Lucene search
K

6667 matches found

EUVD
EUVD
added 2026/06/09 3:51 a.m.12 views

EUVD-2026-35336

Applications may be vulnerable to a Regular Expression Denial of Service ReDoS attack if an attacker is able to provide a pattern which is then directly or indirectly supplied to one of the following methods in AntPathMatcher: matchString pattern, String path, matchStartString pattern, String pat...

3.7CVSS5.4AI score0.00317EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 3:51 a.m.139 views

CVE-2026-41848

CVE-2026-41848 affects Spring Framework via a ReDoS vulnerability in AntPathMatcher. Affected versions are 7.0.0–7.0.7, 6.2.0–6.2.18, 6.1.0–6.1.27, and 5.3.0–5.3.48. The issue arises when a crafted pattern is supplied to AntPathMatcher methods (match, matchStart, extractUriTemplateVariables). The...

7.5CVSS5.4AI score0.00317EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2026/06/09 3:51 a.m.10 views

CVE-2026-41848

Applications may be vulnerable to a Regular Expression Denial of Service ReDoS attack if an attacker is able to provide a pattern which is then directly or indirectly supplied to one of the following methods in AntPathMatcher: matchString pattern, String path, matchStartString pattern, String pat...

7.5CVSS5.4AI score0.00317EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.18 views

PT-2026-47659

Name of the Vulnerable Software and Affected Versions Spring Framework versions 7.0.0 through 7.0.7 Spring Framework versions 6.2.0 through 6.2.18 Spring Framework versions 6.1.0 through 6.1.27 Spring Framework versions 5.3.0 through 5.3.48 Description Applications are susceptible to a Regular...

7.5CVSS5.3AI score0.00317EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.14 views

PT-2026-48336

BuddyPress 14.4.0 contains a regular expression injection vulnerability in the activity mention resolver that, when username compatibility mode is enabled, allows attackers to manipulate a REGEXP database clause by crafting mention names containing regex metacharacters. Attackers can submit...

7.1CVSS5.5AI score0.00288EPSS
Exploits0References4
NVD
NVD
added 2026/06/08 7:16 p.m.11 views

CVE-2026-52778

YesWiki is a wiki system written in PHP. Prior to version 4.6.6, an unsafe execution vulnerability exists in the Bazar form field calculator CalcField.php of YesWiki. The application attempts to sanitize user-defined mathematical formulas using a complex recursive regular expression before passin...

9.8CVSS0.00561EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/08 6:24 p.m.10 views

CVE-2026-52778

YesWiki is a wiki system written in PHP. Prior to version 4.6.6, an unsafe execution vulnerability exists in the Bazar form field calculator CalcField.php of YesWiki. The application attempts to sanitize user-defined mathematical formulas using a complex recursive regular expression before passin...

9.8CVSS6AI score0.00561EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/06/08 6:24 p.m.11 views

EUVD-2026-35181

YesWiki is a wiki system written in PHP. Prior to version 4.6.6, an unsafe execution vulnerability exists in the Bazar form field calculator CalcField.php of YesWiki. The application attempts to sanitize user-defined mathematical formulas using a complex recursive regular expression before passin...

9.8CVSS6AI score0.00561EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/08 6:24 p.m.34 views

CVE-2026-52778 YesWiki has Unsafe eval() in Formula Calculator - Remote Code Execution (RCE) & Denial of Service (DoS)

YesWiki is a wiki system written in PHP. Prior to version 4.6.6, an unsafe execution vulnerability exists in the Bazar form field calculator CalcField.php of YesWiki. The application attempts to sanitize user-defined mathematical formulas using a complex recursive regular expression before passin...

9.8CVSS0.00561EPSS
Exploits0References3
Spring Security Advisories
Spring Security Advisories
added 2026/06/08 12:0 a.m.7 views

Spring Framework Denial of Service via AntPathMatcher

Applications may be vulnerable to a Regular Expression Denial of Service ReDoS attack if an attacker is able to provide a pattern which is then directly or indirectly supplied to one of the following methods in AntPathMatcher :...

3.7CVSS5.7AI score0.00317EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.19 views

PT-2026-47441

Name of the Vulnerable Software and Affected Versions YesWiki versions prior to 4.6.6 Description An unsafe execution issue exists in the Bazar form field calculator CalcField.php. The application uses a complex recursive regular expression to sanitize user-defined mathematical formulas before th...

9.8CVSS5.9AI score0.00561EPSS
Exploits0References6
Snyk
Snyk
added 2026/06/08 12:0 a.m.8 views

Regular Expression Denial of Service (ReDoS)

Overview org.springframework:spring-core is a core package within the spring-framework that contains multiple classes and utilities. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via pattern processing in AntPathMatcher. An attacker can cause denia...

7.5CVSS5.5AI score0.00317EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/06 6:43 p.m.11 views

CVE-2026-44838

RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrators can create patterns such as ^clientid-sensors$ to restrict user access to topics that include...

8.1CVSS5.5AI score0.0025EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.10 views

CVE-2026-41040

GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service ReDoS via a crafted input string...

8.7CVSS7.2AI score0.00365EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/04 2:24 p.m.13 views

Regular Expression Denial of Service (ReDoS)

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the read function when attacker-controlled input is used as the cookie name parameter, which is interpolated into a regular...

7.5CVSS5.5AI score0.00645EPSS
Exploits1References2
OSV
OSV
added 2026/06/04 2:24 p.m.9 views

GHSA-HFXV-24RG-XRQF Axios: Regular Expression Denial of Service (ReDoS) via Cookie Name Injection

Summary Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line build a regular expression from the configured XSRF cookie name without escaping regex metacharacters. In standard browser environments, an attacker who can influence the cookie name passed to axios can cause...

7.5CVSS6AI score0.00645EPSS
Exploits1References4
Snyk
Snyk
added 2026/06/04 2:24 p.m.9 views

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the read function when attacker-controlled input is used as the cookie name parameter, which is interpolated...

7.5CVSS5.5AI score0.00645EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.7 views

Froxlor 注入漏洞

Froxlor is a set of lightweight server management software developed by the Froxlor team. Versions of Froxlor 2.3.6 and earlier contained an injection vulnerability. This vulnerability stemmed from the LOC record’s regular expression matching of line breaks, and the unlimited TLSA validation, whi...

8.6CVSS5.3AI score0.00269EPSS
Exploits0References3
CVE
CVE
added 2026/06/03 6:16 p.m.17 views

CVE-2026-8888

The CVE-2026-8888 entry applies to the Securly Chrome Extension (v3.0.7). It downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp() without complexity validation, enabling an on-path attacker to inject patterns that cause catastrop...

7.5CVSS5.8AI score0.00432EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/03 6:16 p.m.15 views

EUVD-2026-34168

Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp without complexity validation. An on-path attacker can inject specific patterns to cause catastrophic backtracking, resulting in...

5.8AI score0.00432EPSS
Exploits0References1
Rows per page
Query Builder