Lucene search
K

16 matches found

ATTACKERKB
ATTACKERKB
added 4 days ago3 views

CVE-2026-55574

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, the structuredoutputs.regex API parameter passes a user-supplied regular expression string directly to the grammar compiler backends with no compilation timeout; in the xgrammar backend the stri...

8.7CVSS5.9AI score0.00324EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-23920

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Host and event action script input is validated with a regex set by the administrator, but the validation runs in multiline mode. If ^ and $ anchors are used in...

7.7CVSS5.9AI score0.00248EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/03 7:9 p.m.4 views

Incomplete List of Disallowed Inputs

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via tools.exec.safeBins. An attacker can access sensitive files from the working directory by supplying a pattern input through the -e or --regexp fla...

6.5CVSS5.8AI score0.00259EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-2444

Malware in sbrugna...

7.5CVSS7.7AI score0.02216EPSS
Exploits1References4
Snyk
Snyk
added 2025/06/19 4:19 p.m.3 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the listNames function. An attacker can cause significant CPU consumption and degrade server performance by supplying a crafted regular expression and influencing the set of resource names...

6.3CVSS6.8AI score0.0035EPSS
Exploits0References2
Snyk
Snyk
added 2025/06/19 4:19 p.m.5 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the listNames function. An attacker can cause significant CPU consumption and degrade server performance by supplying a crafted regular expression and influencing the set of resource names...

6.3CVSS6.8AI score0.0035EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/06/06 9:32 a.m.9 views

ruby: Arbitrary memory address read vulnerability with Regex search

A flaw was found in Ruby. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings...

6.6CVSS7.4AI score0.00629EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/09/26 2:56 p.m.1 views

nodejs-semver: Regular expression denial of service

A Regular Expression Denial of Service ReDoS vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size,...

7.5CVSS6.8AI score0.02761EPSS
Exploits1References6
BDU FSTEC
BDU FSTEC
added 2023/05/10 12:0 a.m.6 views

The vulnerability of the Sqlalchemy mako Python template library, related to an incorrect regular expression, allows attackers to cause service interruptions.

The vulnerability of the Sqlalchemy mako Python template library is related to insufficient input validation when processing regular expressions in the Lexer class. Exploiting this vulnerability allows a malicious actor to deliver specially crafted data to the application and execute a...

7.8CVSS7.2AI score0.01718EPSS
Exploits1References11Affected Software5
RedhatCVE
RedhatCVE
added 2023/01/26 10:1 a.m.37 views

CVE-2022-44571

A flaw was found in rubygem-rack. Rack is vulnerable to a denial of service caused by a regular expression denial of service ReDoS flaw in the multipart parser. By sending a specially-crafted regex input, a remote attacker can cause a denial of service...

7.5CVSS4.8AI score0.01503EPSS
Exploits0References4
OSV
OSV
added 2023/01/23 8:51 a.m.5 views

USN-5817-1 python-setuptools, setuptools vulnerability

Sebastian Chnelik discovered that setuptools incorrectly handled certain regex inputs. An attacker could possibly use this issue to cause a denial of service...

5.9CVSS6.8AI score0.02617EPSS
Exploits1References2
Veracode
Veracode
added 2022/10/18 2:26 a.m.21 views

Denial Of Service (DoS)

django is vulnerable to denial of service. The vulnerability is due to the regex function in resolvers.py locale parameter not being treated as a regular expression which allows an attacker to cause an application crash via malicious input...

7.5CVSS7.1AI score0.0272EPSS
Exploits0References19Affected Software3
Github Security Blog
Github Security Blog
added 2022/06/19 12:0 a.m.19 views

Denial of Service in python-ldap

python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service ReDoS flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could exploit this...

6.5CVSS4.2AI score0.01713EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/06/18 4:15 p.m.7 views

CVE-2021-46823

python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service ReDoS flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could exploit this...

6.5CVSS6.6AI score0.01713EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2021/11/09 6:6 p.m.5 views

glibc: Arbitrary read in wordexp()

An integer overflow flaw was found in glibc that may result in reading of arbitrary memory when wordexp is used with a specially crafted untrusted regular expression input...

9.1CVSS6.9AI score0.02678EPSS
Exploits0References4
CVE
CVE
added 2019/05/15 6:58 p.m.60 views

CVE-2019-10640

CVE-2019-10640 affects GitLab Community and Enterprise Edition prior to 11.7.10, 11.8.x prior to 11.8.6, and 11.9.x prior to 11.9.4. The vulnerability is a regex input validation issue on the .gitlab-ci.yml refs value, which allows uncontrolled resource consumption. Affected versions and the root...

7.5CVSS7.3AI score0.02216EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder