Lucene search
K

8483 matches found

CVE
CVE
added 2026/03/16 11:13 a.m.20 views

CVE-2026-2463

CVE-2026-2463 affects Mattermost up to versions 11.3.0, 11.2.2, and 10.11.10. The issue arises because invite IDs are not properly filtered by user permissions during team creation, allowing regular users to bypass access controls and register unauthorized accounts via leaked invite IDs. The vuln...

4.3CVSS5.8AI score0.0017EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/14 8:42 a.m.5 views

BIT-LIBPYTHON-2025-13462 tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling

The "tarfile" module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations...

3.3CVSS5.8AI score0.00164EPSS
Exploits0References7
Snyk
Snyk
added 2026/03/13 8:55 p.m.6 views

Permissive Regular Expression

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Permissive Regular Expression via the matchesExecAllowlistPattern function. An attacker can bypass intended command or executable path restrictions by crafting paths that exploit overly...

9.8CVSS5.6AI score0.00406EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/13 1:16 p.m.3 views

SUSE CVE-2026-28356

multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 and 1.4.0-dev, the parseoptionsheader function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted HTTP or multipar...

7.5CVSS5.8AI score0.00606EPSS
Exploits0References3
OSV
OSV
added 2026/03/12 8:16 p.m.4 views

UBUNTU-CVE-2026-32249

Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range e.g. 0-0\u05bb, incorrectly emits the composing bytes of that character as separate NFA...

5.5CVSS6.1AI score0.00133EPSS
Exploits0References4
OSV
OSV
added 2026/03/12 7:17 p.m.3 views

CVE-2026-32249 NFA regex engine NULL pointer dereference affects Vim < 9.2.0137

Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range e.g. 0-0\u05bb, incorrectly emits the composing bytes of that character as separate NFA...

5.3CVSS5.8AI score0.00133EPSS
Exploits0References5
Snyk
Snyk
added 2026/03/12 6:32 p.m.3 views

Regular Expression Denial of Service (ReDoS)

Overview multipart is a Parser for multipart/form-data Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the parseoptionsheader function due to the use of a regular expression with ambiguous alternation. An attacker can cause significant resource...

8.7CVSS5.8AI score0.00606EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/12 6:32 p.m.6 views

EUVD-2026-11607

multipart vulnerable to ReDoS in parseoptionsheader...

7.5CVSS5.8AI score0.00606EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/12 6:30 p.m.3 views

EUVD-2025-208613

The "tarfile" module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations...

2CVSS5.8AI score0.00164EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/03/12 6:16 p.m.2 views

CVE-2025-13462

The "tarfile" module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations...

2CVSS5.9AI score0.00164EPSS
Exploits0References1
OSV
OSV
added 2026/03/12 5:59 p.m.10 views

PSF-2026-10

The "tarfile" module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations...

3.3CVSS5.8AI score0.00164EPSS
Exploits0References9
OSV
OSV
added 2026/03/12 5:16 p.m.4 views

UBUNTU-CVE-2026-28356

multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 and 1.4.0-dev, the parseoptionsheader function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted HTTP or multipar...

7.5CVSS5.8AI score0.00606EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/12 4:37 p.m.6 views

EUVD-2026-11342

Parse Server has a SQL injection via query field name when using PostgreSQL...

5.1CVSS5.8AI score0.00201EPSS
Exploits0References4
OSV
OSV
added 2026/03/12 2:47 p.m.3 views

BIT-PARSE-2026-30925 Parse Server affected by Regular Expression Denial of Service (ReDoS) via `$regex` query in LiveQuery

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.0 and 8.6.11, a malicious client can subscribe to a LiveQuery with a crafted $regex pattern that causes catastrophic backtracking, blocking the Node.js event loop. This makes the...

8.2CVSS5.8AI score0.00446EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/10 9:4 p.m.3 views

EUVD-2026-10860

Elysia has a string URL format ReDoS...

7.5CVSS5.8AI score0.00494EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/10 9:4 p.m.2 views

Regular Expression Denial of Service (ReDoS)

Overview elysia is an Ergonomic Framework for Human Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the t.String process when handling URL formats. An attacker can cause significant performance degradation and service unavailability by submitting...

8.7CVSS5.8AI score0.00494EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/10 2:12 a.m.4 views

CVE-2025-70030

An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity 4.19 was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4...

7.5CVSS5.8AI score0.00339EPSS
Exploits0References1
OSV
OSV
added 2026/03/10 12:57 a.m.4 views

GHSA-MF3J-86QX-CQ5J Parse Server has Regular Expression Denial of Service (ReDoS) via `$regex` query in LiveQuery

Impact A malicious client can subscribe to a LiveQuery with a crafted $regex pattern that causes catastrophic backtracking, blocking the Node.js event loop. This makes the entire Parse Server unresponsive, affecting all clients. Any Parse Server deployment with LiveQuery enabled is affected. The...

8.2CVSS5.8AI score0.00446EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/10 12:57 a.m.5 views

Parse Server has Regular Expression Denial of Service (ReDoS) via `$regex` query in LiveQuery

Impact A malicious client can subscribe to a LiveQuery with a crafted $regex pattern that causes catastrophic backtracking, blocking the Node.js event loop. This makes the entire Parse Server unresponsive, affecting all clients. Any Parse Server deployment with LiveQuery enabled is affected. The...

8.2CVSS5.8AI score0.00446EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/03/10 12:35 a.m.0 views

Regular Expression Denial of Service (ReDoS)

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the handling of $regex in the LiveQuery component. An attacker can cause the...

8.2CVSS5.6AI score0.00446EPSS
Exploits0References2
Rows per page
Query Builder