Lucene search
K

259 matches found

RedhatCVE
RedhatCVE
added 4 days ago5 views

CVE-2026-13149

A flaw was found in brace-expansion. An attacker can exploit a vulnerability in the expand function by providing a specially crafted string. This string, containing consecutive non-expanding brace groups, can trigger exponential-time complexity, leading to significant CPU consumption and event-lo...

8.7CVSS5.8AI score0.00361EPSS
Exploits0References5
OSV
OSV
added 4 days ago3 views

DEBIAN-CVE-2026-13149

brace-expansion through 5.0.6 is vulnerable to denial of service. The expand function exhibits exponential-time complexity in the number of consecutive non-expanding '' brace groups. An attacker who passes a crafted string to expand, directly or transitively, can cause significant CPU consumption...

8.7CVSS5.7AI score0.00361EPSS
Exploits0References1
NVD
NVD
added 4 days ago8 views

CVE-2026-13149

brace-expansion through 5.0.6 is vulnerable to denial of service. The expand function exhibits exponential-time complexity in the number of consecutive non-expanding '' brace groups. An attacker who passes a crafted string to expand, directly or transitively, can cause significant CPU consumption...

8.7CVSS0.00361EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-40269

brace-expansion through 5.0.6 is vulnerable to denial of service. The expand function exhibits exponential-time complexity in the number of consecutive non-expanding '' brace groups. An attacker who passes a crafted string to expand, directly or transitively, can cause significant CPU consumption...

8.7CVSS5.7AI score0.00361EPSS
Exploits0References2
CVE
CVE
added 4 days ago21 views

CVE-2026-13149

The CVE-2026-13149 entry concerns the library brace-expansion up to version 5.0.6. The vulnerability is in the expand() function, which exhibits exponential-time complexity proportional to the number of consecutive non-expanding '{}' brace groups. This allows an attacker to craft input that cause...

8.7CVSS5.7AI score0.00361EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago29 views

CVE-2026-13149

brace-expansion through 5.0.6 is vulnerable to denial of service. The expand function exhibits exponential-time complexity in the number of consecutive non-expanding '' brace groups. An attacker who passes a crafted string to expand, directly or transitively, can cause significant CPU consumption...

8.7CVSS0.00361EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/25 7:2 p.m.4 views

Security Bulletin: SPSS Collaboration and Deployment Services is affected by vulnerabilities in i18next, follow-redirects, & brace-expansion

Summary SPSS Collaboration and Deployment Services is affected by vulnerabilities in i18next, follow-redirects, & brace-expansion. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2026-40895 DESCRIPTION: follow-redirects is an open source, drop-in replacement fo...

9.1CVSS6AI score0.00486EPSS
Exploits0Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in node-brace-expansion

A vulnerability was discovered in the juliangruber brace-expansion library, up to versions 1.1.11/2.0.1/3.0.0/4.0.0. This issue has been identified as problematic. The affected function is the “expand” function of the file index.js. Manipulation of this function leads to inefficient use of regula...

3.1CVSS4.7AI score0.00459EPSS
Exploits0References2
OSV
OSV
added 2026/06/16 9:24 a.m.7 views

ROOT-APP-NPM-CVE-2026-45149 CVE-2026-45149 in @rootio/brace-expansion - Patched by Root

Root has patched CVE-2026-45149 in the @rootio/brace-expansion package for Root:npm. Multiple fixed versions available...

6.5CVSS7.1AI score0.00278EPSS
Exploits0
OSV
OSV
added 2026/06/16 9:24 a.m.8 views

ROOT-APP-NPM-CVE-2026-33750 CVE-2026-33750 in @rootio/brace-expansion - Patched by Root

Root has patched CVE-2026-33750 in the @rootio/brace-expansion package for Root:npm. Multiple fixed versions available...

6.5CVSS5.8AI score0.0043EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 7:24 p.m.9 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is Affected by Uncontrolled Resource Consumption.

Summary brace-expansion-2.0.2.tgz is used by IBM Sterling Connect:Direct Web Services CVE-2026-33750. Vulnerability Details CVEID:CVE-2026-33750 DESCRIPTION: The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and...

7.5CVSS5.4AI score0.0043EPSS
Exploits0Affected Software1
SUSE Linux
SUSE Linux
added 2026/06/11 6:54 a.m.4 views

Security update for cockpit

This update for cockpit fixes the following issues CVE-2026-4802: remote command execution via unsanitized user-controlled parameters within crafted links in system logs UI bsc1265040. CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumptio...

8.8CVSS6.8AI score0.01402EPSS
Exploits2References16
OSV
OSV
added 2026/06/11 6:54 a.m.6 views

SUSE-SU-2026:2363-1 Security update for cockpit

This update for cockpit fixes the following issues - CVE-2026-4802: remote command execution via unsanitized user-controlled parameters within crafted links in system logs UI bsc1265040. - CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory...

9.8CVSS6.8AI score0.01402EPSS
Exploits2References9
Atlassian
Atlassian
added 2026/06/09 10:29 a.m.8 views

DoS (Denial of Service) @isaacs/brace-expansion Dependency in Bitbucket Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 10.0.0, 10.1.1, 10.2.0, and 10.3.0 of Bitbucket Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

7.5CVSS7AI score0.00278EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/08 8:59 p.m.14 views

CVE-2026-45149

A flaw was found in the brace-expansion library. This vulnerability allows an attacker to cause a Denial of Service DoS by providing a large numeric range for expansion. The library allocates excessive memory to generate all intermediate elements before applying the maximum limit, leading to high...

7.5CVSS6.5AI score0.00278EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.24 views

Atlassian Jira Service Management Data Center and Server 5.15.2 < 10.3.20 / 10.4.x < 11.3.5 (JSDSERVER-16574)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16574 advisory. - The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior...

7.5CVSS6.3AI score0.0043EPSS
Exploits0References2
OSV
OSV
added 2026/06/04 6:9 p.m.8 views

ROOT-APP-NPM-CVE-2025-5889 CVE-2025-5889 in @rootio/brace-expansion - Patched by Root

Root has patched CVE-2025-5889 in the @rootio/brace-expansion package for Root:npm. Multiple fixed versions available...

3.1CVSS6.1AI score0.00459EPSS
Exploits0
OSV
OSV
added 2026/06/04 1:42 p.m.4 views

ROOT-APP-NPM-CVE-2026-25547 CVE-2026-25547 in @rootio/isaacs__brace-expansion - Patched by Root

Root has patched CVE-2026-25547 in the @rootio/isaacsbrace-expansion package for Root:npm. Multiple fixed versions available...

6.5CVSS6.8AI score0.00481EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/03 7:19 a.m.19 views

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite uses pytest-9.0.2-py3-none-any.whl, WebSphere Application Server Liberty, dompurify-3.2.7.tgz, requests-2.32.5-py3-none-any.whl, yaml-1.10.2.tgz, brace-expansion-1.1.12.tgz and dompurify-3.3.2.tgz which are vulnerable to CVE-2025-71176, CVE-2025-14923,...

9.8CVSS6.9AI score0.00469EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 8:30 a.m.7 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses brace-expansion-1.1.12.tgz, brace-expansion-5.0.4.tgz which is vulnerable to CVE-2026-33750

Summary IBM Maximo Application Suite - Visual Inspection component uses brace-expansion-1.1.12.tgz, brace-expansion-5.0.4.tgz which is vulnerable to CVE-2026-33750, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-33750...

7.5CVSS5.9AI score0.0043EPSS
Exploits0Affected Software1
Rows per page
Query Builder