Lucene search
K

8480 matches found

RedhatCVE
RedhatCVE
added 2026/04/24 8:32 p.m.7 views

CVE-2026-35358

The cp utility in uutils coreutils, when performing recursive copies -R, incorrectly treats character and block device nodes as stream sources rather than preserving them. Because the implementation reads bytes into regular files at the destination instead of using mknod, device semantics are...

5.5CVSS5.2AI score0.00177EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/24 7:17 p.m.3 views

CVE-2026-41428 Budibase: Authentication Bypass via Unanchored Regex in Public Endpoint Matcher — Unauthenticated Access to Protected Endpoints

Budibase is an open-source low-code platform. Prior to 3.35.4, the authenticated middleware uses unanchored regular expressions to match public no-auth endpoint patterns against ctx.request.url. Since ctx.request.url in Koa includes the query string, an attacker can access any protected endpoint ...

9.1CVSS5.5AI score0.00445EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/24 7:17 p.m.5 views

CVE-2026-41428

Budibase is an open-source low-code platform. Prior to 3.35.4, the authenticated middleware uses unanchored regular expressions to match public no-auth endpoint patterns against ctx.request.url. Since ctx.request.url in Koa includes the query string, an attacker can access any protected endpoint ...

9.1CVSS5.5AI score0.00445EPSS
Exploits1References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/24 4:22 p.m.6 views

Security Bulletin: Multiple Vulnerabilities in IBM Data Product Hub

Summary Multiple vulnerabilities were addressed in IBM Data Product Hub version 5.3.1 Patch 3 Vulnerability Details CVEID:CVE-2025-14923 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide weaker than expected...

9.8CVSS5.9AI score0.00353EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/23 7:33 p.m.11 views

Security Bulletin: Multiple Vulnerabilities in IBM Edge Application Manager

Summary Multiple vulnerabilities were addressed in IBM Edge Application Manager 5.0.3 Vulnerability Details CVEID:CVE-2026-33228 DESCRIPTION: flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as...

9.9CVSS6AI score0.01815EPSS
Exploits9Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/23 2:43 p.m.5 views

CVE-2026-41238

DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions 3.0.1 through 3.3.3 are vulnerable to a prototype pollution-based XSS bypass. When an application uses DOMPurify.sanitize with the default configuration no CUSTOMELEMENTHANDLING option, a prior prototype...

6.9CVSS5.7AI score0.00205EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/04/23 9:32 a.m.6 views

EUVD-2026-25199

GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service ReDoS via a crafted input string...

8.7CVSS7.1AI score0.00365EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/04/23 7:57 a.m.6 views

GROWI vulnerable to Regular expression Denial-of-Service (ReDoS)

Overview GROWI provided by GROWI, Inc. contains the following vulnerability. Inefficient regular expression complexity CWE-1333 - CVE-2026-41040 Sho Odagiri of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to GROWI, Inc. and coordinated. After the coordination was completed, GROWI,...

8.7CVSS7AI score0.00365EPSS
Exploits0References5
NVD
NVD
added 2026/04/23 7:16 a.m.5 views

CVE-2026-41040

GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service ReDoS via a crafted input string...

8.7CVSS0.00365EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/23 6:59 a.m.3 views

CVE-2026-41040

GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service ReDoS via a crafted input string...

8.7CVSS5.8AI score0.00365EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/23 6:59 a.m.4 views

CVE-2026-41040

GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service ReDoS via a crafted input string...

8.7CVSS7.1AI score0.00365EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/04/23 2:25 a.m.106 views

hospital-waf-mcp

Hospital WAF Management System Release: v1.0.0 Languag...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.7 views

GROWI 安全漏洞

GROWI is an enterprise-level open-source knowledge base/Wiki system built using Node.js and React by GROWI Inc. GROWI has a security vulnerability that stems from a susceptibility to regular expression denial-of-service attacks...

8.7CVSS7.1AI score0.00365EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/04/22 9:54 p.m.17 views

minimatch: minimatch: Denial of Service via specially crafted glob patterns

A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...

8.7CVSS5.7AI score0.00519EPSS
Exploits1References6
EUVD
EUVD
added 2026/04/22 6:31 p.m.8 views

EUVD-2026-24998

The cp utility in uutils coreutils, when performing recursive copies -R, incorrectly treats character and block device nodes as stream sources rather than preserving them. Because the implementation reads bytes into regular files at the destination instead of using mknod, device semantics are...

4.4CVSS5.7AI score0.00177EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/22 6:31 p.m.7 views

EUVD-2026-24979

The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The arefilesidentical function opens and reads from both input paths to compare content without first verifying if the paths refer to regular files. If an input pat...

4.4CVSS5.7AI score0.00134EPSS
Exploits0References3
OSV
OSV
added 2026/04/22 6:31 p.m.10 views

GHSA-RX8H-33GR-VHJ9 uutils coreutils' comm utility incorrectly consumes data from non-regular file inputs before performing comparison operations

The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The arefilesidentical function opens and reads from both input paths to compare content without first verifying if the paths refer to regular files. If an input pat...

4.4CVSS5.8AI score0.00134EPSS
Exploits0References5
OSV
OSV
added 2026/04/22 6:31 p.m.5 views

GHSA-67HP-F6HQ-2H6G uutils coreutils Uses Incorrectly-Resolved Name or Reference

The cp utility in uutils coreutils, when performing recursive copies -R, incorrectly treats character and block device nodes as stream sources rather than preserving them. Because the implementation reads bytes into regular files at the destination instead of using mknod, device semantics are...

4.4CVSS5.8AI score0.00177EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.12 views

uutils coreutils' comm utility incorrectly consumes data from non-regular file inputs before performing comparison operations

The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The arefilesidentical function opens and reads from both input paths to compare content without first verifying if the paths refer to regular files. If an input pat...

4.4CVSS5.2AI score0.00134EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.10 views

uutils coreutils has an Unchecked Return Value Issue

The dd utility in uutils coreutils suppresses errors during file truncation operations by unconditionally calling Result::ok on truncation attempts. While intended to mimic GNU behavior for special files like /dev/null, the uutils implementation also hides failures on regular files and directorie...

3.3CVSS5.4AI score0.00115EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder