8483 matches found
CVE-2025-70034
An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity 4.19 was discovered in mscdex ssh2 v1.17.0...
CVE-2025-70030
An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity 4.19 was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4...
PT-2026-24103
Name of the Vulnerable Software and Affected Versions Sunbird-Ed SunbirdEd-portal version 1.13.4 Description The software contains an issue related to inefficient regular expression complexity. The complexity of the regular expressions may lead to performance issues. Recommendations Update...
SSH2 安全漏洞
SSH2 is an SSH client and server module developed by mscdex’s individual developers. Version 1.17.0 of SSH2 contains a security vulnerability, which stems from the inefficiency of regular expressions...
CVE-2025-70030
CVE-2025-70030 affects Sunbird-Ed SunbirdEd-portal v1.13.4. The issue is CWE-1333: Inefficient Regular Expression Complexity, caused by complex regexes in the portal that can lead to performance degradation (absence of confidentiality/integrity impact, but availability impact is high). The CVSSv3...
CVE-2025-70034
An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity 4.19 was discovered in mscdex ssh2 v1.17.0...
Uncontrolled Recursion
Overview Affected versions of this package are vulnerable to Uncontrolled Recursion through the std::regex process in multipart filename parsing. An attacker can cause the server to crash by sending a specially crafted HTTP POST request with a malicious filename parameter, leading to uncontrolled...
CVE-2026-29076
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.37.0, cpp-httplib uses std::regex libstdc++ to parse RFC 5987 encoded filename values in multipart Content-Disposition headers. The regex engine in libstdc++ implements backtracking via deep...
EUVD-2026-10061
parse-server: Malformed $regex query leaks database error details in API response...
CVE-2026-3419
Fastify incorrectly accepts malformed Content-Type headers containing trailing characters after the subtype token, in violation of RFC 9110 §8.3.1https://httpwg.org/specs/rfc9110.htmlfield.content-type. For example, a request sent with Content-Type: application/json garbage passes validation and ...
EUVD-2026-9886
Permissive regular expression in Azure Compute Gallery allows an authorized attacker to elevate privileges locally...
CVE-2026-23651
Permissive regular expression in Azure Compute Gallery allows an authorized attacker to elevate privileges locally...
CVE-2026-23651
Permissive regular expression in Azure Compute Gallery allows an authorized attacker to elevate privileges locally...
Incorrect Regular Expression
Overview fastify is an overhead web framework, for Node.js. Affected versions of this package are vulnerable to Incorrect Regular Expression in the Content-Type header validation. An attacker can cause the server to incorrectly process requests with malformed Content-Type headers by sending value...
Microsoft Azure Compute Gallery 安全漏洞
Microsoft Azure Compute Gallery is a service provided by Microsoft in the United States that manages virtual machines. There is a security vulnerability in Azure Compute Gallery, which stems from overly lax regular expressions, potentially allowing authorized attackers to gain local privileges...
Security Bulletin: IBM Event Streams is vulnerable to a denial of service
Summary IBM Event Streams is vulnerable to a denial of service due to excessive regular expression complexity in brace‑expansion CVE-2025-5889 Vulnerability Details CVEID:CVE-2025-5889 DESCRIPTION: A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has be...
BIT-DISCOURSE-2026-28219 Privilege Escalation via Mass Assignment Allows Regular Users to Set Topics as Global Banners
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an improper authorization check in the topic management logic allows authenticated users to modify privileged attributes of their topics. By manipulating specific parameters in a PUT or POST...
BIT-KIBANA-2026-26936 Inefficient Regular Expression Complexity in Kibana Leading to Denial of Service
Inefficient Regular Expression Complexity CWE-1333 in the AI Inference Anonymization Engine in Kibana can lead Denial of Service via Regular Expression Exponential Blowup CAPEC-492...
BIT-ELK-2026-26936 Inefficient Regular Expression Complexity in Kibana Leading to Denial of Service
Inefficient Regular Expression Complexity CWE-1333 in the AI Inference Anonymization Engine in Kibana can lead Denial of Service via Regular Expression Exponential Blowup CAPEC-492...
Regular Expression Denial of Service (ReDoS)
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the stripBotMention function in extensions/feishu/src/bot.ts when unescaped Feishu mention metadata is used to construct a regular expressio...