Lucene search
K

100 matches found

NVD
NVD
added 2026/06/30 10:16 a.m.11 views

CVE-2026-13149

brace-expansion through 5.0.6 is vulnerable to denial of service. The expand function exhibits exponential-time complexity in the number of consecutive non-expanding '' brace groups. An attacker who passes a crafted string to expand, directly or transitively, can cause significant CPU consumption...

8.7CVSS0.00361EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 8:30 a.m.3 views

CVE-2026-13149

brace-expansion through 5.0.6 is vulnerable to denial of service. The expand function exhibits exponential-time complexity in the number of consecutive non-expanding '' brace groups. An attacker who passes a crafted string to expand, directly or transitively, can cause significant CPU consumption...

8.7CVSS6.2AI score0.00361EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-53832

Name of the Vulnerable Software and Affected Versions brace-expansion versions prior to 5.0.7 Description A denial of service issue exists where the expand function exhibits exponential-time complexity when processing consecutive non-expanding '' brace groups. An attacker can provide a crafted...

8.7CVSS6.2AI score0.00361EPSS
Exploits0References15
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.18 views

CVE-2026-42006

An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this, so there was still another way left open. In particular, the fix was for closing braces, but you could still use open braces to bypass t...

4.3CVSS5.4AI score0.00454EPSS
Exploits0References1
OSV
OSV
added 2026/06/04 6:11 p.m.5 views

ROOT-APP-NPM-CVE-2024-4068 CVE-2024-4068 in @rootio/braces - Patched by Root

Root has patched CVE-2024-4068 in the @rootio/braces package for Root:npm. Multiple fixed versions available...

7.5CVSS5.4AI score0.01471EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-42006

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this,...

7.5CVSS6.1AI score0.00667EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/12 3:31 p.m.12 views

EUVD-2026-29473

An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this, so there was still another way left open. In particular, the fix was for closing braces, but you could still use open braces to bypass t...

4.3CVSS5.7AI score0.00454EPSS
Exploits0References2
OSV
OSV
added 2026/05/12 1:28 p.m.2 views

CVE-2026-42006

An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this, so there was still another way left open. In particular, the fix was for closing braces, but you could still use open braces to bypass t...

4.3CVSS5.9AI score0.00454EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Open-Xchange OX Dovecot Pro 资源管理错误漏洞

Open-Xchange OX Dovecot Pro is an email storage and delivery system provided by the German company Open-Xchange. Open-Xchange OX Dovecot Pro has a resource management vulnerability, which stems from excessive use of curly braces in IMAP, leading to uncontrolled memory usage. This can result in...

4.3CVSS5.8AI score0.00454EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/11 8:39 p.m.110 views

Exploit for Basic XSS in Espocrm

CVE-2026-33657 - EspoCRM 9.3.3 Stored HTML Injection in Email...

5.4CVSS5.9AI score0.00176EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.6 views

Oracle Linux 9 : nodejs:22 (ELSA-2026-7302)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-7302 advisory. - introduced patch updating deps/nghttp2 to v 1.68.1 for CVE-2026-27135 - patch for npm/braces CVE-2026-25547 Resolves: RHEL-163369 Fixes: CVE-2026-152...

9.8CVSS5.9AI score0.26356EPSS
Exploits5References10
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 2:43 p.m.3 views

Security Bulletin: Vulnerabilities in Jetty, Eclipse Jetty,Spring Cloud Netflix Zuul,Spring Framework,Spring Security,NPM package,glob-parent package,jQuery,Braces, go-redis,qs,LZ4,js-yaml might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Jetty, Eclipse Jetty, Spring Cloud Netflix Zuul , Spring Framework, Spring Security, NPM package, glob-parent package, jQuery, Braces, go-redis, qs, LZ4 and js-yaml. Vulnerabilities include , bypassing the...

8.1CVSS7.3AI score0.7848EPSS
Exploits3Affected Software1
Oracle linux
Oracle linux
added 2026/04/10 12:0 a.m.11 views

nodejs:22 security update

nodejs 1:22.22.2-1 - Update to version 22.22.2 - introduced patch updating deps/nghttp2 to v 1.68.1 for CVE-2026-27135 - disabled failing tests in nghttp2 due to newer version - patch for npm/braces CVE-2026-25547 Resolves: RHEL-163369 Fixes: CVE-2026-1528 CVE-2026-2229 CVE-2026-1526 CVE-2026-152...

9.8CVSS6.9AI score0.26356EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2026/04/09 12:0 a.m.6 views

Oracle Linux 10 : nodejs22 (ELSA-2026-7080)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-7080 advisory. - introduced patch updating deps/nghttp2 to v 1.68.1 for CVE-2026-27135 - patch for npm/braces CVE-2026-25547 Tenable has extracted the preceding...

9.8CVSS6.8AI score0.26356EPSS
Exploits2References10
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 4:53 p.m.6 views

Security Bulletin: IBM Rational Developer for i is affected by a memory exhaustion loop (CVE-2024-4068)

Summary A package included in the Code Coverage functionality of IBM Rational Developer for i is vulnerable to malicious input causing a crash of the program due to memory exhaustion loop as described in the vulnerability details section. Vulnerability Details CVEID:CVE-2024-4068 DESCRIPTION: The...

7.5CVSS6AI score0.01471EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/25 11:56 a.m.4 views

Security Bulletin: A vulnerabilities in NPM package `braces` affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerabilities in NPM package braces affect IBM® Db2® Big SQL 7 on IBM Cloud Pak for Data 4.8 and 5.0 and earlier. Vulnerability Details CVEID:CVE-2024-4068 DESCRIPTION: The NPM package braces, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could...

7.5CVSS5.8AI score0.01471EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/12/11 12:0 a.m.2 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-991153)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991153 advisory. In the Linux kernel, the following vulnerability has been resolved: dm raid: fix accesses beyond end of raid member array On dm-raid table load using raidctr, dm-rai...

7.1CVSS6AI score0.00283EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/12/09 8:32 a.m.9 views

expat: Stack exhaustion in doctype parsing

A flaw was found in expat. A stack exhaustion in doctype parsing could be triggered by a file with a large number of opening braces, resulting in a denial of service...

6.5CVSS7.2AI score0.03268EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/11/05 12:0 a.m.4 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988980)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988980 advisory. In the Linux kernel, the following vulnerability has been resolved: dm raid: fix accesses beyond end of raid member array On dm-raid table load using raidctr, dm-rai...

7.1CVSS6AI score0.00283EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/03 9:6 a.m.45 views

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs.

Summary IBM Maximo Application Suite uses "form-data 4.0.0, org.apache.cxfcxf-core 3.6.7 , net/http/internal v1.24.1, braces 3.0.2 , cross-spawn 7.0.3 , crypto/x509 1.24.1 1.24.3 , github.com/golang-jwt/jwt/v4 github.com/golang-jwt/jwt/v5 v4.5.0 v5.2.1 , httpd 2.4.37 , setuptools 78.0.2 75.8.0 ,...

9.8CVSS8.2AI score0.91327EPSS
Exploits10Affected Software1
Rows per page
Query Builder