Lucene search
+L

3 matches found

Github Security Blog
Github Security Blog
added 2026/04/21 5:17 p.m.12 views

Signal K Server has an Unauthenticated Regular Expression Denial of Service (ReDoS) via WebSocket Subscription Paths

Summary The SignalK server is vulnerable to an unauthenticated Regular Expression Denial of Service ReDoS attack within its WebSocket subscription handling logic. By injecting unescaped regex metacharacters into the context parameter of a stream subscription, an attacker can force the server's...

7.5CVSS5.8AI score0.00427EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/03/26 6:30 p.m.9 views

GHSA-W83Q-MCMX-MH42 n8n Vulnerable to LDAP Filter Injection in LDAP Node

Impact A flaw in the LDAP node's filter escape logic allowed LDAP metacharacters to pass through unescaped when user-controlled input was interpolated into LDAP search filters. In workflows where external user input is passed via expressions into the LDAP node's search parameters, an attacker cou...

6.3CVSS5.8AI score0.00245EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/09 6:46 p.m.27 views

CVE-2026-25478 Litestar has a CORS origin allowlist bypass due to unescaped regex metacharacters in allowed origins

Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to 2.20.0, CORSConfig.allowedoriginsregex is constructed using a regex built from configured allowlist values and used with fullmatch for validation. Because metacharacters are not escaped, a malicious origin can match...

7.4CVSS0.00383EPSS
Exploits1References4
Rows per page
Query Builder