Lucene search
K

4079 matches found

Spring Security Advisories
Spring Security Advisories
added 2026/06/09 12:0 a.m.8 views

CVE-2026-41696: Spring Data MongoDB Bind Parameter Literal Quoting Breakout

Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding e.g., @Query" name : /^\Q?0\E$/ " perform insufficient validation of the bound parameter. An attacker can supply a crafted string to break out of the intended regular expression quoting. When the...

5.9CVSS5.8AI score0.00262EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.14 views

PT-2026-48341

Name of the Vulnerable Software and Affected Versions Net::IMAP versions prior to 0.5.15 Net::IMAP versions prior to 0.6.5 Description Several commands in the Net::IMAP Ruby client accept raw string arguments that are only validated to prevent CRLF injection and are then sent verbatim. An incorre...

2.1CVSS5.9AI score0.00239EPSS
Exploits0References7
Snyk
Snyk
added 2026/06/09 12:0 a.m.10 views

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the @Query regex parameter binding when a bound parameter is placed inside a regular expression literal using \Q...\E quoting e.g. @Query" name : /^\\Q?0\\E$/ "...

8.2CVSS5.3AI score0.00262EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/08 11:8 p.m.15 views

nebula-mesh: Host advanced overrides allow YAML injection into agent config.yml

internal/configgen/generator.go:86,108,119 interpolates the operator-supplied ListenHost and TunDevice fields raw into a text/template that produces the agent's config.yml. internal/web/advanced.go:20-35 accepts both with only strings.TrimSpace — no character or shape validation. Exploit An...

5.5AI score0.00052EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/06/08 6:24 p.m.31 views

CVE-2026-52778

YesWiki (PHP-based wiki) exposes a vulnerability in the Bazar form field calculator (CalcField.php) present before version 4.6.6. The code attempts to sanitize user-defined mathematical formulas using a complex recursive regex prior to passing them to PHP eval(), creating a surface for Regular Ex...

9.8CVSS6AI score0.00561EPSS
Exploits0References3
NVD
NVD
added 2026/06/08 4:16 p.m.15 views

CVE-2026-44631

Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

9.8CVSS0.00486EPSS
Exploits0References2
OSV
OSV
added 2026/06/08 4:16 p.m.2 views

ALPINE-CVE-2026-44631

Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

9.8CVSS5.9AI score0.00486EPSS
Exploits0References1
OSV
OSV
added 2026/06/08 4:16 p.m.28 views

UBUNTU-CVE-2026-44631

Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

9.8CVSS5.4AI score0.00486EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:19 p.m.12 views

CVE-2026-44631

Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

5.4AI score0.00486EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/08 3:19 p.m.16 views

CVE-2026-44631 Apache HTTP Server: Heap Underflow in `ap_regname` via Signed Char Overflow

Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

5.4AI score0.00486EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/08 3:19 p.m.11 views

CVE-2026-44631

Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

9.8CVSS5.4AI score0.00486EPSS
Exploits0
CVE
CVE
added 2026/06/08 3:19 p.m.446 views

CVE-2026-44631

CVE-2026-44631 describes a Buffer Underwrite in the Apache HTTP Server when processing crafted regular expressions in its configuration. The issue affects Apache httpd from version 2.4.0 through 2.4.67. The advisory recommends upgrading to version 2.4.68, which contains the fix. The provided conn...

9.8CVSS5.4AI score0.00486EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/08 3:19 p.m.12 views

EUVD-2026-35095

Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

9.8CVSS5.4AI score0.00486EPSS
Exploits0References1
NVD
NVD
added 2026/06/08 3:16 a.m.13 views

CVE-2026-11478

A flaw has been found in kokke tiny-regex-c up to f2632c6d9ed25272987471cdb8b70395c2460bdb. This vulnerability affects the function matchstar of the file re.c of the component Pattern Handler. This manipulation causes inefficient regular expression complexity. The attack is restricted to local...

4.8CVSS0.00113EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/06/08 2:0 a.m.9 views

CVE-2026-11478 kokke tiny-regex-c Pattern re.c matchstar redos

A flaw has been found in kokke tiny-regex-c up to f2632c6d9ed25272987471cdb8b70395c2460bdb. This vulnerability affects the function matchstar of the file re.c of the component Pattern Handler. This manipulation causes inefficient regular expression complexity. The attack is restricted to local...

4.8CVSS4.8AI score0.00113EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/08 2:0 a.m.41 views

CVE-2026-11478 kokke tiny-regex-c Pattern re.c matchstar redos

A flaw has been found in kokke tiny-regex-c up to f2632c6d9ed25272987471cdb8b70395c2460bdb. This vulnerability affects the function matchstar of the file re.c of the component Pattern Handler. This manipulation causes inefficient regular expression complexity. The attack is restricted to local...

4.8CVSS0.00113EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/08 2:0 a.m.10 views

CVE-2026-11478

A flaw has been found in kokke tiny-regex-c up to f2632c6d9ed25272987471cdb8b70395c2460bdb. This vulnerability affects the function matchstar of the file re.c of the component Pattern Handler. This manipulation causes inefficient regular expression complexity. The attack is restricted to local...

4.8CVSS4.9AI score0.00113EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/08 2:0 a.m.15 views

EUVD-2026-35009

A flaw has been found in kokke tiny-regex-c up to f2632c6d9ed25272987471cdb8b70395c2460bdb. This vulnerability affects the function matchstar of the file re.c of the component Pattern Handler. This manipulation causes inefficient regular expression complexity. The attack is restricted to local...

4.8CVSS4.9AI score0.00113EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.29 views

PT-2026-47240

A flaw has been found in kokke tiny-regex-c up to f2632c6d9ed25272987471cdb8b70395c2460bdb. This vulnerability affects the function matchstar of the file re.c of the component Pattern Handler. This manipulation causes inefficient regular expression complexity. The attack is restricted to local...

4.8CVSS4.8AI score0.00113EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.10 views

tiny-regex-c 资源管理错误漏洞

tiny-regex-c is a lightweight regular expression parsing library developed by Kokke. There is a resource management vulnerability in tiny-regex-c, which stems from improper operation of the matchstar function in the pattern processing component of the file re.c. This vulnerability may lead to...

4.8CVSS4.6AI score0.00113EPSS
Exploits0References1
Rows per page
Query Builder