Lucene search
K

181 matches found

Microsoft CVE
Microsoft CVE
added 7 hours ago8 views

Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perl_study_chunk

...

9.1CVSS6.1AI score0.00207EPSS
Exploits0
NVD
NVD
added 6 days ago5 views

CVE-2026-59223

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, WEBFETCHFILTERLIST matching compared configured host entries against URL strings and non-label-boundary suffixes, allowing path-based blocklist bypasses such as !internal.example.com in a URL pa...

4.3CVSS0.00223EPSS
Exploits0References4
Snyk
Snyk
added 6 days ago3 views

Regular Expression Denial of Service (ReDoS)

Amendment This was deemed not a vulnerability. Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by...

8.7CVSS6AI score
Exploits0References2
Snyk
Snyk
added 6 days ago3 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...

8.7CVSS6AI score
Exploits0References2
Snyk
Snyk
added 6 days ago5 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...

8.7CVSS6AI score
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...

8.7CVSS6AI score
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...

8.7CVSS6AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/07/06 2:47 p.m.4 views

undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header

A flaw was found in undici. When undici processes Set-Cookie headers, it incorrectly interprets the SameSite attribute, accepting partial matches instead of exact ones. This allows a malicious server to downgrade a cookie's SameSite policy to a less secure setting, potentially leading to unintend...

3.7CVSS7AI score0.00248EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51720

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds read exists in the compat mtw from user function within the netfilter ebtables component. The issue occurs because the function fails to properly validate the...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References12
CVE
CVE
added 2026/06/22 5:30 p.m.19 views

CVE-2026-54300

The CVE-2026-54300 issue affects the Astro package @astrojs/netlify (Netlify adapter). Before version 7.0.13, the adapter converts image.remotePatterns into Netlify Image CDN images.remote_images regexes with broader semantics than Astro’s canonical matcher. Specifically, wildcards like .example....

5.3CVSS5.8AI score0.00187EPSS
Exploits0References1
NVD
NVD
added 2026/06/20 4:17 p.m.12 views

CVE-2026-56325

Capgo before 12.128.2 uses ILIKE pattern matching instead of exact matching for appid lookup in the preview subdomain resolver, allowing underscore characters in appid to act as SQL wildcards. Attackers can create apps with appids differing by one character at underscore positions to cause...

3.1CVSS0.00215EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/20 3:21 p.m.3 views

CVE-2026-56325

Capgo before 12.128.2 uses ILIKE pattern matching instead of exact matching for appid lookup in the preview subdomain resolver, allowing underscore characters in appid to act as SQL wildcards. Attackers can create apps with appids differing by one character at underscore positions to cause...

3.1CVSS5.9AI score0.00215EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.17 views

PT-2026-50599

Name of the Vulnerable Software and Affected Versions org.hl7.fhir.dstu2 affected versions not specified Description An incomplete patch in the org.hl7.fhir.dstu2 module allows an unauthenticated attacker to cause a Regular Expression Denial of Service ReDoS. While other modules were updated to...

7.5CVSS5.9AI score0.00354EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-49043

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.7 Description An issue exists in the retry endpoint checks where hostname validation allows matching hostname prefixes instead of requiring exact hostnames. This allows attackers to craft a hostname prefix tha...

6.5CVSS5.2AI score0.00265EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/10 12:31 a.m.13 views

EUVD-2026-35893

Spring Data Relational does not properly escape binding values of externally-controlled input when using StringMatcher STARTING, ENDING, or CONTAINING in Query By Example QBE. An attacker can supply wildcard characters to perform boolean-based blind data inference. Affected versions: Spring Data...

4.8CVSS5.5AI score0.00227EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.11 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the netfilter arptables module’s improper handling of omitted target hardware address fields when...

5.8AI score0.00117EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Redis

Redis is an open-source, in-memory database that persists data on disk.Authenticated users can trigger a denial-of-service attack by using specially crafted, overly long pattern matching on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST, and ACL definitions. Matchi...

6.5CVSS6.3AI score0.01011EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in zlib, libz-mingw-w64

Before version 1.2.12, zlib allowed memory corruption during deflation i.e., when compressing if the input contained many distant matches...

7.5CVSS6.8AI score0.52063EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/18 8:23 p.m.9 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in the FHIRPathEngine. An attacker can exhaust system resources and cause service disruption by submitting specially crafted regular...

8.7CVSS5.8AI score0.00086EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 8:23 p.m.8 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in the FHIRPathEngine. An attacker can exhaust system resources and cause service disruption by submitting specially crafted regular...

8.7CVSS5.8AI score0.00086EPSS
Exploits0References2
Rows per page
Query Builder