Lucene search
K

111 matches found

Vulnrichment
Vulnrichment
added 2025/07/28 7:2 a.m.3 views

CVE-2025-8262 yarnpkg Yarn hosted-git-resolver.js explodeHostedGitFragment redos

A vulnerability was found in yarnpkg Yarn up to 1.22.22. It has been classified as problematic. Affected is the function explodeHostedGitFragment of the file src/resolvers/exotics/hosted-git-resolver.js. The manipulation leads to inefficient regular expression complexity. It is possible to launch...

5.3CVSS4.6AI score0.007EPSS
Exploits1References5
CVE
CVE
added 2025/07/28 7:2 a.m.51 views

CVE-2025-8262

The IBM Watsonx BI bulletin confirms CVE-2025-8262 affects yarnpkg Yarn up to 1.22.22, specifically the function explodeHostedGitFragment in src/resolvers/exotics/hosted-git-resolver.js. The issue arises from inefficient regular expression complexity, enabling a remote attack. A patch exists (com...

7.5CVSS7.2AI score0.007EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2025/07/14 6:14 a.m.3 views

CVE-2025-7579 chinese-poetry server.js redos

A vulnerability was found in chinese-poetry 0.1. It has been rated as problematic. This issue affects some unknown processing of the file rank/server.js. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has been disclosed to th...

5.3CVSS4.7AI score0.00325EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/07/14 12:0 a.m.3 views

chinese-poetry 安全漏洞

chinese-poetry is chinese-poetry open source a database of ancient Chinese poems. A security vulnerability exists in chinese-poetry version 0.1, which stems from an insufficient regular expression complexity due to a misbehavior in the file rank/server.js...

5.3CVSS4.7AI score0.00325EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/07/14 12:0 a.m.4 views

PT-2025-29429 · Pypi · Chinese-Poetry

Name of the Vulnerable Software and Affected Versions: chinese-poetry version 0.1 Description: A problematic issue exists due to inefficient regular expression complexity in the processing of the file rank/server.js. This issue can be initiated remotely. The exploit for this issue has been public...

5.3CVSS4.4AI score0.00325EPSS
Exploits0References8
NVD
NVD
added 2025/07/07 10:15 a.m.7 views

CVE-2025-3262

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the huggingface/transformers repository, specifically in version 4.49.0. The vulnerability is due to inefficient regular expression complexity in the SETTINGRE variable within the transformers/commands/chat.py file. The...

7.5CVSS0.0043EPSS
Exploits1References2
NVD
NVD
added 2025/07/05 9:15 a.m.7 views

CVE-2025-7074

A vulnerability classified as problematic has been found in vercel hyper up to 3.4.1. This affects the function expand/braceExpand/ignoreMap of the file hyper/bin/rimraf-standalone.js. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack...

7.5CVSS0.00544EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/07/05 12:0 a.m.4 views

hyper 安全漏洞

hyper is a fast, correct HTTP implementation of Rust in the hyperium open source. A security vulnerability exists in hyper 3.4.1 and earlier versions, which stems from a regular expression complexity deficiency in the function expand/braceExpand/ignoreMap in the file hyper/bin/rimraf-standalone.j...

7.5CVSS4.6AI score0.00544EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/06/24 8:58 p.m.5 views

CVE-2025-6492

A vulnerability has been found in MarkText up to 0.17.1 and classified as problematic. Affected by this vulnerability is the function getRecommendTitleFromMarkdownString of the file marktext/src/main/utils/index.js. The manipulation leads to inefficient regular expression complexity. The attack c...

6.9CVSS7.2AI score0.00448EPSS
Exploits0References1
OSV
OSV
added 2025/06/22 10:15 p.m.5 views

CVE-2025-6493

A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown Mode. This manipulation causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has bee...

