Lucene search
K

8484 matches found

OSV
OSV
added 2026/03/02 10:17 p.m.1 views

GHSA-C6HR-W26Q-C636 OpenClaw has ReDoS and regex injection via unescaped Feishu mention metadata in RegExp construction

Summary extensions/feishu/src/bot.ts constructed new RegExp directly from Feishu mention metadata mention.name, mention.key in stripBotMention without escaping regex metacharacters. Affected Packages / Versions - Package: npm openclaw - Affected versions: = 2026.2.17 - First affected release:...

6.9CVSS5.9AI score0.00311EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.7 views

PT-2026-22691

Name of the Vulnerable Software and Affected Versions AFFiNE versions prior to 0.26.0 Description AFFiNE, an open-source workspace and operating system, contains an Open Redirect flaw in the /redirect-proxy endpoint. The issue stems from a flawed domain validation process, where a Regular...

6.9CVSS5.9AI score0.00164EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.4 views

PT-2026-26009

Summary extensions/feishu/src/bot.ts constructed new RegExp directly from Feishu mention metadata mention.name, mention.key in stripBotMention without escaping regex metacharacters. Affected Packages / Versions - Package: npm openclaw - Affected versions: = 2026.2.17 - First affected release:...

8.2CVSS5.8AI score0.00311EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/02/27 7:45 p.m.5 views

CVE-2026-26936

Inefficient Regular Expression Complexity CWE-1333 in the AI Inference Anonymization Engine in Kibana can lead Denial of Service via Regular Expression Exponential Blowup CAPEC-492...

7.5CVSS5.9AI score0.00325EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/27 3:34 p.m.6 views

EUVD-2025-208140

A flaw was found in REXML. A remote attacker could exploit inefficient regular expression regex parsing when processing hex numeric character references &x...; in XML documents. This could lead to a Regular Expression Denial of Service ReDoS, impacting the availability of the affected component...

8.7CVSS5.9AI score0.01429EPSS
Exploits0References6
NVD
NVD
added 2026/02/27 2:16 p.m.11 views

CVE-2025-10990

A flaw was found in REXML. A remote attacker could exploit inefficient regular expression regex parsing when processing hex numeric character references &x...; in XML documents. This could lead to a Regular Expression Denial of Service ReDoS, impacting the availability of the affected component...

7.5CVSS0.00468EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2026/02/27 2:16 p.m.5 views

CVE-2025-10990

A flaw was found in REXML. A remote attacker could exploit inefficient regular expression regex parsing when processing hex numeric character references &x...; in XML documents. This could lead to a Regular Expression Denial of Service ReDoS, impacting the availability of the affected component...

7.5CVSS5.9AI score0.00468EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/02/27 1:32 p.m.5 views

CVE-2025-10990

A flaw was found in REXML. A remote attacker could exploit inefficient regular expression regex parsing when processing hex numeric character references &x...; in XML documents. This could lead to a Regular Expression Denial of Service ReDoS, impacting the availability of the affected component...

8.7CVSS5.9AI score0.01429EPSS
Exploits0References6
CVE
CVE
added 2026/02/27 1:32 p.m.15 views

CVE-2025-10990

CVE-2025-10990 affects REXML and describes a Regular Expression Denial of Service (ReDoS) due to inefficient regex parsing of hex numeric character references (&#x...;) in XML. This is noted as the incomplete fix of CVE-2024-49761. The provided documents do not specify affected versions or explic...

7.5CVSS6.8AI score0.00468EPSS
Exploits0References8
Snyk
Snyk
added 2026/02/27 9:21 a.m.4 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the SdkProxyRoutePlanner function. An attacker can cause significant resource consumption and degrade application performance by providing specially crafted input to the nonProxyHosts...

5.5CVSS5.8AI score0.00209EPSS
Exploits1References2
EUVD
EUVD
added 2026/02/27 6:31 a.m.6 views

EUVD-2026-9002

A weakness has been identified in snowflakedb snowflake-jdbc up to 4.0.1. Impacted is the function SdkProxyRoutePlanner of the file src/main/java/net/snowflake/client/internal/core/SdkProxyRoutePlanner.java of the component JDBC URL Handler. Executing a manipulation of the argument nonProxyHosts...

4.8CVSS4.4AI score0.00209EPSS
Exploits1References9
OSV
OSV
added 2026/02/27 6:18 a.m.5 views

CVE-2026-3293

A weakness has been identified in snowflakedb snowflake-jdbc up to 4.0.1. Impacted is the function SdkProxyRoutePlanner of the file src/main/java/net/snowflake/client/internal/core/SdkProxyRoutePlanner.java of the component JDBC URL Handler. Executing a manipulation of the argument nonProxyHosts...

5.5CVSS5.5AI score
Exploits0References8
NVD
NVD
added 2026/02/26 10:20 p.m.8 views

CVE-2026-25741

Zulip is an open-source team collaboration tool. Prior to commit bf28c82dc9b1f630fa8e9106358771b20a0040f7, the API endpoint for creating a card update session during an upgrade flow was accessible to users with only organization member privileges. When the associated Stripe Checkout session is...

7.1CVSS0.00275EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/26 6:31 p.m.4 views

EUVD-2026-8866

Inefficient Regular Expression Complexity CWE-1333 in the AI Inference Anonymization Engine in Kibana can lead Denial of Service via Regular Expression Exponential Blowup CAPEC-492...

4.9CVSS5.3AI score0.00325EPSS
Exploits0References2
OSV
OSV
added 2026/02/26 6:23 p.m.2 views

CVE-2026-26936

Inefficient Regular Expression Complexity CWE-1333 in the AI Inference Anonymization Engine in Kibana can lead Denial of Service via Regular Expression Exponential Blowup CAPEC-492...

7.5CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2026/02/26 6:23 p.m.7 views

CVE-2026-26936

Inefficient Regular Expression Complexity CWE-1333 in the AI Inference Anonymization Engine in Kibana can lead Denial of Service via Regular Expression Exponential Blowup CAPEC-492...

7.5CVSS0.00325EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/26 5:7 p.m.23 views

CVE-2026-26936 Inefficient Regular Expression Complexity in Kibana Leading to Denial of Service

Inefficient Regular Expression Complexity CWE-1333 in the AI Inference Anonymization Engine in Kibana can lead Denial of Service via Regular Expression Exponential Blowup CAPEC-492...

4.9CVSS0.00325EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/26 5:7 p.m.3 views

CVE-2026-26936

Inefficient Regular Expression Complexity CWE-1333 in the AI Inference Anonymization Engine in Kibana can lead Denial of Service via Regular Expression Exponential Blowup CAPEC-492...

7.5CVSS5.8AI score0.00325EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/02/26 5:7 p.m.17 views

CVE-2026-26936

CVE-2026-26936 affects Kibana’s AI Inference Anonymization Engine. The issue is an Inefficient Regular Expression Complexity (CWE-1333) that can cause Denial of Service via Regular Expression Exponential Blowup (CAPEC-492). According to the CVE entry, the exploitability is network-based with low ...

7.5CVSS5.3AI score0.00325EPSS
Exploits0References1Affected Software1
Huntr
Huntr
added 2026/02/26 3:6 p.m.11 views

CWE-346: CORS Origin Validation Bypass via `re.match()` in `allow_origin_pat`

This report is not public...

8.8CVSS6.4AI score0.00197EPSS
Exploits1
Rows per page
Query Builder