Lucene search
+L

8605 matches found

ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2025-71395

SurrealDB versions before 2.2.2 contain a memory exhaustion vulnerability in the string::replace function that fails to restrict resulting string length when using regex patterns. An authenticated attacker can craft a malicious query to exhaust server memory through unbounded string allocations,...

7.1CVSS5.3AI score
Exploits0References3
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-41924

vLLM: ReDoS via structuredoutputs.regex compiled without timeout in xgrammar and outlines backends...

8.7CVSS5.2AI score0.00324EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2 days ago7 views

CVE-2026-41848

A flaw was found in Spring Framework. A remote attacker can exploit this vulnerability by providing a specially crafted regular expression pattern to the AntPathMatcher component. This can lead to a Regular Expression Denial of Service ReDoS condition, causing the application to become...

7.5CVSS5AI score0.00317EPSS
Exploits0References4
CVE
CVE
added 2 days ago14 views

CVE-2026-62237

CVE-2026-62237 affects Grav before 2.0.4. The vulnerability is a ReDoS in the regex_replace filter and function that are allowlisted in the Twig content sandbox. When Twig processing of page content is enabled (security.twig_content.process_enabled: true), an authenticated page editor can supply ...

6.5CVSS6.1AI score0.00249EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-45083

Grav before 2.0.4 contains a regular expression denial of service ReDoS vulnerability in the regexreplace filter and function, which are allowlisted in the Twig content sandbox. When Twig processing in page content is enabled security.twigcontent.processenabled: true, disabled by default, an...

6.5CVSS6.1AI score0.00249EPSS
Exploits0References2
OSV
OSV
added 2 days ago3 views

CVE-2026-62237 Grav < 2.0.4 ReDoS via regex_replace in Sandbox

Grav before 2.0.4 contains a regular expression denial of service ReDoS vulnerability in the regexreplace filter and function, which are allowlisted in the Twig content sandbox. When Twig processing in page content is enabled security.twigcontent.processenabled: true, disabled by default, an...

6CVSS5.3AI score0.00249EPSS
Exploits0References5
CVE
CVE
added 3 days ago28 views

CVE-2026-45367

CVE-2026-45367 affects HAPI FHIR DSTU2 module (org.hl7.fhir.dstu2) where FHIRPathEngine.matches() still calls String.matches() without a timeout, enabling potential ReDoS via user-supplied FHIRPath expressions. Other modules (DSTU2016MAY, DSTU3, R4, R4B, R5) have RegexTimeout protection and are f...

7.5CVSS6.1AI score0.00489EPSS
Exploits0References6
Nginx
Nginx
added 4 days ago11 views

Buffer overflow when using map and regex

Buffer overflow when using map and regex Severity: major CVE-2026-42533 Not vulnerable: 1.31.3+, 1.30.4+ Vulnerable: 0.9.6-1.31.2...

9.2CVSS6.1AI score0.0083EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 4 days ago5 views

CVE-2026-49477

A flaw was found in soupsieve, a CSS selector library. This vulnerability allows a remote attacker to cause a Denial of Service DoS by supplying specially crafted, untrusted CSS selector strings. The flaw occurs due to a regular expression vulnerable to catastrophic backtracking when processing a...

7.5CVSS6.1AI score0.00601EPSS
Exploits0References6
OSV
OSV
added 5 days ago6 views

CVE-2026-49477 Soup Sieve: Regular Expression Denial of Service (ReDoS) in soupsieve Selector Parser

Soup Sieve is a CSS selector library designed to be used with Beautiful Soup 4. Prior to 2.8.4, the CSS selector parser in soupsieve contains a regular expression vulnerable to catastrophic backtracking when processing an attribute selector with an unterminated quoted value in...

7.5CVSS6.1AI score0.00601EPSS
Exploits0References5
CVE
CVE
added 5 days ago17 views

CVE-2026-45756

Summary (CVE-2026-45756) : The Symfony JsonPath component allows attacker-controlled regular expressions in the match() and search() filters to be compiled directly into PCRE without length or backtracking limits, enabling catastrophic backtracking (ReDoS) and denial of service. Affected are Symf...

8.2CVSS6.1AI score0.0057EPSS
Exploits0References4Affected Software1
CVE
CVE
added 5 days ago80 views

CVE-2026-45065

CVE-2026-45065 affects Symfony’s UrlGenerator in the Symfony PHP framework. Prior to versions 5.4.52, 6.4.40, 7.4.12, and 8.0.12, UrlGenerator validates route parameters with a pattern built as ^ + raw requirement + $, and ungrouped alternations can cause middle alternatives to match as unanchore...

6.1CVSS6.1AI score0.00261EPSS
Exploits0References5Affected Software1
NVD
NVD
added 6 days ago8 views

CVE-2026-13221

Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perlstudychunk. When such branches are combined into a trie, the delta between the first branch and the shared tail is stored ...

9.1CVSS0.00606EPSS
Exploits0References3
OSV
OSV
added 6 days ago7 views

UBUNTU-CVE-2026-13221

Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perlstudychunk. When such branches are combined into a trie, the delta between the first branch and the shared tail is stored ...

9.1CVSS6.1AI score0.00606EPSS
Exploits0References4
OSV
OSV
added 6 days ago6 views

CVE-2026-13221 Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perl_study_chunk

Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perlstudychunk. When such branches are combined into a trie, the delta between the first branch and the shared tail is stored ...

9.1CVSS6.1AI score0.00606EPSS
Exploits0References7
CVE
CVE
added 2026/07/09 9:55 p.m.8 views

CVE-2026-46413

Discourse (open-source discussion platform) contains a vulnerability tracked as CVE-2026-46413 where, prior to versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, regular users could route direct S3 multipart uploads through ExternalUploadManager into the admin backup store. This could allow una...

6.5CVSS5.9AI score0.00366EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2026/07/09 9:55 p.m.4 views

CVE-2026-46413 Discourse: Regular users can route multipart uploads into the admin backup store

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, regular users could route direct S3 multipart uploads through ExternalUploadManager into the admin backup store. This issue is fixed in versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5...

6.5CVSS6.1AI score0.00366EPSS
Exploits0References11
EUVD
EUVD
added 2026/07/09 9:3 p.m.12 views

EUVD-2026-35181

YesWiki has Unsafe eval in its Formula Calculato, Leading to Remote Code Execution & Denial of Service...

9.8CVSS6.1AI score0.00561EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/09 4:9 p.m.30 views

CVE-2026-59220 Open WebUI: ReDoS in skill-mention regexes causes whole-instance DoS on default config

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.2 before 0.10.0, the SKILLMENTIONRE and stripre regular expressions in backend/openwebui/utils/middleware.py parsed skill mentions with overlapping quantifiers, allowing an authenticated chat message...

6.5CVSS0.00319EPSS
Exploits1References3
Snyk
Snyk
added 2026/07/09 1:43 p.m.7 views

Regular Expression Denial of Service (ReDoS)

Amendment This was deemed not a vulnerability. Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by...

8.7CVSS6AI score0.00675EPSS
Exploits0References2
Rows per page
Query Builder