Lucene search
K

85 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 5:36 p.m.5 views

CVE-2020-36830

A vulnerability was found in nescalante urlregex up to 0.5.0 and classified as problematic. This issue affects some unknown processing of the file index.js of the component Backtracking. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. The...

7.5CVSS6.9AI score0.00795EPSS
Exploits1
OSV
OSV
added 2025/05/05 4:31 p.m.4 views

USN-7476-1 python-scrapy vulnerabilities

It was discovered that Scrapy improperly exposed HTTP authentication credentials to request targets, including during redirects. An attacker could use this issue to gain unauthorized access to user accounts. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2021-41125 It was...

8.8CVSS5.8AI score0.01243EPSS
Exploits5References7
Veracode
Veracode
added 2025/04/16 11:16 a.m.8 views

Denial Of Service (DoS)

@apollo/gateway is vulnerable to a Denial Of Service DoS. The vulnerability is due to inefficient query planning due to internal optimizations being bypassed when processing deeply nested and reused named fragments...

7.5CVSS6.6AI score0.00557EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2025/04/09 8:22 a.m.6 views

Regular Expression Denial Of Service

uptime-kuma is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regex processing due to catastrophic backtracking triggered by crafted input during notification creation via the web service...

7AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/27 1:21 p.m.13 views

Security Bulletin: Vulnerability in Psf Requests affects watsonx.data

Summary Psf Requests is vulnerable to bypass security restrictions, which could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be...

8.7CVSS9.4AI score0.00792EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2024/11/22 3:50 a.m.5 views

Regular Expression Denial of Service (ReDoS)

Overview tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to inefficient cookie parsing that results in quadratic performance. An attacker...

7.5CVSS6.8AI score0.01051EPSS
Exploits0References2
Wallarm Lab
Wallarm Lab
added 2024/11/18 9:38 a.m.5 views

Taming API Sprawl: Best Practices for API Discovery and Management

APIs are the backbone of interconnected applications, enabling organizations to innovate, integrate, and scale rapidly. However, as enterprises continue to expand their digital ecosystems, they often encounter a common and complex challenge: API sprawl. Unchecked, API sprawl can lead to increased...

7.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/09/27 12:0 a.m.8 views

PT-2024-39535

Name of the Vulnerable Software and Affected Versions Langflow versions up to 1.0.18 Description A problematic vulnerability was found in Langflow, affecting an unknown functionality of the file srcbackendbaselangflowinterfaceutils.py of the component HTTP POST Request Handler. The manipulation o...

6.5CVSS5AI score0.00955EPSS
Exploits1References16
BDU FSTEC
BDU FSTEC
added 2024/09/13 12:0 a.m.5 views

The vulnerability of the configobj program for reading and writing INI files lies in the use of a regular expression c, which has an inefficient computational cost. This allows attackers to trigger a service failure.

The vulnerability of the configobj program for reading and writing INI files is related to the use of a regular expression with inefficient computational complexity. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

5.9CVSS5.9AI score0.01259EPSS
Exploits1References8Affected Software4
Gentoo Linux
Gentoo Linux
added 2024/05/05 12:0 a.m.32 views

Setuptools: Denial of Service

Background Setuptools is a manager for Python packages. Description A vulnerability has been discovered in Setuptools. See the impact field. Impact An inefficiency in a regular expression may end in a denial of service if an user is fetching malicious HTML from a package in PyPI or a custom...

5.9CVSS8.7AI score0.02617EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2024/04/04 12:0 a.m.5 views

The vulnerability of the modular interface between web servers and web applications in Rack, related to the inefficient complexity of regular expressions, allows attackers to trigger service failures.

The vulnerability of the modular interface between web servers and web applications in Rack relates to the processing of input data, which can take an unexpected amount of time. Exploiting this vulnerability allows a malicious actor to cause service failures...

5.3CVSS6.4AI score0.01063EPSS
Exploits0References7Affected Software4
Code423n4
Code423n4
added 2023/09/11 12:0 a.m.7 views

The code uses assembly for memory allocation, which can be complex and prone to errors.

Lines of code Vulnerability details Impact The code uses assembly for memory allocation, which can be complex and prone to errors. Inefficient memory management can lead to gas inefficiency and potential vulnerabilities. Proof of Concept The code uses assembly for memory allocation, which can be...

7.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/05/21 12:0 a.m.35 views

Debian dla-3428 : node-nth-check - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3428 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3428-1 [email protected] https://www.debian.org/lts/security/...

7.5CVSS7.3AI score0.02165EPSS
Exploits1References4
NVD
NVD
added 2023/04/28 9:15 p.m.38 views

CVE-2023-30858

The Denosaurs emoji package provides emojis for dinosaurs. Starting in version 0.1.0 and prior to version 0.3.0, the reTrimSpace regex has 2nd degree polynomial inefficiency, leading to a delayed response given a big payload. The issue has been patched in 0.3.0. As a workaround, avoid using the...

7.5CVSS6.3AI score0.01162EPSS
Exploits1References3
Prion
Prion
added 2023/04/28 9:15 p.m.16 views

Design/Logic Flaw

The Denosaurs emoji package provides emojis for dinosaurs. Starting in version 0.1.0 and prior to version 0.3.0, the reTrimSpace regex has 2nd degree polynomial inefficiency, leading to a delayed response given a big payload. The issue has been patched in 0.3.0. As a workaround, avoid using the...

5CVSS7.5AI score0.01162EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2023/04/28 8:49 p.m.42 views

CVE-2023-30858

The CVE-2023-30858 entry describes a ReDoS in the Denosaurs emoji package (Denosaurs emoji) due to the reTrimSpace regex with a 2nd‑degree polynomial inefficiency in versions 0.1.0 through 0.3.0, causing delayed responses on large payloads. The issue is patched in version 0.3.0; a workaround is t...

7.5CVSS6.3AI score0.01162EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/28 8:49 p.m.7 views

CVE-2023-30858 Denosaurs emoji has ReDoS vulnerability in `replace` function

The Denosaurs emoji package provides emojis for dinosaurs. Starting in version 0.1.0 and prior to version 0.3.0, the reTrimSpace regex has 2nd degree polynomial inefficiency, leading to a delayed response given a big payload. The issue has been patched in 0.3.0. As a workaround, avoid using the...

5.3CVSS7.6AI score0.01162EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/04/28 12:0 a.m.5 views

emoji 安全漏洞

emoji is a simple emoticon from the Denosaurs team that supports the node.js project. A security vulnerability exists in Denosaurs emoji version 0.1.0 up to and including version 0.3.0, which stems from an inefficient second-order polynomial in a regular expression, resulting in a delayed respons...

7.5CVSS7.2AI score0.01162EPSS
Exploits1References4
Huntr
Huntr
added 2023/04/15 2:1 p.m.19 views

ReDoS vulnerability in `strip` function

Description The reTrimSpace regex has 2nd degree polynomial inefficiency, leading to a delayed response given a big payload. Proof of Concept import as emoji from "https://deno.land/x/[email protected]/mod.ts"; const input = '\x00' + '\t'.repeat154773 + '\t\x00'; const start = performance.now;...

6.9AI score
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 3:40 a.m.3 views

SUSE CVE-2021-34549

An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data. Consequently. an attacker can trigger the use of an attacker-chosen circuit ID to cause algorithm inefficiency...

7.5CVSS8.2AI score0.01608EPSS
Exploits0References5
Rows per page
Query Builder