Lucene search
K

50 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/20 6:27 p.m.7 views

CVE-2025-71379

vLLM versions = 0.6.3 and 0.9.0 contain multiple regular expression denial of service ReDoS vulnerabilities. Several regex patterns — in vllm/lora/utils.py, the phi4mini tool parser, and the OpenAI-compatible serving chat endpoint — are susceptible to catastrophic backtracking. An attacker...

5.3CVSS5.9AI score0.00321EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/06/08 6:24 p.m.32 views

CVE-2026-52778

YesWiki (PHP-based wiki) exposes a vulnerability in the Bazar form field calculator (CalcField.php) present before version 4.6.6. The code attempts to sanitize user-defined mathematical formulas using a complex recursive regex prior to passing them to PHP eval(), creating a surface for Regular Ex...

9.8CVSS6AI score0.00561EPSS
Exploits0References3
OSV
OSV
added 2026/05/07 6:30 p.m.5 views

GHSA-VPXX-H23G-GXH2 youtube-regex vulnerable to Regex Denial of Service

Regex Denial of Service in youtube-regex npm package through version 1.0.5...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/05 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-10990

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in REXML. A remote attacker could exploit inefficient regular expression regex parsing when processing hex numeric character references &x...; ...

7.5CVSS5.5AI score0.00468EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/25 9:16 p.m.5 views

CVE-2026-1388

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause regular expression denial of service by sending specially crafted input to a merge request endpoint und...

7.5CVSS5.9AI score0.00357EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/25 8:5 p.m.3 views

CVE-2026-1388 Inefficient Regular Expression Complexity in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause regular expression denial of service by sending specially crafted input to a merge request endpoint und...

7.5CVSS6AI score0.00357EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/25 8:5 p.m.4 views

CVE-2026-1388

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause regular expression denial of service by sending specially crafted input to a merge request endpoint und...

7.5CVSS5.4AI score0.00357EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2026/02/25 8:5 p.m.7 views

CVE-2026-1388

Removed by vendor...

7.5CVSS5.8AI score0.00357EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/24 12:0 a.m.2 views

Regular Expression Denial of Service Induced by Backreferences

This paper presents the first systematic study of denial-of-service vulnerabilities in Regular Expressions with Backreferences REwB. We introduce the Two-Phase Memory Automaton 2PMFA, an automaton model that precisely captures REwB semantics. Using this model, we derive necessary conditions under...

5.9AI score
Exploits0
NVD
NVD
added 2026/02/11 7:15 p.m.8 views

CVE-2025-69873

ajv Another JSON Schema Validator before 8.18.0 is vulnerable to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax $data reference, which is passed directly to the JavaScript RegExp constructor without...

7.5CVSS0.00492EPSS
Exploits1References32
OSV
OSV
added 2026/02/11 5:5 p.m.7 views

USN-8027-1 python-multipart vulnerabilities

It was discovered that Python-Multipart incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause Python-Multipart to consume excessive resources, leading to a regular expression denial of service. This issue only affected Ubuntu 22.04 LTS. CVE-2024-24762...

8.6CVSS7.4AI score0.02228EPSS
Exploits6References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2018-0292

Malware in sbrugna...

7.5CVSS7.5AI score0.01584EPSS
Exploits0References6
CVE
CVE
added 2025/09/19 9:44 a.m.773 views

CVE-2025-10630

Technical details about CVE-2025-10630 are not publicly available in the provided documents; monitor for updates.

4.3CVSS6.3AI score0.00323EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/19 9:44 a.m.3 views

CVE-2025-10630 Regex DoS in Grafana Zabbix Plugin

Grafana is an open-source platform for monitoring and observability. Grafana-Zabbix is a plugin for Grafana allowing to visualize monitoring data from Zabbix and create dashboards for analyzing metrics and realtime monitoring. Versions 5.2.1 and below contained a ReDoS vulnerability via...

4.3CVSS6.3AI score0.00323EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/19 9:44 a.m.12 views

CVE-2025-10630 Regex DoS in Grafana Zabbix Plugin

Grafana is an open-source platform for monitoring and observability. Grafana-Zabbix is a plugin for Grafana allowing to visualize monitoring data from Zabbix and create dashboards for analyzing metrics and realtime monitoring. Versions 5.2.1 and below contained a ReDoS vulnerability via...

4.3CVSS0.00323EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2024-1963

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.4 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from...

6.5CVSS5.5AI score0.00575EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2024-3114

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab CE/EE affecting all versions starting from 11.10 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2, with the...

6.5CVSS5.4AI score0.00462EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/23 4:49 a.m.2 views

CVE-2025-43764

Self-ReDoS Regular expression Denial of Service exists with Role Name search field of Kaleo Designer portlet JavaScript in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.1, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.20...

6.9CVSS6.9AI score0.00289EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2019-20922

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Handlebars before 4.4.5 allows Regular Expression Denial of Service ReDoS because of eager matching. The parser may be forced into an endless loop while...

7.8CVSS8AI score0.03793EPSS
Exploits0References2
OSV
OSV
added 2025/06/30 6:31 p.m.5 views

GHSA-994J-5C83-R424 string-math's string-math.js vulnerability can cause Regex Denial of Service (ReDoS)

string-math v1.2.2 was discovered to contain a Regex Denial of Service ReDoS which is exploited via a crafted input...

3.7CVSS5.9AI score0.00362EPSS
Exploits1References5
Rows per page
Query Builder