Lucene search
K

175 matches found

ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-55470

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to 6.9.10, the fix for CVE-2026-45367 incompletely patched the DSTU2 module, leaving FHIRPathEngine.matches in org.hl7.fhir.dstu2/utils/FHIRPathEngine.java to call raw String.matchessw...

7.5CVSS5.9AI score
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2 days ago4 views

CVE-2026-14895

String::Util versions before 1.36 for Perl are susceptible to a regular expression denial of service. The trim and rtrim functions stripped trailing whitespace with s/\s$//u. Because \s matches greedily and the $ anchor fails whenever a non-whitespace character follows the whitespace, the regex...

7.5CVSS6AI score0.00188EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2 days ago8 views

PT-2026-56275

Name of the Vulnerable Software and Affected Versions String::Util versions prior to 1.36 Description String::Util for Perl is susceptible to a regular expression denial of service. The trim and rtrim functions use a regular expression to strip trailing whitespace. Because the s pattern matches...

6AI score0.00188EPSS
Exploits0References7
OSV
OSV
added 2026/06/17 6:47 p.m.5 views

GHSA-FXJ4-P9XP-37V5 HAPI FHIR: Incomplete fix for CVE-2026-45367: DSTU2 FHIRPathEngine.matches() missing RegexTimeout protection allows ReDoS

Summary The fix for CVE-2026-45367 added RegexTimeout protection to the matches function in DSTU2016MAY, DSTU3, R4, R4B, and R5, but the DSTU2 module was incompletely patched. In org.hl7.fhir.dstu2, replaceMatches was updated while matches at line 2462 still calls the raw String.matchessw without...

7.5CVSS5.4AI score
Exploits0References2
OSV
OSV
added 2026/06/15 8:15 p.m.3 views

GHSA-9H5V-PFQQ-X599 UAParser.js: Unbounded `Sec-CH-UA-Model` parsing can trigger ReDoS in `withClientHints()`

Summary A regular expression denial-of-service ReDoS vulnerability has been discovered in ua-parser-js when using the Client Hints API. By sending a crafted Sec-CH-UA-Model header to an application that calls UAParserheaders.withClientHints, an attacker can cause the parser to spend excessive CPU...

5.3CVSS5.4AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 6:22 p.m.10 views

CVE-2026-47138 Parse Server: Pre-authentication denial of service via client version header regex backtracking

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.77 and 9.9.1-alpha.1, an unauthenticated attacker who knows a publicly-known Parse Application ID can submit a single HTTP request whose client SDK version field contains...

8.7CVSS5.3AI score0.00584EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/12 6:22 p.m.29 views

CVE-2026-47138 Parse Server: Pre-authentication denial of service via client version header regex backtracking

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.77 and 9.9.1-alpha.1, an unauthenticated attacker who knows a publicly-known Parse Application ID can submit a single HTTP request whose client SDK version field contains...

8.7CVSS0.00584EPSS
Exploits0References3
CVE
CVE
added 2026/06/12 6:22 p.m.53 views

CVE-2026-47138

CVE-2026-47138 : Parse Server suffers pre-authentication DoS via adversarial client version header input causing polynomial backtracking in the request-header parser. Affected before fixes in versions up to 8.6.76/9.9.0-alpha.1; patched in 8.6.77 and 9.9.1-alpha.1. An unauthenticated attacker wit...

8.7CVSS5.2AI score0.00584EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-44496

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios is a promise based HTTP client for the browser and Node.js. Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line build a regular...

7.5CVSS5.9AI score0.00645EPSS
Exploits1References3
OSV
OSV
added 2026/06/11 5:16 p.m.6 views

DEBIAN-CVE-2026-44496

Axios is a promise based HTTP client for the browser and Node.js. Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line build a regular expression from the configured XSRF cookie name without escaping regex metacharacters. In standard browser environments, an attacker who...

7.5CVSS5.3AI score0.00645EPSS
Exploits1References1
NVD
NVD
added 2026/06/11 5:16 p.m.16 views

CVE-2026-44496

Axios is a promise based HTTP client for the browser and Node.js. Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line build a regular expression from the configured XSRF cookie name without escaping regex metacharacters. In standard browser environments, an attacker who...

7.5CVSS0.00645EPSS
Exploits1References23
OSV
OSV
added 2026/06/11 5:16 p.m.4 views

UBUNTU-CVE-2026-44496

Axios is a promise based HTTP client for the browser and Node.js. Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line build a regular expression from the configured XSRF cookie name without escaping regex metacharacters. In standard browser environments, an attacker who...

7.5CVSS5.4AI score0.00645EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/06/11 3:34 p.m.10 views

CVE-2026-44496

Axios is a promise based HTTP client for the browser and Node.js. Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line build a regular expression from the configured XSRF cookie name without escaping regex metacharacters. In standard browser environments, an attacker who...

7.5CVSS5.3AI score0.00645EPSS
Exploits1
CVE
CVE
added 2026/06/11 3:34 p.m.100 views

CVE-2026-44496

CVE-2026-44496 affects Axios in browser environments where Axios reads document.cookie. Versions before 0.32.0 (0.x branch) and before 1.16.0 (1.x branch) build a regex from the configured XSRF cookie name without escaping regex metacharacters, enabling expensive regex backtracking and potential ...

7.5CVSS5.5AI score0.00645EPSS
Exploits1References23Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.13 views

EulerOS Virtualization 2.12.1 : libssh (EulerOS-SA-2026-2080)

According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A weakness has been identified in libssh up to 0.11.3. The impacted element is the function...

8.2CVSS5.9AI score0.00631EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.11 views

EulerOS Virtualization 2.12.0 : libssh (EulerOS-SA-2026-2105)

According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A weakness has been identified in libssh up to 0.11.3. The impacted element is the function...

8.2CVSS5.9AI score0.00631EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.11 views

CVE-2026-8159

[email protected] and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser. A crafted multipart upload with a long header value can cause regex matching to take seconds, blocking the event loop. Impact: any...

7.5CVSS5.4AI score0.00335EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/04 2:24 p.m.13 views

Regular Expression Denial of Service (ReDoS)

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the read function when attacker-controlled input is used as the cookie name parameter, which is interpolated into a regular...

7.5CVSS5.5AI score0.00645EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.28 views

PT-2026-46303

Name of the Vulnerable Software and Affected Versions Axios versions prior to 0.32.0 Axios versions prior to 1.16.0 Description Axios constructs a regular expression from the configured XSRF cookie name without escaping regex metacharacters. In standard browser environments, an attacker who can...

7.5CVSS5.9AI score0.00645EPSS
Exploits1References13
Github Security Blog
Github Security Blog
added 2026/05/27 9:34 p.m.33 views

Symfony's YAML Parser has a ReDoS via Catastrophic Backtracking in Parser::cleanup() Regex

Description Symfony\Component\Yaml\Parser::cleanup strips the optional %YAML directive header, leading comments, and document start/end markers before parsing. The original regexes contained overlapping quantifiers, most notably '^%YAML: \d.+.\nu', whose \d.+ and . overlap on the dot, that exhibi...

5.8AI score0.00076EPSS
Exploits0References6Affected Software2
Rows per page
Query Builder