CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15 matches found

AstraLinux•added 2026/05/03 11:59 p.m.•1 views

Astra Linux - уязвимость в linux-5.15, linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix resolving backrefs for inline extent followed by prealloc If a file consists of an inline extent followed by a regular or prealloc extent, then a legitimate attempt to resolve a logical address in the non-inline region...

5.5CVSS5.9AI score0.0002EPSS

Exploits0References2

Github Security Blog•added 2026/03/25 5:44 p.m.•1 views

LiquidJS has Exponential Memory Amplification through its replace_first Filter $& Pattern

Summary The replacefirst filter in LiquidJS uses JavaScript's String.prototype.replace which interprets $& as a backreference to the matched substring. The filter only charges memoryLimit for the input string length, not the amplified output. An attacker can achieve exponential memory amplificati...

7.5CVSS5.9AI score0.00039EPSS

Exploits1References4Affected Software1

Packet Storm News•added 2026/02/24 12:0 a.m.•2 views

Regular Expression Denial of Service Induced by Backreferences

This paper presents the first systematic study of denial-of-service vulnerabilities in Regular Expressions with Backreferences REwB. We introduce the Two-Phase Memory Automaton 2PMFA, an automaton model that precisely captures REwB semantics. Using this model, we derive necessary conditions under...

5.9AI score

Exploits0

SUSE CVE•added 2025/02/14 4:53 a.m.•6 views

SUSE CVE-2024-38475

Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure...

8.2CVSS8.5AI score0.93858EPSS

Exploits1References9

OSV•added 2024/07/01 7:15 p.m.•157 views

CVE-2024-38475

9.1CVSS7AI score0.93858EPSS

Exploits1References7

SUSE CVE•added 2023/02/15 6:10 a.m.•1 views

SUSE CVE-2007-4770

libicu in International Components for Unicode ICU 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero aka \0, which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames...

6.8CVSS7AI score0.0367EPSS

Exploits0References7

SUSE CVE•added 2023/02/15 5:20 a.m.•1 views

SUSE CVE-2015-2327

PCRE before 8.36 mishandles the /a\2|a\g/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service segmentation fault or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a...

7.5CVSS7.5AI score0.02821EPSS

Exploits1References24

RedHat Linux•added 2016/11/15 11:40 a.m.•3 views

pcre: infinite recursion compiling pattern with zero-repeated groups that include recursive back reference (8.36/19)

7.5CVSS7.4AI score0.02821EPSS

Exploits1References4

RedHat Linux•added 2016/05/26 8:35 a.m.•1 views

pcre: buffer overflow caused by recursive back reference by name within certain group (8.38/4)

Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^?P=B?P=B?J:?Pc?Pa?P=BWGXCREDITS/, a different vulnerability than CVE-2015-8384...

9.8CVSS7.8AI score0.0573EPSS

Exploits1References4

Tenable Nessus•added 2008/03/07 12:0 a.m.•34 views

Debian DSA-1511-1 : libicu - various

Several local vulnerabilities have been discovered in libicu, International Components for Unicode, The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-4770 libicu in International Components for Unicode ICU 3.8.1 and earlier attempts to process...

9.3CVSS8.5AI score0.0367EPSS

Exploits0References4