Lucene search
+L

9 matches found

OSV
OSV
added 2026/04/21 11:4 p.m.3 views

CVE-2026-41064 AVideo has an incomplete fix for CVE-2026-33502 (Command Injection)

WWBN AVideo is an open source video platform. In versions up to and including 29.0, an incomplete fix for AVideo's test.php adds escapeshellarg for wget but leaves the filegetcontents and curl code paths unsanitized, and the URL validation regex /^http/ accepts strings like httpevil.com. Commit...

9.3CVSS5.9AI score0.00335EPSS
Exploits1References6
OSV
OSV
added 2026/04/08 2:49 a.m.5 views

MGASA-2026-0090 Updated python-pygments packages fix security vulnerability

A security flaw in Pygments function AdlLexer in archetype.py stems from a regular expression having an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles. CVE-2026-4539...

4.8CVSS5.7AI score0.00156EPSS
Exploits0References3
OSV
OSV
added 2026/04/06 3:54 p.m.6 views

CVE-2026-34950 fast-jwt has an incomplete fix for CVE-2023-48223: JWT Algorithm Confusion via Whitespace-Prefixed RSA Public Key

fast-jwt provides fast JSON Web Token JWT implementation. In 6.1.0 and earlier, the publicKeyPemMatcher regex in fast-jwt/src/crypto.js uses a ^ anchor that is defeated by any leading whitespace in the key string, re-enabling the exact same JWT algorithm confusion attack that CVE-2023-48223 patch...

9.1CVSS5.9AI score0.00235EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/31 3:31 p.m.6 views

EUVD-2026-17423

Ridvay Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations...

6.3AI score0.01659EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/30 12:0 a.m.4 views

CVE-2026-30305

Syntx's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, it...

6.3AI score0.01145EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/23 6:19 a.m.8 views

CVE-2026-24037

Horilla is a free and open source Human Resource Management System HRMS. In version 1.4.0, the hasxss function attempts to block XSS by matching input against a set of regex patterns. However, the regexes are incomplete and context-agnostic, making them easy to bypass. Attackers are able to...

5.4CVSS5.3AI score0.00227EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2016-9857

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in phpMyAdmin. XSS is possible because of a weakness in a regular expression used in some JavaScript processing. All 4.6.x versions prio...

6.1CVSS6.6AI score0.01467EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/07 12:0 a.m.7 views

Hugging Face Transformers 安全漏洞

Hugging Face Transformers is Hugging Face's open source advanced natural language processing for Jax, PyTorch and TensorFlow. A security vulnerability exists in Hugging Face Transformers version 4.49.0, which stems from insufficient regular expression complexity in the SETTINGRE variable in...

7.5CVSS5.3AI score0.0043EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2025/02/24 8:49 p.m.17 views

Better Auth allows bypassing the trustedOrigins Protection which leads to ATO

Summary A bypass was discovered in the trustedOrigins validation logic—affecting both absolute URL entries and wildcard domain patterns. This flaw allows an attacker to construct a malicious callbackURL that passes origin checks and triggers an open redirect. Because redirect endpoints include...

6.9AI score
Exploits0References4Affected Software1
Rows per page
Query Builder