Lucene search
+L

48 matches found

Vulnrichment
Vulnrichment
added 2025/07/30 7:41 p.m.3 views

CVE-2025-54576 OAuth2-Proxy has authentication bypass in oauth2-proxy skip_auth_routes due to Query Parameter inclusion

OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. In versions 7.10.0 and below, oauth2-proxy deployments are vulnerable when using the skipauthroutes configuration option...

9.1CVSS6.5AI score0.01133EPSS
Exploits1References6
CVE
CVE
added 2025/07/30 7:41 p.m.123 views

CVE-2025-54576

Observations on CVE-2025-54576 : OAuth2-Proxy versions up to 7.10.0 expose an authentication bypass when using skip_auth_routes with regex patterns, because skip_auth_routes can match the full request URI (path + query parameters) instead of only the path. This allows an attacker to craft URLs wi...

9.1CVSS6.5AI score0.01133EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2025/07/30 7:41 p.m.13 views

CVE-2025-54576 OAuth2-Proxy has authentication bypass in oauth2-proxy skip_auth_routes due to Query Parameter inclusion

OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. In versions 7.10.0 and below, oauth2-proxy deployments are vulnerable when using the skipauthroutes configuration option...

9.1CVSS0.01133EPSS
Exploits1References6
OSV
OSV
added 2025/07/30 7:41 p.m.10 views

CVE-2025-54576 OAuth2-Proxy has authentication bypass in oauth2-proxy skip_auth_routes due to Query Parameter inclusion

OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. In versions 7.10.0 and below, oauth2-proxy deployments are vulnerable when using the skipauthroutes configuration option...

9.1CVSS6.8AI score0.01133EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2025/07/30 12:0 a.m.7 views

PT-2025-31437

Name of the Vulnerable Software and Affected Versions OAuth2-Proxy versions 7.10.0 and earlier Description OAuth2-Proxy deployments using the skip auth routes configuration option with regex patterns are vulnerable to authentication bypass. Attackers can craft URLs with malicious query parameters...

9.1CVSS6.8AI score0.01133EPSS
Exploits1References35
OSV
OSV
added 2025/07/23 10:11 p.m.5 views

CVE-2025-54365 fastapi-guard patch contains bypassable RegEx

fastapi-guard is a security library for FastAPI that provides middleware to control IPs, log requests, detect penetration attempts and more. In version 3.0.1, the regular expression patched to mitigate the ReDoS vulnerability by limiting the length of string fails to catch inputs that exceed this...

8.8CVSS6.5AI score0.00734EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/07/07 12:0 a.m.11 views

PT-2025-28250

Name of the Vulnerable Software and Affected Versions: FastAPI Guard versions prior to 3.0.1 Description: The issue concerns the penetration attempts detection mechanism in FastAPI Guard, which utilizes regex patterns to scan incoming requests. However, some of these regex patterns are inefficien...

7.5CVSS6.4AI score0.00422EPSS
Exploits1References13
Snyk
Snyk
added 2025/06/22 10:40 p.m.3 views

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.bowergithub.components:codemirror is a versatile text editor implemented in JavaScript for the browser. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via multiple locations in markdown.js. An attacker can cause excessive resour...

6.9CVSS6.7AI score0.00451EPSS
Exploits0References2
Snyk
Snyk
added 2025/06/22 10:40 p.m.2 views

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.bowergithub.codemirror:codemirror is a versatile text editor implemented in JavaScript for the browser. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via multiple locations in markdown.js. An attacker can cause excessive resour...

6.9CVSS6.7AI score0.00451EPSS
Exploits0References2
Snyk
Snyk
added 2025/06/22 10:40 p.m.5 views

Regular Expression Denial of Service (ReDoS)

Overview org.webjars:codemirror is a versatile text editor implemented in JavaScript for the browser. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via multiple locations in markdown.js. An attacker can cause excessive resource consumption by...

6.9CVSS6.7AI score0.00451EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/05/28 5:50 p.m.7 views

vLLM vulnerable to Regular Expression Denial of Service

Summary A recent review identified several regular expressions in the vllm codebase that are susceptible to Regular Expression Denial of Service ReDoS attacks. These patterns, if fed with crafted or malicious input, may cause severe performance degradation due to catastrophic backtracking. 1...