6.9CVSS5.7AI score
Exploits0References4
CVE
CVE
added 2025/06/22 10:0 p.m.107 views

CVE-2025-6493

CVE-2025-6493 affects CodeMirror (Markdown Mode) up to 5.65.20. An unknown function in file mode/markdown/markdown.js can cause inefficient regular expression complexity, enabling a remote attack. IBM/Consoles describe the vulnerability and advise upgrading the affected component to CodeMirror 6 ...

6.9CVSS5.6AI score0.00448EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/06/22 8:0 p.m.3 views

CVE-2025-6492 MarkText index.js getRecommendTitleFromMarkdownString redos

A vulnerability has been found in MarkText up to 0.17.1 and classified as problematic. Affected by this vulnerability is the function getRecommendTitleFromMarkdownString of the file marktext/src/main/utils/index.js. The manipulation leads to inefficient regular expression complexity. The attack c...

6.9CVSS5.3AI score0.00448EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/06/11 7:18 p.m.5 views

CVE-2025-5891

A vulnerability classified as problematic was found in Unitech pm2 up to 6.0.6. This vulnerability affects unknown code of the file /lib/tools/Config.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. The exploit has been disclosed to th...

5.3CVSS4.6AI score0.0062EPSS
Exploits1References1
NVD
NVD
added 2025/06/09 8:15 p.m.17 views

CVE-2025-5892

A vulnerability, which was classified as problematic, has been found in RocketChat up to 7.6.1. This issue affects the function parseMessage of the file /apps/meteor/app/irc/server/servers/RFC2813/parseMessage.js. The manipulation of the argument line leads to inefficient regular expression...

7.5CVSS0.00508EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/06/09 7:0 p.m.3 views

CVE-2025-5891 Unitech pm2 Config.js redos

A vulnerability classified as problematic was found in Unitech pm2 up to 6.0.6. This vulnerability affects unknown code of the file /lib/tools/Config.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. The exploit has been disclosed to th...

5.3CVSS7.3AI score0.0062EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/06/09 6:31 p.m.8 views

CVE-2025-5890 actions toolkit glob internal-pattern.ts globEscape redos

A vulnerability classified as problematic has been found in actions toolkit 0.5.0. This affects the function globEscape of the file toolkit/packages/glob/src/internal-pattern.ts of the component glob. The manipulation leads to inefficient regular expression complexity. It is possible to initiate...

5.3CVSS7.1AI score0.00347EPSS
Exploits0References4
CVE
CVE
added 2025/06/09 6:31 p.m.48 views

CVE-2025-5890

The CVE-2025-5890 entry concerns actions toolkit 0.5.0, specifically the glob component’s globEscape function in toolkit/packages/glob/src/internal-pattern.ts. The vulnerability is described as causing inefficient regular expression complexity (a Regular Expression Denial of Service, DoS risk). I...

5.3CVSS7.1AI score0.00347EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/06/09 12:0 a.m.6 views

PT-2025-24558 · Metabase · Metabase

Name of the Vulnerable Software and Affected Versions: Metabase version 54.10 Description: A problematic issue was found in the function parseDataUri of the file frontend/src/metabase/lib/dom.js. This issue leads to inefficient regular expression complexity and can be initiated remotely...

7.5CVSS4.4AI score0.00514EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2025/06/09 12:0 a.m.8 views

PT-2025-24561 · Taro · Taro

Name of the Vulnerable Software and Affected Versions: tarojs versions up to 4.1.1 Description: A vulnerability exists in tarojs that has been identified as problematic. The issue affects unknown code within the file taro/packages/css-to-react-native/src/index.js, leading to inefficient regular...

7.5CVSS4.5AI score0.00514EPSS
Exploits1References13
RedhatCVE
RedhatCVE
added 2025/05/23 10:36 a.m.9 views

CVE-2024-9277

A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of the component HTTP POST Request Handler. The manipulation of the argument remainingtext leads to...

6.5CVSS6.7AI score0.00896EPSS
Exploits1
Rows per page
Query Builder