9211 matches found
CVE-2025-43880
Inefficient regular expression complexity issue exists in GROWI prior to v7.1.6. If exploited, a logged-in user may cause a denial of service DoS condition...
CVE-2025-43880
Inefficient regular expression complexity issue exists in GROWI prior to v7.1.6. If exploited, a logged-in user may cause a denial of service DoS condition...
CVE-2025-43880
Inefficient regular expression complexity issue exists in GROWI prior to v7.1.6. If exploited, a logged-in user may cause a denial of service DoS condition...
CVE-2025-43880
CVE-2025-43880 affects GROWI up to version 7.1.5, due to an inefficient regular expression (CWE-1333) that can allow a logged-in user to cause a DoS. The issue is documented across multiple sources (NVD, JVN, Red Hat) with a remediation recommending upgrading to GROWI v7.1.6 or later. Exploitatio...
jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate
In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid...
PT-2025-26809 · Growi · Growi
Name of the Vulnerable Software and Affected Versions: GROWI versions prior to 7.1.6 Description: The issue is related to inefficient regular expression complexity, which can be exploited by a logged-in user to cause a denial of service DoS condition. Recommendations: For versions prior to 7.1.6,...
Regular Expression Denial Of Service (ReDoS)
PowSyBl is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression handling due to unvalidated user-supplied regex being compiled and evaluated in the RegexCriterion class, leading to potential CPU exhaustion...
Regular Expression Denial Of Service (ReDoS)
com.powsybl, powsybl-commons is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regex handling causing excessive backtracking, which allows an attacker to trigger high CPU usage and potentially crash or slow down the system...
JVN#21624250: Inefficient regular expressions in GROWI
GROWI provided by GROWI, Inc. contains the following vulnerability. Inefficient regular expression complexity CWE-1333 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Base Score 5.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Base Score 4.3 CVE-2025-43880 Impact A logged-in user...
Security Bulletin: IBM Storage Defender: Data Protect vulnerabilities resolved in release Defender 2.0.14/Data Protect 7.2.2_u1
Summary Security Bulletin: IBM Storage Defender: Data Protect vulnerabilities resolved in release Defender 2.0.14/Data Protect 7.2.2u1. The vulnerabilities have been addressed in Data Protect 7.2.2u1, which is included with IBM Storage Defender 2.0.14. Vulnerability Details CVEID:CVE-2023-26118...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to regular expression denial of service due to the cross-spawn package (CVE-2024-21538)
Summary Cross-spawn is used by DataStage on Cloud Pak for Data as part of child process spawning. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due ...
Regular Expression Denial of Service (ReDoS)
Overview org.webjars.bower:codemirror is a versatile text editor implemented in JavaScript for the browser. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via multiple locations in markdown.js. An attacker can cause excessive resource consumption by...
Regular Expression Denial of Service (ReDoS)
Overview org.apache.marmotta.webjars:codemirror is a versatile text editor implemented in JavaScript for the browser. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via multiple locations in markdown.js. An attacker can cause excessive resource...
Regular Expression Denial of Service (ReDoS)
Overview org.webjars.npm:codemirror is a versatile text editor implemented in JavaScript for the browser. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via multiple locations in markdown.js. An attacker can cause excessive resource consumption by...
Regular Expression Denial of Service (ReDoS)
Overview org.webjars.bowergithub.components:codemirror is a versatile text editor implemented in JavaScript for the browser. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via multiple locations in markdown.js. An attacker can cause excessive resour...
Regular Expression Denial of Service (ReDoS)
Overview org.webjars.bowergithub.codemirror:codemirror is a versatile text editor implemented in JavaScript for the browser. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via multiple locations in markdown.js. An attacker can cause excessive resour...
CVE-2025-6493 CodeMirror Markdown Mode markdown.js redos
A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown Mode. This manipulation causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has bee...
CVE-2025-6493
A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown Mode. This manipulation causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has bee...
CVE-2025-6492
A vulnerability has been found in MarkText up to 0.17.1 and classified as problematic. Affected by this vulnerability is the function getRecommendTitleFromMarkdownString of the file marktext/src/main/utils/index.js. The manipulation leads to inefficient regular expression complexity. The attack c...
CVE-2025-6492 MarkText index.js getRecommendTitleFromMarkdownString redos
A vulnerability has been found in MarkText up to 0.17.1 and classified as problematic. Affected by this vulnerability is the function getRecommendTitleFromMarkdownString of the file marktext/src/main/utils/index.js. The manipulation leads to inefficient regular expression complexity. The attack c...