Lucene search
+L

23 matches found

osv
osv
added 2026/07/02 7:40 p.m.19 views

CVE-2026-59094 Pathway - Unauthenticated Denial of Service via Exponential Glob Pattern Matching in Document Store

Pathway through 0.31.1, fixed in commit d09722e, document store applies a caller-supplied glob pattern to indexed document paths using a hand-written recursive matcher that branches two ways on each token without memoization, giving exponential worst-case complexity. The filepathglobpattern value...

8.7CVSS6AI score0.0047EPSS
Exploits0References7
cvelist
cvelist
added 2026/07/02 7:40 p.m.36 views

CVE-2026-59094 Pathway - Unauthenticated Denial of Service via Exponential Glob Pattern Matching in Document Store

Pathway through 0.31.1, fixed in commit d09722e, document store applies a caller-supplied glob pattern to indexed document paths using a hand-written recursive matcher that branches two ways on each token without memoization, giving exponential worst-case complexity. The filepathglobpattern value...

8.7CVSS0.0047EPSS
Exploits0References4
cnnvd
cnnvd
added 2026/04/14 12:0 a.m.7 views

Trezor多款产品 安全漏洞

Trezor One, among others, is a product of the Czech Republic-based Trezor company. Trezor One is a digital currency wallet device. Trezor T is a hardware cryptocurrency wallet device. Trezor Safe is also a hardware cryptocurrency wallet device. Several Trezor products have security vulnerabilitie...

4.6CVSS5.9AI score0.00241EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/04/13 12:0 a.m.6 views

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An access control vulnerability exists in the Huawei HarmonyOS memoization module, which can be exploited by an attacker to cause confidentiality and...

6.5CVSS5.8AI score0.00135EPSS
Exploits0References2
github
github
added 2026/03/31 11:49 p.m.7 views

parse-server has GraphQL complexity validator exponential fragment traversal DoS

Impact The GraphQL query complexity validator can be exploited to cause a denial-of-service by sending a crafted query with binary fan-out fragment spreads. A single unauthenticated request can block the Node.js event loop for seconds, denying service to all concurrent users. This only affects...

8.2CVSS5.9AI score0.00463EPSS
Exploits0References7Affected Software1
ptsecurity
ptsecurity
added 2026/01/07 12:0 a.m.6 views

PT-2026-2161

Name of the Vulnerable Software and Affected Versions Bio-Formats versions up to and including 8.3.0 Description Bio-Formats versions up to and including 8.3.0 are susceptible to unsafe Java deserialization of attacker-controlled memoization cache files .bfmemo during image processing. The...

6.8CVSS7.8AI score0.0044EPSS
Exploits1References6
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-26293

Malware in sbrugna...

8.8CVSS8.6AI score0.00752EPSS
Exploits0References4
redhatcve
redhatcve
added 2025/05/22 6:10 p.m.9 views

CVE-2021-39937

A collision in access memoization logic in all versions of GitLab CE/EE before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, leads to potential elevated privileges in groups and projects under rare circumstances...

8.8CVSS6.6AI score0.00752EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2024/01/09 12:0 a.m.3 views

CVE-2024-22368

The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter an out-of-memory condition during parsing of a crafted XLSX document. This occurs because the memoize implementation does not have appropriate constraints on merged cells...

6.5AI score0.00468EPSS
Exploits1References7
nessus
nessus
added 2024/01/03 12:0 a.m.18 views

GitLab 0.0 < 14.3.6 / 14.4 < 14.4.4 / 14.5 < 14.5.2 (CVE-2021-39937)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A collision in access memoization logic in all versions of GitLab CE/EE before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, leads to potential...

8.8CVSS7.8AI score0.00752EPSS
Exploits0References3
hackerone
hackerone
added 2023/06/04 7:40 a.m.49 views

Internet Bug Bounty: [CVE-2022-44572] Possible Denial of Service Vulnerability in Rack’s RFC2183 boundary parsing

A denial of service vulnerability was discovered in the multipart parsing component of Rack. This vulnerability could be exploited by carefully crafted input to cause the RFC2183 multipart boundary parsing in Rack to consume an unexpected amount of time, potentially leading to a denial of service...

7.5CVSS7.1AI score0.01617EPSS
Exploits0
nvd
nvd
added 2021/12/13 4:15 p.m.17 views

CVE-2021-39937

A collision in access memoization logic in all versions of GitLab CE/EE before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, leads to potential elevated privileges in groups and projects under rare circumstances...

8.8CVSS0.00752EPSS
Exploits0References2
osv
osv
added 2021/12/13 4:15 p.m.20 views

CVE-2021-39937

A collision in access memoization logic in all versions of GitLab CE/EE before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, leads to potential elevated privileges in groups and projects under rare circumstances...

8.8CVSS6.9AI score0.00752EPSS
Exploits0References2
ubuntucve
ubuntucve
added 2021/12/13 4:15 p.m.27 views

CVE-2021-39937

A collision in access memoization logic in all versions of GitLab CE/EE before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, leads to potential elevated privileges in groups and projects under rare circumstances...

8.8CVSS7.2AI score0.00752EPSS
Exploits0References1
prion
prion
added 2021/12/13 4:15 p.m.15 views

Design/Logic Flaw

A collision in access memoization logic in all versions of GitLab CE/EE before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, leads to potential elevated privileges in groups and projects under rare circumstances...

6.5CVSS8.5AI score0.00752EPSS
Exploits0References2Affected Software1
osv
osv
added 2021/12/13 4:15 p.m.9 views

UBUNTU-CVE-2021-39937

A collision in access memoization logic in all versions of GitLab CE/EE before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, leads to potential elevated privileges in groups and projects under rare circumstances...

8.8CVSS7.2AI score0.00752EPSS
Exploits0References2
cvelist
cvelist
added 2021/12/13 3:47 p.m.28 views

CVE-2021-39937

A collision in access memoization logic in all versions of GitLab CE/EE before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, leads to potential elevated privileges in groups and projects under rare circumstances...

5.9CVSS8.7AI score0.00752EPSS
Exploits0References2
cve
cve
added 2021/12/13 3:47 p.m.63 views

CVE-2021-39937

CVE-2021-39937 affects GitLab CE/EE with a collision in the access memoization logic that can lead to elevated privileges in groups and projects under rare circumstances. Affected versions include all GitLab CE/EE prior to 14.3.6, all versions from 14.4 before 14.4.4, and all versions from 14.5 b...

8.8CVSS8.4AI score0.00752EPSS
Exploits0References2Affected Software1
debiancve
debiancve
added 2021/12/13 3:47 p.m.22 views

CVE-2021-39937

Removed by vendor...

8.8CVSS7.3AI score0.00752EPSS
Exploits0
ptsecurity
ptsecurity
added 2021/12/13 12:0 a.m.4 views

PT-2021-22776 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 14.3.6 GitLab CE/EE versions 14.4 prior to 14.4.4 GitLab CE/EE versions 14.5 prior to 14.5.2 Description: A collision in access memoization logic leads to potential elevated privileges in groups and projects und...

8.8CVSS8.6AI score0.00752EPSS
Exploits0References9
Rows per page
Query Builder