Lucene search
K

667 matches found

Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.8 views

PT-2026-30852

Name of the Vulnerable Software and Affected Versions Gotenberg versions 8.29.1 and earlier Description Gotenberg uses the dlclark/regexp2 library to compile user-supplied scope patterns without a timeout. This allows users with access to features utilizing this logic to potentially hang workers...

9.8CVSS5.9AI score0.00497EPSS
Exploits1References8
vulnersOsv
vulnersOsv
added 2026/03/27 10:23 p.m.7 views

07-calito-router (>=0.0.2 <=0.0.4), 07-dey-router (>=0.0.1 <=0.0.2) +961 more potentially affected by CVE-2026-4923 via path-to-regexp (>=8.0.0 <=8.3.0)

path-to-regexp NPM version =8.0.0, =0.0.2, =0.0.1, =0.0.0, =0.0.1, =0.0.1, =0.0.0, =0.0.1, =0.0.2, =0.0.1-alpha.2, =0.0.1-alpha.1, =4.0.61, =4.0.61, =0.0.1, =0.3.1, =0.3.4 and more Source cves: CVE-2026-4923 Source advisory: OSV:GHSA-27V5-C462-WPQ7...

5.9CVSS6.2AI score0.00353EPSS
Exploits0
OSV
OSV
added 2026/03/27 10:23 p.m.7 views

GHSA-27V5-C462-WPQ7 path-to-regexp vulnerable to Regular Expression Denial of Service via multiple wildcards

Impact When using multiple wildcards, combined with at least one parameter, a regular expression can be generated that is vulnerable to ReDoS. This backtracking vulnerability requires the second wildcard to be somewhere other than the end of the path. Unsafe examples: /foo-bar-:baz /a-:b-c-:d...

5.9CVSS5.8AI score0.00353EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/27 10:23 p.m.12 views

path-to-regexp vulnerable to Regular Expression Denial of Service via multiple wildcards

Impact When using multiple wildcards, combined with at least one parameter, a regular expression can be generated that is vulnerable to ReDoS. This backtracking vulnerability requires the second wildcard to be somewhere other than the end of the path. Unsafe examples: /foo-bar-:baz /a-:b-c-:d...

5.9CVSS5.9AI score0.00353EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2026/03/27 10:23 p.m.8 views

07-calito-router (>=0.0.2 <=0.0.4), 07-dey-router (>=0.0.1 <=0.0.2) +961 more potentially affected by CVE-2026-4926 via path-to-regexp (>=8.0.0 <=8.3.0)

path-to-regexp NPM version =8.0.0, =0.0.2, =0.0.1, =0.0.0, =0.0.1, =0.0.1, =0.0.0, =0.0.1, =0.0.2, =0.0.1-alpha.2, =0.0.1-alpha.1, =4.0.61, =4.0.61, =0.0.1, =0.3.1, =0.3.4 and more Source cves: CVE-2026-4926 Source advisory: OSV:GHSA-J3Q9-MXJG-W52F...

7.5CVSS6.2AI score0.00791EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/03/27 10:23 p.m.37 views

path-to-regexp vulnerable to Denial of Service via sequential optional groups

Impact A bad regular expression is generated any time you have multiple sequential optional groups curly brace syntax, such as abc:z. The generated regex grows exponentially with the number of groups, causing denial of service. Patches Fixed in version 8.4.0. Workarounds Limit the number of...

7.5CVSS5.9AI score0.00791EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/27 10:23 p.m.6 views

GHSA-J3Q9-MXJG-W52F path-to-regexp vulnerable to Denial of Service via sequential optional groups

Impact A bad regular expression is generated any time you have multiple sequential optional groups curly brace syntax, such as abc:z. The generated regex grows exponentially with the number of groups, causing denial of service. Patches Fixed in version 8.4.0. Workarounds Limit the number of...

7.5CVSS5.9AI score0.00791EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/27 10:15 p.m.4 views

CVE-2026-33994 Locutus Prototype Pollution due to incomplete fix for CVE-2026-25521

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Starting in version 2.0.39 and prior to version 3.0.25, a prototype pollution vulnerability exists in the parsestr function of the npm package locutus. An attacker can pollute Object.prototype by...

6.3CVSS5.9AI score0.00559EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/27 8:4 p.m.20 views

path-to-regexp vulnerable to Regular Expression Denial of Service via multiple route parameters

Impact A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period .. For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in [email protected] only prevents ambiguity for two parameter...

7.5CVSS5.9AI score0.00496EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 2026/03/27 8:4 p.m.6 views

EUVD-2026-16273

path-to-regexp vulnerable to Regular Expression Denial of Service via multiple route parameters...

7.5CVSS5.9AI score0.00496EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2026/03/27 8:4 p.m.6 views

@1771technologies/play-frame (>=0.0.2 <=0.0.19), @9188/doso (>=1.0.0 <=1.0.10) +2136 more potentially affected by CVE-2026-4867 via path-to-regexp (>=0.0.2 <=0.1.12)

path-to-regexp NPM version =0.0.2, =0.0.2, =1.0.0, =1.0.44, =1.16.33, =1.16.33, =25.4.0-alpha.0, =16.7.2, =1.0.1, =2.4.3, =1.11.282, =1.1.55, =0.1.4, =0.1.12-beta.3 and more Source cves: CVE-2026-4867 Source advisory: OSV:GHSA-37CH-88JC-XWX2...

