Lucene search
K

8483 matches found

Vulnrichment
Vulnrichment
added 2026/03/22 5:35 a.m.2 views

CVE-2026-4539 pygments archetype.py AdlLexer redos

A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit has been released...

4.8CVSS5.4AI score0.00156EPSS
Exploits0References5
CVE
CVE
added 2026/03/22 5:35 a.m.118 views

CVE-2026-4539

CVE-2026-4539 affects the Pygments project, specifically the AdlLexer in pygments/lexers/archetype.py up to version 2.19.2. The issue stems from an inefficient regular expression construct in the AdlLexer, enabling a local-access DoS/slowdown scenario. Publicly released exploit material exists, a...

4.8CVSS5.4AI score0.00156EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/20 11:25 p.m.3 views

CVE-2026-2430 Autoptimize <= 3.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lazy-loaded Image Attributes

The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lazy-loading image processing in all versions up to, and including, 3.1.14. This is due to the use of an overly permissive regular expression in the addlazyload function that replaces all occurrences of \ssr...

6.4CVSS6AI score0.00198EPSS
Exploits0References5
Veracode
Veracode
added 2026/03/20 1:8 p.m.19 views

Regular Expression Denial Of Service (ReDoS)

Valibot is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient processing in the EMOJIREGEX used by the emoji action, which allows an attacker to supply a crafted input that triggers excessive CPU consumption and causes a denial of service...

7.5CVSS5.8AI score0.00289EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/20 11:37 a.m.4 views

BIT-PARSE-2026-32770 Parse Server: LiveQuery subscription with invalid regular expression crashes server

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0 and 8.6.43, a remote attacker can crash the Parse Server by subscribing to a LiveQuery with an invalid regular expression pattern. The server process terminates when the invalid...

7.5CVSS5.9AI score0.0055EPSS
Exploits0References4
OSV
OSV
added 2026/03/19 10:1 p.m.8 views

CVE-2026-30873 OpenWrt Project jsonpath: Memory leak when processing strings, labels, and regexp tokens

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24.10.6 and 25.12.1, the jpgettoken function, which performs lexical analysis by breaking input expressions into tokens, contains a memory leak vulnerability when extracting string literals, field...

2.4CVSS5.8AI score0.00515EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/19 10:1 p.m.6 views

CVE-2026-30873 OpenWrt Project jsonpath: Memory leak when processing strings, labels, and regexp tokens

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24.10.6 and 25.12.1, the jpgettoken function, which performs lexical analysis by breaking input expressions into tokens, contains a memory leak vulnerability when extracting string literals, field...

2.4CVSS5.7AI score0.00515EPSS
Exploits0References3
CVE
CVE
added 2026/03/19 10:1 p.m.9 views

CVE-2026-30873

CVE-2026-30873 affects OpenWrt Project’s jsonpath component, specifically the jp_get_token function used during lexical analysis. In OpenWrt releases prior to 24.10.6 and 25.12.1, memory allocated for strings, field labels, and regular expressions is copied to a new jp_opcode object without freei...

4.9CVSS5.7AI score0.00515EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.4 views

PT-2026-26382

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24.10.6 and 25.12.1, the jp get token function, which performs lexical analysis by breaking input expressions into tokens, contains a memory leak vulnerability when extracting string literals, field...

2.4CVSS5.7AI score0.00515EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/18 6:31 p.m.2 views

EUVD-2026-12862

An issue in the VirtualHost configuration handling/parser component of aaPanel v7.57.0 allows attackers to cause a Regular Expression Denial of Service ReDoS via a crafted input...

5.8AI score0.00337EPSS
Exploits1References3
OSV
OSV
added 2026/03/18 6:16 p.m.4 views

CVE-2026-29856

An issue in the VirtualHost configuration handling/parser component of aaPanel v7.57.0 allows attackers to cause a Regular Expression Denial of Service ReDoS via a crafted input...

7.5CVSS5.9AI score0.00337EPSS
Exploits1References2
NVD
NVD
added 2026/03/18 2:16 a.m.2 views

CVE-2026-22178

OpenClaw versions prior to 2026.2.19 construct RegExp objects directly from unescaped Feishu mention metadata in the stripBotMention function, allowing regex injection and denial of service. Attackers can craft nested-quantifier patterns or metacharacters in mention metadata to trigger catastroph...

8.2CVSS0.00311EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/18 1:34 a.m.3 views

EUVD-2026-12722

OpenClaw versions prior to 2026.2.19 construct RegExp objects directly from unescaped Feishu mention metadata in the stripBotMention function, allowing regex injection and denial of service. Attackers can craft nested-quantifier patterns or metacharacters in mention metadata to trigger catastroph...

6.9CVSS5.8AI score0.00311EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/18 1:34 a.m.2 views

CVE-2026-22178 OpenClaw < 2026.2.19 - ReDoS and Regex Injection via Unescaped Feishu Mention Metadata

OpenClaw versions prior to 2026.2.19 construct RegExp objects directly from unescaped Feishu mention metadata in the stripBotMention function, allowing regex injection and denial of service. Attackers can craft nested-quantifier patterns or metacharacters in mention metadata to trigger catastroph...

6.9CVSS5.8AI score0.00311EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/18 12:0 a.m.2 views

CVE-2026-29856

An issue in the VirtualHost configuration handling/parser component of aaPanel v7.57.0 allows attackers to cause a Regular Expression Denial of Service ReDoS via a crafted input...

5.8AI score0.00337EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.4 views

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a denial of service hole that can be exploited by attackers to cause regular expression injection and denial of service...

8.2CVSS5.8AI score0.00311EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/18 12:0 a.m.5 views

CVE-2026-29856

An issue in the VirtualHost configuration handling/parser component of aaPanel v7.57.0 allows attackers to cause a Regular Expression Denial of Service ReDoS via a crafted input...

5.8AI score0.00337EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.8 views

aaPanel 安全漏洞

aaPanel is a simple yet powerful web-based control panel developed under the open source license. Version 7.57.0 of aaPanel contains a security vulnerability, which stems from a regular expression denial-of-service issue in the VirtualHost configuration processing/parser component...

7.5CVSS5.8AI score0.00337EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/17 6:37 p.m.6 views

Improper Validation of Syntactic Correctness of Input

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the LiveQuery subscription when an invalid regular expression patte...

8.2CVSS5.8AI score0.0055EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/17 6:37 p.m.13 views

Parse Server LiveQuery subscription with invalid regular expression crashes server

Impact A remote attacker can crash the Parse Server by subscribing to a LiveQuery with an invalid regular expression pattern. The server process terminates when the invalid pattern reaches the regex engine during subscription matching, causing denial of service for all connected clients. Patches...

7.5CVSS5.9AI score0.0055EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder