Lucene search
K

66 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in node-cookiejar

Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service ReDoS attacks through the Cookie.parse function, which uses an insecure regular expression...

7.5CVSS6.8AI score0.01546EPSS
Exploits1References1
OSV
OSV
added 2025/11/28 10:12 a.m.6 views

CLSA-2025-1764324770 Fix CVE(s): CVE-2022-30688

SECURITY UPDATE: insecure regex patterns for interpreter detection - debian/patches/CVE-2022-30688.patch: prevent local privilege escalation by anchoring interpreter regex patterns - CVE-2022-30688...

7.8CVSS7.1AI score0.00405EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2022-7081

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01246EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-6284

Malicious code in bioql PyPI...

7.5CVSS6.5AI score0.01949EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-31772

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.01161EPSS
Exploits0References3
CVE
CVE
added 2025/09/30 8:0 p.m.29 views

CVE-2025-10659

The CVE-2025-10659 entry concerns MegaSys/MegaSys Telenium Online Web Application. A PHP endpoint accessible to unauthenticated network users improperly terminates a regular expression check, failing to validate or sanitize input. This leads to an OS command injection remote code execution risk o...

9.8CVSS8.1AI score0.01161EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/30 12:0 a.m.11 views

PT-2025-40025

Name of the Vulnerable Software and Affected Versions MegaSys Telenium Online Web Application affected versions not specified Description The Telenium Online Web Application contains a critical command injection flaw stemming from an insecurely terminated regular expression check within a PHP...

9.8CVSS8.6AI score0.01161EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.8 views

ManageEngine SupportCenter Plus < 14.9 Build 14940 Privilege Escalation

The version of ManageEngine SupportCenter Plus installed on the remote host is prior to 14.9 Build 14940. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-8309 advisory. - A privilege escalation vulnerability caused by the overly permissive regular expression regex rule...

8.1CVSS5.6AI score0.00239EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2025/04/22 11:23 a.m.10 views

K000150967: Angular JS vulnerabilities CVE-2023-26117 and CVE-2023-26118

Security Advisory Description CVE-2023-26117 Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted...

5.3CVSS5.8AI score0.01695EPSS
Exploits2
Snyk
Snyk
added 2024/11/18 5:41 p.m.3 views

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection due to the usage of improperly secured regular expressions in the scan and findCharSet methods of the XmlScanner class. By exploiting UCS-4 encoding and encoding guessing techniques, attackers can...

8.7CVSS7.2AI score0.0076EPSS
Exploits1References2
Veracode
Veracode
added 2023/04/04 2:2 p.m.26 views

Regular Expression Denial Of Service (ReDoS)

uri is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to the insecure Regex pattern used for the RFC3986URI and RFC3986relativeref parameters in the rfc3986parser.rb, which allows an attacker to crash the application by providing maliciously crafted URI...

5.3CVSS7.3AI score0.02637EPSS
Exploits0References26Affected Software5
Veracode
Veracode
added 2023/04/04 2:2 p.m.25 views

Regular Expression Denial Of Service (ReDoS)

time is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to the insecure Regex pattern used in the rfc2822 function of time.rb, which allows an attacker to crash the application by providing an invalid time...

5.3CVSS7.3AI score0.02452EPSS
Exploits0References22Affected Software5
OSV
OSV
added 2023/03/30 5:15 a.m.2 views

DEBIAN-CVE-2023-26118

Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service ReDoS via the element due to the usage of an insecure regular expression in the inputurl functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result ...

5.3CVSS6.5AI score0.01695EPSS
Exploits1References1
NVD
NVD
added 2023/03/30 5:15 a.m.20 views

CVE-2023-26117

Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic...

5.3CVSS5.4AI score0.01695EPSS
Exploits1References8
OSV
OSV
added 2023/03/30 5:15 a.m.34 views

CVE-2023-26117

Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic...

5.3CVSS5.5AI score
Exploits0References8
OSV
OSV
added 2023/03/30 5:15 a.m.4 views

UBUNTU-CVE-2023-26117

Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic...

5.3CVSS6.7AI score0.01695EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2023/03/30 5:15 a.m.30 views

CVE-2023-26116

Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service ReDoS via the angular.copy utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in...

5.3CVSS6.8AI score0.01695EPSS
Exploits1References4
OSV
OSV
added 2023/03/30 5:15 a.m.2 views

UBUNTU-CVE-2023-26118

Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service ReDoS via the element due to the usage of an insecure regular expression in the inputurl functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result ...

5.3CVSS6.8AI score0.01695EPSS
Exploits1References5
OSV
OSV
added 2023/03/30 5:15 a.m.5 views

UBUNTU-CVE-2023-26116

Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service ReDoS via the angular.copy utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in...

5.3CVSS6.8AI score0.01695EPSS
Exploits1References5
Snyk
Snyk
added 2023/03/26 10:16 a.m.5 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic...

5.3CVSS5.8AI score0.01695EPSS
Exploits1References2
Rows per page
Query Builder