249 matches found
CVE-2025-4215
CVE-2025-4215 affects gorhill uBlock Origin up to 1.63.3b16, specifically the UI function currentStateChanged in src/js/1p-filters.js. The issue is described as an inefficient regular expression pattern used in filters, which can be triggered remotely and carries a relatively high attack complexi...
CVE-2025-4215 gorhill uBlock Origin UI 1p-filters.js currentStateChanged redos
A vulnerability was found in gorhill uBlock Origin up to 1.63.3b16. It has been classified as problematic. Affected is the function currentStateChanged of the file src/js/1p-filters.js of the component UI. The manipulation leads to inefficient regular expression complexity. It is possible to laun...
Security Bulletin: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing, affects watsonx.data
Summary An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-45338 DESCRIPTION: An attacker can craft an input to the Parse...
CVE-2025-3985
A vulnerability was found in Apereo CAS 5.2.6. It has been classified as problematic. This affects the function ResponseEntity of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\ManageRegisteredServicesMultiActionController.java. The...
Apereo CAS has inefficient regular expression complexity
A vulnerability was found in Apereo CAS 5.2.6. It has been declared as problematic. This vulnerability affects unknown code of the file cas-5.2.6\core\cas-server-core-configuration-metadata-repository\src\main\java\org\apereo\cas\metadata\rest\CasConfigurationMetadataServerController.java. The...
CVE-2025-3986
Summary for CVE-2025-3986 : Multiple sources describe a vulnerability in Apereo CAS 5.2.6 affecting the CasConfigurationMetadataServerController.java, where manipulation of the Name argument leads to inefficient regular-expression processing (ReDoS). The issue is exploitable remotely and an explo...
CVE-2025-3985 Apereo CAS ResponseEntity redos
A vulnerability was found in Apereo CAS 5.2.6. It has been classified as problematic. This affects the function ResponseEntity of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\ManageRegisteredServicesMultiActionController.java. The...
CVE-2025-3985
CVE-2025-3985 affects Apereo CAS 5.2.6. The vulnerability lies in the ManageRegisteredServicesMultiActionController.java handling of the Query argument, causing inefficient regular expression backtracking (ReDoS) and potential remote exploitation. Public disclosures exist, with no fixed version r...
CVE-2025-3985 Apereo CAS ResponseEntity redos
A vulnerability was found in Apereo CAS 5.2.6. It has been classified as problematic. This affects the function ResponseEntity of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\ManageRegisteredServicesMultiActionController.java. The...
CVE-2025-2811
A vulnerability was found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT250...
CVE-2025-2811 GL.iNet GL-A1300 Slate Plus API redos
A vulnerability was found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT250...
Security Bulletin: A vulnerability in Ruby on Rails affects IBM License Metric Tool v9.
Summary There are vulnerabilities in the Ruby On Rails component used by IBM License Metric Tool. Vulnerability Details CVEID:CVE-2024-47887 DESCRIPTION: railsis vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in HTTP Token authentication in Action...
CVE-2025-2833 zhangyd-c OneBlog HTTP Header redos
A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to inefficient regular expression complexity. It is possible to launch th...
CVE-2025-2833 zhangyd-c OneBlog HTTP Header redos
A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to inefficient regular expression complexity. It is possible to launch th...
H2O Vulnerable to Denial of Service (DoS) via `/3/ParseSetup` Endpoint
A vulnerability in the /3/ParseSetup endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service DoS attack. The endpoint applies a user-specified regular expression to a user-controllable string. This can be exploited by an attacker to cause inefficient regular expression complexity,...
The vulnerability of the information extraction application for Active Directory in Splunk’s Supporting Add-on for Active Directory lies in the use of a regular expression with high computational complexity, which can lead to service interruptions.
The vulnerability of the Active Directory data extraction application “Splunk Supporting Add-on for Active Directory” is related to the use of a regular expression with high computational complexity. Exploiting this vulnerability could allow an attacker to cause a service failure...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for February 2025.
Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.1-IF001 and 24.0.0-IF004. Vulnerability Details CVEID:CVE-2024-10963 DESCRIPTION: A flaw was found in pamaccess, where certain rules in its configuration file are mistakenly treated as hostname...
GHSA-968P-4WVH-CQC8 Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups
Impact When using Babel to compile regular expression named capturing groups, Babel will generate a polyfill for the .replace method that has quadratic complexity on some specific replacement pattern strings i.e. the second argument passed to .replace. Your generated code is vulnerable if all the...
Security Bulletin: A vulnerability in react affects IBM Robotic Process Automation and may result in a denial of service (CVE-2024-45296).
Summary A vulnerability in React affects IBM Robotic Process Automation and may result in a denial of service. React is used by IBM Robotic Process Automation as part of it's UI Framework. This bulletin identifies the security fix to apply to address the vulnerability. Vulnerability Details...
Security Bulletin: IBM App Connect Enterprise is vulnerable to backtracking due to path-to-regexp (CVE-2024-52798)
Summary IBM App Connect Enterprise Connector Discovery and OpenAPI Editor and IBM App Connect Enterprise Discovery Connectors are vulnerable to backtracking due to path-to-regexp. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION: path-to-regexp turns path strings into a regular expressions...