Lucene search
K

889 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.10 views

Amazon Linux 2023 : editorconfig, editorconfig-devel, editorconfig-libs (ALAS2023-2026-1642)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1642 advisory. editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and including 0.12.10 have a stack-based buffer overflow in ecglob that allows an...

8.6CVSS6.1AI score0.00965EPSS
Exploits1References4
Rosalinux
Rosalinux
added 2026/05/19 2:34 p.m.13 views

Advisory ROSA-SA-2026-3285

software: vim 9.2.0321 WASP: ROSA-CHROME unaffected versions = vim-9.2.0321-1 affected versions vim-9.2.0321-1 CVE-ID: CVE-2026-33412 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A command injection vulnerability in the Vim text editor allows an attacker to execute arbitrary shell commands via a...

7.3CVSS6AI score0.00834EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/05/18 12:24 p.m.11 views

minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and...

7.5CVSS7.1AI score0.00472EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/05/18 12:24 p.m.10 views

minimatch: minimatch: Denial of Service via specially crafted glob patterns

A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...

8.7CVSS6.8AI score0.00519EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/05/18 12:21 p.m.15 views

minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and...

7.5CVSS7.1AI score0.00472EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/05/18 12:21 p.m.18 views

minimatch: minimatch: Denial of Service via specially crafted glob patterns

A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...

8.7CVSS6.8AI score0.00519EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/05/18 12:12 p.m.13 views

minimatch: minimatch: Denial of Service via specially crafted glob patterns

A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...

8.7CVSS6.8AI score0.00519EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/05/18 12:12 p.m.10 views

minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and...

7.5CVSS7.1AI score0.00472EPSS
Exploits1References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/14 7:25 p.m.14 views

Malicious code in glob-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 091b8ee02b80a8a3fda11c15a6d0b8f657b639100244a4398d046ded5854eb64 [email protected] is a malicious typosquat with no legitimate functionality. Its index.js is a stub; package.json declares scripts.postinstall: node...

5.8AI score
Exploits0References7
OSV
OSV
added 2026/05/14 7:25 p.m.9 views

MAL-2026-3764 Malicious code in glob-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 091b8ee02b80a8a3fda11c15a6d0b8f657b639100244a4398d046ded5854eb64 [email protected] is a malicious typosquat with no legitimate functionality. Its index.js is a stub; package.json declares scripts.postinstall: node...

5.8AI score
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/05/11 7:26 p.m.10 views

CVE-2026-42882 oxyno-zeta/s3-proxy: Security Issues in Resource Path Matching

oxyno-zeta/s3-proxy is an aws s3 proxy written in go. Prior to 5.0.0, s3-proxy contains an authentication bypass caused by inconsistent URL path interpretation between the authentication middleware and the bucket handler. The authentication middleware evaluates resource path patterns against the...

9.4CVSS5.8AI score0.00554EPSS
Exploits0References3
OSV
OSV
added 2026/05/09 12:33 p.m.8 views

OESA-2026-2258 editorconfig security update

EditorConfig makes it easy to maintain the correct coding style when switching between different text editors and between different projects. The EditorConfig project maintains a file format and plugins for various text editors which allow this file format to be read and used by those editors...

8.6CVSS6.1AI score0.00151EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/08 10:24 p.m.7 views

Improper Handling of Inconsistent Special Elements

Overview Affected versions of this package are vulnerable to Improper Handling of Inconsistent Special Elements due to inconsistent handling of negation operators in glob pattern processing. An attacker can cause unintended rule matching or bypass intended restrictions by crafting layouts that ar...

1.9CVSS5.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/08 10:24 p.m.11 views

in-toto-golang and in-toto-python have inconsistent negation behavior

Impact What kind of vulnerability is it? Who is impacted? in-toto-golang and in-toto-python both support glob patterns in artifact rules to indicate the artifacts that a rule applies to. Both support negations in character classes to indicate what should not be matched, but they used different...

5.8AI score
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/08 10:24 p.m.4 views

GHSA-PMWQ-PJRM-6P5R in-toto-golang and in-toto-python have inconsistent negation behavior

Impact What kind of vulnerability is it? Who is impacted? in-toto-golang and in-toto-python both support glob patterns in artifact rules to indicate the artifacts that a rule applies to. Both support negations in character classes to indicate what should not be matched, but they used different...

4.1CVSS5.8AI score
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 12:48 p.m.9 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses minimatch-10.1.2.tgz, minimatch-10.2.2.tgz which is vulnerable to CVE-2026-27903, CVE-2026-27904

Summary IBM Maximo Application Suite - Visual Inspection component uses minimatch-10.1.2.tgz, minimatch-10.2.2.tgz which is vulnerable to CVE-2026-27903, CVE-2026-27904, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-27903...

7.5CVSS7.1AI score0.00517EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 10:14 a.m.11 views

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Developer Edition version 2.7.0 Vulnerability Details CVEID:CVE-2025-64756 DESCRIPTION: Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI...

9.8CVSS7.3AI score0.04456EPSS
Exploits5Affected Software1
RedHat Linux
RedHat Linux
added 2026/05/04 2:10 p.m.22 views

Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.6 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

9.8CVSS7.1AI score0.01402EPSS
Exploits6References14
RedHat Linux
RedHat Linux
added 2026/05/04 2:10 p.m.11 views

minimatch: minimatch: Denial of Service via specially crafted glob patterns

A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...

8.7CVSS6.8AI score0.00519EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.8 views

Oracle Linux 10 : vim (ELSA-2026-11389)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-11389 advisory. - RHEL-159615 CVE-2026-33412 vim: Vim: Arbitrary code execution via command injection in glob function - RHEL-155409 CVE-2026-28421 vim: Vim: Denial of servic...

8.2CVSS6.4AI score0.01162EPSS
Exploits0References2
Rows per page
Query Builder