Lucene search
K

249 matches found

Cvelist
Cvelist
added 2025/08/13 5:26 p.m.6 views

CVE-2025-2937 Inefficient Regular Expression Complexity in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 13.2 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to create a denial of service condition by sending specially crafted markdown payloads to the Wiki feature...

6.5CVSS0.00337EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2025/08/13 12:0 a.m.6 views

Gitlab -- vulnerabilities

Gitlab reports: Cross-site scripting issue in blob viewer impacts GitLab CE/EE Cross-site scripting issue in labels impacts GitLab CE/EE Cross-site scripting issue in Workitem impacts GitLab CE/EE Improper Handling of Permissions issue in project API impacts GitLab CE/EE Incorrect Privilege...

8.7CVSS6.9AI score0.00423EPSS
Exploits0References1
NVD
NVD
added 2025/07/28 8:15 a.m.7 views

CVE-2025-8263

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

Exploits0
Cvelist
Cvelist
added 2025/07/28 7:2 a.m.9 views

CVE-2025-8262 yarnpkg Yarn hosted-git-resolver.js explodeHostedGitFragment redos

A vulnerability was found in yarnpkg Yarn up to 1.22.22. It has been classified as problematic. Affected is the function explodeHostedGitFragment of the file src/resolvers/exotics/hosted-git-resolver.js. The manipulation leads to inefficient regular expression complexity. It is possible to launch...

5.3CVSS0.007EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2025/07/28 7:2 a.m.5 views

CVE-2025-8262

A vulnerability was found in yarnpkg Yarn up to 1.22.22. It has been classified as problematic. Affected is the function explodeHostedGitFragment of the file src/resolvers/exotics/hosted-git-resolver.js. The manipulation leads to inefficient regular expression complexity. It is possible to launch...

7.5CVSS3.9AI score0.007EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2025/07/28 12:0 a.m.4 views

PT-2025-31054 · Prettier · Prettier

Name of the Vulnerable Software and Affected Versions: prettier versions up to 3.6.2 Description: A vulnerability exists in prettier due to inefficient regular expression complexity within the parseNestedCSS function of the src/language-css/parser-postcss.js file. The manipulation of the node...

7.5CVSS4.4AI score
Exploits0References10
CVE
CVE
added 2025/07/14 6:14 a.m.21 views

CVE-2025-7579

Summary: CVE-2025-7579 affects chinese-poetry 0.1, with a vulnerability in the processing of rank/server.js that leads to inefficient regular expression complexity (a redos-type issue). The issue can be triggered remotely and the exploit has been publicly disclosed. Multiple sources (Red Hat, NVD...

5.3CVSS4.8AI score0.00325EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/30 6:26 a.m.9 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses path-to-regexp-0.1.7.tgz which is vulnerable to CVE-2024-45296, CVE-2024-52798

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses path-to-regexp-0.1.7.tgz which is vulnerable to CVE-2024-45296, CVE-2024-52798. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION:...

8.7CVSS7.3AI score0.00932EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 9:36 a.m.14 views

Security Bulletin: IBM Maximo Application Suite uses runtime-7.20.13.tgz which is vulnerable to CVE-2025-27789.

Summary IBM Maximo Application Suite uses runtime-7.20.13.tgz which is vulnerable to CVE-2025-27789. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript...

6.2CVSS6.7AI score0.00478EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/06/25 12:0 a.m.6 views

PT-2025-26809 · Growi · Growi

Name of the Vulnerable Software and Affected Versions: GROWI versions prior to 7.1.6 Description: The issue is related to inefficient regular expression complexity, which can be exploited by a logged-in user to cause a denial of service DoS condition. Recommendations: For versions prior to 7.1.6,...

5.3CVSS4.5AI score0.00271EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/06/22 10:0 p.m.3 views

CVE-2025-6493 CodeMirror Markdown Mode markdown.js redos

A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown Mode. This manipulation causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has bee...

6.9CVSS5.6AI score0.00448EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/06/22 8:0 p.m.9 views

CVE-2025-6492 MarkText index.js getRecommendTitleFromMarkdownString redos

A vulnerability has been found in MarkText up to 0.17.1 and classified as problematic. Affected by this vulnerability is the function getRecommendTitleFromMarkdownString of the file marktext/src/main/utils/index.js. The manipulation leads to inefficient regular expression complexity. The attack c...

6.9CVSS0.00448EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/06/22 12:0 a.m.5 views

PT-2025-26569 · Marktext · Marktext

Name of the Vulnerable Software and Affected Versions: MarkText versions up to 0.17.1 Description: A vulnerability has been found in MarkText, affecting the function getRecommendTitleFromMarkdownString of the file marktext/src/main/utils/index.js. The manipulation leads to inefficient regular...

6.9CVSS5.1AI score0.00448EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/06/11 9:8 p.m.5 views

CVE-2025-5897

A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markdown Code Handler. The manipulation leads to inefficient regular expression...

7.5CVSS4.5AI score0.00508EPSS
Exploits1References1
OSV
OSV
added 2025/06/09 9:30 p.m.1 views

GHSA-79VF-HF9F-J9Q8 @vue/cli-plugin-pwa Regular Expression Denial of Service vulnerability

A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markdown Code Handler. The manipulation leads to inefficient regular expression...

5.3CVSS7.3AI score0.00508EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2025/06/09 9:30 p.m.6 views

@vue/cli-plugin-pwa Regular Expression Denial of Service vulnerability

A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markdown Code Handler. The manipulation leads to inefficient regular expression...

7.5CVSS4.7AI score0.00508EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2025/06/09 8:31 p.m.74 views

CVE-2025-5896

The CVE-2025-5896 entry concerns taro/taro (up to version 4.1.1). The vulnerability exists in taro/packages/css-to-react-native/src/index.js and arises from inefficient regular-expression handling (ReDoS-like behavior) in that code path. The issue can be triggered remotely and, per sources, upgra...

7.5CVSS4.8AI score0.00514EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2025/06/09 8:15 p.m.9 views

CVE-2025-5895

A vulnerability was found in Metabase 54.10. It has been classified as problematic. This affects the function parseDataUri of the file frontend/src/metabase/lib/dom.js. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit...

7.5CVSS0.00514EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/06/09 8:0 p.m.6 views

CVE-2025-5895 Metabase dom.js parseDataUri redos

A vulnerability was found in Metabase 54.10. It has been classified as problematic. This affects the function parseDataUri of the file frontend/src/metabase/lib/dom.js. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit...

5.3CVSS4.6AI score0.00514EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/06/09 7:31 p.m.7 views

CVE-2025-5892 RocketChat parseMessage.js parseMessage redos

A vulnerability, which was classified as problematic, has been found in RocketChat up to 7.6.1. This issue affects the function parseMessage of the file /apps/meteor/app/irc/server/servers/RFC2813/parseMessage.js. The manipulation of the argument line leads to inefficient regular expression...

5.3CVSS7.2AI score0.00508EPSS
Exploits1References5
Rows per page
Query Builder