Lucene search
K

58 matches found

OSV
OSV
added 2026/03/12 5:16 p.m.6 views

UBUNTU-CVE-2026-28356

multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 and 1.4.0-dev, the parseoptionsheader function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted HTTP or multipar...

7.5CVSS5.8AI score0.00699EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/20 4:1 p.m.6 views

CVE-2026-26996

A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...

8.7CVSS5.6AI score0.00519EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/02/12 5:0 a.m.6 views

CVE-2026-2327

Versions of the package markdown-it from 13.0.0 and before 14.1.1 are vulnerable to Regular Expression Denial of Service ReDoS due to the use of the regex /+$/ in the linkify function. An attacker can supply a long sequence of characters followed by a non-matching character, which triggers...

6.9CVSS5.5AI score0.00503EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/01/22 1:23 a.m.2 views

CVE-2026-23956 seroval affected by Denial of Service via RegExp serialization

seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 0.2.0 through 1.4.0, overriding RegExp serialization with extremely large patterns can exhaust JavaScript runtime memory during deserialization. Additionally, overriding RegE...

7.5CVSS5.7AI score0.00481EPSS
Exploits0References3
CVE
CVE
added 2026/01/22 1:23 a.m.20 views

CVE-2026-23956

CVE-2026-23956 concerns the seroval JavaScript value-stringification library. A flaw in RegExp serialization during deserialization allows memory exhaustion and, in some cases, Regular Expression Denial of Service (ReDoS). Affected versions are 1.4.0 and below; the issue is fixed in 1.4.1. Public...

7.5CVSS5.7AI score0.00481EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/21 4:57 p.m.9 views

seroval affected by Denial of Service via RegExp serialization

Overriding RegExp serialization with extremely large patterns can exhaust JavaScript runtime memory during deserialization. Additionally, overriding RegExp serialization with patterns that trigger catastrophic backtracking can lead to ReDoS Regular Expression Denial of Service. Mitigation: Serova...

7.5CVSS5.4AI score0.00481EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/01/05 8:57 p.m.6 views

EUVD-2026-0800

Anthropic's MCP TypeScript SDK versions up to and including 1.25.1 contain a regular expression denial of service ReDoS vulnerability in the UriTemplate class when processing RFC 6570 exploded array patterns. The dynamically generated regular expression used during URI matching contains nested...

8.7CVSS6.2AI score0.00399EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.4 views

Siemens SIMATIC S7-1500 Uncontrolled Resource Consumption (CVE-2020-8492)

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. This plugin...

7.1CVSS6.8AI score0.06617EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-21603

Malware in sbrugna...

7.5CVSS6.1AI score0.00493EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.25 views

EUVD-2025-25177

Malicious code in bioql PyPI...

4.3CVSS6.4AI score0.00196EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-22792

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A regular expression based DoS vulnerability in Action Dispatch 6.0.6.1, 6.1.7.1, and 7.0.4.1. Specially crafted cookies, in combination with a specially crafte...

7.5CVSS6.4AI score0.01695EPSS
Exploits0References2
Veracode
Veracode
added 2025/08/11 1:13 p.m.6 views

Regular Expression Denial Of Service (ReDoS)

calibreweb is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient regular expression processing because the stripwhitespaces function allows catastrophic backtracking when processing a specially crafted username parameter during login...

8.7CVSS6.9AI score0.00828EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2025/08/06 12:31 p.m.2 views

Regular Expression Denial of Service (ReDoS)

Overview transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the converttfweightnametoptweightname function. An attacker can cause excessive CPU consumption and disru...

6.9CVSS6.8AI score0.00391EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/22 8:43 p.m.4 views

CVE-2021-39917

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression related to quick actions features was susceptible to catastrophic backtracking...

6.5CVSS6.5AI score0.01328EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2024/12/05 10:45 p.m.15 views

CVE-2024-52798

path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgra...

8.7CVSS6.5AI score0.00792EPSS
Exploits0
OSV
OSV
added 2024/10/14 3:57 p.m.5 views

USN-7040-2 configobj vulnerability

USN-7040-1 fixed a vulnerability in ConfigObj. This update provides the corresponding update for Ubuntu 14.04 LTS. Original advisory details: It was discovered that ConfigObj contains regex that is susceptible to catastrophic backtracking. An attacker could possibly use this issue to cause a...

5.9CVSS6.5AI score0.01259EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2024/09/24 3:8 a.m.3 views

python: cpython: tarfile: ReDos via excessive backtracking while parsing header values

A regular expression denial of service ReDos vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive...

7.5CVSS7.2AI score0.02203EPSS
Exploits2References7
Snyk
Snyk
added 2023/11/28 10:19 a.m.6 views

Regular Expression Denial of Service (ReDoS)

Overview angular is a package that lets you write client-side web applications as if you had a smarter browser. It also lets you use HTML as your template language and lets you extend HTML’s syntax to express your application’s components clearly and succinctly. Affected versions of this package...

7.5CVSS6.6AI score0.01891EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2023/10/30 1:22 a.m.6 views

python-django: Denial-of-service possibility in django.utils.text.Truncator

An inefficient regular expression complexity was found in Django. The text truncator regular expressions exhibit linear backtracking complexity, which can be slow, leading to a potential denial of service, given certain HTML inputs...

7.5CVSS7AI score0.01236EPSS
Exploits0References5
OSV
OSV
added 2023/10/13 11:6 a.m.2 views

OESA-2023-1722 python-django security update

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An inefficient regular expression complexity was found in Django. The text truncator regular expressions exhibit linear backtracking complexity, which can be slow, leading to...

7.5CVSS6.7AI score0.01236EPSS
Exploits0References2
Rows per page
Query Builder