Lucene search
K

46 matches found

RedhatCVE
RedhatCVE
added last week5 views

CVE-2026-55574

A flaw was found in vLLM, a high-throughput and memory-efficient inference and serving engine for large language models LLMs. A remote attacker could exploit this vulnerability by providing a specially crafted regular expression to the structuredoutputs.regex API parameter. This adversarial regex...

8.7CVSS5.9AI score0.00324EPSS
Exploits0References6
OSV
OSV
added 2026/07/02 8:20 p.m.4 views

GHSA-X4HG-HFWF-P9MW @asymmetric-effort/nogginlessdom vulnerable to ReDoS via user-controlled regex in HTMLInputElement pattern validation

Summary The HTMLInputElement.checkValidity method constructed a RegExp directly from the user-controlled pattern property without any sanitization or timeout protection. This allowed an attacker to inject a regex with catastrophic backtracking, freezing the event loop. Fix Fixed in commit...

6.9CVSS5.8AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/09 11:19 a.m.10 views

minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and...

7.5CVSS7.2AI score0.00472EPSS
Exploits1References5
OSV
OSV
added 2026/05/27 9:34 p.m.6 views

GHSA-9FRC-8383-795M Symfony's YAML Parser has a ReDoS via Catastrophic Backtracking in Parser::cleanup() Regex

Description Symfony\Component\Yaml\Parser::cleanup strips the optional %YAML directive header, leading comments, and document start/end markers before parsing. The original regexes contained overlapping quantifiers, most notably '^%YAML: \d.+.\nu', whose \d.+ and . overlap on the dot, that exhibi...

6.9CVSS5.8AI score0.00076EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/05/27 9:34 p.m.35 views

Symfony's YAML Parser has a ReDoS via Catastrophic Backtracking in Parser::cleanup() Regex

Description Symfony\Component\Yaml\Parser::cleanup strips the optional %YAML directive header, leading comments, and document start/end markers before parsing. The original regexes contained overlapping quantifiers, most notably '^%YAML: \d.+.\nu', whose \d.+ and . overlap on the dot, that exhibi...

8.7CVSS5.8AI score0.00076EPSS
Exploits0References6Affected Software2
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.18 views

PT-2026-44150

Name of the Vulnerable Software and Affected Versions Symfony versions prior to 5.4.31 Description The cleanup function in SymfonyComponentYamlParser contains regular expressions with overlapping quantifiers, specifically in the pattern used to strip the %YAML directive header. This leads to...

8.7CVSS6AI score0.00076EPSS
Exploits0References18
OSV
OSV
added 2026/05/19 12:24 a.m.9 views

CLSA-2026-1779099998 ruby: Fix of CVE-2023-28755

CVE-2023-28755: fix ReDoS in URI parser by converting greedy quantifiers to possessive quantifiers in RFC3986URI and RFC3986relativeref...

5.3CVSS6.6AI score0.02637EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/18 12:24 p.m.11 views

minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and...

7.5CVSS7.1AI score0.00472EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/05/18 12:21 p.m.15 views

minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and...

7.5CVSS7.1AI score0.00472EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/05/18 12:12 p.m.11 views

minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and...

7.5CVSS7.1AI score0.00472EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/04/22 9:54 p.m.12 views

minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and...

7.5CVSS5.8AI score0.00472EPSS
Exploits1References5
OSV
OSV
added 2026/04/22 8:20 p.m.8 views

JLSEC-2026-176

libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454...

7.5CVSS6.3AI score0.0277EPSS
Exploits0References14
RedHat Linux
RedHat Linux
added 2026/04/22 2:7 p.m.7 views

minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and...

7.5CVSS7.1AI score0.00472EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/04/15 7:16 p.m.3 views

minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and...

7.5CVSS6.6AI score0.00472EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/04/14 7:23 a.m.7 views

minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and...

7.5CVSS6.6AI score0.00472EPSS
Exploits1References5
Snyk
Snyk
added 2026/04/09 4:41 p.m.7 views

Regular Expression Denial of Service (ReDoS)

Overview fast-jwt is a Fast JSON Web Token implementation Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the allowedAud, allowedIss, allowedSub, allowedJti, or allowedNonce options when used with RegExp objects and RegExp is configured with nest...

6.5CVSS5.7AI score0.00262EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/04/09 1:4 p.m.4 views

minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and...

7.5CVSS6.6AI score0.00472EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/04/08 1:58 p.m.4 views

minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and...

7.5CVSS5.9AI score0.00472EPSS
Exploits1References5
Snyk
Snyk
added 2026/04/07 6:14 p.m.7 views

Regular Expression Denial of Service (ReDoS)

Overview addressable is an is an alternative implementation to the URI implementation that is part of Ruby's standard library. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the URI template matching due to the use of regular expressions with...

8.7CVSS5.9AI score0.0036EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/03/31 4:12 p.m.6 views

minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and...

7.5CVSS5.9AI score0.00472EPSS
Exploits1References5
Rows per page
Query Builder