Lucene search
K

104 matches found

NVD
NVD
added 2026/06/20 7:16 p.m.14 views

CVE-2025-71379

vLLM versions = 0.6.3 and 0.9.0 contain multiple regular expression denial of service ReDoS vulnerabilities. Several regex patterns — in vllm/lora/utils.py, the phi4mini tool parser, and the OpenAI-compatible serving chat endpoint — are susceptible to catastrophic backtracking. An attacker...

7.5CVSS0.00321EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/02 11:45 p.m.9 views

CVE-2026-10692 johnhuang316 code-index-mcp search_code_advanced is_safe_regex_pattern redos

A weakness has been identified in johnhuang316 code-index-mcp up to 2.14.0. Affected is the function issaferegexpattern of the component searchcodeadvanced. Executing a manipulation of the argument regex can lead to inefficient regular expression complexity. It is possible to launch the attack...

5.3CVSS5.4AI score0.0031EPSS
Exploits0References8
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.12 views

Astra Linux – Vulnerability in JRuby

In Ruby, WEBrick::HTTPAuth::DigestAuth from versions 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 causes a denial-of-service attack due to a regular expression issue related to looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the internet or a trusted...

7.8CVSS6.8AI score0.05128EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/21 5:17 p.m.10 views

EUVD-2026-24021

Signal K Server has an Unauthenticated Regular Expression Denial of Service ReDoS via WebSocket Subscription Paths...

7.5CVSS5.7AI score0.00427EPSS
Exploits1References5
OSV
OSV
added 2026/03/02 9:8 a.m.6 views

BIT-GITLAB-2026-1388 Inefficient Regular Expression Complexity in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause regular expression denial of service by sending specially crafted input to a merge request endpoint und...

7.5CVSS6AI score0.00357EPSS
Exploits0References4
NVD
NVD
added 2026/02/25 9:16 p.m.9 views

CVE-2026-1388

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause regular expression denial of service by sending specially crafted input to a merge request endpoint und...

7.5CVSS0.00357EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.7 views

PT-2026-21994

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 9.2 through 18.7.4 GitLab CE/EE versions 18.8 through 18.8.4 GitLab CE/EE versions 18.9 through 18.9.0 Description An unauthenticated user could potentially cause a denial of service by sending specially crafted input to ...

7.5CVSS5.2AI score0.00357EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.10 views

GitLab CE/EE 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. Versions of GitLab CE/EE prior to 18.7.5, 18.8.5, and 18.9.1 containe...

7.5CVSS5.8AI score0.00357EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/02/12 12:0 a.m.15 views

Ubuntu 22.04 LTS / 24.04 LTS : Python-Multipart vulnerabilities (USN-8027-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8027-1 advisory. It was discovered that Python-Multipart incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause...

8.6CVSS7.9AI score0.02228EPSS
Exploits6References4
CNNVD
CNNVD
added 2025/10/30 12:0 a.m.10 views

ZOHO ManageEngine Exchange Reporter Plus 安全漏洞

ZOHO ManageEngine Exchange Reporter Plus is a Web-based Exchange Server reporting software from ZOHO, Inc. A security vulnerability exists in ZOHO ManageEngine Exchange Reporter Plus 5721 and prior versions that stems from a regular expression denial of service vulnerability in the search module...

6.5CVSS6.6AI score0.01037EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.10 views

EUVD-2021-0505

Malware in sbrugna...

6.5CVSS6.4AI score0.01792EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-6346

Malware in sbrugna...

7.5CVSS7.4AI score0.01212EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-34350

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00657EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/19 12:0 a.m.14 views

Zabbix plugin for Grafana 安全漏洞

Zabbix plugin for Grafana is an open source Zabbix plugin for Grafana dashboards from Grafana Labs. A security vulnerability exists in Zabbix plugin for Grafana version 5.2.1 and earlier, which stems from a user-supplied regular expression query that could result in a regular expression denial of...

4.3CVSS9AI score0.00323EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/24 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2016-10539

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for Accept-Language, when...

7.5CVSS7.2AI score0.01399EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/08/06 12:0 a.m.5 views

Hugging Face Transformers 安全漏洞

Hugging Face Transformers is Hugging Face's open source advanced natural language processing for Jax, PyTorch and TensorFlow. A security vulnerability exists in Hugging Face Transformers 4.51.3 and earlier versions that stems from a regular expression denial of service attack...

5.3CVSS5.4AI score0.00391EPSS
Exploits1References3
OSV
OSV
added 2025/08/04 3:22 p.m.10 views

GHSA-5662-2RJ7-F2V6 copyparty allows Regex Denial of Service (ReDoS) in the upload listing

Summary The filter parameter for the "Recent uploads" page allows arbitrary Regexes. If this feature is enabled which is the default, an attacker can craft a filter which deadlocks the server. PoC https://127.0.0.1:3923/?ru&filter=.++x Impact The server becomes fully inaccessible for a long time...

7.5CVSS6.3AI score0.00397EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2025/08/04 3:22 p.m.14 views

copyparty allows Regex Denial of Service (ReDoS) in the upload listing

Summary The filter parameter for the "Recent uploads" page allows arbitrary Regexes. If this feature is enabled which is the default, an attacker can craft a filter which deadlocks the server. PoC https://127.0.0.1:3923/?ru&filter=.++x Impact The server becomes fully inaccessible for a long time...

7.5CVSS6.5AI score0.00397EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2025/08/01 11:38 p.m.24 views

CVE-2025-54796

CVE-2025-54796 concerns Copyparty, a portable file server. The vulnerability affects versions prior to 1.18.9 where the filter parameter on the "Recent Uploads" page accepts arbitrary RegExes. When this feature is enabled (the default), an attacker can craft a regex-based filter that deadlocks th...

7.5CVSS7AI score0.00397EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2025/08/01 11:38 p.m.20 views

CVE-2025-54796 Copyparty is vulnerable to Regex Denial of Service (ReDoS) attacks through "Recent Uploads" page

Copyparty is a portable file server. Versions prior to 1.18.9, the filter parameter for the "Recent Uploads" page allows arbitrary RegExes. If this feature is enabled which is the default, an attacker can craft a filter which deadlocks the server. This is fixed in version 1.18.9...

7.5CVSS0.00397EPSS
Exploits1References3
Rows per page
Query Builder