CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9201 matches found

IBM Security Bulletins•added 2025/06/30 6:16 a.m.•8 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses cross-spawn-7.0.3.tgz which is vulnerable to CVE-2024-21538

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses cross-spawn-7.0.3.tgz which is vulnerable to CVE-2024-21538. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the...

8.7CVSS7.2AI score0.00067EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2025/06/30 6:8 a.m.•7 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses micromatch-4.0.5.tgz which is vulnerable to CVE-2024-4067

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses micromatch-4.0.5.tgz which is vulnerable to CVE-2024-4067. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: The NPM package...

5.3CVSS6.8AI score0.00171EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2025/06/27 7:39 p.m.•6 views

Security Bulletin: IBM Storage Ceph is vulnerable to cross site scripting and denial of service via regular expressions in Grafana

Summary Grafana is used by IBM Storage Ceph as a metrics dashboard, requiring the use of angular to function. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2022-25869, CVE-2023-26118, CVE-2022-25844, CVE-2023-26116, CVE-2024-21490, CVE-2023-26117...

7.5CVSS7.5AI score0.04265EPSS

Exploits7Affected Software1

IBM Security Bulletins•added 2025/06/27 11:59 a.m.•6 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses helpers-7.26.7.tgz which is vulnerable to CVE-2025-27789

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses helpers-7.26.7.tgz which is vulnerable to CVE-2025-27789. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for...

6.2CVSS6.6AI score0.0006EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2025/06/27 9:47 a.m.•5 views

Security Bulletin: IBM Spectrum Control is vulnerable to weaknesses related to path-to-regexp (CVE-2024-52798)

Summary path-to-regexp is vulnerable to a backtracking attack. This vulnerability affects IBM Spectrum Control. CVE-2024-52798. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a...

8.7CVSS6.8AI score0.00293EPSS

Exploits0Affected Software1

RedhatCVE•added 2025/06/27 6:22 a.m.•4 views

CVE-2025-43880

Inefficient regular expression complexity issue exists in GROWI prior to v7.1.6. If exploited, a logged-in user may cause a denial of service DoS condition...

5.3CVSS7AI score0.00219EPSS

Exploits0References1

IBM Security Bulletins•added 2025/06/25 4:32 p.m.•3 views

Security Bulletin: Fusion Data Foundation is vulnerable to CVE-2022-25883 in emver-5.7.1.tgz, semver-6.3.0.tgz, semver-7.3.8.tgz

Summary emver-5.7.1.tgz, semver-6.3.0.tgz, semver-7.3.8.tgz is used by Fusion Data Foundation in management-console. This bulletin identifies the steps to take to address the vulnerability CVE-2022-25883 in IBM Storage Fusion Data Foundation. Vulnerability Details CVEID:CVE-2022-25883 DESCRIPTION...

7.5CVSS7.5AI score0.00581EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2025/06/25 4:22 p.m.•6 views

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to CVE-2024-4067 in micromatch-4.0.4

Summary micromatch-4.0.4 is used by IBM Storage Fusion Data Foundation in management-console. This bulletin identifies the steps to take to address the vulnerability CVE-2024-4067 in IBM Storage Fusion Data Foundation. Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: The NPM package...

5.3CVSS6.4AI score0.00171EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2025/06/25 9:36 a.m.•11 views

Security Bulletin: IBM Maximo Application Suite uses runtime-7.20.13.tgz which is vulnerable to CVE-2025-27789.

Summary IBM Maximo Application Suite uses runtime-7.20.13.tgz which is vulnerable to CVE-2025-27789. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript...

6.2CVSS6.7AI score0.0006EPSS

Exploits0Affected Software1

OSV•added 2025/06/25 6:15 a.m.•0 views

CVE-2025-43880

Inefficient regular expression complexity issue exists in GROWI prior to v7.1.6. If exploited, a logged-in user may cause a denial of service DoS condition...

