Lucene search
K

8488 matches found

OSV
OSV
added 2026/04/21 5:17 p.m.5 views

GHSA-7GCJ-PHFF-2884 Signal K Server has an Unauthenticated Regular Expression Denial of Service (ReDoS) via WebSocket Subscription Paths

Summary The SignalK server is vulnerable to an unauthenticated Regular Expression Denial of Service ReDoS attack within its WebSocket subscription handling logic. By injecting unescaped regex metacharacters into the context parameter of a stream subscription, an attacker can force the server's...

7.5CVSS5.8AI score0.00427EPSS
Exploits1References6
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/21 5:5 p.m.6 views

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the path-to-regexp package

Summary Due to use of the path-to-regexp package, DevOps Test Performance and Rational Performance Tester contain a potential Regular Expression Denial of Service ReDoS vulnerability. Vulnerability Details CVEID:CVE-2026-4867 DESCRIPTION: Impact: A bad regular expression is generated any time you...

7.5CVSS5.8AI score0.00496EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/04/21 4:25 p.m.6 views

EUVD-2026-24151

Tekton Pipelines has VerificationPolicy regex pattern bypass via substring matching...

6.5CVSS5.7AI score0.00264EPSS
Exploits1References4
Snyk
Snyk
added 2026/04/21 4:5 p.m.5 views

Permissive Regular Expression

Overview Affected versions of this package are vulnerable to Permissive Regular Expression in the VerificationPolicy module when matchin refSource.URITekton. An attacker can alter verification modes or keys and potentially compromise the integrity of CI/CD pipelines by supplying resources source...

7.1CVSS5.4AI score0.00264EPSS
Exploits1References2
CVE
CVE
added 2026/04/21 12:7 a.m.21 views

CVE-2026-39320

The Signal K Server CVE-2026-39320 affects versions prior to 2.25.0, where an unauthenticated Regular Expression Denial of Service (ReDoS) can be triggered via WebSocket subscription handling. The root cause is injection of unescaped regex metacharacters into the context parameter of a stream sub...

7.5CVSS5.8AI score0.00427EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/04/21 12:7 a.m.29 views

CVE-2026-39320 Signal K Server has an Unauthenticated Regular Expression Denial of Service (ReDoS) via WebSocket Subscription Paths

Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.25.0 are vulnerable to an unauthenticated Regular Expression Denial of Service ReDoS attack within the WebSocket subscription handling logic. By injecting unescaped regex metacharacters into the...

7.5CVSS0.00427EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/04/21 12:7 a.m.6 views

CVE-2026-39320

Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.25.0 are vulnerable to an unauthenticated Regular Expression Denial of Service ReDoS attack within the WebSocket subscription handling logic. By injecting unescaped regex metacharacters into the...

7.5CVSS5.8AI score0.00427EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.12 views

Tekton Pipelines 安全漏洞

Tekton Pipelines is a cloud-native pipeline developed by Tekton Open Source. There are security vulnerabilities in versions 0.43.0 to 1.11.0 of Tekton Pipelines. These vulnerabilities stem from improper regular expression matching, which could allow attackers to bypass resource verification...

6.5CVSS5.8AI score0.00264EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.5 views

PT-2026-33877

Name of the Vulnerable Software and Affected Versions Signal K Server versions prior to 2.25.0 Description An unauthenticated Regular Expression Denial of Service ReDoS exists within the WebSocket subscription handling logic. By injecting unescaped regex metacharacters into the context parameter ...

7.5CVSS5.7AI score0.00427EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.3 views

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-010872)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010872 advisory. In the Linux kernel, the following vulnerability has been resolved: bfs: Reconstruct file type when loading from disk syzbot is reporting that SIFMT bits of...

5.6AI score0.00161EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.5 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010726)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010726 advisory. An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the ODIRECTORY flag, and tries to open a regular file, nfsatomicope...

3.3CVSS6.7AI score0.004EPSS
Exploits0References3
Redos
Redos
added 2026/04/20 12:0 a.m.5 views

ROS-20260420-73-0038

Vulnerability in nodejs-minimatch related to the use of regular expression with inefficient computational complexity. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

8.7CVSS6.6AI score0.00519EPSS
Exploits1
Veracode
Veracode
added 2026/04/18 5:37 a.m.11 views

Giskard Has A Regular Expression Denial Of Service (ReDoS) In RegexMatching Check

Summary The RegexMatching check in the "giskard-checks" package passes a user-supplied regular expression pattern directly to Python's re.search without any timeout, complexity guard, or pattern validation. An attacker who can control the regex pattern or the text being matched can craft inputs...

5.5CVSS6AI score0.00149EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/04/17 5:16 p.m.7 views

CVE-2026-40319

CVE-2026-40319 affects Giskard’s giskard-checks RegexMatching, where a user-supplied regex pattern is passed to Python's re.search() without a timeout or complexity guard in versions prior to 1.0.2b1. This can cause catastrophic backtracking (ReDoS) and potentially hang the process. Exploitation ...

5.5CVSS5.8AI score0.00149EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/17 5:16 p.m.5 views

CVE-2026-40319 Giskard has a Regular Expression Denial of Service (ReDoS) in RegexMatching Check

Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a user-supplied regular expression pattern directly to Python's re.search without any timeout or complexity guard. A crafted regex pattern can trigger catastrophic backtracking,...

1CVSS5.8AI score0.00149EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/17 5:16 p.m.34 views

CVE-2026-40319 Giskard has a Regular Expression Denial of Service (ReDoS) in RegexMatching Check

Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a user-supplied regular expression pattern directly to Python's re.search without any timeout or complexity guard. A crafted regex pattern can trigger catastrophic backtracking,...

1CVSS0.00149EPSS
Exploits0References2
Veracode
Veracode
added 2026/04/17 8:17 a.m.9 views

Regular Expression Denial Of Service

fast-jwt is vulnerable to Regular Expression Denial of Service. The vulnerability is due to the library allowing regular expressions in claim validation, where a crafted JWT can trigger catastrophic backtracking in the JavaScript regex engine, resulting in significant CPU consumption during...

6.5CVSS5.7AI score0.00262EPSS
Exploits1References4Affected Software1
Fedora
Fedora
added 2026/04/17 12:54 a.m.4 views

[SECURITY] Fedora 43 Update: podman-5.8.2-1.fc43

podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...

7.5CVSS6.4AI score0.00651EPSS
Exploits0
Redos
Redos
added 2026/04/17 12:0 a.m.7 views

ROS-20260417-73-0021

Vulnerability in python-PyPDF2 related to the use of regular expression with inefficient computational complexity. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

6.9CVSS5.8AI score0.00391EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.11 views

Giskard 安全漏洞

Giskard is an open-source evaluation and testing framework for artificial intelligence systems developed by Giskard. Versions of Giskard prior to 1.0.2b1 contained security vulnerabilities. These vulnerabilities stemmed from the direct passing of user-provided regular expressions to the re.search...

5.5CVSS5.8AI score0.00149EPSS
Exploits0References2
Rows per page
Query Builder