Lucene search
K

8482 matches found

Github Security Blog
Github Security Blog
added 2026/04/16 10:40 p.m.9 views

Budibase: Authentication Bypass via Unanchored Regex in Public Endpoint Matcher — Unauthenticated Access to Protected Endpoints

Summary The authenticated middleware uses unanchored regular expressions to match public no-auth endpoint patterns against ctx.request.url. Since ctx.request.url in Koa includes the query string, an attacker can access any protected endpoint by appending a public endpoint path as a query paramete...

9.1CVSS5.9AI score0.00445EPSS
Exploits1References3Affected Software1
RedHat Linux
RedHat Linux
added 2026/04/15 7:16 p.m.10 views

minimatch: minimatch: Denial of Service via specially crafted glob patterns

A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...

8.7CVSS6.6AI score0.00519EPSS
Exploits1References6
Snyk
Snyk
added 2026/04/14 11:13 p.m.6 views

Regular Expression Denial of Service (ReDoS)

Overview giskard-checks is an Add your description here Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the re.search file. An attacker can cause the process to hang and impact system availability by supplying a crafted regular expression pattern ...

5.5CVSS5.8AI score0.00149EPSS
Exploits0References2
OSV
OSV
added 2026/04/14 11:13 p.m.8 views

GHSA-RQ2Q-4R55-9877 Giskard has a Regular Expression Denial of Service (ReDoS) in RegexMatching Check

Summary The RegexMatching check in the giskard-checks package passes a user-supplied regular expression pattern directly to Python's re.search without any timeout, complexity guard, or pattern validation. An attacker who can control the regex pattern or the text being matched can craft inputs tha...

5.5CVSS5.9AI score0.00149EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/14 11:13 p.m.10 views

Giskard has a Regular Expression Denial of Service (ReDoS) in RegexMatching Check

Summary The RegexMatching check in the giskard-checks package passes a user-supplied regular expression pattern directly to Python's re.search without any timeout, complexity guard, or pattern validation. An attacker who can control the regex pattern or the text being matched can craft inputs tha...

5.5CVSS5.9AI score0.00149EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/14 1:10 p.m.5 views

JLSEC-2026-101

Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service ReDoS due to the upgradeWebSocket function, which contains regexes in the form of /s,s/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrade header can be used to...

7.5CVSS7.1AI score0.01229EPSS
Exploits1References10
OSV
OSV
added 2026/04/14 12:13 p.m.5 views

OPENSUSE-SU-2026:20532-1 Security update for cockpit-subscriptions

This update for cockpit-subscriptions fixes the following issue: - CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string bsc1258637...

8.7CVSS5.8AI score0.00519EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/04/14 7:23 a.m.4 views

minimatch: minimatch: Denial of Service via specially crafted glob patterns

A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...

8.7CVSS6.6AI score0.00519EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.8 views

PT-2026-32983

Name of the Vulnerable Software and Affected Versions Giskard versions prior to 1.0.2b1 Description The RegexMatching check in the giskard-checks package passes a user-supplied regular expression pattern directly to the Python re.search function without a timeout, complexity guard, or pattern...

1CVSS5.9AI score0.00149EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/04/13 6:36 p.m.5 views

minimatch: minimatch: Denial of Service via specially crafted glob patterns

A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...

8.7CVSS6.6AI score0.00519EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/04/13 2:27 a.m.9 views

minimatch: minimatch: Denial of Service via specially crafted glob patterns

A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...

8.7CVSS6.6AI score0.00519EPSS
Exploits1References6
Microsoft CVE
Microsoft CVE
added 2026/04/11 8:1 a.m.8 views

Addressable has a Regular Expression Denial of Service in Addressable templates

...

7.5CVSS5.8AI score0.0036EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 1:4 p.m.5 views

Security Bulletin: DevOps Test Performance contains a potential denial of service (DoS) vulnerability

Summary Due to the use of the minimatch library, DevOps Test Performance and Rational Performance Tester contain a potential denial of Service vulnerability. Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch is a minimal matching utility for converting glob expressions into...

8.7CVSS6.5AI score0.00519EPSS
Exploits3Affected Software1
OSV
OSV
added 2026/04/10 11:42 a.m.4 views

SUSE-SU-2026:21166-1 Security update for cockpit

This update for cockpit fixes the following issues: - CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive resource consumption and crash a Node.js process bsc1257836. - CVE-2026-26996: minimatch: processing of glob pattern containing repeated wildcards followed ...

9.2CVSS7.1AI score0.00519EPSS
Exploits1References5
Snyk
Snyk
added 2026/04/10 12:30 a.m.2 views

Regular Expression Denial of Service (ReDoS)

Overview js-video-url-parser is an A parser to extract provider, video id, starttime and others from YouTube, Vimeo, ... urls Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the getTime function in lib/util.js. An attacker can cause excessive...

6.9CVSS5.9AI score0.00372EPSS
Exploits0References2
OSV
OSV
added 2026/04/10 12:30 a.m.15 views

GHSA-8FGX-WGVR-PCX8 Zod jsVideoUrlParser vulnerable to ReDoS in util.js

A weakness has been identified in Zod jsVideoUrlParser up to 0.5.1. The impacted element is the function getTime in the library lib/util.js. This manipulation of the argument timestamp causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit ha...

6.9CVSS5.5AI score0.00372EPSS
Exploits0References7
Redos
Redos
added 2026/04/10 12:0 a.m.5 views

ROS-20260410-73-0011

Vulnerability in libssh related to the use of regular expression with inefficient computational complexity. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

5.5CVSS6.4AI score0.00223EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/04/09 11:25 p.m.6 views

SUSE CVE-2026-35611

Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. From 2.3.0 to before 2.9.0, within the URI template implementation in Addressable, two classes of URI template generate regular expressions vulnerable to catastrophic backtracking...

7.5CVSS5.7AI score0.0036EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/04/09 8:27 p.m.7 views

minimatch: minimatch: Denial of Service via specially crafted glob patterns

A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...

8.7CVSS6.5AI score0.00519EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/04/09 4:41 p.m.11 views

fast-jwt has a ReDoS when using RegExp in allowed* leading to CPU exhaustion during token verification

⚠️ IMPORTANT CLARIFICATIONS Affected Configurations This vulnerability ONLY affects applications that: - Use RegExp objects not strings in the allowedAud, allowedIss, allowedSub, allowedJti, or allowedNonce options - Configure patterns susceptible to catastrophic backtracking - Example: allowedAud...

6.5CVSS6AI score0.00262EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder