CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6600 matches found

OSV•added 2026/02/18 10:38 p.m.•2 views

GHSA-3PPC-4F35-3M26 minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern

Summary minimatch is vulnerable to Regular Expression Denial of Service ReDoS when a glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string. Each compiles to a separate ^/? regex group, and when the match fails, V8's regex engine...

8.7CVSS5.9AI score0.00026EPSS

Exploits1References4

Veracode•added 2026/02/18 9:23 a.m.•5 views

Denial Of Service (DoS)

ajv is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to passing attacker-controlled values from $data references directly into the JavaScript RegExp constructor without validation. This allowing malicious regex patterns that trigger catastrophic backtracking a...

7.5CVSS5.6AI score0.00015EPSS

Exploits1References9Affected Software1

Packet Storm News•added 2026/02/18 12:0 a.m.•2 views

Regular Expression Denial of Service (ReDoS) Detector

This Metasploit auxiliary module implements a scientific approach to detecting and validating ReDoS vulnerabilities in HTTP-based applications. It leverages context-aware payload generation, length progression testing, and statistical analysis to identify inefficient regular expressions that may...

5.5AI score

Exploits0

RedHat Linux•added 2026/02/17 12:55 a.m.•5 views

dompurify: Mutation XSS in DOMPurify Due to Improper Template Literal Handling

A flaw was found in DOMPurify. This vulnerability allows attackers to execute mutation-based Cross-site scripting mXSS via an incorrect template literal regular expression...

6.1CVSS5.8AI score0.00108EPSS

Exploits1References8

SUSE CVE•added 2026/02/13 12:26 a.m.•5 views

SUSE CVE-2026-2327

Versions of the package markdown-it from 13.0.0 and before 14.1.1 are vulnerable to Regular Expression Denial of Service ReDoS due to the use of the regex /+$/ in the linkify function. An attacker can supply a long sequence of characters followed by a non-matching character, which triggers...

7.5CVSS5.6AI score0.00021EPSS

Exploits0References3

UbuntuCve•added 2026/02/13 12:0 a.m.•3 views

CVE-2026-0967

A flaw was found in libssh. A remote attacker, by controlling client configuration files or knownhosts files, could craft specific hostnames that when processed by the matchpattern function can lead to inefficient regular expression backtracking. This can cause timeouts and resource exhaustion,...

5.5CVSS6.5AI score0.00036EPSS

Exploits0References4

RedhatCVE•added 2026/02/12 4:49 p.m.•3 views

CVE-2025-69873

A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS Regular Expression Denial of...

7.5CVSS5.5AI score0.00015EPSS

Exploits1References4

Github Security Blog•added 2026/02/12 6:30 a.m.•5 views

markdown-it is has a Regular Expression Denial of Service (ReDoS)

7.5CVSS5.5AI score0.00021EPSS

Exploits0References6Affected Software1

NVD•added 2026/02/12 6:16 a.m.•3 views

CVE-2026-2327

7.5CVSS0.00021EPSS

Exploits0References4

OSV•added 2026/02/12 6:16 a.m.•3 views

CVE-2026-2327

7.5CVSS5.6AI score

Exploits0References4

OSV•added 2026/02/12 6:16 a.m.•1 views

UBUNTU-CVE-2026-2327

7.5CVSS5.8AI score0.00021EPSS

Exploits0References6

UbuntuCve•added 2026/02/12 6:16 a.m.•4 views

CVE-2026-2327

7.5CVSS5.9AI score0.00021EPSS

Exploits0References5

CVE•added 2026/02/12 5:0 a.m.•15 views

CVE-2026-2327

The CVE affects the JavaScript library markdown-it in versions 13.0.0 and earlier than 14.1.1. The vulnerability arises in the linkify function due to a faulty regex /il+$/ that enables a ReDoS under crafted input (long sequences of * followed by a non-matching character). This backtracking can ...

7.5CVSS5.5AI score0.00021EPSS

Exploits0References4Affected Software1

ATTACKERKB•added 2026/02/12 5:0 a.m.•3 views

CVE-2026-2327

6.9CVSS5.5AI score0.00021EPSS

Exploits0References5

Cvelist•added 2026/02/12 5:0 a.m.•31 views

CVE-2026-2327

6.9CVSS0.00021EPSS

Exploits0References4

Positive Technologies•added 2026/02/12 12:0 a.m.•7 views

PT-2026-7818

6.9CVSS5.5AI score0.00021EPSS

Exploits0References5

Tenable Nessus•added 2026/02/12 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2025-69873

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ajv Another JSON Schema Validator before 8.18.0 is vulnerable to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keywor...

7.5CVSS6.4AI score0.00015EPSS

Exploits1References3

OSV•added 2026/02/11 9:30 p.m.•3 views

GHSA-2G4F-4PWH-QVX6 ajv has ReDoS when using `$data` option

ajv Another JSON Schema Validator through version 8.17.1 is vulnerable to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax $data reference, which is passed directly to the JavaScript RegExp constructor...

6.9CVSS5.8AI score0.00015EPSS

Exploits1References11

Github Security Blog•added 2026/02/11 9:30 p.m.•7 views

ajv has ReDoS when using `$data` option

7.5CVSS5.9AI score0.00015EPSS

Exploits1References10Affected Software1

OSV•added 2026/02/11 7:15 p.m.•2 views

DEBIAN-CVE-2025-69873

ajv Another JSON Schema Validator before 8.18.0 is vulnerable to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax $data reference, which is passed directly to the JavaScript RegExp constructor without...

2.9CVSS6.4AI score0.00015EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by