Lucene search
K

667 matches found

Vulnrichment
Vulnrichment
added 2026/03/26 6:59 p.m.2 views

CVE-2026-4926 path-to-regexp vulnerable to Denial of Service via sequential optional groups

Impact: A bad regular expression is generated any time you have multiple sequential optional groups curly brace syntax, such as abc:z. The generated regex grows exponentially with the number of groups, causing denial of service. Patches: Fixed in version 8.4.0. Workarounds: Limit the number of...

7.5CVSS5.9AI score0.00791EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/03/26 6:34 p.m.6 views

@1771technologies/play-frame (>=0.0.2 <=0.0.19), @9188/doso (>=1.0.0 <=1.0.10) +2136 more potentially affected by CVE-2024-45296 +1 more via path-to-regexp (>=0.0.2 <=0.1.12)

path-to-regexp NPM version =0.0.2, =0.0.2, =1.0.0, =1.0.44, =1.16.33, =1.16.33, =25.4.0-alpha.0, =16.7.2, =1.0.1, =2.4.3, =1.11.282, =1.1.55, =0.1.4, =0.1.12-beta.3 and more Source cves: CVE-2024-45296, CVE-2026-4867 Source advisory: SNYK:JS-PATHTOREGEXP-15789761...

7.5CVSS6.6AI score0.00932EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/26 6:34 p.m.8 views

com.codbex.aion:codbex-aion-platform (>=0.5.6 <=0.5.7), com.codbex.aion:codbex-aion-platform-keycloack (>=0.5.6 <=0.5.7) +96 more potentially affected by CVE-2024-45296 +1 more via org.webjars.npm:path-to-regexp (>=0.1.7 <=8.2.0)

org.webjars.npm:path-to-regexp MAVEN version =0.1.7, =0.5.6, =0.5.6, =0.5.6, =0.4.0, =0.4.0, =0.5.3, =0.5.5 - com.codbex.kronos:codbex-kronos-coverage-aggregate =0.4.0 - com.codbex.kronos:codbex-kronos-modules-all =0.4.0 - com.codbex.kronos:codbex-kronos-modules-engines-all =0.4.0 -...

7.5CVSS6.7AI score0.00932EPSS
Exploits0
NVD
NVD
added 2026/03/26 5:16 p.m.20 views

CVE-2026-4867

Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period .. For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in [email protected] only prevents ambiguity for two...

7.5CVSS0.00496EPSS
Exploits0References3
OSV
OSV
added 2026/03/26 5:16 p.m.2 views

DEBIAN-CVE-2026-4867

Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period .. For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in [email protected] only prevents ambiguity for two...

7.5CVSS5.4AI score0.00496EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/26 5:16 p.m.3 views

CVE-2026-4867

Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period .. For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in [email protected] only prevents ambiguity for two...

7.5CVSS5.9AI score0.00496EPSS
Exploits0References5
OSV
OSV
added 2026/03/26 5:16 p.m.5 views

UBUNTU-CVE-2026-4867

Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period .. For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in [email protected] only prevents ambiguity for two...

7.5CVSS5.8AI score0.00496EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/26 4:16 p.m.26 views

CVE-2026-4867 path-to-regexp vulnerable to Regular Expression Denial of Service via multiple route parameters

Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period .. For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in [email protected] only prevents ambiguity for two...

7.5CVSS0.00496EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/26 4:16 p.m.2 views

CVE-2026-4867

Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period .. For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in [email protected] only prevents ambiguity for two...

7.5CVSS5.9AI score0.00496EPSS
Exploits0References4
CVE
CVE
added 2026/03/26 4:16 p.m.43 views

CVE-2026-4867

CVE-2026-4867 affects the path-to-regexp library. When three or more parameters occur within a single segment (e.g., /:a-:b-:c or /:a-:b-:c-:d) a bad regular expression is generated, and the backtrack protection added in [email protected] only guards two parameters. As a result, lookaheads ca...

7.5CVSS5.9AI score0.00496EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.11 views

Path-to-RegExp 安全漏洞

Path-to-RegExp is a tool open-sourced by pillarjs. It is used to convert path strings into regular expressions. Versions of Path-to-RegExp before version 8.4.0 had a security vulnerability. This vulnerability stemmed from defects in the regular expressions generated when using multiple wildcards...

5.9CVSS6.2AI score0.00353EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.8 views

Path-to-RegExp 安全漏洞

Path-to-RegExp is a tool open sourced by pillarjs. It is used to convert path strings into regular expressions. Versions of Path-to-RegExp prior to 0.1.12 have security vulnerabilities; these vulnerabilities stem from defects in the generated regular expressions, which may lead to denial-of-servi...

7.5CVSS5.8AI score0.00496EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-4867

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period...

7.5CVSS6.2AI score0.00496EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.7 views

Path-to-RegExp 安全漏洞

Path-to-RegExp is a tool open source by pillarjs. It is used to convert path strings into regular expressions. Versions of Path-to-RegExp prior to 8.4.0 have security vulnerabilities; these vulnerabilities stem from the exponential growth of the generated regular expressions, which could lead to...

7.5CVSS6.3AI score0.00791EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/18 1:3 p.m.5 views

Malicious code in path-to-regexp-updated (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4f886299ed0f104de3331f447c127332d6de7b5d3bff5954553bb5c50099dfc The package path-to-regexp-updated was found to contain malicious code...

5.8AI score
Exploits0
OSV
OSV
added 2026/03/18 1:3 p.m.5 views

MAL-2026-1808 Malicious code in path-to-regexp-updated (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4f886299ed0f104de3331f447c127332d6de7b5d3bff5954553bb5c50099dfc The package path-to-regexp-updated was found to contain malicious code...

5.8AI score
Exploits0
OSV
OSV
added 2026/03/16 12:0 a.m.9 views

MAL-2026-3125 Malicious code in transform-regexp-constructors (npm)

The package 'transform-regexp-constructors' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

5.5AI score
Exploits0References2
OSV
OSV
added 2026/03/10 6:28 p.m.3 views

GO-2026-4644 Caddy's vars_regexp double-expands user input, leaking env vars and files in github.com/caddyserver/caddy

Caddy's varsregexp double-expands user input, leaking env vars and files in github.com/caddyserver/caddy...

7.5CVSS5.8AI score0.00401EPSS
Exploits1References3
NVD
NVD
added 2026/03/07 5:15 p.m.7 views

CVE-2026-30852

Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the varsregexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When varsregexp matches against a placeholder like http.request.header.X-Input, the...

7.5CVSS0.00401EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/03/07 5:15 p.m.4 views

CVE-2026-30852

Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the varsregexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When varsregexp matches against a placeholder like http.request.header.X-Input, the...

7.5CVSS7AI score0.00401EPSS
Exploits1References4
Rows per page
Query Builder