Lucene search
K

1434 matches found

NVD
NVD
added yesterday4 views

CVE-2026-13221

Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perlstudychunk. When such branches are combined into a trie, the delta between the first branch and the shared tail is stored ...

Exploits0References3
Cvelist
Cvelist
added 5 days ago29 views

CVE-2026-59220 Open WebUI: ReDoS in skill-mention regexes causes whole-instance DoS on default config

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.2 before 0.10.0, the SKILLMENTIONRE and stripre regular expressions in backend/openwebui/utils/middleware.py parsed skill mentions with overlapping quantifiers, allowing an authenticated chat message...

6.5CVSS0.00319EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:5 p.m.5 views

CVE-2026-55574

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, the structuredoutputs.regex API parameter passes a user-supplied regular expression string directly to the grammar compiler backends with no compilation timeout; in the xgrammar backend the stri...

8.7CVSS5.9AI score0.00324EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2026/07/01 9:31 a.m.13 views

httpd: Apache HTTP Server: Denial of Service via crafted regular expressions

A flaw was found in Apache HTTP Server. This buffer underwrite vulnerability occurs when processing crafted regular expressions in the server's configuration. An attacker could potentially exploit this to cause a denial of service...

9.8CVSS5.9AI score0.00486EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/06/30 12:57 p.m.6 views

CVE-2026-58012

A flaw was found in GLib. A buffer over-read can occur in the gregexreplace function when used with the GREGEXRAW compile flag and case-change replacement escapes because the stringappend function processes matched substrings using UTF-8 functions that assume valid UTF-8 input, even when the stri...

8.2CVSS5.9AI score0.00322EPSS
Exploits1
CVE
CVE
added 2026/06/22 5:30 p.m.18 views

CVE-2026-54300

The CVE-2026-54300 issue affects the Astro package @astrojs/netlify (Netlify adapter). Before version 7.0.13, the adapter converts image.remotePatterns into Netlify Image CDN images.remote_images regexes with broader semantics than Astro’s canonical matcher. Specifically, wildcards like .example....

5.3CVSS5.8AI score0.00187EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/20 6:27 p.m.24 views

CVE-2025-71379 vllm - Regular Expression Denial of Service in Multiple Components

vLLM versions = 0.6.3 and 0.9.0 contain multiple regular expression denial of service ReDoS vulnerabilities. Several regex patterns — in vllm/lora/utils.py, the phi4mini tool parser, and the OpenAI-compatible serving chat endpoint — are susceptible to catastrophic backtracking. An attacker...

5.3CVSS0.00321EPSS
Exploits1References2
OSV
OSV
added 2026/06/18 7:22 a.m.5 views

MGASA-2026-0220 Updated perl packages fix security vulnerabilities

Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. CVE-2026-8376...

9.8CVSS5.6AI score0.00398EPSS
Exploits1References4
Snyk
Snyk
added 2026/06/16 2:37 p.m.11 views

Incomplete List of Disallowed Inputs

Overview @astrojs/netlify is a Deploy your site to Netlify Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the conversion process of image.remotePatterns to Netlify Image CDN images.remoteimages regular expressions. An attacker can access image-like...

6.9CVSS5.8AI score0.00187EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/12 2:35 p.m.23 views

CVE-2026-44631

A flaw was found in Apache HTTP Server. This buffer underwrite vulnerability occurs when processing crafted regular expressions in the server's configuration. An attacker could potentially exploit this to cause a denial of service. Mitigation Only loadtrustedApache configuration; the bug triggers...

9.8CVSS5.4AI score0.00486EPSS
Exploits0References4
OSV
OSV
added 2026/06/12 12:26 p.m.9 views

OESA-2026-2658 perl security update

Perl 5 is a highly capable, feature-rich programming language with over 30 years of development. Perl 5 runs on over 100 platforms from portables to mainframes and is suitable for both rapid prototyping and large scale development projects. Security Fixes: Perl versions through 5.43.10 have a hea...

9.8CVSS5.7AI score0.00398EPSS
Exploits1References2
OSV
OSV
added 2026/06/09 10:37 p.m.5 views

SUSE-SU-2026:22058-1 Security update for python-Pygments

This update for python-Pygments fixes the following issue: - CVE-2026-4539: Denial of Service via inefficient regular expression processing in AdlLexer bsc1260796...

4.8CVSS5.2AI score0.00156EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.16 views

Svelte 安全漏洞

Svelte is an open-source approach to building web applications. Versions of Svelte from 5.51.5 to 5.55.7 contained a security vulnerability. This vulnerability stemmed from the exponential increase in time taken for internal regular expression tests, which could lead to denial-of-service attacks...

7.5CVSS5.3AI score0.00421EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/08 3:19 p.m.9 views

CVE-2026-44631

Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

9.8CVSS5.4AI score0.00486EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.18 views

PT-2026-47325

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.0 through 2.4.67 Description A buffer underwrite issue exists when using crafted regular expressions within the configuration. Recommendations Upgrade to version 2.4.68...

9.8CVSS5.6AI score0.00805EPSS
Exploits0References153
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.30 views

PT-2026-47240

A flaw has been found in kokke tiny-regex-c up to f2632c6d9ed25272987471cdb8b70395c2460bdb. This vulnerability affects the function matchstar of the file re.c of the component Pattern Handler. This manipulation causes inefficient regular expression complexity. The attack is restricted to local...

4.8CVSS4.8AI score0.00113EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.14 views

Apache HTTP Server 安全漏洞

Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. There is a buffer overflow vulnerability present in Apache HTTP Server, but detailed informatio...

9.8CVSS6.2AI score0.00486EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.12 views

tiny-regex-c 资源管理错误漏洞

tiny-regex-c is a lightweight regular expression parsing library developed by Kokke. There is a resource management vulnerability in tiny-regex-c, which stems from improper operation of the matchstar function in the pattern processing component of the file re.c. This vulnerability may lead to...

4.8CVSS4.6AI score0.00113EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 12:10 a.m.11 views

CVE-2026-8888

Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp without complexity validation. An on-path attacker can inject specific patterns to cause catastrophic backtracking, resulting in...

7.5CVSS5.8AI score0.00432EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.11 views

Sanic-CORS 安全漏洞

Sanic-CORS is a cross-domain resource sharing extension developed by Ashley Sommer. Versions of Sanic-CORS 2.2.0 and earlier contain security vulnerabilities. These vulnerabilities stem from improper use of regular expressions in the trymatch function; no anchor is added at the end, allowing...

6.5CVSS5.3AI score0.00164EPSS
Exploits0References4
Rows per page
Query Builder