CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9157 matches found

IBM Security Bulletins•added 2025/12/01 9:44 a.m.•7 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses transformers-4.51.3-py3-none-any.whl which is vulnerable to CVE-2025-3933.

Summary IBM Maximo Application Suite - Monitor Component uses transformers-4.51.3-py3-none-any.whl which is vulnerable to CVE-2025-3933. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-3933 DESCRIPTION: A Regular Expression Deni...

5.3CVSS6.6AI score0.00088EPSS

Exploits1Affected Software1

Packet Storm•added 2025/12/01 12:0 a.m.•158 views

📄 Commvault CLI 11.36.60 Remote Code Execution

Proof of concept exploit for the Commvault CLI version 11.36.60 remote code execution vulnerability. ============================================================================================================================================= | Title : Commvault CLI 11.36.60 RCE PHP Implementatio...

8.8CVSS8.2AI score0.80672EPSS

Exploits4

CNNVD•added 2025/12/01 12:0 a.m.•5 views

Grav 安全漏洞

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a code execution vulnerability that stems from malicious Twig expression injection, which can be exploited by an attacker to cause...

8.8CVSS8.7AI score0.00475EPSS

Exploits1References3

RedhatCVE•added 2025/11/28 8:8 p.m.•5 views

CVE-2025-66020

Valibot helps validate data using a schema. In versions from 0.31.0 to 1.1.0, the EMOJIREGEX used in the emoji action is vulnerable to a Regular Expression Denial of Service ReDoS attack. A short, maliciously crafted string e.g., 100 characters can cause the regex engine to consume excessive CPU...

7.5CVSS6.8AI score0.00108EPSS

Exploits0References1

RedhatCVE•added 2025/11/28 2:57 p.m.•6 views

CVE-2025-12140

The application contains an insecure 'redirectToUrl' mechanism that incorrectly processes the value of the 'redirectUrlParameter' parameter. The application interprets the entered string of characters as a Java expression, allowing an unauthenticated attacer to perform arbitrary code execution...

9.3CVSS7.9AI score0.00091EPSS

Exploits0References1

EUVD•added 2025/11/27 3:31 p.m.•1 views

EUVD-2025-199823

9.3CVSS7.1AI score0.00091EPSS

Exploits0References2

NVD•added 2025/11/27 2:15 p.m.•3 views

CVE-2025-12140

9.3CVSS0.00091EPSS

Exploits0References1

Positive Technologies•added 2025/11/27 12:0 a.m.•5 views

PT-2025-48268

9.3CVSS7.5AI score0.00091EPSS

Exploits0References2

OSV•added 2025/11/26 7:33 p.m.•2 views

GHSA-VQPR-J7V3-HQW9 Valibot has a ReDoS vulnerability in `EMOJI_REGEX`

Summary The EMOJIREGEX used in the emoji action is vulnerable to a Regular Expression Denial of Service ReDoS attack. A short, maliciously crafted string e.g., 100 characters can cause the regex engine to consume excessive CPU time minutes, leading to a Denial of Service DoS for the application...

7.5CVSS6.8AI score0.00108EPSS

Exploits0References4

EUVD•added 2025/11/26 7:33 p.m.•3 views

EUVD-2025-199685

Valibot has a ReDoS vulnerability in EMOJIREGEX...

7.5CVSS6.4AI score0.00108EPSS

Exploits0References3

Github Security Blog•added 2025/11/26 7:33 p.m.•5 views

Valibot has a ReDoS vulnerability in `EMOJI_REGEX`

7.5CVSS7.1AI score0.00108EPSS

Exploits0References4Affected Software1

Snyk•added 2025/11/26 2:42 a.m.•1 views

Regular Expression Denial of Service (ReDoS)

Overview valibot is a The modular and type safe schema library for validating structural data Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the EMOJIREGEX. An attacker can cause excessive CPU consumption and disrupt application availability by...

8.7CVSS6.5AI score0.00108EPSS

Exploits0References2

NVD•added 2025/11/26 2:15 a.m.•4 views

CVE-2025-66020

7.5CVSS0.00108EPSS

Exploits0References2

CVE•added 2025/11/26 1:49 a.m.•15 views

CVE-2025-66020

Valibot CVE-2025-66020: A ReDoS flaw in the EMOJI_REGEX used by the emoji action affects 0.31.0–1.1.0, caused by catastrophic backtracking in the emoji-related pattern. This can let an attacker craft short input (e.g., under 100 chars) that consumes excessive CPU time, leading to DoS. The issue i...

7.5CVSS6.5AI score0.00108EPSS

Exploits0References2

OSV•added 2025/11/26 1:49 a.m.•4 views

CVE-2025-66020 Valibot has a ReDoS vulnerability in `EMOJI_REGEX`

7.5CVSS6.7AI score0.00108EPSS

Exploits0References4

Cvelist•added 2025/11/26 1:49 a.m.•5 views

CVE-2025-66020 Valibot has a ReDoS vulnerability in `EMOJI_REGEX`

7.5CVSS0.00108EPSS

Exploits0References2

Vulnrichment•added 2025/11/26 1:49 a.m.•1 views

CVE-2025-66020 Valibot has a ReDoS vulnerability in `EMOJI_REGEX`

7.5CVSS6.5AI score0.00108EPSS

Exploits0References2

CNNVD•added 2025/11/26 12:0 a.m.•3 views

Valibot 安全漏洞

Valibot is an Open Circle open source library for structured data validation. A security vulnerability exists in Valibot versions 0.31.0 through 1.1.0, which stems from EMOJIREGEX being susceptible to a regular expression denial-of-service attack that could result in a denial of service of the...

7.5CVSS6.4AI score0.00108EPSS

Exploits0References3

Positive Technologies•added 2025/11/26 12:0 a.m.•9 views

PT-2025-48121

Name of the Vulnerable Software and Affected Versions Valibot versions 0.31.0 through 1.1.0 Description Valibot is a data validation library that utilizes schemas. Versions from 0.31.0 to 1.1.0 contain a Regular Expression Denial of Service ReDoS issue within the EMOJI REGEX used in the emoji...

7.5CVSS6.6AI score0.00108EPSS

Exploits0References6