CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2026/03/27 12:0 a.m.•1 views

Exploits0

Linux Distros Unpatched Vulnerability : CVE-2026-33671

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service ReDoS when...

NVD•added 2026/03/26 10:16 p.m.•2 views

CVE-2026-33671

Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service ReDoS when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as + and , especially when combined with overlapping...

7.5CVSS0.0002EPSS

OSV•added 2026/03/26 10:16 p.m.•0 views

DEBIAN-CVE-2026-33671

7.5CVSS5.4AI score0.0002EPSS

Exploits0References1

UbuntuCve•added 2026/03/26 10:16 p.m.•3 views

CVE-2026-33671

OSV•added 2026/03/26 10:16 p.m.•2 views

Exploits0References3

UBUNTU-CVE-2026-33671

Vulnrichment•added 2026/03/26 9:20 p.m.•1 views

CVE-2026-33671 Picomatch has a ReDoS vulnerability via extglob quantifiers

ATTACKERKB•added 2026/03/26 9:20 p.m.•1 views

CVE-2026-33671

Exploits0References3Affected Software1

CVE•added 2026/03/26 9:20 p.m.•74 views

CVE-2026-33671

Picomatch (JavaScript glob matcher) is affected by CVE-2026-33671. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to ReDoS via extglob patterns, where patterns like +() and *() can cause catastrophic backtracking in generated regular expressions, potentially blocking the Node.js event l...

Exploits0References2Affected Software1

OSV•added 2026/03/26 9:20 p.m.•0 views

CVE-2026-33671 Picomatch has a ReDoS vulnerability via extglob quantifiers

Cvelist•added 2026/03/26 9:20 p.m.•24 views

CVE-2026-33671 Picomatch has a ReDoS vulnerability via extglob quantifiers

7.5CVSS0.0002EPSS

Debian CVE•added 2026/03/26 9:20 p.m.•2 views

CVE-2026-33671

7.5CVSS5.4AI score0.0002EPSS

Exploits0

CNNVD•added 2026/03/26 12:0 a.m.•2 views

Picomatch 安全漏洞

Picomatch is a fast and accurate Glob pattern matching library written in JavaScript, developed by micromatch. Versions prior to Picomatch 4.0.4, 3.0.2, and 2.3.2 contained security vulnerabilities. These vulnerabilities stemmed from regular expression denial-of-service attacks when processing...

Snyk•added 2026/03/25 9:12 p.m.•0 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS when processing crafted extglob patterns. An attacker can cause excessive CPU consumption and block the event loop by supplying crafted extglob patterns that trigger catastrophic backtracking i...

8.7CVSS5.8AI score0.0002EPSS

OSV•added 2026/03/25 9:12 p.m.•0 views

GHSA-C2C7-RCM5-VVQJ Picomatch has a ReDoS vulnerability via extglob quantifiers

Impact picomatch is vulnerable to Regular Expression Denial of Service ReDoS when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as + and , especially when combined with overlapping alternatives or nested extglobs, are compiled into regular expressions that c...

7.5CVSS6.6AI score0.0002EPSS

Github Security Blog•added 2026/03/25 9:12 p.m.•10 views

Picomatch has a ReDoS vulnerability via extglob quantifiers

7.5CVSS5.5AI score0.0002EPSS

Exploits0References4Affected Software1

Snyk•added 2026/03/25 9:12 p.m.•1 views

Regular Expression Denial of Service (ReDoS)

8.7CVSS5.7AI score0.0002EPSS

Positive Technologies•added 2026/03/25 12:0 a.m.•0 views

PT-2026-28172

Name of the Vulnerable Software and Affected Versions Picomatch versions prior to 4.0.4 Picomatch versions prior to 3.0.2 Picomatch versions prior to 2.3.2 Description Picomatch, a glob matcher written in JavaScript, is susceptible to Regular Expression Denial of Service ReDoS when processing...