CVE-2026-41682

A flaw was found in pupnp, an SDK for developing Universal Plug and Play UPnP applications. This vulnerability, known as Server-Side Request Forgery SSRF, arises from port truncation in the parseuri function. A remote attacker can exploit this flaw to confuse port assignments, potentially enablin...

CVE-2026-41682 pupnp: Port truncation via atoi() cast in parse_uri() allows SSRF port confusion

pupnp is an SDK for development of UPnP device and control point applications. Prior to version 1.18.5, pupnp is vulnerable to SRRF port confusion due to port truncation via atoi cast in parseuri. This issue has been patched in version 1.18.5...

Linux Distros Unpatched Vulnerability : CVE-2024-40675

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In parseUriInternal of Intent.java, there is a possible infinite loop due to improper input validation. This could lead to local denial of service with no...

Regular Expression Denial Of Service (ReDoS)

Parse-uri is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression processing, which allows attackers to exploit crafted URLs and cause a denial of service...

parse-uri Regular expression Denial of Service (ReDoS)

An issue in parse-uri v1.0.9 allows attackers to cause a Regular expression Denial of Service ReDoS via a crafted URL. PoC js async function exploit const parseuri = require"parse-uri"; // This input is designed to cause excessive backtracking in the regex const craftedInput = 'http://example.com...

GHSA-6FX8-H7JM-663J parse-uri Regular expression Denial of Service (ReDoS)

An issue in parse-uri v1.0.9 allows attackers to cause a Regular expression Denial of Service ReDoS via a crafted URL. PoC js async function exploit const parseuri = require"parse-uri"; // This input is designed to cause excessive backtracking in the regex const craftedInput = 'http://example.com...

CVE-2024-36751

An issue in parse-uri v1.0.9 allows attackers to cause a Regular expression Denial of Service ReDoS via a crafted URL...

CVE-2024-36751

An issue in parse-uri v1.0.9 allows attackers to cause a Regular expression Denial of Service ReDoS via a crafted URL...

parse-uri 安全漏洞

parse-uri is a lightweight module for parsing URIs from the individual developers at Kiko Beats. A security vulnerability exists in parse-uri v1.0.9. An attacker can exploit this vulnerability to trigger a regular expression denial of service via a crafted URL...

CVE-2024-36751

An issue in parse-uri v1.0.9 allows attackers to cause a Regular expression Denial of Service ReDoS via a crafted URL...

CVE-2024-36751

An issue in parse-uri v1.0.9 allows attackers to cause a Regular expression Denial of Service ReDoS via a crafted URL...

CVE-2024-36751

CVE-2024-36751 affects parse-uri v1.0.9. The issue is a Regular Expression Denial of Service (ReDoS) triggered by crafted URLs due to inefficient regex processing. Reported exploits and PoC exist (GHSA advisory). Impact is Denial of Service with availability risk; CVSSv3.1 base score 6.5. No fix ...

PT-2025-2456 · Parse-Uri · Parse-Uri

Name of the Vulnerable Software and Affected Versions: parse-uri version 1.0.9 Description: The issue allows attackers to cause a Regular expression Denial of Service ReDoS via a crafted URL. This can be achieved by manipulating the URL in a way that triggers a denial of service. Recommendations:...