9244 matches found
CVE-2024-46242
An issue in the validateemail function in CTFd/utils/validators/init.py of CTFd 3.7.3 allows attackers to cause a Regular expression Denial of Service ReDoS via supplying a crafted string as e-mail address during registration...
CVE-2024-46242
An issue in the validateemail function in CTFd/utils/validators/init.py of CTFd 3.7.3 allows attackers to cause a Regular expression Denial of Service ReDoS via supplying a crafted string as e-mail address during registration...
CVE-2024-46242
The CVE-2024-46242 entry describes a Regular Expression Denial of Service (ReDoS) in CTFd 3.7.3 caused by the validate_email function in CTFd/utils/validators/init .py. An attacker can trigger the vulnerability by supplying a crafted string as an email address during user registration, potentiall...
CVE-2024-46242
An issue in the validateemail function in CTFd/utils/validators/init.py of CTFd 3.7.3 allows attackers to cause a Regular expression Denial of Service ReDoS via supplying a crafted string as e-mail address during registration...
Security Bulletin: IBM Security QRadar EDR Software contains multiple vulnerabilities
Summary IBM Security QRadar EDR Software includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn befor...
Security Bulletin: Security Vulnerabilities in node.js packages affect IBM Voice Gateway
Summary Security Vulnerabilities in node.js packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to...
CVE-2024-41766
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause a denial of service using a complex regular expression...
CVE-2024-41766
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause a denial of service using a complex regular expression...
CVE-2024-41766 IBM Engineering Lifecycle Optimization - Publishing denial of service
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause a denial of service using a complex regular expression...
CVE-2024-41766 IBM Engineering Lifecycle Optimization - Publishing denial of service
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause a denial of service using a complex regular expression...
CVE-2024-41766
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 are affected by CVE-2024-41766. A remote attacker can cause a denial of service by supplying a complex regular expression, leading to high availability impact. Affected products and versions: PUB 7.0.2 and 7.0.3. Root cause: inef...
Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing could allow a remote attacker to cause a denial of service using a complex regular expression.
Summary Regular expressions are a formal language for identifying strings of text, parsing, and matching them. Most regular expressions engines are built over a non-deterministic Finite Automaton NFA. They use backtracking and, while these regular expression engines can quickly confirm a positive...
IBM Cognos Analytics 11.2.x < 11.2.4 FP5 / 12.0.x < 12.0.4 IF1 Multiple Vulnerabilities (7179496)
The version of IBM Cognos Analytics installed on the remote host is prior to 11.2.4 FP5 or 12.0.4 IF1. It is, therefore, affected by multiple vulnerabilities as referenced in the 7179496 advisory. - IBM Cognos Analytics is vulnerable to an Expression Language EL Injection vulnerability. A remote...
PT-2025-40896
Name of the Vulnerable Software and Affected Versions MediaWiki DiscussionTools extension affected versions not specified Description A Regular Expression Denial-of-Service issue exists in the DiscussionTools extension, which is included with MediaWiki, the software that powers Wikipedia. This ca...
PT-2026-7637
Name of the Vulnerable Software and Affected Versions ajv versions through 8.17.1 Description ajv Another JSON Schema Validator is susceptible to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keyword accepts runtime data through JSON Pointer syntax $data...
python-sql SQL injection vulnerability
A vulnerability was found in python-sql where unary operators do not escape non-Expression like And and Or which makes any system exposing those vulnerable to an SQL injection attack...
CVE-2024-9774
A vulnerability was found in python-sql where unary operators do not escape non-Expression...
CVE-2024-9774
A vulnerability was found in python-sql where unary operators do not escape non-Expression...
DEBIAN-CVE-2024-9774
A vulnerability was found in python-sql where unary operators do not escape non-Expression...
UBUNTU-CVE-2024-9774
A vulnerability was found in python-sql where unary operators do not escape non-Expression...