4108 matches found
EUVD-2026-16324
path-to-regexp vulnerable to Denial of Service via sequential optional groups...
path-to-regexp vulnerable to Denial of Service via sequential optional groups
Impact A bad regular expression is generated any time you have multiple sequential optional groups curly brace syntax, such as abc:z. The generated regex grows exponentially with the number of groups, causing denial of service. Patches Fixed in version 8.4.0. Workarounds Limit the number of...
CVE-2026-34364
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the categories.json.php endpoint, which serves the category listing API, fails to enforce user group-based access controls on categories. In the default request path no ?user= parameter, user group filtering is...
CVE-2026-34364
CVE-2026-34364 (WWBN AVideo) affects the category listing API implemented in the categories.json.php endpoint. In versions up to and including 26.0, category access control is not enforced when no ?user= parameter is provided, causing all non-private categories (including those restricted to spec...
CVE-2026-34364 AVideo has User Group-Based Category Access Control Bypass via Missing and Broken Group Filtering in categories.json.php
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the categories.json.php endpoint, which serves the category listing API, fails to enforce user group-based access controls on categories. In the default request path no ?user= parameter, user group filtering is...
CVE-2026-34364 AVideo has User Group-Based Category Access Control Bypass via Missing and Broken Group Filtering in categories.json.php
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the categories.json.php endpoint, which serves the category listing API, fails to enforce user group-based access controls on categories. In the default request path no ?user= parameter, user group filtering is...
CVE-2021-27904
An issue was discovered in app/Model/SharingGroupServer.php in MISP 2.4.139. In the implementation of Sharing Groups, the "all org" flag sometimes provided view access to unintended actors...
CVE-2021-27948
SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. issue 3 of 3...
BIT-DISCOURSE-2026-33425 Discourse has inferable private group membership or existence via exclude_groups parameter
Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, unauthenticated users can determine whether a specific user is a member of a private group by observing changes in directory results when using the excludegroups parameter. Versions 2026.3.0,...
BIT-DISCOURSE-2026-33251 Discourse has a Hidden Solved topics permission bypass
Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, an authorization bypass vulnerability in hidden Solved topics may allow unauthorized users to accept or unaccept solutions. Versions 2026.3.0, 2026.2.1, and 2026.1.2 contain a patch. As a...
BIT-DISCOURSE-2026-28282 Discourse vulnerable to group membership addition permission bypass via discourse-policy plugin
Discourse is an open-source discussion platform. Versions prior to 2026.3.0, 2026.2.1, and 2026.1.2 have a security flaw in the discourse-policy plugin which allowed a user with policy creation permission to gain membership access to any private/restricted groups. Once membership to a...
PT-2026-28621
Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description AVideo is an open source video platform. The categories.json.php endpoint, which serves the category listing API, does not properly enforce user group-based access controls on categories...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in route patterns. An attacker can cause resource exhaustion by supplying input with multiple sequential optional groups, leading to excessive computation and denial of service. Workaround This...
CVE-2026-4926
Impact: A bad regular expression is generated any time you have multiple sequential optional groups curly brace syntax, such as abc:z. The generated regex grows exponentially with the number of groups, causing denial of service. Patches: Fixed in version 8.4.0. Workarounds: Limit the number of...
DEBIAN-CVE-2026-4926
Impact: A bad regular expression is generated any time you have multiple sequential optional groups curly brace syntax, such as abc:z. The generated regex grows exponentially with the number of groups, causing denial of service. Patches: Fixed in version 8.4.0. Workarounds: Limit the number of...
CVE-2026-4926
Impact: A bad regular expression is generated any time you have multiple sequential optional groups curly brace syntax, such as abc:z. The generated regex grows exponentially with the number of groups, causing denial of service. Patches: Fixed in version 8.4.0. Workarounds: Limit the number of...
UBUNTU-CVE-2026-4926
Impact: A bad regular expression is generated any time you have multiple sequential optional groups curly brace syntax, such as abc:z. The generated regex grows exponentially with the number of groups, causing denial of service. Patches: Fixed in version 8.4.0. Workarounds: Limit the number of...
CVE-2026-4926 path-to-regexp vulnerable to Denial of Service via sequential optional groups
Impact: A bad regular expression is generated any time you have multiple sequential optional groups curly brace syntax, such as abc:z. The generated regex grows exponentially with the number of groups, causing denial of service. Patches: Fixed in version 8.4.0. Workarounds: Limit the number of...
CVE-2026-4926
CVE-2026-4926 affects path-to-regexp where multiple sequential optional groups (e.g., {a}{b}{c}) cause the generated regular expression to grow exponentially, leading to denial of service. Connected sources confirm the impact and provide the remediation: a patch is released in version 8.4.0. Work...
CVE-2026-4926 path-to-regexp vulnerable to Denial of Service via sequential optional groups
Impact: A bad regular expression is generated any time you have multiple sequential optional groups curly brace syntax, such as abc:z. The generated regex grows exponentially with the number of groups, causing denial of service. Patches: Fixed in version 8.4.0. Workarounds: Limit the number of...