Lucene search
K

201 matches found

OSV
OSV
added 2026/05/28 5:53 p.m.5 views

USN-8343-1 multipart vulnerability

It was discovered that multipart had an ambiguous regular expression alternation when handling certain HTTP header values. A remote attacker could possibly use this issue to cause multipart to use excessive resources, leading to a denial of service...

7.5CVSS5.8AI score0.00859EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/27 2:52 a.m.10 views

SUSE CVE-2026-9496

Versions of the package pacote from 11.2.7 are vulnerable to Denial of Service DoS via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function's regex replacement and string-manipulation logic, causing...

8.7CVSS5.8AI score0.00049EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.7 views

PT-2026-43458

Summary The strip html filter in liquidjs is intended to remove HTML tags from a string before rendering, and is widely used as an XSS sanitizer. The implementation uses a regex whose catch-all branch does not match line terminators, so any HTML tag containing a or r character passes through...

6.1CVSS6AI score
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2026/05/18 12:0 a.m.7 views

HAPI FHIR: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint

All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The FHIRPath functions matches, matchesFull, and replaceMatches pass user-controlled regular expressions directly to Java's Pattern.compile and String.replaceAll without...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/05/14 8:29 p.m.2 views

GHSA-9RMH-MM8F-R9H6 Svelte: ReDoS in `<svelte:element>` Tag Validation

An internal regex in the Svelte runtime can take exponential time to test in . You are only vulnerable to this if you allow tags of unconstrained length. If your application only allows a predetermined list of tags or trims their length before passing them to svelte:element, you are safe...

5.9CVSS5.8AI score
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/12 7:48 a.m.5 views

CVE-2026-2300 BJ Lazy Load <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom HTML Block

The BJ Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the filterimages function in all versions up to, and including, 1.0.9. This is due to the use of regex-based HTML processing pregreplace that does not properly handle HTML attribute boundaries when replacing sr...

6.4CVSS6AI score0.00036EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.4 views

Unity Linux 20.1060e / 20.1070e Security Update: rubygem-actionpack (UTSA-2026-017610)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017610 advisory. The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action...

7.5CVSS6.8AI score0.03338EPSS
Exploits1References4
NVD
NVD
added 2026/05/07 4:16 p.m.7 views

CVE-2025-65122

Regex Denial of Service in youtube-regex npm package through version 1.0.5...

7.5CVSS0.00057EPSS
Exploits0References2
CVE
CVE
added 2026/05/07 12:0 a.m.5 views

CVE-2025-65122

CVE-2025-65122 affects the youtube-regex npm package up to version 1.0.5. The NVD entry documents a Regex Denial of Service vulnerability with CVSS v3.1 base score 7.5 (attack: NETWORK, impact: HIGH on availability; confidentiality and integrity not affected; no user interaction; no privileges re...

7.5CVSS5.8AI score0.00057EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/07 12:0 a.m.5 views

CVE-2025-65122

Regex Denial of Service in youtube-regex npm package through version 1.0.5...

5.8AI score0.00057EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.3 views

Unity Linux 20.1060e / 20.1070e Security Update: ruby (UTSA-2026-016521)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016521 advisory. An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data...

6.6CVSS6.9AI score0.00697EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.12 views

Astra Linux - уязвимость в libonig

A NULL pointer dereference in the matchat function in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause a denial of service by providing a crafted regular expression. Oniguruma vulnerabilities often affect Ruby, as well as common optional libraries used in PHP and Rust...

6.5CVSS6.6AI score0.00131EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux - уязвимость в mako

Sqlalchemy mako before version 1.2.2 is vulnerable to Regular Expression Denial of Service when using the Lexer class for parsing. This vulnerability also affects babelplugin and linguaplugin...

7.5CVSS7.1AI score0.01006EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux - уязвимость в thunderbird, firefox

Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log did not account for external URLs. As a result, data could potentially be exfiltrated from the browser. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird...

6.5CVSS6.9AI score0.00223EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux - уязвимость в sqlparse

sqlparse is a non-validation SQL parser module for Python. In affected versions, the SQL parser contains a regular expression that is vulnerable to ReDoS Regular Expression Denial of Service. This issue was introduced by the commit e75e358. The vulnerability may lead to Denial of Service DoS. Thi...

7.5CVSS7.1AI score0.01264EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux - уязвимость в libonig

A use-after-free in the onignewdeluxe function in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regular expression pattern and a...

9.8CVSS7.2AI score0.00537EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.2 views

PT-2026-34209

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.21 Description An incorrect regular expression allows an attacker to bypass OAuth redirect URI validation. An attacker aware of a first-party OAuth application's registered callback URL can create a...

7.5CVSS5.8AI score0.0005EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.3 views

PT-2026-34233

Summary The defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex //g to sanitize values injected into inline tags via the define:vars directive. HTML parsers close elements case-insensitively and also accept whitespace or / before the closing , allowing ...

6.1CVSS6AI score0.00053EPSS
Exploits1References5
Snyk
Snyk
added 2026/04/09 4:41 p.m.0 views

Incorrect Regular Expression

Overview fast-jwt is a Fast JSON Web Token implementation Affected versions of this package are vulnerable to Incorrect Regular Expression in the allowedAud, allowedIss, allowedSub, allowedJti, or allowedNonce options when used with RegExp objects and RegExp is configured with modifiers such as /...

5.3CVSS5.8AI score0.00182EPSS
Exploits1References2
CVE
CVE
added 2026/04/07 4:38 p.m.29 views

CVE-2026-35611

Addressable (Ruby URI template implementation) versions 2.3.0–before 2.9.0 are affected by two classes of URI template generation that create regular expressions susceptible to catastrophic backtracking. Templates using the explode modifier with any expansion operator (e.g., {foo*}, {+var*}, {#va...

7.5CVSS5.8AI score0.00027EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder