CVE-2018-25356

SIPp 3.6 and earlier contains a local buffer overflow vulnerability in command-line argument handling that allows local attackers to crash the application or execute arbitrary code. Attackers can trigger the vulnerability by supplying oversized input to the -3pcc, -i, or -logfile parameters,...

path-to-regexp vulnerable to Regular Expression Denial of Service via multiple route parameters

Impact A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period .. For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in [email protected] only prevents ambiguity for two parameter...

EUVD-2026-16273

path-to-regexp vulnerable to Regular Expression Denial of Service via multiple route parameters...

CVE-2026-4867

Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period .. For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in [email protected] only prevents ambiguity for two...

CVE-2026-4867

Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period .. For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in [email protected] only prevents ambiguity for two...

UBUNTU-CVE-2026-4867

Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period .. For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in [email protected] only prevents ambiguity for two...

CVE-2026-4867

CVE-2026-4867 affects the path-to-regexp library. When three or more parameters occur within a single segment (e.g., /:a-:b-:c or /:a-:b-:c-:d) a bad regular expression is generated, and the backtrack protection added in [email protected] only guards two parameters. As a result, lookaheads ca...

CVE-2026-4867 path-to-regexp vulnerable to Regular Expression Denial of Service via multiple route parameters

Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period .. For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in [email protected] only prevents ambiguity for two...

CVE-2026-4867 path-to-regexp vulnerable to Regular Expression Denial of Service via multiple route parameters

Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period .. For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in [email protected] only prevents ambiguity for two...

CVE-2026-4867

Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period .. For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in [email protected] only prevents ambiguity for two...

PT-2026-26850

The CMS Commander plugin for WordPress is vulnerable to SQL Injection via the 'or blogname', 'or blogdescription', and 'or admin email' parameters in all versions up to, and including, 2.288. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation o...

CVE-2025-55087

In NextX Duo's snmp addon versions before 6.4.4, a part of the Eclipse Foundation ThreadX, an attacker could cause an out-of-bound read by a crafted SNMPv3 security parameters...

CVE-2024-5001

The Image Hover Effects for Elementor with Lightbox and Flipbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id', 'oxiaddonsftitletag', and 'contentdescriptiontag' parameters in all versions up to, and including, 3.0.2 due to insufficient input sanitization and outpu...

CVE-2018-19239

TRENDnet TEW-673GRU v1.00b40 devices have an OS command injection vulnerability in the startarpping function of the timer binary, which allows remote attackers to execute arbitrary commands via three parameters dhcpdstart, dhcpdend, and lanipaddr passed to the apply.cgi binary through a POST...

CVE-2017-15355

Huawei DP300, V500R002C00, RP200, V600R006C00, TE30, V100R001C10, V500R002C00,V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00,V600R006C00, TE60, V100R001C10, V500R002C00, V600R006C00, TX50,V500R002C00, V600R006C00 have a buffer overflow vulnerability. An attacker may send specially...