Lucene search
K

42 matches found

NVD
NVD
added 2025/04/19 6:15 a.m.15 views

CVE-2024-13926

The WP-Syntax WordPress plugin through 1.2 does not properly handle input, allowing an attacker to create a post containing a large number of tags, thereby exploiting a catastrophic backtracking issue in the regular expression processing to cause a DoS...

7.5CVSS0.0044EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/04/19 6:0 a.m.9 views

CVE-2024-13926 WP-Syntax <= 1.2 - Author+ Potential ReDoS

The WP-Syntax WordPress plugin through 1.2 does not properly handle input, allowing an attacker to create a post containing a large number of tags, thereby exploiting a catastrophic backtracking issue in the regular expression processing to cause a DoS...

6.7AI score0.0044EPSS
Exploits1References1
CVE
CVE
added 2025/04/19 6:0 a.m.68 views

CVE-2024-13926

CVE-2024-13926 affects the WP-Syntax WordPress plugin (versions up to 1.2). The vulnerability arises from improper input handling that lets an attacker craft a post with a large number of tags, triggering a catastrophic backtracking issue in the regular expression engine and causing a DoS. The en...

7.5CVSS6.4AI score0.0044EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/19 12:0 a.m.12 views

PT-2025-17359 · WordPress · Wp-Syntax

Name of the Vulnerable Software and Affected Versions: WP-Syntax WordPress plugin versions 1.2 and earlier Description: The issue arises from the plugin's improper handling of input, allowing an attacker to create a post with a large number of tags. This exploits a catastrophic backtracking issue...

7.5CVSS7.8AI score0.0044EPSS
Exploits1References9
SUSE CVE
SUSE CVE
added 2025/02/27 2:56 a.m.4 views

SUSE CVE-2025-27220

In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method...

5.3CVSS7AI score0.00702EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2025/02/14 7:35 p.m.10 views

CVE-2025-25289 @octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

@octokit/request-error is an error class for Octokit request errors. Starting in version 1.0.0 and prior to version 6.1.7, a Regular Expression Denial of Service ReDoS vulnerability exists in the processing of HTTP request headers. By sending an authorization header containing an excessively long...

5.3CVSS6.9AI score0.0058EPSS
Exploits0References3
OSV
OSV
added 2025/02/14 5:58 p.m.7 views

GHSA-XX4V-PRFH-6CGC @octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking

Summary A Regular Expression Denial of Service ReDoS vulnerability exists in the processing of HTTP request headers. By sending an authorization header containing an excessively long sequence of spaces followed by a newline and "@", an attacker can exploit inefficient regular expression processin...

5.3CVSS5.5AI score0.0058EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/07/29 12:0 a.m.7 views

PT-2024-29584

Name of the Vulnerable Software and Affected Versions fast-xml-parser versions prior to 4.4.1 Description A ReDOS issue exists in the currency.js component of the fast-xml-parser library, specifically affecting the experimental version 5. This issue can cause a denial of service during currency...

8.7CVSS6.8AI score0.00828EPSS
Exploits1References10
RedHat Linux
RedHat Linux
added 2024/07/09 10:50 a.m.6 views

pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py

A flaw was found in Python Setuptools due to a regular expression Denial of Service ReDoS present in packageindex.py. This issue could allow a remote attacker to cause a denial of service via HTML in a crafted package or custom PackageIndex page...

5.9CVSS6.8AI score0.02617EPSS
Exploits1References5
OSV
OSV
added 2024/03/11 9:41 a.m.6 views

OPENSUSE-SU-2024:0077-1 Security update for python-Django

This update for python-Django fixes the following issues: - CVE-2024-27351: Fixed a denial-of-service in regular expression of django.utils.text.Truncator.words boo1220358...

5.3CVSS5.5AI score0.01854EPSS
Exploits0References3
OSV
OSV
added 2022/06/24 10:15 p.m.6 views

CVE-2021-40894

A Regular Expression Denial of Service ReDOS vulnerability was discovered in underscore-99xp v1.7.2 when the deepValueSearch function is called...

7.5CVSS5.8AI score0.00979EPSS
Exploits1References1
OSV
OSV
added 2022/06/06 3:50 p.m.7 views

USN-5460-1 vim vulnerabilities

It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. CVE-2022-0554 It was discovered that Vim was not properly performing bounds checks for column numbers when replacing tabs...

8.8CVSS7.4AI score0.26583EPSS
Exploits10References11
Positive Technologies
Positive Technologies
added 2022/04/27 12:0 a.m.9 views

PT-2022-16962

Name of the Vulnerable Software and Affected Versions ESAPI versions prior to 2.3.0.0 Description There is a potential for a cross-site scripting vulnerability in ESAPI caused by an incorrect regular expression for onsiteURL in the antisamy-esapi.xml configuration file. This can cause javascript:...

9.8CVSS6.5AI score0.02674EPSS
Exploits4References23
CVE
CVE
added 2021/10/11 12:0 a.m.44 views

CVE-2021-42257

The CVE-2021-42257 issue affects check_smart prior to version 6.9.1, where an unprivileged user could gain unintended drive access because the check only matches a substring of a device path (the /dev/bus substring and a number) via an unanchored regular expression. The root cause is a permissive...

7.1CVSS6.9AI score0.00377EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2021/03/04 5:15 p.m.12 views

CVE-2021-23346

This affects the package html-parse-stringify before 2.0.1; all versions of package html-parse-stringify2. Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process...

5.3CVSS5.2AI score
Exploits0References6
OSV
OSV
added 2020/12/08 10:40 a.m.3 views

MGASA-2020-0452 Updated oniguruma packages fix security vulnerability

In Oniguruma, an attacker able to supply a regular expression for compilation may be able to overflow a buffer by one byte in concatoptexactstr in src/regcomp.c CVE-2020-26159...

9.5AI score
Exploits1References5
OSV
OSV
added 2020/08/19 10:39 p.m.3 views

GHSA-M45F-4828-5CV5 Regular Expression Denial of Service in highcharts

Withdrawn: Duplicate of GHSA-xmc8-cjfr-phx3...

7.2AI score
Exploits0References2
OSV
OSV
added 2020/03/30 7:45 p.m.4 views

PYSEC-2020-340

In Mozilla Bleach before 3.1.4, bleach.clean behavior parsing style attributes could result in a regular expression denial of service ReDoS...

7.5CVSS7.1AI score0.00718EPSS
Exploits1References5
OSV
OSV
added 2020/03/01 7:13 p.m.11 views

OPENSUSE-SU-2020:0274-1 Security update for python3

This update for python3 fixes the following issues: Security issues fixed: - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs bsc1162825. - CVE-2020-8492: Fixed a regular expression in urrlib that was prone to denial of service via HTTP bsc1162367. Non-security issue...

7.5CVSS7.8AI score0.06617EPSS
Exploits1References7
OSV
OSV
added 2015/07/14 5:59 p.m.5 views

CVE-2015-5144

Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an 1 email message to the EmailValidator, a ...

6.4AI score
Exploits0References10
Rows per page
Query Builder