Lucene search
K

279 matches found

RedHat Linux
RedHat Linux
added 2026/05/18 12:24 p.m.10 views

minimatch: minimatch: Denial of Service via specially crafted glob patterns

A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...

8.7CVSS6.8AI score0.00519EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/05/18 12:21 p.m.18 views

minimatch: minimatch: Denial of Service via specially crafted glob patterns

A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...

8.7CVSS6.8AI score0.00519EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/05/14 8:29 p.m.8 views

Svelte: ReDoS in `<svelte:element>` Tag Validation

An internal regex in the Svelte runtime can take exponential time to test in . You are only vulnerable to this if you allow tags of unconstrained length. If your application only allows a predetermined list of tags or trims their length before passing them to svelte:element, you are safe...

7.5CVSS5.8AI score0.00421EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/13 7:40 p.m.12 views

CVE-2026-42402

A flaw was found in Apache Neethi. A remote attacker can exploit this vulnerability by providing specially crafted WS-Policy documents. This triggers an algorithmic complexity issue during policy normalization, leading to an exponential expansion of policy alternatives. This unbounded memory...

7.5CVSS5.6AI score0.00711EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2026/05/11 12:0 a.m.88 views

📄 CairoSVG Denial of Service

CairoSVG versions prior to 2.9.0 suffer from a recursive denial of service vulnerability. CVE-2026-31899: Exponential DoS via Recursive Element Amplification in CairoSVG Keywords: CVE-2026-31899, CairoSVG, exponential DoS, SVG bomb, recursive use element, denial of service, XML amplification,...

7.5CVSS5.8AI score0.0049EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.9 views

Unity Linux 20.1060e / 20.1070e Security Update: libxml2 (UTSA-2026-017425)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017425 advisory. A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service. Tenable...

6.5CVSS6.7AI score0.01861EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2026/05/07 12:0 a.m.8 views

Cryptographic and Information-Theoretic Security Capacities for General Arbitrarily Varying Wiretap Channels

We compare the strong secrecy capacities of Arbitrarily Varying Wiretap Channels AVWCs and General Arbitrary Varying Wiretap Channels GAVWCs with their capacities under semantic secrecy constraint and other equivalent cryptographic secrecy constraints. It turns out that the average error and stro...

5.8AI score
Exploits0
Snyk
Snyk
added 2026/05/06 4:52 p.m.8 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS through the LINKTITLERE regular expression in Markdown parsing. An attacker can cause excessive resource consumption and make the application unresponsive by submitting specially crafted Markdo...

8.7CVSS5.8AI score0.00481EPSS
Exploits0References2
OSV
OSV
added 2026/05/06 4:52 p.m.4 views

GHSA-8MP2-V27R-99XP Mistune has a ReDoS in LINK_TITLE_RE that allows denial of service via crafted Markdown input

Summary A ReDoS Regular Expression Denial of Service vulnerability in LINKTITLERE allows an attacker who can supply Markdown for parsing to cause denial of service. A crafted 58-byte Markdown document blocks the parser for approximately 6 seconds measured on Apple M2, Python 3.14.3, with...

8.7CVSS6AI score0.00481EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.10 views

PT-2026-38088

Name of the Vulnerable Software and Affected Versions Mistune versions 3.0.0a1 through 3.2.0 Description A Regular Expression Denial of Service ReDoS exists in the LINK TITLE RE regular expression. An attacker can provide specially crafted Markdown for parsing that triggers catastrophic...

8.7CVSS5.7AI score0.00481EPSS
Exploits0References19
Cvelist
Cvelist
added 2026/05/01 8:54 a.m.30 views

CVE-2026-42402 Apache Neethi: Policy Normalization Unbounded Resource Allocation DoS

Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization. Specially crafted WS-Policy documents can trigger an exponential Cartesian cross-product expansion during the normalization process, causing unbounded memory allocation that exhausts...

7.5CVSS0.00711EPSS
Exploits0References1
CVE
CVE
added 2026/04/26 1:19 p.m.24 views

CVE-2018-25282

Nmap 7.70 is affected by a local denial-of-service vulnerability caused by exponential XML entity expansion in XML processing (triggered via ZenMap scan import). A crafted XML file with nested entity definitions can cause excessive resource consumption, potentially crashing the application. The C...

6.9CVSS5.3AI score0.00123EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/26 12:0 a.m.9 views

PT-2026-35252

Nmap 7.70 contains a denial of service vulnerability that allows local attackers to crash the application by processing malicious XML files with exponential entity expansion. Attackers can create a crafted XML file with nested entity definitions and open it through ZenMap's scan import...

6.9CVSS5.3AI score0.00123EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/25 12:0 a.m.2 views

Fedora 44 : python-cairosvg (2026-448e26a9c8)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-448e26a9c8 advisory. Security fix for CVE-2026-31899: https://nvd.nist.gov/vuln/detail/CVE-2026-31899 / https://github.com/Kozea/CairoSVG/security/advisories/GHSA-f38f-5xpm-9r7c...

7.5CVSS5.4AI score0.0049EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.7 views

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011076)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011076 advisory. In the Linux kernel, the following vulnerability has been resolved: net: ena: fix shift-out-of-bounds in exponential backoff The ENA adapters on our instances...

7.1CVSS6.3AI score0.00149EPSS
Exploits0References4
Mageia
Mageia
added 2026/04/18 4:43 p.m.7 views

Updated python-cairosvg packages fix security vulnerability

CairoSVG vulnerable to Exponential DoS via recursive element amplification. CVE-2026-31899...

7.5CVSS5.7AI score0.0049EPSS
Exploits2References3
OpenVAS
OpenVAS
added 2026/04/16 12:0 a.m.18 views

Fedora: Security Advisory (FEDORA-2026-ec61ca906c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS5.8AI score0.0049EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2026/04/15 7:16 p.m.10 views

minimatch: minimatch: Denial of Service via specially crafted glob patterns

A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...

8.7CVSS6.6AI score0.00519EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/04/14 7:23 a.m.4 views

minimatch: minimatch: Denial of Service via specially crafted glob patterns

A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...

8.7CVSS6.6AI score0.00519EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/04/09 1:38 p.m.6 views

minimatch: minimatch: Denial of Service via specially crafted glob patterns

A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...

8.7CVSS5.9AI score0.00519EPSS
Exploits1References6
Rows per page
Query Builder