Lucene search
K

9311 matches found

CNNVD
CNNVD
added 2026/01/07 12:0 a.m.2 views

MediaWiki - VisualData Extension 安全漏洞

MediaWiki - VisualData Extension is an open source data visualization extension for MediaWiki. A security vulnerability exists in MediaWiki - VisualData Extension version 1.45, which stems from inefficient regular expression complexity that could lead to exponential regular expression expansion...

5.3CVSS6.5AI score0.0041EPSS
Exploits1References5
Amazon
Amazon
added 2026/01/07 12:0 a.m.9 views

Important: amazon-cloudwatch-agent

Issue Overview: SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. CVE-2025-47914 SSH servers parsing GSSAPI authentication requests do not validate the number...

7.5CVSS7.3AI score0.00521EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.6 views

PT-2026-1964

Name of the Vulnerable Software and Affected Versions MediaWiki - VisualData Extension version 1.45 Description An inefficient regular expression complexity issue exists in the MediaWiki - VisualData Extension. This allows for a Regular Expression Exponential Blowup, potentially leading to a deni...

5.3CVSS6.3AI score0.0041EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2026/01/07 12:0 a.m.1 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-000169)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000169 advisory. In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words method with html=True and the truncatewordshtml template...

7.5CVSS6.6AI score0.03502EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/01/06 5:13 p.m.2 views

expr-eval: expr-eval: Prototype Pollution

A prototype pollution flaw was found in expr-eval. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution...

7.3CVSS7.3AI score0.00413EPSS
Exploits1References7
Snyk
Snyk
added 2026/01/05 9:55 p.m.2 views

Regular Expression Denial of Service (ReDoS)

Overview @modelcontextprotocol/sdk is a Model Context Protocol implementation for TypeScript Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the UriTemplate processing when handling RFC 6570 exploded array patterns. An attacker can cause excessive...

8.7CVSS6.5AI score0.00399EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/01/05 9:30 p.m.14 views

Anthropic's MCP TypeScript SDK has a ReDoS vulnerability

Impact A ReDoS vulnerability in the UriTemplate class allows attackers to cause denial of service. The partToRegExp function generates a regex pattern with nested quantifiers ^/+?:,^/+ for exploded template variables e.g., /id, ?tags, causing catastrophic backtracking on malicious input. Who is...

8.7CVSS6.6AI score0.00399EPSS
Exploits1References7Affected Software1
EUVD
EUVD
added 2026/01/05 8:57 p.m.5 views

EUVD-2026-0800

Anthropic's MCP TypeScript SDK versions up to and including 1.25.1 contain a regular expression denial of service ReDoS vulnerability in the UriTemplate class when processing RFC 6570 exploded array patterns. The dynamically generated regular expression used during URI matching contains nested...

8.7CVSS6.2AI score0.00399EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/01/05 8:57 p.m.29 views

CVE-2026-0621 MCP TypeScript SDK UriTemplate Exploded Array Pattern ReDoS

Anthropic's MCP TypeScript SDK versions up to and including 1.25.1 contain a regular expression denial of service ReDoS vulnerability in the UriTemplate class when processing RFC 6570 exploded array patterns. The dynamically generated regular expression used during URI matching contains nested...

8.7CVSS0.00399EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/01/05 8:57 p.m.4 views

CVE-2026-0621 MCP TypeScript SDK UriTemplate Exploded Array Pattern ReDoS

Anthropic's MCP TypeScript SDK versions up to and including 1.25.1 contain a regular expression denial of service ReDoS vulnerability in the UriTemplate class when processing RFC 6570 exploded array patterns. The dynamically generated regular expression used during URI matching contains nested...

8.7CVSS6.3AI score0.00399EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/01/05 2:32 a.m.37 views

CVE-2025-15453 milvus HTTP Endpoint expr.go expr.Exec deserialization

A security vulnerability has been detected in milvus up to 2.6.7. This vulnerability affects the function expr.Exec of the file pkg/util/expr/expr.go of the component HTTP Endpoint. The manipulation of the argument code leads to deserialization. Remote exploitation of the attack is possible. The...

6.5CVSS0.00316EPSS
Exploits0References7
CVE
CVE
added 2026/01/05 2:32 a.m.21 views

CVE-2025-15453

Milvus up to 2.6.7 is affected in the HTTP Endpoint component: the expr.Exec in pkg/util/expr/expr.go can deserialize crafted input, enabling remote code execution. Public exploit exists; remote exploitation may occur with a crafted code parameter sent to /expr, as noted by multiple sources. Reme...

6.5CVSS6.3AI score0.00316EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/01/05 12:0 a.m.7 views

milvus 代码问题漏洞

milvus is a high-performance cloud-native vector database open-sourced by The Milvus Project. A code issue vulnerability exists in milvus version 2.6.7 and earlier, which stems from the incorrect manipulation of the parameter code of the function expr.Exec in the file pkg/util/expr/expr.go of the...

6.5CVSS6.4AI score0.00316EPSS
Exploits0References7
Amazon
Amazon
added 2026/01/05 12:0 a.m.5 views

Important: amazon-cloudwatch-agent

Issue Overview: SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. CVE-2025-47914 SSH servers parsing GSSAPI authentication requests do not validate the number...

7.5CVSS7.3AI score0.00521EPSS
Exploits2
GithubExploit
GithubExploit
added 2026/01/03 4:37 p.m.172 views

Exploit for Improper Control of Dynamically-Managed Code Resources in N8N

n8nCVE-2025-686...

9.9CVSS7.4AI score0.97875EPSS
Exploits29
Snyk
Snyk
added 2026/01/01 6:44 a.m.2 views

Regular Expression Denial of Service (ReDoS)

Overview raxe is a RAXE Community Edition - AI Security for Everyone. 460+ threat detection rules, L2 CPU-based ML, always free. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in matcher.py, which may attempt to test pattern matches indefinitely...

6.9CVSS6.7AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.4 views

PT-2026-28674

Name of the Vulnerable Software and Affected Versions path-to-regexp versions prior to 8.4.0 Description The software is susceptible to a Regular Expression Denial of Service ReDoS condition when handling multiple wildcard characters combined with at least one parameter. This issue arises because...

5.9CVSS5.8AI score0.00353EPSS
Exploits0References274
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.3 views

PT-2026-26486

Name of the Vulnerable Software and Affected Versions league/commonmark versions 2.3.0 through 2.8.1 Description The DomainFilteringAdapter within the Embed extension is susceptible to an allowlist bypass because of a missing hostname boundary assertion in the domain-matching regular expression. ...

6.3CVSS5.9AI score0.00241EPSS
Exploits0References8
GithubExploit
GithubExploit
added 2025/12/27 4:13 p.m.198 views

Exploit for Expression Language Injection in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

🔴 ExploitDB RAG A RAG Retrieval Augmented Generation system...

10CVSS6.7AI score0.99999EPSS
Exploits348
GithubExploit
GithubExploit
added 2025/12/26 7:40 p.m.223 views

Exploit for CVE-2025-68613

--- 📑 Table of Contents - 🎯 Executive Summary-exec...

9.9CVSS9.4AI score0.97875EPSS
Exploits29
Rows per page
Query Builder