Lucene search
K

667 matches found

vulnersOsv
vulnersOsv
added 2026/03/26 6:34 p.m.6 views

com.codbex.aion:codbex-aion-platform (>=0.5.6 <=0.5.7), com.codbex.aion:codbex-aion-platform-keycloack (>=0.5.6 <=0.5.7) +96 more potentially affected by CVE-2024-45296 +1 more via org.webjars.npm:path-to-regexp (>=0.1.7 <=8.2.0)

org.webjars.npm:path-to-regexp MAVEN version =0.1.7, =0.5.6, =0.5.6, =0.5.6, =0.4.0, =0.4.0, =0.5.3, =0.5.5 - com.codbex.kronos:codbex-kronos-coverage-aggregate =0.4.0 - com.codbex.kronos:codbex-kronos-modules-all =0.4.0 - com.codbex.kronos:codbex-kronos-modules-engines-all =0.4.0 -...

7.5CVSS6.7AI score0.00932EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/26 6:34 p.m.6 views

@1771technologies/play-frame (>=0.0.2 <=0.0.19), @9188/doso (>=1.0.0 <=1.0.10) +2136 more potentially affected by CVE-2024-45296 +1 more via path-to-regexp (>=0.0.2 <=0.1.12)

path-to-regexp NPM version =0.0.2, =0.0.2, =1.0.0, =1.0.44, =1.16.33, =1.16.33, =25.4.0-alpha.0, =16.7.2, =1.0.1, =2.4.3, =1.11.282, =1.1.55, =0.1.4, =0.1.12-beta.3 and more Source cves: CVE-2024-45296, CVE-2026-4867 Source advisory: SNYK:JS-PATHTOREGEXP-15789761...

7.5CVSS6.6AI score0.00932EPSS
Exploits0
NVD
NVD
added 2026/03/26 5:16 p.m.19 views

CVE-2026-4867

Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period .. For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in [email protected] only prevents ambiguity for two...

7.5CVSS0.00496EPSS
Exploits0References3
OSV
OSV
added 2026/03/26 5:16 p.m.2 views

DEBIAN-CVE-2026-4867

Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period .. For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in [email protected] only prevents ambiguity for two...

7.5CVSS5.4AI score0.00496EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/26 5:16 p.m.3 views

CVE-2026-4867

Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period .. For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in [email protected] only prevents ambiguity for two...

7.5CVSS5.9AI score0.00496EPSS
Exploits0References5
OSV
OSV
added 2026/03/26 5:16 p.m.4 views

UBUNTU-CVE-2026-4867

Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period .. For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in [email protected] only prevents ambiguity for two...

7.5CVSS5.8AI score0.00496EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/26 4:16 p.m.24 views

CVE-2026-4867 path-to-regexp vulnerable to Regular Expression Denial of Service via multiple route parameters

Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period .. For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in [email protected] only prevents ambiguity for two...

7.5CVSS0.00496EPSS
Exploits0References3
CVE
CVE
added 2026/03/26 4:16 p.m.36 views

CVE-2026-4867

CVE-2026-4867 affects the path-to-regexp library. When three or more parameters occur within a single segment (e.g., /:a-:b-:c or /:a-:b-:c-:d) a bad regular expression is generated, and the backtrack protection added in [email protected] only guards two parameters. As a result, lookaheads ca...

7.5CVSS5.9AI score0.00496EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/26 4:16 p.m.2 views

CVE-2026-4867

Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period .. For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in [email protected] only prevents ambiguity for two...

7.5CVSS5.9AI score0.00496EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.7 views

Path-to-RegExp 安全漏洞

Path-to-RegExp is a tool open sourced by pillarjs. It is used to convert path strings into regular expressions. Versions of Path-to-RegExp prior to 0.1.12 have security vulnerabilities; these vulnerabilities stem from defects in the generated regular expressions, which may lead to denial-of-servi...

7.5CVSS5.8AI score0.00496EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.11 views

Path-to-RegExp 安全漏洞

Path-to-RegExp is a tool open-sourced by pillarjs. It is used to convert path strings into regular expressions. Versions of Path-to-RegExp before version 8.4.0 had a security vulnerability. This vulnerability stemmed from defects in the regular expressions generated when using multiple wildcards...

5.9CVSS6.2AI score0.00353EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-4867

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period...

7.5CVSS5.9AI score0.00496EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.6 views

Path-to-RegExp 安全漏洞

Path-to-RegExp is a tool open source by pillarjs. It is used to convert path strings into regular expressions. Versions of Path-to-RegExp prior to 8.4.0 have security vulnerabilities; these vulnerabilities stem from the exponential growth of the generated regular expressions, which could lead to...

7.5CVSS6.3AI score0.00791EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/18 1:3 p.m.5 views

Malicious code in path-to-regexp-updated (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4f886299ed0f104de3331f447c127332d6de7b5d3bff5954553bb5c50099dfc The package path-to-regexp-updated was found to contain malicious code...

5.8AI score
Exploits0
OSV
OSV
added 2026/03/18 1:3 p.m.5 views

MAL-2026-1808 Malicious code in path-to-regexp-updated (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4f886299ed0f104de3331f447c127332d6de7b5d3bff5954553bb5c50099dfc The package path-to-regexp-updated was found to contain malicious code...

5.8AI score
Exploits0
OSV
OSV
added 2026/03/16 12:0 a.m.8 views

MAL-2026-3125 Malicious code in transform-regexp-constructors (npm)

The package 'transform-regexp-constructors' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

5.5AI score
Exploits0References2
OSV
OSV
added 2026/03/10 6:28 p.m.2 views

GO-2026-4644 Caddy's vars_regexp double-expands user input, leaking env vars and files in github.com/caddyserver/caddy

Caddy's varsregexp double-expands user input, leaking env vars and files in github.com/caddyserver/caddy...

7.5CVSS5.8AI score0.00401EPSS
Exploits1References3
NVD
NVD
added 2026/03/07 5:15 p.m.6 views

CVE-2026-30852

Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the varsregexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When varsregexp matches against a placeholder like http.request.header.X-Input, the...

7.5CVSS0.00401EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/03/07 5:15 p.m.3 views

CVE-2026-30852

Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the varsregexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When varsregexp matches against a placeholder like http.request.header.X-Input, the...

7.5CVSS7AI score0.00401EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/07 4:28 p.m.30 views

CVE-2026-30852 Caddy: vars_regexp double-expands user input, leaking env vars and files

Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the varsregexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When varsregexp matches against a placeholder like http.request.header.X-Input, the...

6.9CVSS0.00401EPSS
Exploits1References3
Rows per page
Query Builder