9085 matches found
CVE-2025-70034
An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity 4.19 was discovered in mscdex ssh2 v1.17.0...
CVE-2025-70034
An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity 4.19 was discovered in mscdex ssh2 v1.17.0...
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' via JEXL dependency. An attacker can execute arbitrary commands, access sensitive data, or disrupt service by submittin...
CVE-2026-24713
CVE-2026-24713 is an Apache IoTDB issue described as an Improper Input Validation vulnerability that affects IoTDB releases prior to 1.3.7 and prior to 2.0.7 (i.e., 1.0.0–1.3.6 and 2.0.0–2.0.6). The connected CVE record additionally labels this as a JEXL Expression Injection vulnerability. Affect...
CVE-2026-24713 Apache IoTDB: JEXL Expression Injection Vulnerability
Improper Input Validation vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue...
CVE-2025-70034
An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity 4.19 was discovered in mscdex ssh2 v1.17.0...
CVE-2025-70030
An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity 4.19 was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4...
PT-2026-24085
An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity 4.19 was discovered in mscdex ssh2 v1.17.0...
CVE-2025-70034
An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity 4.19 was discovered in mscdex ssh2 v1.17.0...
CVE-2025-70034
An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity 4.19 was discovered in mscdex ssh2 v1.17.0...
CVE-2025-70030
An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity 4.19 was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4...
PT-2026-24103
Name of the Vulnerable Software and Affected Versions Sunbird-Ed SunbirdEd-portal version 1.13.4 Description The software contains an issue related to inefficient regular expression complexity. The complexity of the regular expressions may lead to performance issues. Recommendations Update...
CVE-2025-70030
An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity 4.19 was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4...
CVE-2025-70030
CVE-2025-70030 affects Sunbird-Ed SunbirdEd-portal v1.13.4. The issue is CWE-1333: Inefficient Regular Expression Complexity, caused by complex regexes in the portal that can lead to performance degradation (absence of confidentiality/integrity impact, but availability impact is high). The CVSSv3...
Uncontrolled Recursion
Overview Affected versions of this package are vulnerable to Uncontrolled Recursion through the std::regex process in multipart filename parsing. An attacker can cause the server to crash by sending a specially crafted HTTP POST request with a malicious filename parameter, leading to uncontrolled...
CVE-2026-29076
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.37.0, cpp-httplib uses std::regex libstdc++ to parse RFC 5987 encoded filename values in multipart Content-Disposition headers. The regex engine in libstdc++ implements backtracking via deep...
WeKnora Vulnerable to Remote Code Execution via SQL Injection Bypass in AI Database Query Tool
Summary A critical Remote Code Execution RCE vulnerability exists in the application's database query functionality. The validation system fails to recursively inspect child nodes within PostgreSQL array expressions and row expressions, allowing attackers to bypass SQL injection protections. By...
EUVD-2026-10061
parse-server: Malformed $regex query leaks database error details in API response...
CVE-2026-3419
Fastify incorrectly accepts malformed Content-Type headers containing trailing characters after the subtype token, in violation of RFC 9110 §8.3.1https://httpwg.org/specs/rfc9110.htmlfield.content-type. For example, a request sent with Content-Type: application/json garbage passes validation and ...
Prototype Pollution
expr-eval and expr-eval-fork is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of JavaScript prototype-based inheritance in the eval interface, which allows an attacker with access to manipulate object prototypes and potentially achieve arbitrary code execution...