Lucene search
K

249 matches found

CVE
CVE
added 2025/05/02 8:31 p.m.74 views

CVE-2025-4215

CVE-2025-4215 affects gorhill uBlock Origin up to 1.63.3b16, specifically the UI function currentStateChanged in src/js/1p-filters.js. The issue is described as an inefficient regular expression pattern used in filters, which can be triggered remotely and carries a relatively high attack complexi...

3.7CVSS4AI score0.0057EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2025/05/02 8:31 p.m.30 views

CVE-2025-4215 gorhill uBlock Origin UI 1p-filters.js currentStateChanged redos

A vulnerability was found in gorhill uBlock Origin up to 1.63.3b16. It has been classified as problematic. Affected is the function currentStateChanged of the file src/js/1p-filters.js of the component UI. The manipulation leads to inefficient regular expression complexity. It is possible to laun...

3.1CVSS0.0057EPSS
Exploits1References5
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/01 2:1 p.m.6 views

Security Bulletin: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing, affects watsonx.data

Summary An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-45338 DESCRIPTION: An attacker can craft an input to the Parse...

5.3CVSS7AI score0.00856EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/04/29 9:13 p.m.20 views

CVE-2025-3985

A vulnerability was found in Apereo CAS 5.2.6. It has been classified as problematic. This affects the function ResponseEntity of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\ManageRegisteredServicesMultiActionController.java. The...

5.1CVSS6.8AI score0.00522EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/04/27 9:34 p.m.14 views

Apereo CAS has inefficient regular expression complexity

A vulnerability was found in Apereo CAS 5.2.6. It has been declared as problematic. This vulnerability affects unknown code of the file cas-5.2.6\core\cas-server-core-configuration-metadata-repository\src\main\java\org\apereo\cas\metadata\rest\CasConfigurationMetadataServerController.java. The...

7.5CVSS6.8AI score0.00516EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2025/04/27 9:0 p.m.68 views

CVE-2025-3986

Summary for CVE-2025-3986 : Multiple sources describe a vulnerability in Apereo CAS 5.2.6 affecting the CasConfigurationMetadataServerController.java, where manipulation of the Name argument leads to inefficient regular-expression processing (ReDoS). The issue is exploitable remotely and an explo...

7.5CVSS4.8AI score0.00516EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/27 8:31 p.m.10 views

CVE-2025-3985 Apereo CAS ResponseEntity redos

A vulnerability was found in Apereo CAS 5.2.6. It has been classified as problematic. This affects the function ResponseEntity of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\ManageRegisteredServicesMultiActionController.java. The...

5.1CVSS3.8AI score0.00522EPSS
Exploits0References4
CVE
CVE
added 2025/04/27 8:31 p.m.63 views

CVE-2025-3985

CVE-2025-3985 affects Apereo CAS 5.2.6. The vulnerability lies in the ManageRegisteredServicesMultiActionController.java handling of the Query argument, causing inefficient regular expression backtracking (ReDoS) and potential remote exploitation. Public disclosures exist, with no fixed version r...

5.1CVSS3.8AI score0.00522EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/04/27 8:31 p.m.17 views

CVE-2025-3985 Apereo CAS ResponseEntity redos

A vulnerability was found in Apereo CAS 5.2.6. It has been classified as problematic. This affects the function ResponseEntity of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\ManageRegisteredServicesMultiActionController.java. The...

5.1CVSS0.00522EPSS
Exploits0References4
NVD
NVD
added 2025/04/26 7:15 a.m.25 views

CVE-2025-2811

A vulnerability was found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT250...

6.9CVSS0.0034EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/04/26 7:0 a.m.27 views

CVE-2025-2811 GL.iNet GL-A1300 Slate Plus API redos

A vulnerability was found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT250...

6.9CVSS0.0034EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:13 a.m.28 views

Security Bulletin: A vulnerability in Ruby on Rails affects IBM License Metric Tool v9.

Summary There are vulnerabilities in the Ruby On Rails component used by IBM License Metric Tool. Vulnerability Details CVEID:CVE-2024-47887 DESCRIPTION: railsis vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in HTTP Token authentication in Action...

8.7CVSS6.3AI score0.01103EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2025/03/27 4:0 a.m.18 views

CVE-2025-2833 zhangyd-c OneBlog HTTP Header redos

A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to inefficient regular expression complexity. It is possible to launch th...

6.9CVSS0.00672EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/03/27 4:0 a.m.12 views

CVE-2025-2833 zhangyd-c OneBlog HTTP Header redos

A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to inefficient regular expression complexity. It is possible to launch th...

6.9CVSS5.4AI score0.00672EPSS
Exploits1References5
GitLab Advisory Database
GitLab Advisory Database
added 2025/03/20 12:0 a.m.10 views

H2O Vulnerable to Denial of Service (DoS) via `/3/ParseSetup` Endpoint

A vulnerability in the /3/ParseSetup endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service DoS attack. The endpoint applies a user-specified regular expression to a user-controllable string. This can be exploited by an attacker to cause inefficient regular expression complexity,...

7.5CVSS6.8AI score0.00588EPSS
Exploits1References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/03/13 12:0 a.m.5 views

The vulnerability of the information extraction application for Active Directory in Splunk’s Supporting Add-on for Active Directory lies in the use of a regular expression with high computational complexity, which can lead to service interruptions.

The vulnerability of the Active Directory data extraction application “Splunk Supporting Add-on for Active Directory” is related to the use of a regular expression with high computational complexity. Exploiting this vulnerability could allow an attacker to cause a service failure...

6.8CVSS5.5AI score0.00491EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/12 11:26 a.m.41 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for February 2025.

Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.1-IF001 and 24.0.0-IF004. Vulnerability Details CVEID:CVE-2024-10963 DESCRIPTION: A flaw was found in pamaccess, where certain rules in its configuration file are mistakenly treated as hostname...

9.1CVSS9.5AI score0.02782EPSS
Exploits4Affected Software2
OSV
OSV
added 2025/03/11 8:30 p.m.13 views

GHSA-968P-4WVH-CQC8 Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups

Impact When using Babel to compile regular expression named capturing groups, Babel will generate a polyfill for the .replace method that has quadratic complexity on some specific replacement pattern strings i.e. the second argument passed to .replace. Your generated code is vulnerable if all the...

6.2CVSS6.2AI score0.00478EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.14 views

Security Bulletin: A vulnerability in react affects IBM Robotic Process Automation and may result in a denial of service (CVE-2024-45296).

Summary A vulnerability in React affects IBM Robotic Process Automation and may result in a denial of service. React is used by IBM Robotic Process Automation as part of it's UI Framework. This bulletin identifies the security fix to apply to address the vulnerability. Vulnerability Details...

7.5CVSS7.1AI score0.00932EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 9:51 p.m.26 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to backtracking due to path-to-regexp (CVE-2024-52798)

Summary IBM App Connect Enterprise Connector Discovery and OpenAPI Editor and IBM App Connect Enterprise Discovery Connectors are vulnerable to backtracking due to path-to-regexp. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION: path-to-regexp turns path strings into a regular expressions...

8.7CVSS6.3AI score0.00792EPSS
Exploits0Affected Software1
Rows per page
Query Builder