Lucene search
K

214 matches found

Positive Technologies
Positive Technologies
added 2025/08/06 12:0 a.m.5 views

PT-2025-32158

Name of the Vulnerable Software and Affected Versions Hugging Face Transformers versions up to 4.51.3 Description A Regular Expression Denial of Service ReDoS vulnerability exists in the convert tf weight name to pt weight name function of the Hugging Face Transformers library. This function, whi...

5.3CVSS6.1AI score0.00391EPSS
Exploits1References15
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/29 8:47 p.m.3 views

Security Bulletin: IBM Storage Ceph is vulnerable to Inefficient Regular Expression Complexity in Babel via Grafana (CVE-2025-27789)

Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Ceph. CVE-2025-27789 Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript. When...

6.2CVSS6.8AI score0.00478EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2025/07/15 12:35 a.m.2 views

rexml: REXML ReDoS vulnerability

A flaw was found in the ReXML XML toolkit for Ruby. Parsing XML data containing a large number of digits between & and x...; in a hex numeric character reference &x...; can trigger a regular expression denial of service ReDoS condition, leading to a denial of service...

8.7CVSS7.3AI score0.01429EPSS
Exploits0References7
OSV
OSV
added 2025/07/11 12:30 p.m.1 views

GHSA-37MW-44QP-F5JM Transformers is vulnerable to ReDoS attack through its DonutProcessor class

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically within the DonutProcessor class's token2json method. This vulnerability affects versions 4.51.3 and earlier, and is fixed in version 4.52.1. The issue arises from the...

5.3CVSS6.7AI score0.00431EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/07/07 10:15 a.m.4 views

CVE-2025-7074

A vulnerability classified as problematic has been found in vercel hyper up to 3.4.1. This affects the function expand/braceExpand/ignoreMap of the file hyper/bin/rimraf-standalone.js. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack...

5.3CVSS4.6AI score0.00544EPSS
Exploits1References1
CVE
CVE
added 2025/07/05 9:2 a.m.39 views

CVE-2025-7074

CVE-2025-7074 affects vercel hyper up to v3.4.1, specifically the expand/braceExpand/ignoreMap function in hyper/bin/rimraf-standalone.js. The issue is inefficient regular expression complexity (redos) that can be triggered remotely, and the exploit has been disclosed publicly. Multiple connected...

7.5CVSS4.7AI score0.00544EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2025/06/25 6:15 a.m.6 views

CVE-2025-43880

Inefficient regular expression complexity issue exists in GROWI prior to v7.1.6. If exploited, a logged-in user may cause a denial of service DoS condition...

5.3CVSS0.00271EPSS
Exploits0References2
Snyk
Snyk
added 2025/06/22 10:40 p.m.1 views

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.npm:codemirror is a versatile text editor implemented in JavaScript for the browser. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via multiple locations in markdown.js. An attacker can cause excessive resource consumption by...

6.9CVSS6.7AI score0.00451EPSS
Exploits0References2
Snyk
Snyk
added 2025/06/22 10:40 p.m.1 views

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.bower:codemirror is a versatile text editor implemented in JavaScript for the browser. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via multiple locations in markdown.js. An attacker can cause excessive resource consumption by...

6.9CVSS6.7AI score0.00451EPSS
Exploits0References2
Snyk
Snyk
added 2025/06/19 4:19 p.m.5 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the listNames function. An attacker can cause significant CPU consumption and degrade server performance by supplying a crafted regular expression and influencing the set of resource names...

6.3CVSS6.8AI score0.0035EPSS
Exploits0References2
Huntr
Huntr
added 2025/06/14 10:45 a.m.9 views

Regular expression Denial of Service - ReDoS

Description A regular expression denial of service ReDoS vulnerability has been identified in the Hugging Face Transformers library's MarianTokenizer. The vulnerability exists in the removelanguagecode method of the MarianTokenizer class, which processes text to remove language codes. The method...

7.5CVSS6.2AI score0.00483EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/06/11 12:0 a.m.3 views

EulerOS 2.0 SP13 : ruby (EulerOS-SA-2025-1642)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent leakage of authentication credentials...

7.5CVSS7AI score0.00784EPSS
Exploits0References4
OSV
OSV
added 2025/06/09 9:30 p.m.4 views

GHSA-F5XG-CFPJ-2MW6 taro-css-to-react-native Regular Expression Denial of Service vulnerability

A vulnerability was found in tarojs taro up to 4.1.1. It has been declared as problematic. This vulnerability affects unknown code of the file taro/packages/css-to-react-native/src/index.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely...

5.3CVSS4.8AI score0.00514EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2025/06/09 9:30 p.m.26 views

taro-css-to-react-native Regular Expression Denial of Service vulnerability

A vulnerability was found in tarojs taro up to 4.1.1. It has been declared as problematic. This vulnerability affects unknown code of the file taro/packages/css-to-react-native/src/index.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely...

7.5CVSS4.7AI score0.00514EPSS
Exploits1References8Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 11:59 p.m.9 views

CVE-2022-24294

A regular expression used in Apache MXNet incubating is vulnerable to a potential denial-of-service by excessive resource consumption. The bug could be exploited when loading a model in Apache MXNet that has a specially crafted operator name that would cause the regular expression evaluation to u...

7.5CVSS6.6AI score0.01595EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:25 p.m.5 views

CVE-2022-39280

dparse is a parser for Python dependency files. dparse in versions before 0.5.2 contain a regular expression that is vulnerable to a Regular Expression Denial of Service. All the users parsing index server URLs with dparse are impacted by this vulnerability. A patch has been applied in version...

7.5CVSS7.5AI score0.00982EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:30 p.m.11 views

CVE-2020-2288

In Jenkins Audit Trail Plugin 3.6 and earlier, the default regular expression pattern could be bypassed in many cases by adding a suffix to the URL that would be ignored during request handling...

5.3CVSS6.6AI score0.00952EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 10:38 a.m.9 views

CVE-2019-25102

A vulnerability, which was classified as problematic, was found in simple-markdown 0.6.0. Affected is an unknown function of the file simple-markdown.js. The manipulation with the input :/:/:/:/:/:/:/:/:/:/ leads to inefficient regular expression complexity. It is possible to launch the attack...

7.5CVSS6.8AI score0.01097EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:19 a.m.9 views

CVE-2018-7651

index.js in the ssri module before 5.2.2 for Node.js is prone to a regular expression denial of service vulnerability in strict mode functionality via a long base64 hash string...

5.9CVSS6.7AI score0.01754EPSS
Exploits0References1
NVD
NVD
added 2025/04/27 9:15 p.m.28 views

CVE-2025-3986

A vulnerability was found in Apereo CAS 5.2.6. It has been declared as problematic. This vulnerability affects unknown code of the file cas-5.2.6\core\cas-server-core-configuration-metadata-repository\src\main\java\org\apereo\cas\metadata\rest\CasConfigurationMetadataServerController.java. The...

7.5CVSS0.00516EPSS
Exploits0References4
Rows per page
Query Builder