7.1AI score
Exploits0References4Affected Software1
F5 Networks
F5 Networks
added 2025/04/22 11:23 a.m.11 views

K000150967: Angular JS vulnerabilities CVE-2023-26117 and CVE-2023-26118

Security Advisory Description CVE-2023-26117 Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted...

5.3CVSS5.8AI score0.01695EPSS
Exploits2
Vulnrichment
Vulnrichment
added 2025/02/12 6:16 p.m.19 views

CVE-2025-25205 Remote Authentication-Bypass can lead to server crash or limited information disclosure due to faulty pattern matching

Audiobookshelf is a self-hosted audiobook and podcast server. Starting in version 2.17.0 and prior to version 2.19.1, a flaw in the authentication bypass logic allows unauthenticated requests to match certain unanchored regex patterns in the URL. Attackers can craft URLs containing substrings lik...

8.2CVSS8.3AI score0.03999EPSS
Exploits2References5
Snyk
Snyk
added 2024/10/01 6:38 a.m.2 views

Cross-site Scripting (XSS)

Overview ansibleguy-webui is a Basic WebUI for using Ansible Affected versions of this package are vulnerable to Cross-site Scripting XSS insufficient input sanitization when handling and displaying regex patterns. Note: The commit fix partially addresses this vulnerability by introducing escapin...

6.1CVSS5.3AI score
Exploits0References3
OSV
OSV
added 2024/01/31 3:17 p.m.20 views

BIT-LIFERAY-2023-33950

Pattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allows regular expressions that are vulnerable to ReDoS attacks to be used as patterns, which allows remote attackers to consume an excessive amount of server resources via crafted request URLs...

7.5CVSS6.8AI score0.00919EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/01/31 12:0 a.m.7 views

PT-2024-40224 · Unknown · Nodemailer

Name of the Vulnerable Software and Affected Versions: nodemailer affected versions not specified Description: A ReDoS vulnerability occurs when nodemailer tries to parse img files with the parameter attachDataUrls set, causing the event loop to become stuck. Another flaw was found when nodemaile...

5.3CVSS6.8AI score
Exploits0References6
Kitploit
Kitploit
added 2023/01/23 11:30 a.m.75 views

SQLiDetector - Helps You To Detect SQL Injection "Error Based" By Sending Multiple Requests With 14 Payloads And Checking For 152 Regex Patterns For Different Databases

Simple python script supported with BurpBouty profile that helps you to detect SQL injection "Error based" by sending multiple requests with 14 payloads and checking for 152 regex patterns for different databases. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- | S|Q|L|i|...

8.8AI score
Exploits0References4
Kitploit
Kitploit
added 2021/08/18 9:30 p.m.338 views

Jsleak - A Go Code To Detect Leaks In JS Files Via Regex Patterns

jsleak is a tool to identify sensitive data in JS files through regex patterns. Although it's built for this, you can use it to identify anything as long as you have a regex pattern for it. How to install Directly: your package manager install pkg-config libpcre++-dev go get...

7.1AI score
Exploits0References7
Kitploit
Kitploit
added 2016/12/12 2:11 p.m.63 views

FileBuster - An Extremely Fast And Flexible Web Fuzzer

An extremely fast and flexible web fuzzer. Why another fuzzer? My main motivation was to write a script that would allow me to fuzz a website based on a dictionary but that allowed me to filter words on that dictionary based on regex patterns. This necessity came from the frustration of trying to...

6.9AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 2016/11/15 11:40 a.m.7 views

pcre: Buffer overflow caused by duplicate named references (8.38/36)

The compileregex function in pcrecompile.c in PCRE before 8.38 and pcre2compile.c in PCRE2 before 10.2x mishandles the /?J:?|:?|?'R'\k'R'|?'R'H'Rk'Rf|s?'R'/ and /?J:?|:?|?'R'\z?|?'R'\k'R'|?'R'k'R'|?'R'H'Ak'Rf|s?'R'/ patterns, and related patterns with certain group references, which allows remote...

7.5CVSS7.5AI score0.05286EPSS
Exploits1References4
Rows per page
Query Builder