Lucene search
K

8480 matches found

CVE
CVE
added 2026/05/12 8:35 a.m.18 views

CVE-2026-8159

CVE-2026-8159 affects multiparty versions 4.2.3 and older, where the Content-Disposition filename parameter parser is vulnerable to denial-of-service via regex backtracking. A crafted multipart upload with a long header value can cause the regex engine to backtrack for seconds, blocking the event...

7.5CVSS5.8AI score0.00335EPSS
Exploits0References3Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2026/05/12 12:0 a.m.11 views

Apple Safari Regular Expression Duplicate Named Groups Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of regul...

8.8CVSS6.2AI score0.00602EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.11 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-pillow (UTSA-2026-017471)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017471 advisory. The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service ReDoS via the getrgb function. Tenable has extracted the preceding...

7.5CVSS6.8AI score0.0318EPSS
Exploits1References4
Microsoft CVE
Microsoft CVE
added 2026/05/10 8:3 a.m.14 views

Mistune ReDoS in LINK_TITLE_RE allows denial of service with crafted Markdown titles

...

8.7CVSS5.8AI score0.00481EPSS
Exploits0
NVD
NVD
added 2026/05/10 5:16 a.m.17 views

CVE-2026-7259

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, resulting in a segmentation fault and denial of service. The vulnerability is exploitable when...

6.5CVSS0.00202EPSS
Exploits0References1
Veracode
Veracode
added 2026/05/09 5:41 a.m.5 views

Improper Origin Validation

Jupyter Server is vulnerable to improper origin validation. The vulnerability is due to the use of Python’s re.match for Origin header validation, which allows an attacker to bypass CORS origin restrictions by using a malicious domain that starts with a trusted domain name...

7.6CVSS5.9AI score0.00333EPSS
Exploits0References8Affected Software1
Patchstack
Patchstack
added 2026/05/08 4:27 p.m.8 views

NPM: fast-xml-builder Comment Value regex can be bypassed

NPM: fast-xml-builder Comment Value regex can be bypassed vulnerability discovered by ? in WordPress Npm fast-xml-builder versions 1.1.5...

6.1CVSS5.8AI score0.00194EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/08 2:16 p.m.5 views

UBUNTU-CVE-2025-71301

In the Linux kernel, the following vulnerability has been resolved: drm/tests: shmem: Hold reservation lock around vmap/vunmap Acquire and release the GEM object's reservation lock around vmap and vunmap operations. The tests use vmaplocked, which led to errors such as show below. 122.292030...

5.5CVSS5.7AI score0.00121EPSS
Exploits0References6
NVD
NVD
added 2026/05/08 7:16 a.m.23 views

CVE-2023-46453

Certain GL.iNet devices with 4.x firmware allow authentication bypass resulting in administrative control of the device via a username that is both a valid SQL statement and a valid regular expression. For example, this affects version 4.3.7 on GL-MT3000 GL-AR300M GL-B1300 GL-AX1800 GL-AR750S...

9.8CVSS0.00764EPSS
Exploits3References1
Cvelist
Cvelist
added 2026/05/08 12:0 a.m.43 views

CVE-2023-46453

Certain GL.iNet devices with 4.x firmware allow authentication bypass resulting in administrative control of the device via a username that is both a valid SQL statement and a valid regular expression. For example, this affects version 4.3.7 on GL-MT3000 GL-AR300M GL-B1300 GL-AX1800 GL-AR750S...

0.00764EPSS
Exploits3References1
CVE
CVE
added 2026/05/08 12:0 a.m.17 views

CVE-2023-46453

GL.iNet devices running firmware 4.x (notably 4.3.7 on models such as GL-MT3000, GL-AR300M, GL-B1300, GL-AX1800, GL-AR750S, GL-MT2500, GL-AXT1800, GL-X3000, GL-SFT1200) are affected by CVE-2023-46453, an authentication bypass in the web interface. The root cause involves a vulnerable authenticati...

9.8CVSS5.9AI score0.00764EPSS
Exploits3References1
Vulnrichment
Vulnrichment
added 2026/05/08 12:0 a.m.8 views

CVE-2023-46453

Certain GL.iNet devices with 4.x firmware allow authentication bypass resulting in administrative control of the device via a username that is both a valid SQL statement and a valid regular expression. For example, this affects version 4.3.7 on GL-MT3000 GL-AR300M GL-B1300 GL-AX1800 GL-AR750S...

5.9AI score0.00764EPSS
Exploits3References1
Redos
Redos
added 2026/05/08 12:0 a.m.10 views

ROS-20260508-73-0002

Vulnerability in rubygem-activesupport related to the use of regular expression with inefficient computational complexity. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

6.9CVSS5.8AI score0.00498EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/07 7:24 p.m.14 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerabilities in minimatch-3.1.2.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerabilities in minimatch-3.1.2.tgz Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to...

8.7CVSS5.7AI score0.00519EPSS
Exploits3Affected Software1
EUVD
EUVD
added 2026/05/07 6:30 p.m.8 views

EUVD-2025-209731

Regex Denial of Service in youtube-regex npm package through version 1.0.5...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/07 12:1 a.m.9 views

CVE-2026-43268

A flaw was found in the HFS Plus hfsplus filesystem within the Linux kernel. This vulnerability occurs because the hfsplus filesystem incorrectly identifies certain special filesystem objects as regular files. This misclassification can lead to inconsistencies with how the operating system's...

5.5CVSS5.8AI score0.00117EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

youtube-regex 资源管理错误漏洞

youtube-regex is a YouTube video ID regular expression matching tool developed by RegexHQ. Versions of youtube-regex 1.0.5 and earlier contained a resource management error vulnerability, which was caused by a denial-of-service attack involving regular expressions...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.11 views

PT-2026-38448

Regex Denial of Service in youtube-regex npm package through version 1.0.5...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/06 11:28 p.m.6 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via improper validation of user-supplied fields in the filter and sortby parameters. An attacker can cause the backend to return HTTP 500 errors, potentially disrupt service availability, and...

5.4CVSS5.5AI score0.00253EPSS
Exploits1References3
Snyk
Snyk
added 2026/05/06 8:37 p.m.8 views

Incorrect Authorization

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Incorrect Authorization in the admin-api routes due to insufficient authorization checks. An attacker can access backend operational information by...

5.3CVSS5.8AI score0.00168EPSS
Exploits0References2
Rows per page
Query Builder