Lucene search
K

8483 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.4 views

CVE-2026-30837

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation and client-server communication. Prior to 1.4.26 , t.String format: 'url' is vulnerable to ReDoS. Repeating a partial url format protocol and hostname multiple times cause regex to slow down...

7.5CVSS5.8AI score0.00494EPSS
Exploits1References1
CNVD
CNVD
added 2026/03/26 12:0 a.m.2 views

OpenClaw Denial of Service Vulnerability (CNVD-2026-15152)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a denial of service hole that can be exploited by attackers to cause regular expression injection and denial of service...

8.2CVSS5.9AI score0.00311EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.7 views

Picomatch 安全漏洞

Picomatch is a fast and accurate Glob pattern matching library written in JavaScript, developed by micromatch. Versions prior to Picomatch 4.0.4, 3.0.2, and 2.3.2 contained security vulnerabilities. These vulnerabilities stemmed from regular expression denial-of-service attacks when processing...

7.5CVSS5.8AI score0.00412EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/25 9:12 p.m.2 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS when processing crafted extglob patterns. An attacker can cause excessive CPU consumption and block the event loop by supplying crafted extglob patterns that trigger catastrophic backtracking i...

8.7CVSS5.8AI score0.00412EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/25 9:12 p.m.2 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS when processing crafted extglob patterns. An attacker can cause excessive CPU consumption and block the event loop by supplying crafted extglob patterns that trigger catastrophic backtracking i...

8.7CVSS5.7AI score0.00412EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/25 9:12 p.m.14 views

Picomatch has a ReDoS vulnerability via extglob quantifiers

Impact picomatch is vulnerable to Regular Expression Denial of Service ReDoS when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as + and , especially when combined with overlapping alternatives or nested extglobs, are compiled into regular expressions that c...

7.5CVSS5.5AI score0.00412EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/25 9:12 p.m.1 views

GHSA-C2C7-RCM5-VVQJ Picomatch has a ReDoS vulnerability via extglob quantifiers

Impact picomatch is vulnerable to Regular Expression Denial of Service ReDoS when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as + and , especially when combined with overlapping alternatives or nested extglobs, are compiled into regular expressions that c...

7.5CVSS6.6AI score0.00412EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.9 views

PT-2026-28173

Name of the Vulnerable Software and Affected Versions Picomatch versions prior to 4.0.4 Picomatch versions prior to 3.0.2 Picomatch versions prior to 2.3.2 Description Picomatch, a JavaScript glob matcher, contains a flaw where specially crafted POSIX bracket expressions, such as :constructor:, c...

5.3CVSS6.1AI score0.0041EPSS
Exploits0References15
UbuntuCve
UbuntuCve
added 2026/03/24 7:16 p.m.3 views

CVE-2026-23920

Host and event action script input is validated with a regex set by the administrator, but the validation runs in multiline mode. If ^ and $ anchors are used in user input validation, an injected newline lets authenticated users bypass the check and inject shell commands...

7.7CVSS5.9AI score0.00248EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/24 6:27 p.m.2 views

CVE-2026-23920

Host and event action script input is validated with a regex set by the administrator, but the validation runs in multiline mode. If ^ and $ anchors are used in user input validation, an injected newline lets authenticated users bypass the check and inject shell commands...

7.7CVSS5.8AI score0.00248EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/24 6:27 p.m.19 views

CVE-2026-23920 Host and event action script regex validation can be bypassed in certain situations, leading to potential command injection

Host and event action script input is validated with a regex set by the administrator, but the validation runs in multiline mode. If ^ and $ anchors are used in user input validation, an injected newline lets authenticated users bypass the check and inject shell commands...

7.7CVSS0.00248EPSS
Exploits0References1
NVD
NVD
added 2026/03/24 2:16 p.m.5 views

CVE-2026-33418

DiceBear is an avatar library for designers and developers. Prior to version 9.4.2, the ensureSize function in @dicebear/converter used a regex-based approach to rewrite SVG width/height attributes, capping them at 2048px to prevent denial of service. This size capping could be bypassed by crafti...

7.5CVSS0.00376EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/24 3:26 a.m.28 views

CVE-2026-4744 Notepad3 Bundled Oniguruma compile_string_node() Heap Buffer Overflow via Crafted Regex Pattern Allows Arbitrary Code Execution

Out-of-bounds Read vulnerability in rizonesoft Notepad3 ‎scintilla/oniguruma/src modules. This vulnerability is associated with program files regcomp.C‎. This issue affects Notepad3: before 6.25.714.1...

9.3CVSS0.00128EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/24 12:32 a.m.3 views

Regular Expression Denial of Service (ReDoS)

Overview activesupport is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in numbertodelimited in the NumberToDelimitedConverter. An attacker can cause...

6.9CVSS5.8AI score0.00498EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/23 11:7 p.m.19 views

CVE-2026-33169 Rails Active Support has a possible ReDoS vulnerability in number_to_delimited

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. NumberToDelimitedConverter uses a lookahead-based regular expression with gsub! to insert thousands delimiters. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, the interaction between th...

6.9CVSS0.00498EPSS
Exploits0References7
OSV
OSV
added 2026/03/23 8:52 p.m.0 views

GHSA-CG4J-Q9V8-6V38 Rails Active Support has a possible ReDoS vulnerability in number_to_delimited

Impact NumberToDelimitedConverter used a regular expression with gsub! to insert thousands delimiters. This could produce quadratic time complexity on long digit strings. Releases The fixed releases are available at the normal locations. Credit This issue was responsibly reported by Hackerone...

6.9CVSS6.5AI score0.00498EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/03/23 10:53 a.m.5 views

CVE-2026-4539

A flaw was found in pygments. A local user can exploit this vulnerability by providing specially crafted input to the AdlLexer function, which leads to inefficient regular expression processing. This can result in a Denial of Service DoS, making the application unresponsive...

4.8CVSS5.7AI score0.00156EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.6 views

Rails 安全漏洞

Rails is an open-source web application framework based on the Ruby language, developed by the Rails team in the United States. Vulnerabilities exist in versions of Rails prior to 8.1.2.1, 8.0.4.1, and 7.2.3.1. These vulnerabilities stem from a problem with regular expressions that involves...

6.9CVSS5.8AI score0.00498EPSS
Exploits0References8
FreeBSD
FreeBSD
added 2026/03/23 12:0 a.m.9 views

Python -- configparser vulnerable to excessive CPU use

Stan Ulbrych reports: configparser.RawConfigParser.OPTCRE,OPTCRENV regexes are vulnerable to quadratic backtracking...

5.8AI score
Exploits0References1
Snyk
Snyk
added 2026/03/22 8:38 a.m.4 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the AdlLexer class in the archetype.py file. A user can cause excessive resource consumption. Details Denial of Service DoS describes a family of attacks, all aimed at making a system...

4.8CVSS5.8AI score0.00156EPSS
Exploits0References2
Rows per page
Query Builder