Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2 days ago5 views

CVE-2026-48125

A flaw was found in UAParser.js, a JavaScript library for detecting client information. A remote attacker can exploit this vulnerability by sending a specially crafted Sec-CH-UA-Model header when the application uses the Client Hints API. This can cause excessive CPU usage due to a regular...

5.3CVSS6AI score0.00371EPSS
Exploits0References6
OSV
OSV
added 3 days ago4 views

CVE-2026-48125 UAParser.js: Unbounded `Sec-CH-UA-Model` parsing can trigger ReDoS in `withClientHints()`

UAParser.js is a JavaScript library to detect browsers, operating systems, CPUs, and devices from user-agent data. From 2.0.1 until 2.0.10, a regular expression denial-of-service vulnerability exists when using the Client Hints API. By sending a crafted Sec-CH-UA-Model header to an application th...

5.3CVSS6.1AI score0.00371EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/15 8:15 p.m.35 views

UAParser.js: Unbounded `Sec-CH-UA-Model` parsing can trigger ReDoS in `withClientHints()`

Summary A regular expression denial-of-service ReDoS vulnerability has been discovered in ua-parser-js when using the Client Hints API. By sending a crafted Sec-CH-UA-Model header to an application that calls UAParserheaders.withClientHints, an attacker can cause the parser to spend excessive CPU...

5.3CVSS5.4AI score0.00371EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.17 views

PT-2026-49551

Name of the Vulnerable Software and Affected Versions UAParser.js versions 2.0.1 through 2.0.9 Description A regular expression denial-of-service ReDoS exists when using the Client Hints API. An attacker can cause excessive CPU consumption and a denial-of-service condition in server-side...

5.3CVSS6.1AI score0.00371EPSS
Exploits0References6
Rows per page
Query Builder