Lucene search
K

249 matches found

Redos
Redos
added 2024/10/29 12:0 a.m.312 views

ROS-20241029-08

Vulnerability in the OpenSearch software package related to improper validation of the nextUrl parameter. Exploitation of the vulnerability could allow an attacker to redirect a user to a malicious site A vulnerability in the server.maxHeadersCount configuration of the ws client-server library in...

7.5CVSS7.4AI score0.01471EPSS
Exploits4
RedHat Linux
RedHat Linux
added 2024/10/01 9:3 a.m.28 views

Moderate: Red Hat Security Advisory: RHACS 4.5 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes RHACS. The updated image includes security and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which give...

7.5CVSS6.7AI score0.00812EPSS
Exploits0References3
ICS
ICS
added 2024/10/01 6:0 a.m.39 views

Subnet Solutions Inc. PowerSYSTEM Center

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Subnet Solutions Inc. Equipment: PowerSYSTEM Center Vulnerabilities: Server-Side Request Forgery SSRF, Inefficient Regular Expression Complexity, Cross-Site Request Forgery CSRF 2. RISK...

7.8CVSS7.4AI score0.08515EPSS
Exploits4References10
Tenable Nessus
Tenable Nessus
added 2024/09/28 12:0 a.m.25 views

Debian dla-3902 : ruby-rails-html-sanitizer - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3902 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3902-1 [email protected]...

7.5CVSS6.6AI score0.29316EPSS
Exploits4References12
Github Security Blog
Github Security Blog
added 2024/09/27 12:31 p.m.18 views

Inefficient Regular Expression Complexity in langflow

A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of the component HTTP POST Request Handler. The manipulation of the argument remainingtext leads to...

6.5CVSS6.7AI score0.00955EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2024/09/27 11:0 a.m.8 views

CVE-2024-9277 Langflow HTTP POST Request utils.py redos

A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of the component HTTP POST Request Handler. The manipulation of the argument remainingtext leads to...

5.1CVSS4.9AI score0.00955EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2024/09/27 11:0 a.m.13 views

CVE-2024-9277 Langflow HTTP POST Request utils.py redos

A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of the component HTTP POST Request Handler. The manipulation of the argument remainingtext leads to...

5.1CVSS6.8AI score0.00955EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/09/27 11:0 a.m.20 views

CVE-2024-9277 Langflow HTTP POST Request utils.py redos

A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of the component HTTP POST Request Handler. The manipulation of the argument remainingtext leads to...

5.1CVSS0.00955EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/09/27 12:0 a.m.5 views

Langflow 安全漏洞

Langflow is a visualization framework for building multi-agent and RAG applications from the Langflow open source. A security vulnerability exists in Langflow 1.0.18 and earlier versions, which stems from an improper manipulation of the parameter maintainingtext can lead to low regular expression...

6.5CVSS4.5AI score0.00955EPSS
Exploits1References5
NVD
NVD
added 2024/09/02 6:15 p.m.23 views

CVE-2023-7279

A vulnerability has been found in Secure Systems Engineering Connaisseur up to 3.3.0 and classified as problematic. This vulnerability affects unknown code of the file connaisseur/res/targetsschema.json of the component Delegation Name Handler. The manipulation leads to inefficient regular...

5.9CVSS0.00537EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/09/02 4:0 p.m.36 views

CVE-2020-36830 nescalante urlregex Backtracking index.js redos

A vulnerability was found in nescalante urlregex up to 0.5.0 and classified as problematic. This issue affects some unknown processing of the file index.js of the component Backtracking. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. The...

5.3CVSS0.00795EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2024/09/02 2:0 p.m.18 views

CVE-2023-7279 Secure Systems Engineering Connaisseur Delegation Name targets_schema.json redos

A vulnerability has been found in Secure Systems Engineering Connaisseur up to 3.3.0 and classified as problematic. This vulnerability affects unknown code of the file connaisseur/res/targetsschema.json of the component Delegation Name Handler. The manipulation leads to inefficient regular...

2.6CVSS7AI score0.00537EPSS
Exploits0References5
CVE
CVE
added 2024/09/02 2:0 p.m.54 views

CVE-2023-7279

CVE-2023-7279 affects Secure Systems Engineering Connaisseur up to version 3.3.0, with the issue localized to the file connaisseur/res/targets_schema.json in the Delegation Name Handler. The vulnerability causes inefficient regular expression complexity; the reported attack complexity is high and...

5.9CVSS4.5AI score0.00537EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.19 views

RHEL 8 : ceph (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - lapack: Out-of-bounds read in larrv CVE-2021-4048 - Beginning in v1.4.1 and prior to v1.4.9, due to an...

9.1CVSS7.3AI score0.0262EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2024/02/17 12:0 a.m.41 views

SUSE SLES15: golang-github-lusitaniae-apache_exporter / etc (SUSE-SU-2024:0487-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0487-1 advisory. golang-github-lusitaniae-apacheexporter: - Do not strip if SUSE Linux Enterprise 15 SP3 - Exclude debug for Red Hat Enterprise...

9.8CVSS7.1AI score0.88849EPSS
Exploits50References25
Cvelist
Cvelist
added 2024/02/12 7:31 p.m.38 views

CVE-2021-4437 dbartholomae lambda-middleware frameguard JSON Mime-Type JsonDeserializer.ts redos

A vulnerability, which was classified as problematic, has been found in dbartholomae lambda-middleware frameguard up to 1.0.4. Affected by this issue is some unknown functionality of the file packages/json-deserializer/src/JsonDeserializer.ts of the component JSON Mime-Type Handler. The...

3.5CVSS4.3AI score0.00446EPSS
Exploits0References5
OSV
OSV
added 2023/11/30 7:51 p.m.35 views

GHSA-PRR3-C3M5-P7Q2 @adobe/css-tools Improper Input Validation and Inefficient Regular Expression Complexity

Impact @adobe/css-tools version 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS. Patches The issue has been resolved in 4.3.2. Workarounds None References N/A...

5CVSS7.3AI score0.01121EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/10/16 12:0 a.m.32 views

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : NLTK vulnerability (USN-5215-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5215-1 advisory. Srikantha Prathi discovered that NLTK incorrectly handled specially crafted input. An attacker could use this vulnerability to cause a...

7.5CVSS7.3AI score0.01649EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/06/22 12:0 a.m.36 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : SUSE Manager Client Tools (SUSE-SU-2023:2575-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2575-1 advisory. grafana: - Version update from 8.5.22 to 9.5.1 jscPED-3694: Security fixes: - CVE-2023-1410:...

9.8CVSS6.8AI score0.68603EPSS
Exploits8References38
NVD
NVD
added 2023/02/12 9:15 p.m.27 views

CVE-2020-36661

A vulnerability was found in Kong lua-multipart 0.5.8-1. It has been declared as problematic. This vulnerability affects the function isheader of the file src/multipart.lua. The manipulation leads to inefficient regular expression complexity. Upgrading to version 0.5.9-1 is able to address this...

7.5CVSS5AI score0.0092EPSS
Exploits0References5
Rows per page
Query Builder