5.3CVSS5.7AI score0.00219EPSS

Exploits0References2

NVD•added 2025/06/25 6:15 a.m.•2 views

CVE-2025-43880

Inefficient regular expression complexity issue exists in GROWI prior to v7.1.6. If exploited, a logged-in user may cause a denial of service DoS condition...

5.3CVSS0.00219EPSS

Exploits0References2

Cvelist•added 2025/06/25 5:31 a.m.•6 views

CVE-2025-43880

Inefficient regular expression complexity issue exists in GROWI prior to v7.1.6. If exploited, a logged-in user may cause a denial of service DoS condition...

5.3CVSS0.00219EPSS

Exploits0References2

Vulnrichment•added 2025/06/25 5:31 a.m.•3 views

CVE-2025-43880

Inefficient regular expression complexity issue exists in GROWI prior to v7.1.6. If exploited, a logged-in user may cause a denial of service DoS condition...

5.3CVSS7AI score0.00219EPSS

Exploits0References2

CVE•added 2025/06/25 5:31 a.m.•21 views

CVE-2025-43880

CVE-2025-43880 affects GROWI up to version 7.1.5, due to an inefficient regular expression (CWE-1333) that can allow a logged-in user to cause a DoS. The issue is documented across multiple sources (NVD, JVN, Red Hat) with a remediation recommending upgrading to GROWI v7.1.6 or later. Exploitatio...

5.3CVSS6.8AI score0.00219EPSS

Exploits0References2

RedHat Linux•added 2025/06/25 12:21 a.m.•4 views

jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate

In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid...

5.3CVSS7.1AI score0.00115EPSS

Exploits1References5

Positive Technologies•added 2025/06/25 12:0 a.m.•3 views

PT-2025-26809 · Growi · Growi

Name of the Vulnerable Software and Affected Versions: GROWI versions prior to 7.1.6 Description: The issue is related to inefficient regular expression complexity, which can be exploited by a logged-in user to cause a denial of service DoS condition. Recommendations: For versions prior to 7.1.6,...

5.3CVSS4.5AI score0.00219EPSS

Exploits0References6

Veracode•added 2025/06/24 6:16 a.m.•3 views

Regular Expression Denial Of Service (ReDoS)

PowSyBl is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression handling due to unvalidated user-supplied regex being compiled and evaluated in the RegexCriterion class, leading to potential CPU exhaustion...

6.9CVSS7AI score0.00416EPSS

Exploits0References5Affected Software2

Veracode•added 2025/06/24 12:26 a.m.•5 views

Regular Expression Denial Of Service (ReDoS)

com.powsybl, powsybl-commons is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regex handling causing excessive backtracking, which allows an attacker to trigger high CPU usage and potentially crash or slow down the system...

6.3CVSS7AI score0.00416EPSS

Exploits0References5Affected Software1

Japan Vulnerability Notes•added 2025/06/24 12:0 a.m.•8 views

JVN#21624250: Inefficient regular expressions in GROWI

GROWI provided by GROWI, Inc. contains the following vulnerability. Inefficient regular expression complexity CWE-1333 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Base Score 5.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Base Score 4.3 CVE-2025-43880 Impact A logged-in user...

5.3CVSS6.9AI score0.00219EPSS

Exploits0

IBM Security Bulletins•added 2025/06/23 5:11 p.m.•15 views

Security Bulletin: IBM Storage Defender: Data Protect vulnerabilities resolved in release Defender 2.0.14/Data Protect 7.2.2_u1

Summary Security Bulletin: IBM Storage Defender: Data Protect vulnerabilities resolved in release Defender 2.0.14/Data Protect 7.2.2u1. The vulnerabilities have been addressed in Data Protect 7.2.2u1, which is included with IBM Storage Defender 2.0.14. Vulnerability Details CVEID:CVE-2023-26118...

8.6CVSS8.7AI score0.04265EPSS

Exploits4Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by