Lucene search
K

8483 matches found

RedhatCVE
RedhatCVE
added 2026/03/31 4:59 a.m.2 views

CVE-2026-30307

Roo Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, i...

9.8CVSS6.3AI score0.01145EPSS
Exploits0References1
NVD
NVD
added 2026/03/31 3:15 a.m.4 views

CVE-2026-34043

Serialize JavaScript to a superset of JSON that includes regular expressions and functions. Prior to version 7.0.5, there is a Denial of Service DoS vulnerability caused by CPU exhaustion. When serializing a specially crafted "array-like" object an object that inherits from Array.prototype but ha...

7.5CVSS0.00472EPSS
Exploits0References3
CVE
CVE
added 2026/03/31 12:0 a.m.12 views

CVE-2026-30311

Summary: Ridvay Code’s command auto-approval module contains a critical OS command injection vulnerability. The whitelist relies on fragile regular expressions that do not account for standard Shell command substitutions (e.g., $(...) and backticks), allowing an attacker to craft commands such as...

9.8CVSS6.3AI score0.01659EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 3:17 p.m.7 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses ajv-6.12.6 in multiple applications which is vulnerable CVE-2025-69873

Summary IBM Maximo Application Suite - Manage Component uses ajv-6.12.6 in multiple applications which is vulnerable CVE-2025-69873 Vulnerability Details CVEID:CVE-2025-69873 DESCRIPTION: ajv Another JSON Schema Validator before 8.18.0 is vulnerable to Regular Expression Denial of Service ReDoS...

7.5CVSS6.1AI score0.00492EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/30 10:21 a.m.3 views

CVE-2026-33994

A flaw was found in the locutus npm package. A prototype pollution vulnerability exists in the parsestr function. A remote attacker can exploit this by crafting a malicious query string and overriding RegExp.prototype.test, leading to the pollution of Object.prototype. This bypasses existing...

9.8CVSS5.9AI score0.00559EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/03/30 12:0 a.m.25 views

CVE-2026-30305

Syntx's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, it...

0.01145EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/30 12:0 a.m.4 views

CVE-2026-30305

Syntx's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, it...

6.3AI score0.01145EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/03/29 8:3 a.m.8 views

Picomatch has a ReDoS vulnerability via extglob quantifiers

...

7.5CVSS5.8AI score0.00412EPSS
Exploits0
GithubExploit
GithubExploit
added 2026/03/28 10:15 a.m.142 views

Exploit for Inefficient Regular Expression Complexity in Ua-Parser-Js_Project Ua-Parser-Js

No d...

7.5CVSS6.8AI score0.01725EPSS
Exploits2
NVD
NVD
added 2026/03/27 11:17 p.m.5 views

CVE-2026-33994

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Starting in version 2.0.39 and prior to version 3.0.25, a prototype pollution vulnerability exists in the parsestr function of the npm package locutus. An attacker can pollute Object.prototype by...

9.8CVSS0.00559EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/27 10:23 p.m.12 views

path-to-regexp vulnerable to Regular Expression Denial of Service via multiple wildcards

Impact When using multiple wildcards, combined with at least one parameter, a regular expression can be generated that is vulnerable to ReDoS. This backtracking vulnerability requires the second wildcard to be somewhere other than the end of the path. Unsafe examples: /foo-bar-:baz /a-:b-c-:d...

5.9CVSS5.9AI score0.00353EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/27 10:23 p.m.4 views

GHSA-27V5-C462-WPQ7 path-to-regexp vulnerable to Regular Expression Denial of Service via multiple wildcards

Impact When using multiple wildcards, combined with at least one parameter, a regular expression can be generated that is vulnerable to ReDoS. This backtracking vulnerability requires the second wildcard to be somewhere other than the end of the path. Unsafe examples: /foo-bar-:baz /a-:b-c-:d...

5.9CVSS5.8AI score0.00353EPSS
Exploits0References5
CVE
CVE
added 2026/03/27 10:15 p.m.11 views

CVE-2026-33994

Locutus (npm) in parse_str.js is affected by a prototype-pollution vulnerability in versions 2.0.39 through 3.0.24, due to an incomplete fix for CVE-2026-25521. The attack can pollute Object.prototype by overriding RegExp.prototype.test and supplying a crafted query string, bypassing the guard th...

9.8CVSS5.9AI score0.00559EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/27 10:15 p.m.1 views

CVE-2026-33994

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Starting in version 2.0.39 and prior to version 3.0.25, a prototype pollution vulnerability exists in the parsestr function of the npm package locutus. An attacker can pollute Object.prototype by...

9.4CVSS5.9AI score0.00559EPSS
Exploits2References5Affected Software1
OSV
OSV
added 2026/03/27 10:15 p.m.5 views

CVE-2026-33994 Locutus Prototype Pollution due to incomplete fix for CVE-2026-25521

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Starting in version 2.0.39 and prior to version 3.0.25, a prototype pollution vulnerability exists in the parsestr function of the npm package locutus. An attacker can pollute Object.prototype by...

6.3CVSS5.9AI score0.00559EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/03/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-33672

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to a method injection vulnerability affecting the...

5.3CVSS6.1AI score0.0041EPSS
Exploits0References4
NVD
NVD
added 2026/03/26 10:16 p.m.13 views

CVE-2026-33671

Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service ReDoS when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as + and , especially when combined with overlapping...

7.5CVSS0.00412EPSS
Exploits0References2
OSV
OSV
added 2026/03/26 10:16 p.m.2 views

DEBIAN-CVE-2026-33671

Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service ReDoS when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as + and , especially when combined with overlapping...

7.5CVSS5.4AI score0.00412EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/26 9:20 p.m.1 views

CVE-2026-33671

Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service ReDoS when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as + and , especially when combined with overlapping...

7.5CVSS5.8AI score0.00412EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/26 9:20 p.m.41 views

CVE-2026-33671 Picomatch has a ReDoS vulnerability via extglob quantifiers

Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service ReDoS when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as + and , especially when combined with overlapping...

7.5CVSS0.00412EPSS
Exploits0References2
Rows per page
Query Builder