Lucene search
K

1988 matches found

Snyk
Snyk
added 5 days ago3 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...

8.7CVSS6AI score
Exploits0References2
Snyk
Snyk
added 5 days ago5 views

Regular Expression Denial of Service (ReDoS)

Amendment This was deemed not a vulnerability. Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by...

8.7CVSS6AI score
Exploits0References2
CVE
CVE
added 6 days ago12 views

CVE-2026-15154

Technical details (affected products/versions, root cause specifics, remediation) are not publicly provided in the supplied documents. Monitor for updates to confirm scope, impact and fixes for CVE-2026-15154 regarding guardrails-detectors in Red Hat OpenShift AI.

6.5CVSS5.9AI score0.00204EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/07/03 9:17 p.m.8 views

CVE-2026-58421

Unauthenticated ReDoS via CODEOWNERS pattern matching allows denial of service...

7.5CVSS0.00331EPSS
Exploits0References4
NVD
NVD
added 2026/07/02 8:17 p.m.6 views

CVE-2026-58578

LobeChat before version 2.2.10-canary.15 contains a regular expression denial of service ReDoS vulnerability that allows authenticated attackers to block the Node.js event loop by supplying a catastrophic-backtracking pattern in a GitHub repository URL path during skill import. Attackers can craf...

7.1CVSS0.00305EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/02 7:38 p.m.7 views

EUVD-2026-41420

LobeChat before version 2.2.10-canary.15 contains a regular expression denial of service ReDoS vulnerability that allows authenticated attackers to block the Node.js event loop by supplying a catastrophic-backtracking pattern in a GitHub repository URL path during skill import. Attackers can craf...

7.1CVSS5.8AI score0.00305EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.16 views

PT-2026-55290

Name of the Vulnerable Software and Affected Versions LobeChat versions prior to 2.2.10-canary.15 Description An authenticated attacker can cause a regular expression denial of service ReDoS by providing a catastrophic-backtracking pattern in a GitHub repository URL path during skill import. This...

7.1CVSS6.1AI score0.00305EPSS
Exploits0References9
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/24 10:13 p.m.25 views

Security Bulletin: Multiple vulnerabilities in Open Source affect IBM Cloud Pak System

Summary Multiple vulnerabilities in Open Source affect IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input...

9.8CVSS6.8AI score0.01017EPSS
Exploits4Affected Software1
Cvelist
Cvelist
added 2026/06/24 9:26 p.m.20 views

CVE-2026-52794 Sentry: Inefficient Regular Expression Complexity in sentry

Sentry is an error tracking and performance monitoring tool. From 24.4.0 until 26.5.2, a Regular Expression Denial of Service ReDoS vulnerability exists in Sentry's event ingestion pipeline, where a regex applied to attacker-controlled fields on incoming events can be made to consume...

7.5CVSS0.00267EPSS
Exploits0References2
CVE
CVE
added 2026/06/20 6:27 p.m.20 views

CVE-2025-71379

CVE-2025-71379 affects vLLM versions 0.6.3 through 0.8.x (before 0.9.0). The vulnerability is a set of regular expression denial of service (ReDoS) flaws in multiple components: (1) regex patterns in vllm/lora/utils.py, (2) the phi4mini tool parser, and (3) the OpenAI-compatible serving chat endp...

7.5CVSS5.9AI score0.00321EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/06/20 6:27 p.m.12 views

EUVD-2025-210290

vLLM versions = 0.6.3 and 0.9.0 contain multiple regular expression denial of service ReDoS vulnerabilities. Several regex patterns — in vllm/lora/utils.py, the phi4mini tool parser, and the OpenAI-compatible serving chat endpoint — are susceptible to catastrophic backtracking. An attacker...

5.3CVSS5.9AI score0.00321EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 7:20 p.m.9 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by Regular Expression Denial of Service.

Summary minimatch-9.0.5.tgz is used by IBM Sterling Connect:Direct Web Services CVE-2026-26996, CVE-2026-27903, CVE-2026-27904. Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions...

8.7CVSS5.4AI score0.00519EPSS
Exploits3Affected Software1
Snyk
Snyk
added 2026/06/15 5:24 p.m.9 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the formatDate function when processing an excessively long or attacker-controlled date format string. An attacker can cause high CPU and memory consumption, leading to application...

8.2CVSS5.8AI score0.00331EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/12 8:34 p.m.15 views

CVE-2026-42567

A flaw was found in Svelte, a web framework. An internal regular expression regex in the Svelte runtime, specifically when processing , can be exploited by a remote attacker. By providing specially crafted input, an attacker can cause the regex to take an exponential amount of time to process,...

7.5CVSS5.4AI score0.00421EPSS
Exploits0References5
NVD
NVD
added 2026/06/09 5:16 a.m.17 views

CVE-2026-41848

Applications may be vulnerable to a Regular Expression Denial of Service ReDoS attack if an attacker is able to provide a pattern which is then directly or indirectly supplied to one of the following methods in AntPathMatcher: matchString pattern, String path, matchStartString pattern, String pat...

7.5CVSS0.00317EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 3:51 a.m.12 views

EUVD-2026-35336

Applications may be vulnerable to a Regular Expression Denial of Service ReDoS attack if an attacker is able to provide a pattern which is then directly or indirectly supplied to one of the following methods in AntPathMatcher: matchString pattern, String path, matchStartString pattern, String pat...

3.7CVSS5.4AI score0.00317EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.19 views

PT-2026-47659

Name of the Vulnerable Software and Affected Versions Spring Framework versions 7.0.0 through 7.0.7 Spring Framework versions 6.2.0 through 6.2.18 Spring Framework versions 6.1.0 through 6.1.27 Spring Framework versions 5.3.0 through 5.3.48 Description Applications are susceptible to a Regular...

7.5CVSS5.3AI score0.00317EPSS
Exploits0References9
NVD
NVD
added 2026/06/08 7:16 p.m.11 views

CVE-2026-52778

YesWiki is a wiki system written in PHP. Prior to version 4.6.6, an unsafe execution vulnerability exists in the Bazar form field calculator CalcField.php of YesWiki. The application attempts to sanitize user-defined mathematical formulas using a complex recursive regular expression before passin...

9.8CVSS0.00561EPSS
Exploits0References3
Spring Security Advisories
Spring Security Advisories
added 2026/06/08 12:0 a.m.9 views

Spring Framework Denial of Service via AntPathMatcher

Applications may be vulnerable to a Regular Expression Denial of Service ReDoS attack if an attacker is able to provide a pattern which is then directly or indirectly supplied to one of the following methods in AntPathMatcher :...

3.7CVSS5.7AI score0.00317EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.21 views

PT-2026-47441

Name of the Vulnerable Software and Affected Versions YesWiki versions prior to 4.6.6 Description An unsafe execution issue exists in the Bazar form field calculator CalcField.php. The application uses a complex recursive regular expression to sanitize user-defined mathematical formulas before th...

9.8CVSS5.9AI score0.00561EPSS
Exploits0References11
Rows per page
Query Builder