7.5CVSS6AI score0.00496EPSS
Exploits0
OSV
OSV
added 2026/03/27 8:4 p.m.2 views

GHSA-37CH-88JC-XWX2 path-to-regexp vulnerable to Regular Expression Denial of Service via multiple route parameters

Impact A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period .. For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in [email protected] only prevents ambiguity for two parameter...

7.5CVSS5.9AI score0.00496EPSS
Exploits0References7
Snyk
Snyk
added 2026/03/27 5:58 p.m.4 views

Prototype Pollution

Overview locutus is a Locutus other languages' stadard libraries to JavaScript for fun and educational purposes Affected versions of this package are vulnerable to Prototype Pollution in the parsestr function. An attacker can modify the prototype of built-in objects by overriding...

9.8CVSS6.5AI score0.00559EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.4 views

PT-2026-28588

Name of the Vulnerable Software and Affected Versions locutus versions 2.0.39 through 3.0.24 Description A prototype pollution issue exists in the parse str function of the npm package locutus. An attacker can manipulate Object.prototype by overriding RegExp.prototype.test and then providing a...

6.3CVSS6.5AI score0.00559EPSS
Exploits1References9
vulnersOsv
vulnersOsv
added 2026/03/26 8:34 p.m.5 views

07-calito-router (>=0.0.2 <=0.0.4), 07-dey-router (>=0.0.1 <=0.0.2) +961 more potentially affected by CVE-2026-4923 via path-to-regexp (>=8.0.0 <=8.3.0)

path-to-regexp NPM version =8.0.0, =0.0.2, =0.0.1, =0.0.0, =0.0.1, =0.0.1, =0.0.0, =0.0.1, =0.0.2, =0.0.1-alpha.2, =0.0.1-alpha.1, =4.0.61, =4.0.61, =0.0.1, =0.3.1, =0.3.4 and more Source cves: CVE-2026-4923 Source advisory: SNYK:JS-PATHTOREGEXP-15789765...

5.9CVSS6.2AI score0.00353EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/26 8:34 p.m.7 views

org.webjars.npm:chai-backbone (=0.9.2), org.webjars.npm:express (=5.1.0) +5 more potentially affected by CVE-2026-4926 via org.webjars.npm:path-to-regexp (=8.2.0)

org.webjars.npm:path-to-regexp MAVEN version =8.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:path-to-regexp and may be impacted: - org.webjars.npm:chai-backbone =0.9.2 - org.webjars.npm:express =5.1.0 -...

7.5CVSS6.2AI score0.00791EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/26 8:34 p.m.5 views

07-calito-router (>=0.0.2 <=0.0.4), 07-dey-router (>=0.0.1 <=0.0.2) +961 more potentially affected by CVE-2026-4926 via path-to-regexp (>=8.0.0 <=8.3.0)

path-to-regexp NPM version =8.0.0, =0.0.2, =0.0.1, =0.0.0, =0.0.1, =0.0.1, =0.0.0, =0.0.1, =0.0.2, =0.0.1-alpha.2, =0.0.1-alpha.1, =4.0.61, =4.0.61, =0.0.1, =0.3.1, =0.3.4 and more Source cves: CVE-2026-4926 Source advisory: SNYK:JS-PATHTOREGEXP-15789763...

7.5CVSS6.2AI score0.00791EPSS
Exploits0
Cvelist
Cvelist
added 2026/03/26 7:2 p.m.20 views

CVE-2026-4923 path-to-regexp vulnerable to Regular Expression Denial of Service via multiple wildcards

Impact: When using multiple wildcards, combined with at least one parameter, a regular expression can be generated that is vulnerable to ReDoS. This backtracking vulnerability requires the second wildcard to be somewhere other than the end of the path. Unsafe examples: /foo-bar-:baz /a-:b-c-:d...

5.9CVSS0.00353EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/26 6:59 p.m.26 views

CVE-2026-4926 path-to-regexp vulnerable to Denial of Service via sequential optional groups

Impact: A bad regular expression is generated any time you have multiple sequential optional groups curly brace syntax, such as abc:z. The generated regex grows exponentially with the number of groups, causing denial of service. Patches: Fixed in version 8.4.0. Workarounds: Limit the number of...

7.5CVSS0.00791EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/26 6:59 p.m.2 views

CVE-2026-4926 path-to-regexp vulnerable to Denial of Service via sequential optional groups

Impact: A bad regular expression is generated any time you have multiple sequential optional groups curly brace syntax, such as abc:z. The generated regex grows exponentially with the number of groups, causing denial of service. Patches: Fixed in version 8.4.0. Workarounds: Limit the number of...

7.5CVSS5.9AI score0.00791EPSS
Exploits0References1
Rows per page
Query Builder