CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9191 matches found

Snyk•added 2025/07/05 8:3 p.m.•1 views

Regular Expression Denial of Service (ReDoS)

Overview markdown-it is a modern pluggable markdown parser. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to the use of the regex /+$/ in the linkify function. An attacker can supply a long sequence of characters followed by a non-matching...

7.5CVSS5.5AI score0.00021EPSS

Exploits0References2

Snyk•added 2025/07/05 8:3 p.m.•1 views

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.npm:markdown-it is a modern pluggable markdown parser. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to the use of the regex /+$/ in the linkify function. An attacker can supply a long sequence of characters followed by a...

7.5CVSS5.6AI score0.00021EPSS

Exploits0References2

OSV•added 2025/07/05 9:15 a.m.•2 views

CVE-2025-7074

A vulnerability classified as problematic has been found in vercel hyper up to 3.4.1. This affects the function expand/braceExpand/ignoreMap of the file hyper/bin/rimraf-standalone.js. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack...

7.5CVSS6.5AI score

Exploits0References4

CVE•added 2025/07/05 9:2 a.m.•30 views

CVE-2025-7074

CVE-2025-7074 affects vercel hyper up to v3.4.1, specifically the expand/braceExpand/ignoreMap function in hyper/bin/rimraf-standalone.js. The issue is inefficient regular expression complexity (redos) that can be triggered remotely, and the exploit has been disclosed publicly. Multiple connected...

7.5CVSS4.7AI score0.00758EPSS

Exploits1References4Affected Software1

Positive Technologies•added 2025/07/05 12:0 a.m.•1 views

PT-2025-28037 · Vercel · Vercel Hyper

Name of the Vulnerable Software and Affected Versions: vercel hyper versions up to 3.4.1 Description: A problematic vulnerability has been found in vercel hyper, affecting the function expand/braceExpand/ignoreMap of the file hyper/bin/rimraf-standalone.js. This issue leads to inefficient regular...

5.3CVSS4.3AI score0.00758EPSS

Exploits1References8

BDU FSTEC•added 2025/07/03 12:0 a.m.•1 views

The vulnerability in the `arch/arm64/boot/dts/freescale/imx8ulp.dtsi` file of the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the arch/arm64/boot/dts/freescale/imx8ulp.dtsi component in the Linux operating system’s kernel is related to the lack of measures taken to neutralize special elements used in the expression language operator. Exploiting this vulnerability can allow an attacker to cause a...

5.5CVSS6.7AI score0.00019EPSS

Exploits0References7Affected Software4

IBM Security Bulletins•added 2025/07/01 4:4 p.m.•5 views

Security Bulletin: Due to use of IBM Storage Scale , IBM Cloud Pak System is affected by multiple vulnerabilities

Summary Multiple vulnerabilities in IBM Storage Scale which could provide weaker than expected security were addressed in IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp wi...

7.5CVSS8.1AI score0.3466EPSS

Exploits14Affected Software1

Veracode•added 2025/07/01 8:22 a.m.•4 views

Regular Expression Denial Of Service (ReDoS)

string-math is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression processing, which allows the attack to be exploited via crafted input...

7CVSS7AI score0.00329EPSS

Exploits1References4Affected Software1

IBM Security Bulletins•added 2025/06/30 6:39 a.m.•5 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses runtime-7.26.0.tgz which is vulnerable to CVE-2025-27789

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses runtime-7.26.0.tgz which is vulnerable to CVE-2025-27789. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for...

6.2CVSS6.5AI score0.0006EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2025/06/30 6:26 a.m.•6 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses path-to-regexp-0.1.7.tgz which is vulnerable to CVE-2024-45296, CVE-2024-52798

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses path-to-regexp-0.1.7.tgz which is vulnerable to CVE-2024-45296, CVE-2024-52798. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION:...

8.7CVSS7.3AI score0.00293EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2025/06/30 6:16 a.m.•8 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses cross-spawn-7.0.3.tgz which is vulnerable to CVE-2024-21538

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses cross-spawn-7.0.3.tgz which is vulnerable to CVE-2024-21538. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the...

8.7CVSS7.2AI score0.00067EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2025/06/30 6:8 a.m.•7 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses micromatch-4.0.5.tgz which is vulnerable to CVE-2024-4067

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses micromatch-4.0.5.tgz which is vulnerable to CVE-2024-4067. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: The NPM package...

5.3CVSS6.8AI score0.00176EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2025/06/27 7:39 p.m.•6 views

Security Bulletin: IBM Storage Ceph is vulnerable to cross site scripting and denial of service via regular expressions in Grafana

Summary Grafana is used by IBM Storage Ceph as a metrics dashboard, requiring the use of angular to function. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2022-25869, CVE-2023-26118, CVE-2022-25844, CVE-2023-26116, CVE-2024-21490, CVE-2023-26117...

7.5CVSS7.5AI score0.04265EPSS

Exploits7Affected Software1

IBM Security Bulletins•added 2025/06/27 11:59 a.m.•6 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses helpers-7.26.7.tgz which is vulnerable to CVE-2025-27789

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses helpers-7.26.7.tgz which is vulnerable to CVE-2025-27789. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for...

6.2CVSS6.6AI score0.0006EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2025/06/27 9:47 a.m.•5 views

Security Bulletin: IBM Spectrum Control is vulnerable to weaknesses related to path-to-regexp (CVE-2024-52798)

Summary path-to-regexp is vulnerable to a backtracking attack. This vulnerability affects IBM Spectrum Control. CVE-2024-52798. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a...

8.7CVSS6.8AI score0.00293EPSS

Exploits0Affected Software1

RedhatCVE•added 2025/06/27 6:22 a.m.•4 views

CVE-2025-43880

Inefficient regular expression complexity issue exists in GROWI prior to v7.1.6. If exploited, a logged-in user may cause a denial of service DoS condition...

5.3CVSS7AI score0.00219EPSS

Exploits0References1

IBM Security Bulletins•added 2025/06/25 4:32 p.m.•3 views

Security Bulletin: Fusion Data Foundation is vulnerable to CVE-2022-25883 in emver-5.7.1.tgz, semver-6.3.0.tgz, semver-7.3.8.tgz

Summary emver-5.7.1.tgz, semver-6.3.0.tgz, semver-7.3.8.tgz is used by Fusion Data Foundation in management-console. This bulletin identifies the steps to take to address the vulnerability CVE-2022-25883 in IBM Storage Fusion Data Foundation. Vulnerability Details CVEID:CVE-2022-25883 DESCRIPTION...

7.5CVSS7.5AI score0.00598EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2025/06/25 4:22 p.m.•6 views

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to CVE-2024-4067 in micromatch-4.0.4

Summary micromatch-4.0.4 is used by IBM Storage Fusion Data Foundation in management-console. This bulletin identifies the steps to take to address the vulnerability CVE-2024-4067 in IBM Storage Fusion Data Foundation. Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: The NPM package...

5.3CVSS6.4AI score0.00176EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2025/06/25 9:36 a.m.•11 views

Security Bulletin: IBM Maximo Application Suite uses runtime-7.20.13.tgz which is vulnerable to CVE-2025-27789.

Summary IBM Maximo Application Suite uses runtime-7.20.13.tgz which is vulnerable to CVE-2025-27789. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript...

6.2CVSS6.7AI score0.0006EPSS

Exploits0Affected Software1

OSV•added 2025/06/25 6:15 a.m.•0 views

CVE-2025-43880

Inefficient regular expression complexity issue exists in GROWI prior to v7.1.6. If exploited, a logged-in user may cause a denial of service DoS condition...

5.3CVSS5.7AI score0.00219EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by