CVE-2026-41696 Spring Data MongoDB Bind Parameter Literal Quoting Breakout

Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding perform insufficient validation of the bound parameter. An attacker can supply a crafted string to break out of the intended regular expression quoting. Affected versions: Spring Data MongoDB 5.0.0...

Allocation of Resources Without Limits or Throttling

Overview youtube-regex is a The correct Youtube video id regex! Regex done right! Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the regex param. An attacker can cause excessive resource consumption by supplying crafted input that...

CVE-2026-2277 rexCrawler <= 1.0.15 - Reflected Cross-Site Scripting via 'url' and 'regex' Parameters

The rexCrawler plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' and 'regex' parameters in the search-pattern tester page in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2026-2277

The rexCrawler plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' and 'regex' parameters in the search-pattern tester page in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2026-2277 rexCrawler <= 1.0.15 - Reflected Cross-Site Scripting via 'url' and 'regex' Parameters

The rexCrawler plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' and 'regex' parameters in the search-pattern tester page in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for...

PT-2026-26829

The rexCrawler plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' and 'regex' parameters in the search-pattern tester page in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-49505

Summary: CVE-2024-49505 is a reflected-cross-site scripting (XSS) vulnerability in openSUSE Tumbleweed MirrorCache. The issue arises from improper input neutralization in the web page generation process, specifically affecting the REGEX and P parameters. Affected versions are MirrorCache before 1...

PT-2024-33540 · Opensuse · Opensuse Tumbleweed Mirrorcache

Name of the Vulnerable Software and Affected Versions: openSUSE Tumbleweed MirrorCache versions prior to 1.083 Description: A Cross-site Scripting vulnerability exists in openSUSE Tumbleweed MirrorCache, allowing the execution of arbitrary JavaScript via reflected XSS in the REGEX and P parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to inject arbitrary web script or HTML via the 1 project name parameter to project.php; the 2 usejs parameter to user.php; the 3 usejs parameter to group.php; the 4...

CVE-2015-2144

Multiple cross-site scripting XSS vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to inject arbitrary web script or HTML via the 1 project name parameter to project.php; the 2 usejs parameter to user.php; the 3 usejs parameter to group.php; the 4...