVE
added 2026/01/09 11:35 a.m.10 views

CVE-2021-41959

JerryScript Git version 14ff5bf does not sufficiently track and release allocated memory via jerry-core/ecma/operations/ecma-regexp-object.c after RegExp, which causes a memory leak...

7.5CVSS6.9AI score0.01141EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/01/07 12:0 a.m.5 views

Atlassian Confluence < 8.5.17 / 8.6.x < 9.2.6 / 9.3.1 < 9.4.0 / 9.5.x < 9.5.1 / 10.0.x < 10.0.2 (CONFSERVER-101480)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-101480 advisory. - path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be...

7.5CVSS6.6AI score0.00932EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.4 views

PT-2026-28674

Name of the Vulnerable Software and Affected Versions path-to-regexp versions prior to 8.4.0 Description The software is susceptible to a Regular Expression Denial of Service ReDoS condition when handling multiple wildcard characters combined with at least one parameter. This issue arises because...

5.9CVSS5.8AI score0.00353EPSS
Exploits0References274
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.5 views

PT-2026-28675

Name of the Vulnerable Software and Affected Versions path-to-regexp versions prior to 8.4.0 Description A flawed regular expression is created when multiple sequential optional groups using curly brace syntax are present, such as abc:z. The resulting regular expression expands exponentially with...

9.8CVSS5.9AI score0.00791EPSS
Exploits0References274
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.4 views

PT-2026-28656

Name of the Vulnerable Software and Affected Versions path-to-regexp versions prior to 0.1.13 Description A flawed regular expression is generated when three or more parameters are present within a single segment, separated by characters other than a period .. For example, /:a-:b-:c or...

7.5CVSS5.9AI score0.00496EPSS
Exploits2References34
OSV
OSV
added 2025/12/29 12:18 a.m.4 views

OSV-2025-1039 UNKNOWN WRITE in fuzz_regexp

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=471926738 Crash type: UNKNOWN WRITE Crash state: fuzzregexp...

5.8AI score
Exploits0References1
OSV
OSV
added 2025/12/25 12:2 a.m.4 views

OSV-2025-1018 Stack-buffer-overflow in lre_exec

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=471304472 Crash type: Stack-buffer-overflow READ 8 Crash state: lreexec fuzzregexp.c...

5.8AI score
Exploits0References1
Atlassian
Atlassian
added 2025/12/12 7:27 a.m.12 views

DoS (Denial of Service) path-to-regexp Dependency in Jira Service Management Data Center and Server

This High severity DoS Denial of Service vulnerability was introduced in versions 10.2.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Service Management Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

7.5CVSS8.1AI score0.00932EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/04 2:46 p.m.10 views

Security Bulletin: Multiple vulnerabilities in IBM Controller

Summary Multiple vulnerabilities were addressed in IBM Controller 11.1.2. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor...

8.7CVSS6.9AI score0.63258EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/03 6:13 p.m.10 views

Security Bulletin: IBM Watson Studio for IBM Cloud Pak for Data is affected by vulnerability in path-to-regexp

Summary IBM Watson Studio for IBM Cloud Pak for Data contains a vulnerable version of path-to-regexp Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be...

8.7CVSS6.7AI score0.00792EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2025/10/16 3:51 p.m.10 views

CVE-2025-62495 Type confusion in string addition in QuickJS

An integer overflow vulnerability exists in the QuickJS regular expression engine libregexp due to an inconsistent representation of the bytecode buffer size. The regular expression bytecode is stored in a DynBuf structure, which correctly uses a $\textsize\textt$ an unsigned type, typically...

7.1CVSS0.00417EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-16054

Malware in sbrugna...

9.8CVSS9.3AI score0.01313EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-0621

Malware in sbrugna...

7.5CVSS7.6AI score0.01743EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2015-8262

Malware in sbrugna...

7.5CVSS8.5AI score0.04436EPSS
Exploits1References11
EUVD
EUVD
added 2025/10/07 12:30 a.m.15 views

EUVD-2017-18371

Malware in sbrugna...

7.5CVSS7.4AI score0.0257EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-3450

Malware in sbrugna...

9.8CVSS9.3AI score0.01583EPSS
Exploits1References2
Rows per page
Query Builder