Lucene search
K

76 matches found

ATTACKERKB
ATTACKERKB
added 6 days ago8 views

CVE-2026-54760

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.1, the SQLChatAgent SQL-injection mitigation, with default allowdangerousoperations=False, combines a raw-text regex blocklist DANGEROUSSQLPATTERNS with a sqlglot SELECT-only statement allowlist...

9.3CVSS6.1AI score0.00646EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/07/06 8:39 p.m.6 views

Langroid: SQLChatAgent dangerous-function blocklist can be bypassed with quoted or schema-qualified pg_read_file calls

SQLChatAgent validatequery dangerous-pattern regex is bypassable via quoted/commented/qualified function names Summary The SQLChatAgent SQL-injection mitigation, with default allowdangerousoperations=False, combines a raw-text regex blocklist DANGEROUSSQLPATTERNS with a sqlglot SELECT-only...

9.8CVSS6.2AI score0.00646EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.9 views

PT-2026-56062

SQLChatAgent validate query dangerous-pattern regex is bypassable via quoted/commented/qualified function names Summary The SQLChatAgent SQL-injection mitigation, with default allow dangerous operations=False, combines a raw-text regex blocklist DANGEROUS SQL PATTERNS with a sqlglot SELECT-only...

9.3CVSS6.2AI score0.00646EPSS
Exploits0References4
OSV
OSV
added 2026/06/24 9:16 p.m.4 views

UBUNTU-CVE-2026-11998

A flaw in AngularJS' Strict Contextual Escaping SCE logic allows bypassing certain SCE policies for resource URLs and can lead to arbitrary JavaScript execution within the context of the victim's browser session. SCE's purpose is to ensure that only trusted or safe values are used in certain...

7.6CVSS6AI score0.00338EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/23 12:13 p.m.5 views

CVE-2026-56274

Flowise before 3.1.2 contains multiple OS command injection vulnerabilities in the Custom MCP Server feature due to incomplete command-flag validation and a regex bypass in local file access restrictions. An attacker with a Flowise account of any role, or API access with view/update permissions f...

9.9CVSS6.2AI score0.02683EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.15 views

PT-2026-51507

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description Multiple OS command injection issues exist in the Custom MCP Server feature. These occur due to incomplete command-flag validation and a regex bypass in local file access restrictions. An attacker wi...

9.9CVSS6.2AI score0.02683EPSS
Exploits1References12
CVE
CVE
added 2026/06/18 4:11 p.m.31 views

CVE-2026-56021

CVE-2026-56021 affects Webmin. An unauthenticated attacker can read contents of any .conf file in module directories because of a bypassable regex pattern, causing information disclosure (confidentiality impact: low). The CVSS metrics place it at Medium: CVSS v3.1 base score 5.3 (NETWORK, LOW com...

6.9CVSS5.2AI score0.0028EPSS
Exploits0References4
OSV
OSV
added 2026/05/29 7:33 p.m.3 views

CVE-2026-44287 FastGPT: sandbox escape to RCE - code-sandbox regex /\bimport\s*\(/ is bypassable

FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, the JavaScript sandbox worker at projects/code-sandbox/src/pool/worker.ts:356 blocks dynamic import with the regex /\bimport\s/.testcode. JavaScript syntax accepts a block comment between import and ; the regex matches only ASCII...

6.3CVSS6.2AI score0.00239EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/27 3:3 p.m.9 views

CVE-2026-44838 RabbitMQ MQTT Topic Permission Authorization Bypass

RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrators can create patterns such as ^clientid-sensors$ to restrict user access to topics that include...

5.3CVSS5.8AI score0.0025EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 3:27 p.m.12 views

CVE-2026-44664 fast-xml-builder: Comment Value bypass regex

fast-xml-builder builds XML from JSON. In 1.1.5, the fix for CVE-2026-41650 in fast-xml-parser sanitizes -- sequences in XML comment content using .replace/--/g, '- -'. This skip the values containing three consecutive dashes e.g., ---..., allowing an attacker to break out of an XML comment and...

6.1CVSS5.9AI score0.00238EPSS
Exploits1References1
CVE
CVE
added 2026/05/13 3:27 p.m.27 views

CVE-2026-44664

The CVE concerns fast-xml-builder, which converts JSON to XML. In version 1.1.5, the fix for CVE-2026-41650 in fast-xml-parser sanitized -- sequences in XML comments via .replace(/--/g, '- -'), allowing an attacker to break out of a comment and inject arbitrary XML/HTML. The issue is addressed in...

6.1CVSS5.9AI score0.00238EPSS
Exploits1References1
OSV
OSV
added 2026/05/13 3:27 p.m.1 views

CVE-2026-44664 fast-xml-builder: Comment Value bypass regex

fast-xml-builder builds XML from JSON. In 1.1.5, the fix for CVE-2026-41650 in fast-xml-parser sanitizes -- sequences in XML comment content using .replace/--/g, '- -'. This skip the values containing three consecutive dashes e.g., ---..., allowing an attacker to break out of an XML comment and...

6.1CVSS6AI score0.00194EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/30 8:38 p.m.5 views

CVE-2026-40912 Traefik: StripPrefixRegex auth bypass via Path/RawPath desync

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in combination with ForwardAuth, BasicAuth, or DigestAuth. The middleware matches...

7.8CVSS5.7AI score0.00767EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/04/21 4:25 p.m.7 views

Tekton Pipelines has VerificationPolicy regex pattern bypass via substring matching

hey guys, triage contract this is a first-screen summary; deterministic proof is in the proof bundle canonical.log/control.log/witness.txt. summary trusted resources verification policies match a resource source string refSource.URI against spec.resources.pattern using regexp.MatchString. in go,...

6.5CVSS5.8AI score0.00264EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/04/21 4:5 p.m.3 views

CVE-2026-25542 Tekton Pipelines: VerificationPolicy regex pattern bypass via substring matching

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.43.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, trusted resources verification policies match a resource source string refSource.URI against spec.resources.pattern...

6.5CVSS5.9AI score0.00264EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.9 views

fast-jwt 加密问题漏洞

fast-jwt is a JSON Web Token implementation open-sourced by Nearform. Versions of fast-jwt up to 6.1.0 contained a vulnerability related to encryption. This vulnerability stemmed from the ^ anchor character in the publicKeyPemMatcher regular expression, which could be bypassed by leading spaces i...

9.1CVSS5.7AI score0.00235EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/03 5:0 p.m.6 views

CVE-2026-34729

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, there is a stored XSS vulnerability via Regex Bypass in Filter::removeAttributes. This issue has been patched in version 4.1.1...

6.1CVSS5.8AI score0.00241EPSS
Exploits1References1
OSV
OSV
added 2026/04/02 4:16 p.m.37 views

UBUNTU-CVE-2026-33691

The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a bypass was identified in OWASP CRS that allows uploading files with dangerous extensions .php, .phar, .jsp, .jspx by inserting whitespace...

7.5CVSS5.7AI score0.02172EPSS
Exploits0References3
NVD
NVD
added 2026/04/02 3:16 p.m.6 views

CVE-2026-34729

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, there is a stored XSS vulnerability via Regex Bypass in Filter::removeAttributes. This issue has been patched in version 4.1.1...

6.1CVSS0.00241EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/02 2:46 p.m.5 views

EUVD-2026-18260

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, there is a stored XSS vulnerability via Regex Bypass in Filter::removeAttributes. This issue has been patched in version 4.1.1...

6.1CVSS5.8AI score0.00241EPSS
Exploits1References2
Rows per page
Query Builder