Lucene search
K

74 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/02 7:40 p.m.8 views

CVE-2026-59094

Pathway through 0.31.1, fixed in commit d09722e, document store applies a caller-supplied glob pattern to indexed document paths using a hand-written recursive matcher that branches two ways on each token without memoization, giving exponential worst-case complexity. The filepathglobpattern value...

8.7CVSS5.9AI score0.0047EPSS
Exploits0References5
NVD
NVD
added 2026/06/22 7:17 p.m.12 views

CVE-2026-55443

LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include: a file-search...

5.5CVSS0.00157EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 5:21 p.m.7 views

EUVD-2026-38332

LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include: a file-search...

5.1CVSS5.9AI score0.00157EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 5:21 p.m.4 views

CVE-2026-55443

LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include: a file-search...

5.1CVSS5.9AI score0.00157EPSS
Exploits0References3Affected Software2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.16 views

PT-2026-51373

Name of the Vulnerable Software and Affected Versions LangChain versions prior to 1.3.9 Description Several components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. This occurs in a file-search agent middlewar...

5.5CVSS5.8AI score0.00157EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/16 3:3 p.m.13 views

Symlink Attack

Overview langchain-anthropic is an Integration package connecting Claude Anthropic APIs and LangChain Affected versions of this package are vulnerable to Symlink Attack via the file-search middleware and loaders that resolve filesystem paths and search patterns without confining the resolved path...

6.9CVSS5.9AI score0.00157EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/09 11:19 a.m.14 views

minimatch: minimatch: Denial of Service via specially crafted glob patterns

A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...

8.7CVSS6.7AI score0.00519EPSS
Exploits1References6
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/29 9:1 a.m.12 views

Security Bulletin: There is a vulnerability in minimatch-3.0.5.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-27903, CVE-2026-27904)

Summary There is a vulnerability in minimatch-3.0.5.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-27903 DESCRIPTION: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to...

7.5CVSS7.1AI score0.00517EPSS
Exploits2Affected Software1
RedHat Linux
RedHat Linux
added 2026/05/18 12:24 p.m.10 views

minimatch: minimatch: Denial of Service via specially crafted glob patterns

A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...

8.7CVSS6.8AI score0.00519EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/05/18 12:21 p.m.18 views

minimatch: minimatch: Denial of Service via specially crafted glob patterns

A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...

8.7CVSS6.8AI score0.00519EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/05/18 12:12 p.m.13 views

minimatch: minimatch: Denial of Service via specially crafted glob patterns

A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...

8.7CVSS6.8AI score0.00519EPSS
Exploits1References6
Snyk
Snyk
added 2026/05/08 10:24 p.m.7 views

Improper Handling of Inconsistent Special Elements

Overview Affected versions of this package are vulnerable to Improper Handling of Inconsistent Special Elements due to inconsistent handling of negation operators in glob pattern processing. An attacker can cause unintended rule matching or bypass intended restrictions by crafting layouts that ar...

1.9CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/08 10:24 p.m.4 views

GHSA-PMWQ-PJRM-6P5R in-toto-golang and in-toto-python have inconsistent negation behavior

Impact What kind of vulnerability is it? Who is impacted? in-toto-golang and in-toto-python both support glob patterns in artifact rules to indicate the artifacts that a rule applies to. Both support negations in character classes to indicate what should not be matched, but they used different...

4.1CVSS5.8AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/08 10:24 p.m.11 views

in-toto-golang and in-toto-python have inconsistent negation behavior

Impact What kind of vulnerability is it? Who is impacted? in-toto-golang and in-toto-python both support glob patterns in artifact rules to indicate the artifacts that a rule applies to. Both support negations in character classes to indicate what should not be matched, but they used different...

5.8AI score
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2026/05/04 2:10 p.m.11 views

minimatch: minimatch: Denial of Service via specially crafted glob patterns

A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...

8.7CVSS6.8AI score0.00519EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/05/04 2:10 p.m.22 views

Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.6 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

9.8CVSS7.1AI score0.01402EPSS
Exploits6References14
RedHat Linux
RedHat Linux
added 2026/04/22 9:54 p.m.17 views

minimatch: minimatch: Denial of Service via specially crafted glob patterns

A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...

8.7CVSS5.7AI score0.00519EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/04/22 9:54 p.m.16 views

Important: Red Hat Security Advisory: nodejs:20 security update

An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

8.7CVSS5.8AI score0.26356EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2026/04/22 2:7 p.m.7 views

Important: Red Hat Security Advisory: nodejs:20 security update

An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

8.7CVSS7.3AI score0.26356EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2026/04/22 2:7 p.m.8 views

minimatch: minimatch: Denial of Service via specially crafted glob patterns

A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...

8.7CVSS7AI score0.00519EPSS
Exploits1References6
Rows per page
Query Builder