Lucene search
K

6647 matches found

Snyk
Snyk
added 2026/06/08 12:0 a.m.7 views

Regular Expression Denial of Service (ReDoS)

Overview org.springframework:spring-core is a core package within the spring-framework that contains multiple classes and utilities. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via pattern processing in AntPathMatcher. An attacker can cause denia...

7.5CVSS5.5AI score0.00317EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.16 views

PT-2026-47441

Name of the Vulnerable Software and Affected Versions YesWiki versions prior to 4.6.6 Description An unsafe execution issue exists in the Bazar form field calculator CalcField.php. The application uses a complex recursive regular expression to sanitize user-defined mathematical formulas before th...

9.8CVSS5.9AI score0.00561EPSS
Exploits0References6
Spring Security Advisories
Spring Security Advisories
added 2026/06/08 12:0 a.m.6 views

Spring Framework Denial of Service via AntPathMatcher

Applications may be vulnerable to a Regular Expression Denial of Service ReDoS attack if an attacker is able to provide a pattern which is then directly or indirectly supplied to one of the following methods in AntPathMatcher :...

3.7CVSS5.7AI score0.00317EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/06 6:43 p.m.10 views

CVE-2026-44838

RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrators can create patterns such as ^clientid-sensors$ to restrict user access to topics that include...

8.1CVSS5.5AI score0.0025EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.9 views

CVE-2026-41040

GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service ReDoS via a crafted input string...

8.7CVSS7.2AI score0.00365EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/04 2:24 p.m.8 views

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the read function when attacker-controlled input is used as the cookie name parameter, which is interpolated...

7.5CVSS5.5AI score0.00645EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/04 2:24 p.m.11 views

Regular Expression Denial of Service (ReDoS)

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the read function when attacker-controlled input is used as the cookie name parameter, which is interpolated into a regular...

7.5CVSS5.5AI score0.00645EPSS
Exploits1References2
OSV
OSV
added 2026/06/04 2:24 p.m.7 views

GHSA-HFXV-24RG-XRQF Axios: Regular Expression Denial of Service (ReDoS) via Cookie Name Injection

Summary Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line build a regular expression from the configured XSRF cookie name without escaping regex metacharacters. In standard browser environments, an attacker who can influence the cookie name passed to axios can cause...

7.5CVSS6AI score0.00645EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.7 views

Froxlor 注入漏洞

Froxlor is a set of lightweight server management software developed by the Froxlor team. Versions of Froxlor 2.3.6 and earlier contained an injection vulnerability. This vulnerability stemmed from the LOC record’s regular expression matching of line breaks, and the unlimited TLSA validation, whi...

8.6CVSS5.3AI score0.00269EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/03 6:16 p.m.13 views

EUVD-2026-34168

Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp without complexity validation. An on-path attacker can inject specific patterns to cause catastrophic backtracking, resulting in...

5.8AI score0.00432EPSS
Exploits0References1
CVE
CVE
added 2026/06/03 6:16 p.m.16 views

CVE-2026-8888

The CVE-2026-8888 entry applies to the Securly Chrome Extension (v3.0.7). It downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp() without complexity validation, enabling an on-path attacker to inject patterns that cause catastrop...

7.5CVSS5.8AI score0.00432EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/03 4:16 p.m.9 views

CVE-2026-6657

A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the alloworiginpat configuration is used. The issue arises from the use of re.match for validating the Origin header, which only anchors at the start of the string. This allow...

8.8CVSS0.00197EPSS
Exploits1References1
Snyk
Snyk
added 2026/06/03 3:6 p.m.7 views

Permissive Regular Expression

Overview Affected versions of this package are vulnerable to Permissive Regular Expression in the use of re.match to verify alloworiginpat values. This allows an attacker to bypass intended CORS restrictions and gain unauthorized access to sensitive API responses. Code execution is possible by...

8.8CVSS6.5AI score0.00197EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.8 views

Jupyter Server 安全漏洞

Jupyter Server is an application developed by the Jupyter organization that provides backend services for Jupyter web applications. There are security vulnerabilities in the version of Jupyter Server from 1.12.0 to 2.17.0. These vulnerabilities stem from the use of re.match in CORS source...

8.8CVSS6.1AI score0.00197EPSS
Exploits1References1
CVE
CVE
added 2026/06/01 8:45 p.m.21 views

CVE-2026-10291

CVE-2026-10291 affects Enderfga claw-orchestrator (up to 3.7.0). The vulnerability lies in the function validateRegex in claw-orchestrator/src/embedded-server.ts of the Session Grep Endpoint , where manipulating the argument body.pattern leads to inefficient regular expression complexity. Remote ...

5.3CVSS5.4AI score0.00354EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/06/01 8:45 p.m.9 views

CVE-2026-10291

A security vulnerability has been detected in Enderfga claw-orchestrator up to 3.7.0. The impacted element is the function validateRegex of the file claw-orchestrator/src/embedded-server.ts of the component Session Grep Endpoint. The manipulation of the argument body.pattern leads to inefficient...

5.3CVSS5.4AI score0.00354EPSS
Exploits0References10Affected Software1
Snyk
Snyk
added 2026/05/28 6:24 p.m.11 views

Incorrect Regular Expression

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Incorrect Regular Expression via the ip-restriction middleware. An attacker can bypass configured deny rules for IPv6 addresses by submitting non-canonical representations, such as...

6.9CVSS5.8AI score0.00244EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2026/05/28 5:53 p.m.17 views

USN-8343-1: multipart vulnerability

It was discovered that multipart had an ambiguous regular expression alternation when handling certain HTTP header values. A remote attacker could possibly use this issue to cause multipart to use excessive resources, leading to a denial of service...

7.5CVSS7.4AI score0.00606EPSS
Exploits0
EUVD
EUVD
added 2026/05/28 5:0 p.m.11 views

EUVD-2026-32975

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot UI object-bulk-rename endpoints for example, /dcim/interfaces/rename/ were vulnerable to application-wide denial of service via maliciously crafted regular expressions in the find field in...

6.5CVSS5.8AI score0.00312EPSS
Exploits0References5
OSV
OSV
added 2026/05/28 12:8 p.m.10 views

SUSE-SU-2026:21858-1 Security update for python-mistune

This update for python-mistune fixes the following issues - CVE-2026-33079: ReDoS in LINKTITLERE can lead to denial of service via a crafted Markdown bsc1264347. - CVE-2026-33441: processing of malformed reference links can lead to excessive resource consumption and denial of service bsc1264752. ...

8.7CVSS5.8AI score0.00481EPSS
Exploits4References15
Rows per page
Query Builder