Lucene search
K

8480 matches found

Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.18 views

PT-2026-38487

Summary Nokogiri's CSS selector tokenizer contains regular expressions whose construction may result in exponential regex backtracking on adversarial selectors. Three ReDoS vectors are addressed in this release: 1. String-literal tokenization on certain unterminated quoted-string input. 2...

7.5CVSS5.8AI score
Exploits0References3
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.13 views

mistune 安全漏洞

Mistune is a fast and powerful Python Markdown parser developed by Hsiaoming Yang. Versions of Mistune from 3.0.0a1 to 3.2.0 contain security vulnerabilities. These vulnerabilities stem from a denial-of-service attack involving regular expressions in LINKTITLERE, which could allow attackers to...

8.7CVSS5.8AI score0.00481EPSS
Exploits0References2
NVD
NVD
added 2026/05/05 10:16 p.m.14 views

CVE-2026-40110

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python's re.match to check incoming origins against the alloworiginpat configuration value. Because re.match only anchors at the start of the string and does not require a...

7.6CVSS0.00333EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/05 4:54 p.m.10 views

EUVD-2026-27510

Jupyter Server has a CORS Origin Validation Bypass via re.match in alloworiginpat from huntr...

7.6CVSS5.8AI score0.00333EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/05 4:54 p.m.8 views

Regular Expression without Anchors

Overview Affected versions of this package are vulnerable to Regular Expression without Anchors through the alloworiginpat checks in websocket.py, login.py. An attacker can bypass CORS, WebSocket origin checks, and login redirect validation by supplying an Origin or Referer value that matches the...

8.2CVSS5.7AI score0.00333EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 8:36 a.m.9 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses ajv-6.12.6.tgz which is vulnerable to CVE-2025-69873

Summary IBM Maximo Application Suite - Visual Inspection component uses ajv-6.12.6.tgz which is vulnerable to CVE-2025-69873, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-69873 DESCRIPTION: ajv Another JSON Schema Validat...

7.5CVSS7.3AI score0.00492EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 6:18 a.m.7 views

Security Bulletin: There is a vulnerability in prismjs-1.23.0.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite ( CVE-2021-32723)

Summary There is a vulnerability in prismjs-1.23.0.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2021-32723 DESCRIPTION: Prism is a syntax highlighting library. Some languages before 1.24.0 are vulnerable to Regular Expression Denial of...

7.5CVSS5.6AI score0.01456EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 2:38 p.m.5 views

Security Bulletin: IBM Edge Data Collector uses picomatch-2.3.1.tgz which is vulnerable to CVE-2026-33671, CVE-2026-33672.

Summary IBM Edge Data Collector uses picomatch-2.3.1.tgz which is vulnerable to CVE-2026-33671, CVE-2026-33672. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-33671 DESCRIPTION: Picomatch is a glob matcher written JavaScript. Versions prior t...

7.5CVSS6.1AI score0.00412EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2026/05/04 2:31 p.m.8 views

ajv: ReDoS via $data reference

A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS Regular Expression Denial of...

7.5CVSS7.2AI score0.00492EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/05/04 2:10 p.m.8 views

minimatch: minimatch: Denial of Service via specially crafted glob patterns

A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...

8.7CVSS6.8AI score0.00519EPSS
Exploits1References6
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 2:5 p.m.9 views

Security Bulletin: There is a vulnerability in path-to-regexp-0.1.12.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-4867)

Summary There is a vulnerability in path-to-regexp-0.1.12.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-4867 DESCRIPTION: Impact: A bad regular expression is generated any time you have three or more parameters within a single...

7.5CVSS5.8AI score0.00496EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 6:56 a.m.7 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses ajv-6.12.6.tgz which is vulnerable to CVE-2025-69873.

Summary IBM Maximo Application Suite - Monitor Component uses ajv-6.12.6.tgz which is vulnerable to CVE-2025-69873. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-69873 DESCRIPTION: ajv Another JSON Schema Validator before 8.18.0 is vulnerabl...

7.5CVSS6.6AI score0.00492EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/01 11:55 a.m.13 views

Security Bulletin: IBM Edge Data Collector uses minimatch-3.1.2.tgz which is vulnerable to CVE-2026-26996, CVE-2026-27903, CVE-2026-27904

Summary IBM Edge Data Collector uses minimatch-3.1.2.tgz which is vulnerable to CVE-2026-26996, CVE-2026-27903, CVE-2026-27904. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch is a minimal matching utility for...

8.7CVSS6.7AI score0.00519EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/01 11:55 a.m.7 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses minimatch-3.1.2.tgz, minimatch-7.4.6.tgz, minimatch-9.0.5.tgz which is vulnerable to CVE-2026-26996, CVE-2026-27903, CVE-2026-27904.

Summary IBM Maximo Application Suite - Monitor Component uses minimatch-3.1.2.tgz, minimatch-7.4.6.tgz, minimatch-9.0.5.tgz which is vulnerable to CVE-2026-26996, CVE-2026-27903, CVE-2026-27904. This bulletin contains information addressing the vulnerability. Vulnerability Details...

8.7CVSS6.7AI score0.00519EPSS
Exploits3Affected Software1
OSV
OSV
added 2026/04/30 5:22 p.m.5 views

SUSE-SU-2026:1666-1 Security update for python-Pygments

This update for python-Pygments fixes the following issues: - CVE-2026-4539: inefficient regex for GUID and ID pattern matching can lead to archetype lexer ReDoS bsc1260796...

4.8CVSS5.8AI score0.00156EPSS
Exploits0References3
OSV
OSV
added 2026/04/30 8:58 a.m.6 views

CLSA-2026-1777539510 Update of pcre2

Rebuild for tuxcare9.6esu...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/04/28 4:43 p.m.11 views

CLSA-2026-1777394614 nodejs: Fix of 3 CVEs

CVE-2022-25883: fix ReDoS in bundled npm semver new Range and parseComparator caused by unbounded whitespace expansion in version ranges - CVE-2026-21710: fix HTTP prototype pollution in http.get/request via headersDistinct option by using null-prototype objects for header storage -...

7.5CVSS7AI score0.26356EPSS
Exploits1References1
Snyk
Snyk
added 2026/04/27 9:0 p.m.13 views

Regular Expression Denial of Service (ReDoS)

Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the CSS selector tokenizer in css/tokenizer.rb. An attacker can cause excessive resource consumption by supplying malicious input to...

7.5CVSS5.7AI score
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 8:56 p.m.6 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to regular expression denial of service (ReDoS) due to the transformers package (CVE-2025-2099)

Summary The transformers package is used by DataStage on Cloud Pak for Data as part of machine learning processing. Vulnerability Details CVEID:CVE-2025-2099 DESCRIPTION: A vulnerability in the preprocessstring function of the transformers.testingutils module in huggingface/transformers version...

7.5CVSS5.5AI score0.00507EPSS
Exploits1Affected Software1
OSV
OSV
added 2026/04/27 4:47 p.m.5 views

CLSA-2026-1777308424 pcre2: Fix of CVE-2022-41409

CVE-2022-41409 diagnose negative repeat value in pcre2test subject line upstream 94e1c001 and change pcre2grep length variables from int to sizet to reject negative --buffer-size / --max-buffer-size upstream 7549fdca...

7.5CVSS5.8AI score0.00962EPSS
Exploits1References1
Rows per page
Query Builder